SDS reports insufficient privileges on import

Question

Hi There,We've been using classic SDS for a couple of years now to create edu teams for our classes. We have a profile set up for this using "CSV Files: SDS format". Never experienced much troubles with that. Errors could usually be fixed by reading the error report.Up until this schoolyear. This year we are getting a lot of errors concerning "insufficient privileges". Entries like:&nbsp;EntryStatus: ErrorEntryType: SchoolStudentsErrorCode:&nbsp;AzureActiveDirectoryInsufficientRightsErrorMessage:&nbsp;Insufficient privileges to complete the operation.JoiningValue: School_3MitigationSteps: &lt;empty&gt;Operation: UpdateRecordedTime: &lt;some date&gt;TenantActionable: trueReportableIdentifier: 3&nbsp;About a thousand of those error are shown.EntryType has 4 distinct values: Schoolreference, Schoolstudents, Schoolteachters or SectionReferenceJoiningValue varies from School_3 up to School_6&nbsp;ReportableIdentifier changes with the JoiningValue&nbsp;I have no clue as to what SDS is trying to do. Don't know what the problem is other than insufficient privileges.&nbsp;Is there a place (log or something) which will explain what is going on?&nbsp;regards&nbsp;Peter&nbsp;

peter_kaagman · Answer

Creating new teams, even when keeping the old ones, is not an option. In that case I would have to explain to around 300 teacher they should use a specific team and not the one that is not updated anymore. Not to mention the burdon of moving content aroud for 1500+ teams (not that all of them would have content)That's a no go.MS Ticket? Seems to be my option at the moment.Peter(krijg het gevoel dat ik net zo goed in het nederlands kan reageren 😉 )

peter_kaagman · Answer

Like to awnser my own question. Got the solution from ms support.

SDS adds members to AUs. Turned out a co-worker hyjacked the AUs and made them of type dynamic membership. After this SDS could no longer add members. Resulting in an insufficient rights error.

speyk_rbroer · Answer

Don't know if you already have a solution, but, have you tried to do a Reset Sync? Or even adding a new sync profile and removing or disabling the old profile? Is the account used to upload still a Global Admin or does it have separate Admin roles to narrow down it's rights?

peter_kaagman · Answer

SPEYK_RBroer&nbsp;&nbsp;Did try full reset. Did not make a new profile yet, that kinda frightens me. I don't want to loose data.The account running the workflow is a full global global admin. But I get the error even when I sync by hand using the global admin account.&nbsp;Thanks for your reply.&nbsp;Peter

speyk_rbroer · Answer

I think a new profile is still a possibility to resolve your issues, but true, if you have data in active teams I also wouldn't risk it.

But also, if you don't mix the numbers for the teams with a new upload in a new profile, it would create new teams with the same sectionnumber and a add-on of 4 random numbers. So the teams would exist next to each other and you don't lose data. In that case, the question is, can you live with all teams doubled? Would the teachers and students recognize and use the correct team, etcetera. All in all, I think this would not be the preferable way to solve it and should be used very carefully.

Do you have considered opening a ticket with Microsoft?

Forum Discussion

SDS reports insufficient privileges on import

5 Replies

Resources