After delete user from Active Directory(AD) got this notification (using Microsoft Graph subscription):
{
"value": [
{
"changeType": "updated",
"clientState": null,
"resource": "Users/{user-id}",
"resourceData": {
"@odata.type": "#Microsoft.Graph.User",
"@odata.id": "Users/{user-id}",
"id": "{user-id}",
"organizationId": "{organisation-id}",
"sequenceNumber": hidden
},
"subscriptionExpirationDateTime": "2019-01-17T12:48:43.7825578+00:00",
"subscriptionId": "hidden",
"tenantId": "hidden"
}
]
}
Next tried to get this user from Microsoft Graph
/GET https://graph.microsoft.com/v1.0/users/{user-id}
And got
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource '{user-id}' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"request-id": "{user-id}",
"date": "2019-01-15T13:41:49"
}
}
}
why notification came with changeType = "updated" if user not exists?
When a user is deleted from the directory, they are "soft-deleted" (which means the object can still be access - see below, and restored). This type of change is modeled as an 'update'. We plan to improve that in future versions.
A resource will be finally hard-deleted (typically after 30 days), and when that happens you will see a 'deleted' notification.
Soft-deleted users cannot be access using users/id - hence the error you are seeing.
However, soft-deleted resources in Azure AD can be accessed using the special deletedItems API:
https://learn.microsoft.com/en-us/graph/api/directory-deleteditems-get?view=graph-rest-1.0