Hi, I don’t think ADFS returns the wrong information(claims) as it queries the Active Directory(assuming default provider that is). As you mentioned the old and the new user are sharing the same email address and that you cleared it, just to be sure here, was this done in AD or on the disabled User in CRM? Can we confirm the old collegeau’s AD user object wasn’t re-used for the new user? If I were you I would check the ActiveDirectoryGuid column within “SystemUserBase” table and within AD see how the disabled and the new user matches the new colleagues ObjectGUID in AD. Best regards. /Philip