web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Logging on using ADFS ...
Customer experience | Sales, Customer Insights,...
Suggested Answer

Logging on using ADFS provides wrong systemuserid

(0) ShareShare
ReportReport
Posted on by Jeroen J 12

Hi,

Totally new issue for me. In our system (8.2 on premise) I created a new user without any noticeable errors. When the user starts her browser, she navigates to https://ourorganizationurl and gets to logon ADFS. After pressing the [logon] button, she receives a message stating that either her account is disabled or the business unit is disabled.

Both are active. BUT! In the URL of the error message I noticed it stated "The user with SystemUserId 658fcd68-251c-e611-80cd-02bfac10284b in OrganizationContext 0cf95118-02ed-e511-80c5-02bfac10284b is disabled"
The orginazation id is correct, but the userid IS NOT HERS (spooky, huh?).

The systemuserid in the URL is the one of a former colleague who has left us long time ago. Even his AD isn't active anymore. The only link is that they have exactly the same emailaddress. Before creating the new user, I cleared the emailaddress in the deactivated former colleague hoping to prevent problems. Unfortunately that didn't do the trick.

It looks as if ADFS provides the systemuserid of our former colleague out of a (at least three year old) caching or so. Doesn't make sense, but maybe to you?

Any thoughts on how to solve this?

thanks, regards,
Jeroen

I have the same question (0)
  • PhilipK Profile Picture
    PhilipK 613 on at

    Hi, I don't think ADFS returns the wrong information(claims) as it queries the Active Directory(assuming default provider that is).

    As you mentioned the old and the new user are sharing the same email address and that you cleared it, just to be sure here, was this done in AD or on the disabled User in CRM?

    Can we confirm the old collegeau's  AD user object wasn't re-used for the new user?

    If I were you I would check the ActiveDirectoryGuid column within "SystemUserBase" table and within AD see how the disabled and the new user matches the new colleagues ObjectGUID in AD.

    Best regards. /Philip

  • Suggested answer
    Gustavo Longo Profile Picture
    Gustavo Longo on at

    Hello Jeroen,

    Hope you are well.

    This behavior could be related to wrong info in SystemUserAuthentication (SUA) records (MSCRM_CONFIG database).  

    Important tables and cardinalities

    · SystemUser (aka SU) (GEO)

    One record represents one unique user. One user may have an access on multiple orgs.

    · SystemUserAuthentication (aka SUA) (GEO)

    Authentication information for the user. Usually P: and C: AUTHINFO records are for one user.

    · SystemUserOrganization (aka SUO) (GEO)

    One records represents user’s access on one organization.

    · SystemUserBase (aka SUB) (Organization database)

    User record in an organization database.

    Would suggest you to apply the "dummy user" procedure:

    >Edit the affected CRM user

    >Change to an AD dummy user (AD user object which does not belong to Dynamics)

    >Save

    >Change back to affected CRM user

    >Save

    So, using this procedure, you are remapping all references on SU, SUA, SUO and SUB tables.

    Regards,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 70 Super User 2025 Season 2

#2
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 43 Most Valuable Professional

#3
Daniyal Khaleel Profile Picture

Daniyal Khaleel 32 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans