Principal ***** does not exist in the directory ****

Published 12-02-2020 02:37 AM 2,852 Views
Microsoft

It’s been observed that Users while configuring any management service feature like Vulnerability Assessment , Auditing , Threat protection etc. for their Azure SQL DB/Server seldom fails with an error message { “:\”PrinicipalNotFound\”,\”message\”:\”Principal ***** does not exist in the directory ****. \”}  with HTTPS status code 400 (bad request)

 

This error states , There is no Azure AD Identity assigned  for your Azure SQL Server or

when the portal/Powershell try to use the Application ID instead of the Object ID in role assignment. To solve the problem you may need to create an Azure AD  identity and assign the identity to the Azure SQL logical server with below steps.

 

  • Open a new cloud shell window  from the top right side of  azure portal or you may use PowerShell to connect with your Azure subscription.
     
     
     
     
     
     

    capture24.PNG

  • Paste the below PowerShell code and execute it ,  it will create a function(Assign-AzSQLidentity)  for the current PowerShell session.
    Function Assign-AzSQLidentity
    {
    Param
      (
        [parameter(Mandatory=$true)][string]$ResourceGroup,
        [parameter(Mandatory=$true)][string]$ServerName
        )
    "Checking if server identity exists..."
    if(Get-AzADServicePrincipal -DisplayName $ServerName)
        {
    "Server identity already exists"
    Get-AzADServicePrincipal -DisplayName $ServerName
        }
    else {
    "Server identify for server " + $ServerName + " does not exist"
    "Assigning identity to server " + $ServerName
    Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity
        }
      
           }
  • Use the function and execute it on Command Window , you need to Provide the parameters Resource Group and SQL Server name when prompts.
    Assign-AzSQLidentity
  • Once the Identity is assigned , Please retry the management operation (Setting Auditing /VA etc..) , it should work now.

     

     I hope this helps , Please let me know if you have any feedback or queries on it on the comment section .

    Thank you @Yochanan Rachamim for guidance.

1 Comment
Microsoft

Good Job!

