Share via

Unable to create Azure AD DS: Missing service principal

YogeshDeshpande-9530 0 Reputation points
2025-05-14T21:42:45.4333333+00:00

During the deployment of Microsoft Entra Domain Services, the following error was encountered:

"The service principal with appId '2565bd9d-da50-47d4-8b85-4c97f669dc36' could not be found in the Azure Active Directory tenant."

It has been confirmed that the account is a Global Administrator, and it has been verified that this appId corresponds to a Microsoft-owned service required by the AD DS backend. An attempt to create the service principal manually returns a 403 error.

Assistance is needed to investigate and restore the missing service principal to complete the Azure AD DS provisioning.

PS C:\Users\yogesh> New-MgServicePrincipal -AppId "2565bd9d-da50-47d4-8b85-4c97f669dc36"
New-MgServicePrincipal : Insufficient privileges to complete the operation.
Status: 403 (Forbidden)
ErrorCode: Authorization_RequestDenied
Date: 2025-05-14T21:23:02
Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : XXXXXX
client-request-id             : XXXXXX
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Australia
East","Slice":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"SY3PEXXXXX"}}
x-ms-resource-unit            : 1
Cache-Control                 : no-cache
Date                          : Wed, 14 May 2025 21:23:02 GMT
At line:1 char:1
+ New-MgServicePrincipal -AppId "2565bd9d-da50-47d4-8b85-4c97f669dc36"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ Headers = , b...vicePrincipal }:<>f__AnonymousType1`2) [New-MgServicePrincipal
   _CreateExpanded], Exception
    + FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.NewMgServicePrincipal_CreateExpanded
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,553 questions
0 comments
Accepted answer
  1. Harshitha Eligeti 3,805 Reputation points Microsoft External Staff Moderator
    2025-05-14T22:38:09.5266667+00:00

    Hello @YogeshDeshpande-9530
    I Understand that the error message indicates that the service principal with the specified appId is missing from your Azure Active Directory tenant. Since you are encountering a 403 error when attempting to create the service principal manually, it suggests that your account may not have sufficient permissions to perform this action, even though you are a Global Administrator.

    To resolve this issue, follow these steps:

    1. First, provide consent for the required scopes by running:
      Connect-MgGraph -Scopes Application.ReadWrite.All, Directory.ReadWrite.All
    2. After that, create the service principal by using the following command:
      New-MgServicePrincipal -AppId "2565bd9d-da50-47d4-8b85-4c97f669dc36"

    For additional Information please refer this document: https://learn.microsoft.com/en-us/entra/identity/domain-services/alert-service-principal#alert-aadds102-service-principal-not-found

    Do let us know if you have any further Queries. we are happy to assist you further.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.