Home

Persistence of User ID object

%3CLINGO-SUB%20id%3D%22lingo-sub-771940%22%20slang%3D%22en-US%22%3EPersistence%20of%20User%20ID%20object%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-771940%22%20slang%3D%22en-US%22%3E%3CP%3E1.%20Perhaps%20two%20years%20ago%2C%20I%20created%20a%20user%20f...%40...%3CSTRONG%3Elaw%3C%2FSTRONG%3E.com.%20The%20organizational%20structure%20changed%2C%20and%20I%20deleted%20that%20object%20about%20a%20year%20ago.%20It%20no%20longer%20appears%20under%20Users%20or%20Deleted%20Users%20in%20AAD%2C%20Exchange%2C%20or%20O365.%3C%2FP%3E%3CP%3E2.%20That%20user%20was%20an%20external.%20Their%20own%20e-mail%20address%20was%20f...%40...%3CSTRONG%3Eler%3C%2FSTRONG%3E.com.%20That%20was%20entered%20into%20AAD%20in%20the%20course%20of%20creating%20the%20user%20in%20my%20network.%3C%2FP%3E%3CP%3E3.%20I%20recently%20tried%20to%20share%20a%20SPO%20document%20with%20the%20person.%20I%20shared%20it%20to%20f...%40...%3CSTRONG%3Eler%3C%2FSTRONG%3E.com.%20The%20attached%20error%20message%20came%20back.%3C%2FP%3E%3CP%3E4.%20Somehow%20the%20f...%40...%3CSTRONG%3Elaw%3C%2FSTRONG%3E.com%20object%20still%20exists%20and%20is%20interfering%20with%20this%20person's%20ability%20to%20authenticate.%20(FWIW%2C%20this%20person%20has%20an%20O365%20account%20from%20their%20own%20organization.)%20The%20object%20is%20not%20visible%20from%20any%20user%20or%20deleted%20user%20list%20in%20any%20of%20the%20ID%20management%20portals%20(Exchange%2C%20AAD%2C%20O365).%3C%2FP%3E%3CP%3EQ%3A%20How%20can%20I%20wipe%20this%20persistent%20user%20ID%2C%20and%20presumably%20the%20others%20that%20were%20created%20and%20deleted%20around%20the%20same%20time%2C%20from%20my%20system%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-771940%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-771993%22%20slang%3D%22en-US%22%3ERe%3A%20Persistence%20of%20User%20ID%20object%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-771993%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20you%20are%20showing%20on%20the%20screenshot%20is%20a%20sharing%20link%20to%20a%20SPO%2FODFB%20file.%20Previously%2C%20SPO%20used%20their%20own%20method%20for%20sharing%20with%20external%20people%2C%20which%20is%20now%20converged%20with%20the%20B2B%20functionality%20of%20Azure%20AD.%20So%20this%20might%20be%20some%20artifact%20of%20the%20old%20method.%20You%20can%20try%20removing%20permissions%20from%20the%20file%2C%20then%20re-sharing%20it%2C%20and%20to%20be%20on%20the%20safe%20side%20maybe%20also%20check%20the%20permissions%20for%20the%20document%20library%20where%20the%20file%20is%20stored.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-772260%22%20slang%3D%22en-US%22%3ERe%3A%20Persistence%20of%20User%20ID%20object%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-772260%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3E%3CP%3EYou%20can%20try%20removing%20permissions%20from%20the%20file%2C%20then%20re-sharing%20it%2C%20and%20to%20be%20on%20the%20safe%20side%20maybe%20also%20check%20the%20permissions%20for%20the%20document%20library%20where%20the%20file%20is%20stored.%26nbsp%3B%3C%2FP%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3EThanks.%20I%20will%20do%20all%20those%20things%2C%20but%20I'm%20still%20concerned%20that%20somewhere%20in%20the%20system%20there%20is%20an%20object%20tied%20to%20a%20deleted%20user.%20The%20external%20referred%20to%20in%20my%20post%20and%20the%20sharing%20image%20is%20just%20one%20of%20several%20external%20users%20who%20were%20created%20around%20the%20same%20time%20and%20deleted%20around%20the%20same%20time.%20It%20is%20likely%20I%20will%20need%20to%20share%20with%20one%20of%20the%20others%20at%20some%20point%2C%20so%20I'm%20concerned%20with%20fixing%20the%20underlying%20problem%2C%20as%20well%20finding%20a%20fix%20for%20the%20sharing%20problem.%20Any%20idea%20of%20where%20that%20old%20userID%20object%20could%20still%20be%20living%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-772906%22%20slang%3D%22en-US%22%3ERe%3A%20Persistence%20of%20User%20ID%20object%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-772906%22%20slang%3D%22en-US%22%3E%3CP%3ESee%20if%20you%20can%20get%20a%20list%20of%20those%20via%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3EGet-SPOExternalUser%3C%2FFONT%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-774104%22%20slang%3D%22en-US%22%3ERe%3A%20Persistence%20of%20User%20ID%20object%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-774104%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20I've%20been%20postponing%20this%20day--when%20I'd%20have%20to%20learn%20PowerShell....%3C%2FP%3E%3C%2FLINGO-BODY%3E
Joseph Nierenberg
Contributor

1. Perhaps two years ago, I created a user f...@...law.com. The organizational structure changed, and I deleted that object about a year ago. It no longer appears under Users or Deleted Users in AAD, Exchange, or O365.

2. That user was an external. Their own e-mail address was f...@...ler.com. That was entered into AAD in the course of creating the user in my network.

3. I recently tried to share a SPO document with the person. I shared it to f...@...ler.com. The attached error message came back.

4. Somehow the f...@...law.com object still exists and is interfering with this person's ability to authenticate. (FWIW, this person has an O365 account from their own organization.) The object is not visible from any user or deleted user list in any of the ID management portals (Exchange, AAD, O365).

Q: How can I wipe this persistent user ID, and presumably the others that were created and deleted around the same time, from my system?

4 Replies

What you are showing on the screenshot is a sharing link to a SPO/ODFB file. Previously, SPO used their own method for sharing with external people, which is now converged with the B2B functionality of Azure AD. So this might be some artifact of the old method. You can try removing permissions from the file, then re-sharing it, and to be on the safe side maybe also check the permissions for the document library where the file is stored. 

 


@Vasil Michev wrote:

You can try removing permissions from the file, then re-sharing it, and to be on the safe side maybe also check the permissions for the document library where the file is stored. 


Thanks. I will do all those things, but I'm still concerned that somewhere in the system there is an object tied to a deleted user. The external referred to in my post and the sharing image is just one of several external users who were created around the same time and deleted around the same time. It is likely I will need to share with one of the others at some point, so I'm concerned with fixing the underlying problem, as well finding a fix for the sharing problem. Any idea of where that old userID object could still be living?

See if you can get a list of those via Get-SPOExternalUser.

@Vasil Michev  I've been postponing this day--when I'd have to learn PowerShell....

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies