Azure DevOps Graph resolves renamed B2B guest user to obsolete identity

Ladislav Chlum (Admin) 0 Reputation points
2026-07-03T09:36:02.53+00:00

We have an Azure DevOps organization named "axp".

A guest user from partner tenant ABC was renamed from:

******@ABC.com

to

******@ABC.com

Actions already performed:

  • Removed the original guest account from Entra ID.
  • Invited and recreated the guest user with the new email address.
  • Guest invitation has been accepted.
  • Azure DevOps user entitlement was removed and recreated.
  • Azure DevOps organization user was removed.

Current Entra ID guest account:

Display Name: Gisela Z

Email: ******@ABC.com

Object ID: PII

However Azure DevOps Graph still resolves the user as:

Display Name: Gisela J

Email: ******@ABC.com

Origin ID: PII

Descriptor: aad.YTpIIIw

Even after removing the user and inviting ******@ABC.com again, Azure DevOps automatically recreates the historical identity ******@ABC.com.

The user is unable to authenticate successfully.

Please verify whether the Azure DevOps Graph identity cache or descriptor mapping can be reset or removed.

Azure DevOps

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.