%3CLINGO-SUB%20id%3D%22lingo-sub-1948379%22%20slang%3D%22en-US%22%3ERe%3A%20Principal%20*****%20does%20not%20exist%20in%20the%20directory%20****%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1948379%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20teclas%20de%20meu%20teclado%20wireless%20microsoft%20conectado%20com%20PC%20windows%207%20est%C3%A3o%20com%20delay.%26nbsp%3B%20Algu%C3%A9m%20pode%20me%20ajudar%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1951066%22%20slang%3D%22en-US%22%3ERe%3A%20Principal%20*****%20does%20not%20exist%20in%20the%20directory%20****%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1951066%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20Job!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1948026%22%20slang%3D%22en-US%22%3EPrincipal%20*****%20does%20not%20exist%20in%20the%20directory%20****%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1948026%22%20slang%3D%22en-US%22%3E%3CP%3EIt%E2%80%99s%20been%20observed%20that%20Users%20while%20configuring%20any%20management%20service%20feature%20like%20Vulnerability%20Assessment%20%2C%20Auditing%20%2C%20Threat%20protection%20etc.%20for%20their%20Azure%20SQL%20DB%2FServer%20seldom%20fails%20with%20an%20error%20message%20%3CSTRONG%3E%7B%20%E2%80%9C%3A%5C%E2%80%9DPrinicipalNotFound%5C%E2%80%9D%2C%5C%E2%80%9Dmessage%5C%E2%80%9D%3A%5C%E2%80%9DPrincipal%20*****%20does%20not%20exist%20in%20the%20directory%20****.%20%5C%E2%80%9D%7D%26nbsp%3B%20%3C%2FSTRONG%3Ewith%20HTTPS%20status%20code%20400%20(bad%20request)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThis%20error%20states%20%2C%20There%20is%20no%20Azure%20AD%20Identity%20assigned%26nbsp%3B%20for%20your%20Azure%20SQL%20Server%20or%3C%2FP%3E%0A%3CP%3Ewhen%20the%20portal%2FPowershell%20try%20to%20use%20the%20Application%20ID%20instead%20of%20the%20Object%20ID%20in%20role%20assignment.%20To%20solve%20the%20problem%20you%20may%20need%20to%20create%20an%20Azure%20AD%26nbsp%3B%20identity%20and%20assign%20the%20identity%20to%20the%20Azure%20SQL%20logical%20server%20with%20below%20steps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOpen%20a%20new%20cloud%20shell%20window%26nbsp%3B%20from%20the%20top%20right%20side%20of%20%26nbsp%3Bazure%20portal%20or%20you%20may%20use%20PowerShell%20to%20connect%20with%20your%20Azure%20subscription.%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_1%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_2%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_3%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_4%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_5%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorSwabhiman_Das_6%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22capture24.PNG%22%20style%3D%22width%3A%20392px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F237328i75599EE6170F1641%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22capture24.PNG%22%20alt%3D%22capture24.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3EPaste%20the%20below%20PowerShell%20code%20and%20execute%20it%20%2C%20%26nbsp%3Bit%20will%20create%20a%20function(%3CSTRONG%3EAssign-AzSQLidentity%3C%2FSTRONG%3E)%20%26nbsp%3Bfor%20the%20current%20PowerShell%20session.%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EFunction%20Assign-AzSQLidentity%0A%7B%0AParam%0A%20%20(%0A%20%20%20%20%5Bparameter(Mandatory%3D%24true)%5D%5Bstring%5D%24ResourceGroup%2C%0A%20%20%20%20%5Bparameter(Mandatory%3D%24true)%5D%5Bstring%5D%24ServerName%0A%20%20%20%20)%0A%22Checking%20if%20server%20identity%20exists...%22%0Aif(Get-AzADServicePrincipal%20-DisplayName%20%24ServerName)%0A%20%20%20%20%7B%0A%22Server%20identity%20already%20exists%22%0AGet-AzADServicePrincipal%20-DisplayName%20%24ServerName%0A%20%20%20%20%7D%0Aelse%20%7B%0A%22Server%20identify%20for%20server%20%22%20%2B%20%24ServerName%20%2B%20%22%20does%20not%20exist%22%0A%22Assigning%20identity%20to%20server%20%22%20%2B%20%24ServerName%0ASet-AzSqlServer%20-ResourceGroupName%20%24ResourceGroup%20-ServerName%20%24ServerName%20-AssignIdentity%0A%20%20%20%20%7D%0A%20%20%0A%20%20%20%20%20%20%20%7D%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLI%3E%0A%3CLI%3EUse%20the%20function%20and%20execute%20it%20on%20Command%20Window%20%2C%20you%20need%20to%20Provide%20the%20parameters%20Resource%20Group%20and%20SQL%20Server%20name%20when%20prompts.%3CPRE%20class%3D%22lia-code-sample%20language-powerquery%22%3E%3CCODE%3EAssign-AzSQLidentity%3C%2FCODE%3E%3C%2FPRE%3E%3C%2FLI%3E%0A%3CLI%3E%3CP%3EOnce%20the%20Identity%20is%20assigned%20%2C%20Please%20retry%20the%20management%20operation%20(Setting%20Auditing%20%2FVA%20etc..)%20%2C%20it%20should%20work%20now.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3EI%20hope%20this%20helps%20%2C%20Please%20let%20me%20know%20if%20you%20have%20any%20feedback%20or%20queries%20on%20it%20on%20the%20comment%20section%20.%3C%2FP%3E%0A%3CP%3EThank%20you%20%3CA%20href%3D%22mailto%3Ayocr%40microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%40Yochanan%20Rachamim%3C%2FA%3E%20for%20guidance.%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Mar 21 2021 10:56 PM
Updated by: