vzubarev
2021-02-17 21:01:38
MS Support has clarified that while this situation is possible, it's a bug in Azure AD they plan to fix.
We have encountered an issue where we can't always reliably discern users by their e-mail address, i.e. several users may have the same exact address. This breaks the logic in our software which relies on the addressess being unique, and we have several support cases where this causes issues for our customers.
When we query a user in Graph API we can see their "mail" property as shown:
{
"@odata.id": "https://graph.microsoft.com/v2/.../directoryObjects/.../Microsoft.DirectoryServices.User";,
"businessPhones": [],
"displayName": "dep1",
"givenName": "dep1",
"jobTitle": null,
"mail": "user1@company.com",
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": null,
"userPrincipalName": "dep1@company.onmicrosoft.com",
"id": "<unique GUID 1>"
}
From https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0 we understand that "mail" returns Primary SMTP, which is supposed to be unique.
However, if you migrate a user from on-prem to cloud, you'll see that the user has the same "mail" field:
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users";,
"value": [
{
"@odata.id": "https://graph.microsoft.com/v2/.../directoryObjects/.../Microsoft.DirectoryServices.User";,
"businessPhones": [],
"displayName": "ev1",
"givenName": "ev1",
"jobTitle": null,
"mail": "user1@company.com",
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": null,
"userPrincipalName": "user12345@company.onmicrosoft.com",
"id": "<unique GUID 2>"
},
According to this article: https://support.microsoft.com/en-us/topic/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization-75673b94-e1b8-8a9e-c413-ee5a2a1a6a78#:~:text=The%20cloud%20user%27s%20primary%20SMTP,have%20the%20same%20SMTP%20address this should not be allowed or should not happen? Maybe it describes a different scenario though.
So we now have two users with same "mail" field that is expected to have unique values. Why is "mail" not unique? What should we do, or what should we use as unique SMTP address for users? Maybe some of the values from "proxyAddresses" field as seen below?
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,userPrincipalName,onPremisesSecurityIdentifier,mail,proxyAddresses,officeLocation,assignedPlans)/$entity";,
"id": "<unique GUID 1>",
"displayName": "dep1",
"userPrincipalName": "dep1@company.onmicrosoft.com",
"onPremisesSecurityIdentifier": null,
"mail": "user1@company.com",
"proxyAddresses": [
"SMTP:user1@company.com",
"smtp:dep1@company.onmicrosoft.com"
],
"officeLocation": null,
"assignedPlans": [
{
Thanks!
MS Support has clarified that while this situation is possible, it's a bug in Azure AD they plan to fix.