This is not a usual issue and in my case happened only once during some experimentation. But it still can happen. We have our AD objects synchronized into Azure AD via Azure AD Connect service. When you delete a user in your local AD, after a synchronization it is moved into Deleted users container in Azure AD (Admin center > Users > Deleted users). You can even restore a user via graphical interface in Office 365 admin center. Though i haven’t tried this, as this might not play well with our setup. But you can’t delete users from Deleted users in there. They will disappear after a 30 days period. If you still need to remove a deleted user right away, there is a PowerShell command for that. To do this you have to install Azure AD PowerShell Module, which i have mentioned here.
After connecting to your Azure AD tenant via this module, you can use this command to view the list of deleted users:
And then you can remove one of them by using this command:
Remove-MsolUser -UserPrincipalName firstname.lastname@example.org -RemoveFromRecycleBin
But what if you have two users with the same UPN and Display Name here? This happened when i have recreated a user with the same username in our local AD, which has been deleted a few days ago. I wanted to test something. Once the synchronization kicked in it started to throw errors about the duplication of UPN/SMTP. As the same user was already in Azure AD in the Deleted container and one was just synchronized from our local AD. Deleting this user again in local AD hasn’t solved the problem, as now two users with the same UPN were in the Deleted users container and the error was still showing. The above command to remove a deleted user didn’t work, as it couldn’t determine which user to remove (as they shared the same UPN). So i had to dig a bit and refresh my PowerShell output formatting skills to come up with a simple solution.
First this command to get unique IDs of deleted users:
Get-MsolUser -ReturnDeletedUsers | ft DisplayName,ObjectId
Then this command to remove both users using their unique ObjectId identifiers:
Remove-MsolUser -ObjectId <guid> -RemoveFromRecyvleBin
As i’ve said, this case is not a usual one. But knowing how to get object ids and how to work with them can still be handy in the future while working with PowerShell in your Azure AD environment.