-
Title
Intermittent latency with connection to Entra servers -
Description
When an Entra ID domain is replicated between multiple data centers, a delay in replicating newly configured groups can cause problems with updating group memberships.
This can result in errors in the log like the following:
[ODataError]: Code: Request_ResourceNotFound - Message: Resource '0e09b705-9d59-429f-b226-b2045c093e28' does not exist or one of its queried reference-property objects are not present.
-
Cause
This is caused by changes to the group structures in the EntraID domain taking time to propagate between data centers before the groups can be updated. The biggest "problem" about this is that groups may be duplicated (i.e. created multiple times) while waiting for the data to propagate.
-
Resolution
To work around this issue, it is recommended to configure the synchronization project as follows:
-
add a second matching criteria (perhaps the name) to reduce the risk of multiple copies of the group being created.
-
Set the retry of the job to a higher interval.
This is a workaround as the underlying issue is high latency in returning data from EntraID.
Additionally, an Enhancement request to the Azure connector is in the works to add better handling of this phenomenon to the connector. (Enhancemend ID: 499065)
This enhancement will be included in a future release.
-