%3CLINGO-SUB%20id%3D%22lingo-sub-1948379%22%20slang%3D%22en-US%22%3ERe%3A%20Principal%20*****%20does%20not%20exist%20in%20the%20directory%20****%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1948379%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20teclas%20de%20meu%20teclado%20wireless%20microsoft%20conectado%20com%20PC%20windows%207%20est%C3%A3o%20com%20delay.%26nbsp%3B%20Algu%C3%A9m%20pode%20me%20ajudar%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1948026%22%20slang%3D%22en-US%22%3EPrincipal%20*****%20does%20not%20exist%20in%20the%20directory%20****%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1948026%22%20slang%3D%22en-US%22%3E%3CP%3EIt%E2%80%99s%20been%20observed%20that%20Users%20while%20configuring%20any%20management%20service%20feature%20like%20Vulnerability%20Assessment%20%2C%20Auditing%20%2C%20Threat%20protection%20etc.%20for%20their%20Azure%20SQL%20DB%2FServer%20seldom%20fails%20with%20an%20error%20message%20%3CSTRONG%3E%7B%20%E2%80%9C%3A%5C%E2%80%9DPrinicipalNotFound%5C%E2%80%9D%2C%5C%E2%80%9Dmessage%5C%E2%80%9D%3A%5C%E2%80%9DPrincipal%20*****%20does%20not%20exist%20in%20the%20directory%20****.%20%5C%E2%80%9D%7D%26nbsp%3B%20%3C%2FSTRONG%3Ewith%20HTTPS%20status%20code%20400%20(bad%20request)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThis%20error%20states%20%2C%20There%20is%20no%20Azure%20AD%20Identity%20assigned%26nbsp%3B%20for%20your%20Azure%20SQL%20Server%20.%20To%20solve%20the%20problem%20you%20may%20need%20to%20create%20an%20Azure%20AD%26nbsp%3B%20identity%20and%20assign%20the%20identity%20to%20the%20Azure%20SQL%20logical%20server%20with%20below%20steps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOpen%20a%20new%20cloud%20shell%20window%26nbsp%3B%20from%20the%20top%20right%20side%20of%20%26nbsp%3Bazure%20portal%20or%20you%20may%20use%20PowerShell%20to%20connect%20with%20your%20Azure%20subscription.%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_1%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_2%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_3%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_4%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_5%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_6%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22capture24.PNG%22%20style%3D%22width%3A%20392px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F237328i75599EE6170F1641%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22capture24.PNG%22%20alt%3D%22capture24.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3EPaste%20the%20below%20PowerShell%20code%20and%20execute%20it%20%2C%20%26nbsp%3Bit%20will%20create%20a%20function(%3CSTRONG%3EAssign-AzSQLidentity%3C%2FSTRONG%3E)%20%26nbsp%3Bfor%20the%20current%20PowerShell%20session.%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EFunction%20Assign-AzSQLidentity%0A%7B%0AParam%0A%20%20(%0A%20%20%20%20%5Bparameter(Mandatory%3D%24true)%5D%5Bstring%5D%24ResourceGroup%2C%0A%20%20%20%20%5Bparameter(Mandatory%3D%24true)%5D%5Bstring%5D%24ServerName%0A%20%20%20%20)%0A%22Checking%20if%20server%20identity%20exists...%22%0Aif(Get-AzADServicePrincipal%20-DisplayName%20%24ServerName)%0A%20%20%20%20%7B%0A%22Server%20identity%20already%20exists%22%0AGet-AzADServicePrincipal%20-DisplayName%20%24ServerName%0A%20%20%20%20%7D%0Aelse%20%7B%0A%22Server%20identify%20for%20server%20%22%20%2B%20%24ServerName%20%2B%20%22%20does%20not%20exist%22%0A%22Assigning%20identity%20to%20server%20%22%20%2B%20%24ServerName%0ASet-AzSqlServer%20-ResourceGroupName%20%24ResourceGroup%20-ServerName%20%24ServerName%20-AssignIdentity%0A%20%20%20%20%7D%0A%20%20%0A%20%20%20%20%20%20%20%7D%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLI%3E%0A%3CLI%3EUse%20the%20function%20and%20execute%20it%20on%20Command%20Window%20%2C%20you%20need%20to%20Provide%20the%20parameters%20Resource%20Group%20and%20SQL%20Server%20name%20when%20prompts.%3CPRE%20class%3D%22lia-code-sample%20language-powerquery%22%3E%3CCODE%3EAssign-AzSQLidentity%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLI%3E%0A%3CLI%3E%3CP%3EOnce%20the%20Identity%20is%20assigned%20%2C%20Please%20retry%20the%20management%20operation%20(Setting%20Auditing%20%2FVA%20etc..)%20%2C%20it%20should%20work%20now.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3EI%20hope%20this%20helps%20%2C%20Please%20let%20me%20know%20if%20you%20have%20any%20feedback%20or%20queries%20on%20it%20on%20the%20comment%20section%20.%3C%2FP%3E%0A%3CP%3EThank%20you%20%3CA%20href%3D%22mailto%3Ayocr%40microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40Yochanan%20Rachamim%3C%2FA%3E%20for%20guidance.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1951066%22%20slang%3D%22en-US%22%3ERe%3A%20Principal%20*****%20does%20not%20exist%20in%20the%20directory%20****%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1951066%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20Job!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

It’s been observed that Users while configuring any management service feature like Vulnerability Assessment , Auditing , Threat protection etc. for their Azure SQL DB/Server seldom fails with an error message { “:\”PrinicipalNotFound\”,\”message\”:\”Principal ***** does not exist in the directory ****. \”}  with HTTPS status code 400 (bad request)

 

This error states , There is no Azure AD Identity assigned  for your Azure SQL Server . To solve the problem you may need to create an Azure AD  identity and assign the identity to the Azure SQL logical server with below steps.

 

  • Open a new cloud shell window  from the top right side of  azure portal or you may use PowerShell to connect with your Azure subscription.
     
     
     
     
     
     

    capture24.PNG

  • Paste the below PowerShell code and execute it ,  it will create a function(Assign-AzSQLidentity)  for the current PowerShell session.
    Function Assign-AzSQLidentity
    {
    Param
      (
        [parameter(Mandatory=$true)][string]$ResourceGroup,
        [parameter(Mandatory=$true)][string]$ServerName
        )
    "Checking if server identity exists..."
    if(Get-AzADServicePrincipal -DisplayName $ServerName)
        {
    "Server identity already exists"
    Get-AzADServicePrincipal -DisplayName $ServerName
        }
    else {
    "Server identify for server " + $ServerName + " does not exist"
    "Assigning identity to server " + $ServerName
    Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity
        }
      
           }
  • Use the function and execute it on Command Window , you need to Provide the parameters Resource Group and SQL Server name when prompts.
    Assign-AzSQLidentity
  • Once the Identity is assigned , Please retry the management operation (Setting Auditing /VA etc..) , it should work now.

     

     I hope this helps , Please let me know if you have any feedback or queries on it on the comment section .

    Thank you @Yochanan Rachamim for guidance.

1 Comment
Microsoft

Good Job!