I have ADB2C External Users that were deleted, and I am unable to create new accounts for them using the same email.

Question

I have ADB2C External Users that were deleted, and I am unable to create new accounts for them using the same email.

Adam Nemitoff 20

After having deleted the users (and even having "permanently" deleted them from the recently deleted list... When I try to re-create accounts for these users I get an "Object Already Exists" for "User Principal Nam" error message.

This appears to have become a problem in the recent past as we have been working with ADB2C for over 4 years without having encountered this before.

All efforts to use powershell cmds to find the existence of the UPN have failed. Meaning the "lock" is somewhere deep in the internals of AD B2C.

Here is an audit log:

Audit log for re-create user error:
[
{
"id": "Directory_f9df5421-425a-4294-a338-ef14c000af60_52L0M_313889353",
"category": "UserManagement",
"correlationId": "f9df5421-425a-4294-a338-ef14c000af60",
"result": "failure",
"resultReason": "Microsoft.Online.Workflows.ObjectAlreadyExistsException",
"activityDisplayName": "Add user",
"activityDateTime": "2025-06-05T18:32:21.0446385+00:00",
"loggedByService": "Core Directory",
"initiatedBy": {
"user": {
"id": "2058a99c-0b79-4662-9d38-b1b149da032d",
"displayName": null,
"userPrincipalName": "anemitoff_omiazure.com#EXT#@omiprismlogin.onmicrosoft.com",
"ipAddress": "108.53.29.106",
"homeTenantId": null,
"homeTenantName": null
}
},
"userAgent": null,
"targetResources": [
{
"id": "7dd9b190-1f50-4dc4-954d-f70d1df3b029",
"displayName": null,
"type": "User",
"userPrincipalName": "******@omiprismlogin.onmicrosoft.com",
"groupType": null,
"modifiedProperties": [
{
"displayName": "AccountEnabled",
"oldValue": "[]",
"newValue": "[true]"
},
{
"displayName": "CreationType",
"oldValue": "[]",
"newValue": "[\"NameCoexistence\"]"
},
{
"displayName": "DisplayName",
"oldValue": "[]",
"newValue": "[\"Sharrell Gilchrist\"]"
},
{
"displayName": "MailNickname",
"oldValue": "[]",
"newValue": "[\"7dd9b190-1f50-4dc4-954d-f70d1df3b029\"]"
},
{
"displayName": "PasswordPolicies",
"oldValue": "[]",
"newValue": "[\"DisablePasswordExpiration, DisableStrongPassword\"]"
},
{
"displayName": "StsRefreshTokensValidFrom",
"oldValue": "[]",
"newValue": "[\"2025-06-05T18:32:20Z\"]"
},
{
"displayName": "UserPrincipalName",
"oldValue": "[]",
"newValue": "[\"******@omiprismlogin.onmicrosoft.com\"]"
},
{
"displayName": "UserType",
"oldValue": "[]",
"newValue": "[\"Member\"]"
},
{
"displayName": "Included Updated Properties",
"oldValue": null,
"newValue": "\"AccountEnabled, CreationType, DisplayName, MailNickname, PasswordPolicies, StsRefreshTokensValidFrom, UserPrincipalName, UserType\""
},
{
"displayName": "MethodExecutionResult.",
"oldValue": null,
"newValue": "\"Microsoft.Online.Workflows.ObjectAlreadyExistsException\""
}
]
}
],
"additionalDetails": [
{
"key": "User-Agent",
"value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 Edg/137.0.0.0"
}
]
}
]

3 answers

Your answer

Answer 1

Megan Truong 635 Independent Advisor

Hello @Adam Nemitoff

Thank you for contacting the Q&A Forum. The error states

"result" : "failure" , "resultReason" : "Microsoft.Online.Workflows.ObjectAlreadyExistsException" ,

The symptom is that you hard delete an external user, then recreate the user with the same email address. It returned a duplicated account error. Check to see if you already have an account with the same email address, "an*****@om****.com". If so, you may need to recover the account rather than create a new one.

Kindly let me know if this works for you, and please let me know if you have any further questions.

If I have answered your question, please accept this answer as a token of appreciation and don't forget to give a thumbs up for "Was it helpful"!

Best regards,

Megan.

Adam Nemitoff 20 Reputation points

2025-06-19T15:04:48.2733333+00:00

There were no remaining uses of the target email address in the system that I could find, nor any uses of the UPN. I searched using all AD B2C UI tools and even used PowerShell commands.
Megan Truong 635 Reputation points Independent Advisor

2025-06-27T02:42:16.93+00:00

Hello Adam.

This behavior is indeed unusual. Instead of "abc_xxx#EXT#@onmicrosoft.com," the UPN for a new external user you created was "******@onmicrosoft.com". However, the error notice indicates that "abc_xxx#EXT#@onmicrosoft.com" cannot be used to recreate a UPN. Therefore, can you verify that this is the procedure you had done?- You removed a guest user with the creation type of invitation that was in the format of "abc_xxx#EXT#@onmicrosoft.com"- You recreated a new external user by clicking "create a new external user" using the same email address, "abc_xxx#EXT#@onmicrosoft.com- The "Object Already Exists" error notice for "User Principal Name" popped up.

Answer 2

Kancharla Saiteja 5,730 Microsoft External Staff Moderator

Hello @Adam Nemitoff

Based on your query, I understand that you are unable to create a user account with same old email address deleted previously.

This issue happens when a client mail address put away in intermediary address of B2C are interesting and the mail field is utilized so that we continuously have them tied to an address for MFA. In the event that you have got designed the client mail addresses already with MFA, at that point the same client accounts cannot be utilized straightforwardly. You ought to upgrade the mail field afterward to avoid the duplicate proxy issue which isn't permitting you to create a user presently otherwise you have to be contact our support team to expel them from the backend. On the off chance that you have got made clients without mail field you'll got to overhaul the mail field afterward utilizing Microsoft graph API: Update user

I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"

Kancharla Saiteja 5,730 Reputation points Microsoft External Staff Moderator

2025-06-23T17:10:08.9+00:00

Hello @Adam Nemitoff

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Adam Nemitoff 20 Reputation points

2025-06-23T18:46:08.5733333+00:00

Hi Kancharla,

I don't understand what you mean by "overhaul the mail field". Unfortunately, the English translation used to respond to me is very poor. Is there someone else who can communicate these concepts in a clearer manner in English.

If I need to perform some operation on the "mail" field would that have to happen before I delete the user? Is it something that can be done from UI in Azure or is it something that needs to happen only via the Graph API? Can you provide specifics on what exactly has to be modified?

This behavior definitely changed in past few months as I never had a problem before now and I have definitely performed similar operations in the past few years that we have been using ADB2C.

How do I get support to resolve the problem with the 3 email that I know are locked up?

Thanks
Kancharla Saiteja 5,730 Reputation points Microsoft External Staff Moderator

2025-06-24T01:23:42.04+00:00

Hello @Adam Nemitoff

If you are using the deleted mails to re invite or re add the user, you need to make sure you do not provide the mail address while inviting or adding the same user after deletion. This does not allow to create the user and detects as duplicate. Once you add the user to the tenant without mail address, you need to add the mail address using Microsoft graph: Update User.

I hope this information is helpful. Please feel free to reach out if you have any further questions.
Adam Nemitoff 20 Reputation points

2025-06-24T15:04:24.1033333+00:00

I understand what you are saying. However, we use a SIGN_UP flow where the user enters their own email address to create their account. And due to restrictions by our client the user is not permitted to enter any other email address. Therefore your suggested solution is not feasible for us.

In the future when an account is deleted, we will first change the email e-mail address before deleting the account.

At the moment I need the email address for those users who are "blocked" to be truly deleted so they can be reused.

Thanks
Kancharla Saiteja 5,730 Reputation points Microsoft External Staff Moderator

2025-06-25T00:04:40.76+00:00

Hello @Adam Nemitoff

Please check your private message and respond accordingly.
Kancharla Saiteja 5,730 Reputation points Microsoft External Staff Moderator

2025-06-26T22:25:35.1566667+00:00

Hello @Adam Nemitoff

Please check your private message and respond accordingly.

Answer 3

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

I have ADB2C External Users that were deleted, and I am unable to create new accounts for them using the same email.

3 answers

Your answer