This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 66%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
I removed the dormant accounts from active directory that this suggestion was showing as "Exposed Identities". It says it could take 24 hours for the changes to show up. It has been 6 days. Four out of the 6 accounts I removed no longer show as Exposed Identities. However, two accounts seem to be stuck. I deleted the account from Active Directory 6 days ago but it still shows exposed.
Any suggestions to clear these so the vulnerability goes away?
In Azure AD do these show up in Users or in Delete Users?
also might want to check if these are synced users via AD Connect.
If so you might need to delete them at the Domain Controller level.
Thanks for the suggestion -- no, they do not show up in either.
Thanks for the suggestion -- they were not in an OU that was sync'ed with ADConnect. So right now they do not exist in the on-prem AD or AAD.
Anyone have any thoughts on this?
I tried restoring the accounts in AD. Making them enabled. Then showed up in the vulnerability as enabled -- so it it syncing and finding them. But if I delete the accounts again in AD they continue to show in the vulnerability.
@Olga Os - MSFT - is this in your wheelhouse?
Found the issue – you must remove them from the Domain Admin group. Deleting the User account does not clear the vulnerability. You must remove them from Domain Admin – then the vulnerability clears.
So even a deleted account stays in the vulnerability if it was in Domain Admin when you deleted it.