In Microsoft EntraWe have a new user with the same UPN as old user deleted a few years ago and the problems come

Question

In Microsoft EntraWe have a new user with the same UPN as old user deleted a few years ago and the problems come

AhDSuper 0

We have a problem here:

We have a new user A with UPN ******@MYDOMAIN.COM created in Microsoft Entra. We suspected that this user is created with the same UPN for an old user B we deleted a few years ago.

Now, whenever someone is trying to share a file in Onedrive to that user A, the email user A received with the access link cannot be used. Whenever user A clicks the access link, the system would prompt a window saying user A does not process the permission to access the file. When user A press the request access button, the original sender would receive a email request with the old user B name and the old user's email address.

We are using Azure AD connect to create users in Microsoft 365 when we have a new user created in on-premise AD Directory.

Is there any clue we can trouble shoot and solve this problem?

Mark McIntosh 0 Reputation points

2024-10-31T01:11:32.8966667+00:00

I had the same issue with OneDrive share links for a new employee account whose UPN matched an account we had deleted a while ago. There's a fix that worked for us.

We are hybrid, AD DC's synced to Microsoft 365. Employee accounts are created on the DC's.

The old account had been deleted from the DC's and we were well past the deletion hold time on Azure. The old account was completely deleted. Yet after creating a new account with the same UPN it resulted in this problem, only in cases where files were shared with the new account from OneDrive's that the previous employee had also been given file share link access to.

I opened a ticket with Microsoft Support and they pointed me to the troubleshooting document here:

https://learn.microsoft.com/en-us/sharepoint/troubleshoot/diagnostics/sharepoint-and-onedrive-diagnostics

I've used these troubleshooters successfully:

#1 - https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/access-denied-or-need-permission-error-sharepoint-online-or-onedrive-for-business

#2 - https://learn.microsoft.com/en-us/sharepoint/troubleshoot/sharing-and-permissions/fix-site-user-id-mismatch

Try #1, then try #2 if that isn't enough. So far that's fixed the issue for me, across 2-3 instances of new UPN's matching old UPN's and having the share error.

1 answer

Your answer

Mark McIntosh 0 Reputation points

2024-10-31T01:11:32.8966667+00:00

I had the same issue with OneDrive share links for a new employee account whose UPN matched an account we had deleted a while ago. There's a fix that worked for us.

We are hybrid, AD DC's synced to Microsoft 365. Employee accounts are created on the DC's.

The old account had been deleted from the DC's and we were well past the deletion hold time on Azure. The old account was completely deleted. Yet after creating a new account with the same UPN it resulted in this problem, only in cases where files were shared with the new account from OneDrive's that the previous employee had also been given file share link access to.

I opened a ticket with Microsoft Support and they pointed me to the troubleshooting document here:

https://learn.microsoft.com/en-us/sharepoint/troubleshoot/diagnostics/sharepoint-and-onedrive-diagnostics

I've used these troubleshooters successfully:

#1 - https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/access-denied-or-need-permission-error-sharepoint-online-or-onedrive-for-business

#2 - https://learn.microsoft.com/en-us/sharepoint/troubleshoot/sharing-and-permissions/fix-site-user-id-mismatch

Try #1, then try #2 if that isn't enough. So far that's fixed the issue for me, across 2-3 instances of new UPN's matching old UPN's and having the share error.

Answer 1

Hi @AhDSuper ,

It sounds likely that the first user was not permanently deleted. After you delete a user, the account remains in a suspended state for 30 days. During that 30-day window, the user account can be restored, along with all its properties. After that 30-day window passes, the permanent deletion process is automatically started and can't be stopped.

If a new account is created using the same UPN, the new account will be assigned a new ID value. If the user account is permanently deleted and not just suspended, the user account's properties cannot be restored. But the user account can be restored within 30 days of deletion, so it sounds likely that the account is not fully gone. You can permanently delete the user following the steps in this article: https://learn.microsoft.com/en-us/entra/fundamentals/users-restore

Share via

In Microsoft EntraWe have a new user with the same UPN as old user deleted a few years ago and the problems come

1 answer

Your answer