question

EmondPapegaaij-7990 avatar image
0 Votes"
EmondPapegaaij-7990 asked MichaelHan-MSFT commented

Intermittent 404 on just created users using the Graph API

We are working on an integration between our application and Azure AD where we provision user accounts using the Graph API. In our tests, we sometimes see that a newly created user seems to be gone on a subsequent request and pop up again later on. A great example of this, is the following sequence of requests:

 2021-10-03 15:13:19,125 Starting to send request, URL https://graph.microsoft.com/v1.0/users
 2021-10-03 15:13:19,125 Request Method POST
 2021-10-03 15:13:19,299 Response code 201, Created
    
 2021-10-03 15:13:19,301 Starting to send request, URL https://graph.microsoft.com/v1.0/users/o-internal@testtopicuskeyhub.onmicrosoft.com
 2021-10-03 15:13:19,301 Request Method PATCH
 2021-10-03 15:13:19,403 Response code 204, No Content
    
 2021-10-03 15:13:19,405 Starting to send request, URL https://graph.microsoft.com/v1.0/users/o-internal@testtopicuskeyhub.onmicrosoft.com?%24select=accountEnabled%2CdisplayName%2CgivenName%2Cmail%2CmailNickname%2CuserPrincipalName%2ClastPasswordChangeDateTime
 2021-10-03 15:13:19,405 Request Method GET
 2021-10-03 15:13:19,564 Response code 404, Not Found

 2021-10-03 15:13:19,941 Starting to send request, URL https://graph.microsoft.com/v1.0/users?%24select=accountEnabled%2Cid&%24filter=userPrincipalName%20eq%20%27o-internal%40testtopicuskeyhub.onmicrosoft.com%27
 2021-10-03 15:13:19,941 Request Method GET
 2021-10-03 15:13:19,989 Response code 200, OK
    
 2021-10-03 15:13:19,997 Starting to send request, URL https://graph.microsoft.com/v1.0/users/8d8f02f0-16ed-4de3-87c6-be05312f6655
 2021-10-03 15:13:19,997 Request Method DELETE
 2021-10-03 15:13:20,110 Response code 204, No Content

Here, the user is created at 15:13:19,125 and patched at 15:13:19,301, but when it's read at 15:13:19,405, it seems to be gone. However, at 15:13:19,941 it's back again and at 15:13:19,997 it's deleted. We see similar problems in other places. Sometimes that patch fails, sometimes when a user is added to security groups, the API later reports that the user was not. It seems the Graph API is eventual consistent. All I could find about that is the Consistencylevel header used for some advanced queries, but we don't use those. Is this expected behavior for the Graph API, or are we missing something?

Best regards,
Emond Papegaaij

microsoft-graph-users
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MichaelHan-MSFT avatar image
0 Votes"
MichaelHan-MSFT answered MichaelHan-MSFT commented

Hi @EmondPapegaaij-7990,

There is a delay when adding the user to aad.

The same question has been discussed here: https://stackoverflow.com/questions/64114405/delay-when-adding-user


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MichaelHan-MSFT ,

Thanks for your answer. As you can see in the logs, we are not experiencing a delay, but intermittent behavior. On the first request after creating the user, it exists, but then the request thereafter fails. It seems the Graph API uses an eventual consistent scheme, probably somewhere in the database replication, which can cause a request to land on a database that has not yet been updated. This is fine, but we need a way to deal with this behavior. Simply waiting a long time and hoping it's long enough is not an option for us. Is there any way to make sure the synchronization is complete?

Best regards,
Emond

0 Votes 0 ·
MichaelHan-MSFT avatar image MichaelHan-MSFT EmondPapegaaij-7990 ·

@EmondPapegaaij-7990,

We could reproduce the sync issue for newly created user. Currently, we need to give ample amount of time to commit/reflect the data back.

0 Votes 0 ·