Blog Post

Azure Database Support Blog
3 MIN READ

Azure Data Sync: Fixing “Cannot find the user ‘DataSync_executor’” When Creating a New Sync Group

Mohamed_Baioumy_MSFT's avatar
Apr 22, 2026

Summary

When creating a new Azure SQL Data Sync group, customers may encounter the following error during setup—even when no active sync groups exist:

“Failed to perform data sync operation: Cannot find the user 'DataSync_executor', because it does not exist or you do not have permission.”

This failure typically occurs during certificate and symmetric key creation as Azure attempts to grant permissions to the DataSync_executor role. In this post, we’ll walk through:

  • The common scenario where this issue appears
  • Why cleanup scripts alone may not fix it
  • A supported, reliable resolution approach to restore Data Sync successfully

The Problem Scenario

A customer attempts to create a brand-new Azure SQL Data Sync group (hub + members), but the operation fails with an error similar to:

Cannot find the user 'DataSync_executor', because it does not exist or you do not have permission. Creating certificate Creating symmetric key Granting permission to [DataSync_executor] on certificate

Key observations from affected cases:

  • No active sync group exists
  • Cleanup scripts (including Data Sync complete cleanup.sql) were already executed
  • The failure persists even after retrying the setup

Why This Happens

Azure SQL Data Sync depends on system-managed database roles that must be created and configured only by the Azure Data Sync service itself.

If these roles (or related permissions) are:

  • Missing
  • Partially deleted
  • Left in an inconsistent state

then Data Sync may fail while attempting to create certificates or grant required permissions.

Important:
Manually creating or partially restoring these roles is not supported and often leads to repeated failures.

How to Detect the Issue

Before troubleshooting further, confirm whether the required Data Sync roles are missing.

1. Run the Data Sync Health Checker

Ask the customer to run Data Sync Health Checker, then review SyncDB_Log.

Common warnings include:

  • DataSync_reader IS MISSING
  • DataSync_executor IS MISSING
  • Missing EXECUTE/SELECT permissions on dss and TaskHosting schemas

This confirms the root cause is role and permission inconsistency.

Supported and Effective Resolution

Step 1: Verify Roles Are Missing

Run the following query on each affected database (hub and members):

SELECT name
FROM sys.database_principals
WHERE name IN ('DataSync_executor', 'DataSync_reader');

If no rows are returned, the roles are missing and must be recovered by Azure Data Sync itself - not manually.

Step 2: Fully Clean Up Leftover Data Sync Objects

Do this only if the database is not actively syncing

-- Remove roles if partially present
DROP ROLE IF EXISTS DataSync_executor;
DROP ROLE IF EXISTS DataSync_reader;

-- Drop DataSync schema
IF EXISTS (SELECT 1 FROM sys.schemas WHERE name = 'DataSync')
BEGIN
    DROP SCHEMA DataSync;
END

This ensures there are no partial or orphaned Data Sync objects left behind that could interfere with setup.

Step 3: Recreate the Sync Group (Critical Step)

Do not manually recreate roles or permissions
Instead:

  1. Delete the existing (failed) Sync Group from the Azure Portal
  2. Recreate the Sync Group from scratch
  3. Re-add the hub and member databases

During this process, Azure will automatically:

  • Recreate DataSync_executor and DataSync_reader
  • Assign all required permissions
  • Deploy the correct schemas, certificates, and procedures

Key Takeaways

  • DataSync_executor and DataSync_reader are service-managed roles
  • Cleanup scripts alone may not fully reset a broken state
  • Manual role creation is not supported
  • Deleting and recreating the Sync Group is the only reliable recovery method once roles are missing

Final Recommendation

If you encounter Data Sync setup failures referencing DataSync_executor, always:

  1. Validate role existence
  2. Fully clean up broken artifacts
  3. Let Azure Data Sync recreate everything by rebuilding the Sync Group

This approach consistently resolves the issue and restores a healthy Data Sync deployment.

Published Apr 22, 2026
Version 1.0
No CommentsBe the first to comment