GUID

Posted by Silly_Town8230@reddit | sysadmin | View on Reddit | 1 comments

Anyone encountered an orphaned GUID/object ID in Azure Sub IAM before?

We found a role assignment tied to an GUID/object ID

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

But the object itself doesn’t exist anymore in Entra:

Get-AzADUser → not found
Get-AzADServicePrincipal → not found
Get-AzADGroup → not found

Also tried searching Sentinel/Log Analytics using KQL but got nothing back.

Trying to figure out:

what this object originally was
if there’s a way to trace deleted objects historically

Curious if anyone’s dealt with this before.

[-]

unsaltedcrisps@reddit

Encountered it before? Absolutely. Typically occurs when the identity stops being synced or is deleted without being removed from IAM first. This does occupy one of your precious role assignments so do keep on top of it.

How to find it out when it was deleted? If it was longer than 90days ago then you're outa luck. Set your entra activity up so it gets stored in a storage account, then query it whenever you like.