Deleted users are not in the response when running delta link

Lisa Palathingal 6 Reputation points Microsoft Employee
2022-09-26T13:08:28.457+00:00

I have an AAD group in which I added 5 users. On running delta link (https://graph.microsoft.com/v1.0/groups/delta?$filter=id eq 'group-id'), I see the response showing 5 users. I deleted these 5 users from AAD (Note that I deleted users from Azure Active Directory). And these users were automatically removed from the AAD group that they belonged to. On running the delta link, I see the following response:

   {   
   "@odata.context": https://graph.microsoft.com/v1.0/$metadata#groups,   
   "@odata.deltaLink": "",   
   "value": []   
   }  

My assumption was delta link would show these deleted users.

If that's not the case, is there a Graph API that returns users removed from an AAD group because they longer present in AAD?

If I run the initial delta query again https://graph.microsoft.com/v1.0/groups/delta?$filter=id eq 'group-id', I can see all the users added/removed to/from the group.

Is there a way to get users removed from an AAD group because they longer present in AAD?

UPDATE:

I see some SO/GitHub posts on this and found out that this is by design:

https://stackoverflow.com/questions/58327260/azuread-graph-api-getting-removed-users-using-delta-links-on-groups
https://github.com/microsoftgraph/microsoft-graph-docs/issues/14708

How do I submit a request for supporting this feature.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,293 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,100 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shivam Dhiman 5,871 Reputation points
    2022-09-26T23:23:14.37+00:00

    Hi @Lisa Palathingal

    From the description you provided (@odata.context), It seems you have used delta Groups instead of delta Users.

    To address your issue I have created 5 users in AAD and added them to a Group. Based on my testing I found that after deleting users from AAD I am able to get them in response of this GET /users/delta delta query i.e., annotation: @removed with value of "reason": "changed".

    Please note that deleting user from Azure active directory does not permanently delete user.

    However you can refer these documentation1, documentation2 to permanently delete users using MS Graph & AAD respectively. Post following this, I'm able to get annotation: @removed with value of "reason": "deleted" which indicates users have been deleted permanently from AAD.

    To check the status of users deleted from an AAD Group use this GET /groups/delta delta query, You will get them under "members@Gabriel ". Please refer to this below screenshot.

    244927-zebro.png

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.