Perhaps due to some change since this code was written, or an oversight because it was never tested in a live environment, the function in "Get-AzureADIPRiskyUser.ps1" gets users who have been deleted as well as current users.
The result being that if you then take that output over to "Invoke-AzureADIPDismissRiskyUser.ps1" (or even send that output directly to Invoke-MgDismissRiskyUser) there are user ids included that the command deems "invalid".
The "Get-AzureADIPRiskyUser.ps1" code can be modified to include a filter to exclude these deleted users on line 116:
$filterRiskLevel = "(RiskLevel eq '$RiskLevel' and IsDeleted eq false)" -f $RiskLevel
This is probably not the most elegant solution. But it worked for me.
Perhaps due to some change since this code was written, or an oversight because it was never tested in a live environment, the function in "Get-AzureADIPRiskyUser.ps1" gets users who have been deleted as well as current users.
The result being that if you then take that output over to "Invoke-AzureADIPDismissRiskyUser.ps1" (or even send that output directly to Invoke-MgDismissRiskyUser) there are user ids included that the command deems "invalid".
The "Get-AzureADIPRiskyUser.ps1" code can be modified to include a filter to exclude these deleted users on line 116:
$filterRiskLevel= "(RiskLevel eq '$RiskLevel' and IsDeleted eq false)" -f $RiskLevelThis is probably not the most elegant solution. But it worked for me.