Invalid users in Dynamics 365 Finance
Users in any Microsoft Dynamics 365 finance and operations environment must comply with Microsoft guidelines to avoid sign-in failures. As of Dynamics 365 Finance version 10.0.39, administrators can use the Invalid users page to view details about invalid users.
To view invalid users, follow these steps.
- Go System administration > Invalid users.
- Select Refresh. This page shows a list of users who require attention from the system administrator. If there are no invalid users, the page is blank.
The following sections describe the three types of invalid users that must be addressed.
Users who aren't found in Microsoft Entra ID
All finance and operations apps users must be present in your Microsoft Entra ID tenant. Administrators can directly add users to your tenant through the Microsoft Entra ID portal. For more information, see Add or delete users.
You can use business-to-business (B2B) functionality to include these users in Microsoft Entra ID. For more information, see Export business-to-business (B2B) users to Microsoft Entra ID.
Users whose telemetry ID doesn't match the object ID from Microsoft Entra ID
For sign-in functionality to work correctly, the telemetry ID of a user in finance and operations apps must be aligned with the object ID of the same user in Microsoft Entra ID. If the IDs don't match, we recommend that you delete and then reimport the user. For more information, see Find the user object ID.
- Verify that a user who has the corresponding email address exists in your Microsoft Entra ID.
- Delete the user from finance and operations apps. Note the user roles before deleting so the roles can be added back after reimporting the users.
- Reimport the user. For more information, see Create new users.
If this process is challenging or requires substantial effort, administrators can update the email address on the Users page to a different user email that is present in Microsoft Entra ID and change it back to the original email of the user. That change repopulates the object ID for the new email.
Users whose email address contains an invalid "MAIL#" prefix
Previously, some customers who had trouble signing in were advised to append the prefix "MAIL#" to their Gmail or Live email address. Because the issue has now been fixed, an administrator must follow these steps to remove the prefix from email addresses.
- Go to Users.
- Select Edit to remove the prefix from the email addresses.
Users with duplicate telemetry IDs
Telemetry IDs are unique identifiers for every user. Duplicate telemetry IDs can cause serious security issues, such as user impersonation or inappropriate access levels. It's essential to ensure that each user has a distinct telemetry ID. To ensure compliance, delete and reimport or edit the affected users to repopulate unique telemetry IDs from Microsoft Entra ID.
Important Note: Say if three users share the same telemetry ID and one user has the correct ID, the system will only flag the two incorrect users. The user with the correct ID isn't marked as invalid.
Duplicate Users
Duplicate users imply users who have the same email address. This can cause inconsistent behavior due to conflicting roles or settings. You must ensure that every user has a unique email address.
To make these users compliant, you must delete the duplicates from System Administration -> Users page and ensure that only one user exists per email.
Automated fix
Some user issues can be automatically resolved using the "Repair Telemetry IDs" button. This feature performs the following actions:
- Repair Incorrect Telemetry IDs: Fix users listed in Microsoft Entra ID but with incorrect telemetry IDs in the finance and operations environment.
- Handle Missing Users in Microsoft Entra ID: If a user isn't present in Microsoft Entra ID, their telemetry ID is set to null. Admins need to add these users to Microsoft Entra ID and run the repair again.
- Fix Users with Duplicate Telemetry IDs: Correct the telemetry ID for the user existing in Microsoft Entra ID and set it to null for the others.
- Disable Duplicate Users: For security reasons, duplicate users with the same email is disabled, and their telemetry IDs set to null. The admins must ensure each user is unique and remove duplicates to resolve this issue.