Azure devOps OID conflict

Question

I have an like this :UPN: OIDCONFLICT_UpnReuse_4920ad.....
The user can not be remove from the ui, nor az, nor shell, nor graph.

How can I remove the user of who can help me with that?

Answer 1

Simplest way is creating Support ticket and in 1-2 days the issue might be fixed. But if you don't want to wait, you can do it yourself too. Check instructions here: https://www.linkedin.com/posts/yuriy-v-popov_azuredevops-devops-oidconflict-activity-7412549794000220160-b4oH

Answer 2

Hello Ronny,

Thank you for reaching out to Microsoft Q&A.

OIDCONFLICT error generally indicates an issue with how the user's identity is being managed or synchronized.

Please try below steps to resolve the issue :

1. Check User Identity in Entra:

Ensure that the user’s identity in Azure Active Directory is correctly configured and that there are no duplicate accounts or conflicting identities.

• Go to the Azure portal and navigate to Azure Active Directory > Users.
• Search for the user and review their profile to ensure there’s only one user account with the same UPN (User Principal Name).

2. Review and Resolve Identity Conflicts:

• The OIDCONFLICT error suggests there might be a conflict with the user’s Object ID (OID). In this case, you might need to resolve identity conflicts or synchronization issues.
• If the user has been synchronized from on-premises to Entra, ensure that the synchronization is correctly set up and that there are no conflicts.

3. Remove the Duplicate User in Azure DevOps:

• Sign in to Azure DevOps with an account that has the necessary permissions.
• Navigate to your project and go to Project settings > Permissions > Users.
• Search for the duplicate entries, if found any then remove the conflicting one. Be cautious to remove the correct one to avoid disrupting access.

4. Synchronize or Refresh Azure DevOps:

• After resolving the issue in Entra please synchronize or refresh Azure DevOps to reflect the changes.
• You can do this by waiting for automatic synchronization or manually updating user information if needed by running the command Start-ADSyncSyncCycle -PolicyType Delta

Please let us know if you need any further assistance.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Thanks,

Aditya

Answer 3

Hello Ronny,

Welcome to Microsoft Q&A, It looks like you're stuck with an OID conflict user that can't be removed through any standard method. This error means Azure DevOps detects a reused UPN tied to a different Object ID, causing identity conflict. ˆThis may be caused by AD sync, especially if a user was deleted and recreated in Microsoft Entra ID or migrated between tenants. Azure DevOps caches identity mappings, and if the original identity wasn’t fully purged, it blocks removal.

To resolve:

• If AD sync is active: delete the user in on-prem AD, then run Start-ADSyncSyncCycle -PolicyType Delta to sync the deletion.
• If AD sync is not configured: verify the user object in Microsoft Entra ID and ensure no duplicate or stale identities exist. If the conflict persists, Azure DevOps support must manually clean backend identity references.

If the user still appears in Azure DevOps, it may be cached or linked via legacy identity references. In that case, open a support ticket with Microsoft to manually clean up the backend identity mapping.

References:

• https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/user-prov-sync/cannot-manage-objects
• https://learn.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request

If this resolves your question, please accept the answer.

Luis