Azure AD enterprise application: Clear "caches the target system's ID"

Gherson Horna Borda 1 Reputation point
2021-09-29T14:13:40.41+00:00

In the target system the user was delete and we try to syncronize the user again from azure AD but the process failed because is using the user target system's ID that was delete, we need to clear/delete that user target system's ID to send the user again.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,676 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danny Zollner 6,936 Reputation points Microsoft Employee
    2021-10-04T17:38:59.927+00:00

    AAD Provisioning isn't built to expect deletion of users it manages from other sources - this is why you're seeing this problem. Ideally, you should be leaving management of these users, especially of deletions, up to Azure AD if it is managing creation/updates as well.

    To break the links established between AAD and your connected target system, you'll need to restart the job via MS Graph API using this API call:

    https://learn.microsoft.com/en-us/graph/api/synchronization-synchronizationjob-restart?view=graph-rest-beta&tabs=http

    You'll need to use a body with a resetScope value of "Full" rather than the one provided in the example on that page. Be warned that this will break the links between all users in that provisioning job, and they will then be reconnected based upon current matching criteria set in the mappings for that provisioning job.

    1 person found this answer helpful.
    0 comments