Azure AD Driver: support deleted items

Idea ID 2784166

Azure AD Driver: support deleted items

I'm running the latest greatest Azure Driver and I'm having serious issues with the default behaviour of Azure AD and missing functionality within the Driver Shim.

When you delete a User object via the Driver Shim, that object is not permanently deleted. By default, that object will be in a recycle bin for 30 days within Azure.

The problem is that whenever the User gets entitled again for Azure AD within those 30 days the Matching Rule does not find the User object, because the Shim uses only the REST method "List users", which does not return deleted items. The Driver therefore assumes it should push an add event. This results in an error from Azure AD as the immutableID already exists within Azure AD.

The fact that the Driver does not uses the REST method for listing "Deleted Items" breaks the matching for deleted user objects. Note that my example is about User objects: the same applies to Group objects within Azure AD.

To summarize: please make the Azure AD Driver Shim aware of deleted items within Azure AD. The GRAPH api methods are already provided by Microsoft to support the querying and purging of deleted items:

https://docs.microsoft.com/en-us/graph/api/resources/directory?view=graph-rest-1.0

Thanks!
1 Comment
Visitor.
It would be nice if you could configure the Driver to: - Purge Deleted items directly (yes/ no) - Restore Deleted items upon match
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.