This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 47%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
I have a user in my AD that was previously external, then it became part of the organization, but I cannot delete the ExternalAzureAD identity.
Where the issuerAssignedId was deleted but I cannot delete this identity
Is there a way to remove it?
and be able to leave it as is all the users with a single identity
@Marcelo Ulloa Fernández
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
If you have an internal user showing as ExternalAzureAD (or federated), you likely need to reset the redemption status with the correct user email added to the internal user object.
To resolve this you can use the Graph Invitation API, add the external address to the user's account, and then reset the invite status following this guide:
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/reset-redemption-status
Note that in order to delete an external user you need to have a role assigned that has permission to delete users, and some user types can only be deleted by Global Admins or Privileged Auth Admins. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/privileged-roles-permissions?tabs=admin-center#who-can-perform-sensitive-actions
Let me know if this helps address your question and if I understood your concern correctly.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching the same question. Otherwise please let me know if you have further questions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 14.000000000000002%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
This does not work for users converted to members as they cannot be "reinvited" since they are now a member.