Principle 'XYZ' could not be found or this principal type is not supported - Azure SQL DB and MI
Published Sep 01 2022 04:30 AM 56.4K Views
Microsoft

We received some support cases when customers encounter the error below while trying to add an AAD security group to their Azure SQL Database or Azure SQL managed instance. In this blog article, we will be listing a few points to be checked to troubleshoot this error and can help you to identify the cause.

 

Msg 33130, Level 16, State 1, Line 1

Principal 'XYZ' could not be found or this principal type is not supported.

 

Sabrin_Alsahsah_0-1662031024236.png

 

Quick notes before we start, please make sure you have an AAD admin set to your Azure SQL. This can be checked from Azure portal -> Azure SQL server or Managed instance -> Azure Active Directory Admin (as below):

 

Sabrin_Alsahsah_1-1662031044531.png

 

In case you faced this error, you can check the below points to help you to identify the cause and resolve it:

 

1) Validate that the User\security group you are trying to add in the associated Azure Active directory, you can check from Azure portal -> Azure Active Directory -> Users\Groups.  

 

2) Having extra white spaces within the AAD group name and this can be checked by following the below steps:

 

  1. Access your Azure Active Directory on Azure Portal -> Users or Groups -> Select the users\groups and click on Download Groups.    Sabrin_Alsahsah_4-1662031116733.png
  2. This action will export the selected groups to a CSV file.                                                                         Sabrin_Alsahsah_9-1662031733819.png
  3. Open the excel check and verify if you have any white spaces at the beginning or the end of the User\group name.
  4. If this was the cause, you can alter the group name by following this article.

 

3) Make sure that your AAD user or security group name does not have any reserved characters that are used by SQL, as this can affect the syntax of your query. For example, the characters [] as per the below:

Group name : [Azure] GroupName

In this scenario you need to take into consideration altering the script to allow having these characters as below:

 

CREATE USER [[Azure]] GroupName] FROM EXTERNAL PROVIDER

 

 

4) In case you are trying to add a service principle, you can use the objectID to add it to your Azure SQL database, using the script below:

 

CREATE USER [Azure_AD_Object] FROM EXTERNAL PROVIDER

 

 

You can get the object ID from Azure Portal à Azure Active Directory -> Enterprise Applications.

 

For more information: Create Azure AD users using service principals - Azure SQL Database | Microsoft Docs.

 

More information

Azure Active Directory service principal with Azure SQL - Azure SQL Database | Microsoft Docs

CREATE USER (Transact-SQL) - SQL Server | Microsoft Docs

 

I hope this article was helpful for you, please feel free to share your feedback in the comments section. 

 

2 Comments
Co-Authors
Version history
Last update:
‎Sep 18 2022 04:37 AM
Updated by: