Intermittent 404 on just created users using the Graph API

Emond Papegaaij 1 Reputation point
2021-10-03T19:06:15.35+00:00

We are working on an integration between our application and Azure AD where we provision user accounts using the Graph API. In our tests, we sometimes see that a newly created user seems to be gone on a subsequent request and pop up again later on. A great example of this, is the following sequence of requests:

2021-10-03 15:13:19,125 Starting to send request, URL https://graph.microsoft.com/v1.0/users
2021-10-03 15:13:19,125 Request Method POST
2021-10-03 15:13:19,299 Response code 201, Created

2021-10-03 15:13:19,301 Starting to send request, URL https://graph.microsoft.com/v1.0/users/o-internal@testtopicuskeyhub.onmicrosoft.com
2021-10-03 15:13:19,301 Request Method PATCH
2021-10-03 15:13:19,403 Response code 204, No Content

2021-10-03 15:13:19,405 Starting to send request, URL https://graph.microsoft.com/v1.0/users/o-internal@testtopicuskeyhub.onmicrosoft.com?%24select=accountEnabled%2CdisplayName%2CgivenName%2Cmail%2CmailNickname%2CuserPrincipalName%2ClastPasswordChangeDateTime
2021-10-03 15:13:19,405 Request Method GET
2021-10-03 15:13:19,564 Response code 404, Not Found

2021-10-03 15:13:19,941 Starting to send request, URL https://graph.microsoft.com/v1.0/users?%24select=accountEnabled%2Cid&%24filter=userPrincipalName%20eq%20%27o-internal%40testtopicuskeyhub.onmicrosoft.com%27
2021-10-03 15:13:19,941 Request Method GET
2021-10-03 15:13:19,989 Response code 200, OK

2021-10-03 15:13:19,997 Starting to send request, URL https://graph.microsoft.com/v1.0/users/8d8f02f0-16ed-4de3-87c6-be05312f6655
2021-10-03 15:13:19,997 Request Method DELETE
2021-10-03 15:13:20,110 Response code 204, No Content

Here, the user is created at 15:13:19,125 and patched at 15:13:19,301, but when it's read at 15:13:19,405, it seems to be gone. However, at 15:13:19,941 it's back again and at 15:13:19,997 it's deleted. We see similar problems in other places. Sometimes that patch fails, sometimes when a user is added to security groups, the API later reports that the user was not. It seems the Graph API is eventual consistent. All I could find about that is the Consistencylevel header used for some advanced queries, but we don't use those. Is this expected behavior for the Graph API, or are we missing something?

Best regards,
Emond Papegaaij

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
24,012 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Michael 17,861 Reputation points
    2021-10-04T02:39:32.51+00:00

    Hi @Emond Papegaaij ,

    There is a delay when adding the user to aad.

    The same question has been discussed here: https://stackoverflow.com/questions/64114405/delay-when-adding-user


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.