We received some support cases when customers encounter the error below while trying to add an AAD security group to their Azure SQL Database or Azure SQL managed instance. In this blog article, we will be listing a few points to be checked to troubleshoot this error and can help you to identify the cause.
Msg 33130, Level 16, State 1, Line 1
Principal 'XYZ' could not be found or this principal type is not supported.
Quick notes before we start, please make sure you have an AAD admin set to your Azure SQL. This can be checked from Azure portal -> Azure SQL server or Managed instance -> Azure Active Directory Admin (as below):
In case you faced this error, you can check the below points to help you to identify the cause and resolve it:
1) Validate that the User\security group you are trying to add in the associated Azure Active directory, you can check from Azure portal -> Azure Active Directory -> Users\Groups.
2) Having extra white spaces within the AAD group name and this can be checked by following the below steps:
Access your Azure Active Directory on Azure Portal -> Users or Groups -> Select the users\groups and click on Download Groups.
This action will export the selected groups to a CSV file.
Open the excel check and verify if you have any white spaces at the beginning or the end of the User\group name.
If this was the cause, you can alter the group name by following this article.
3) Make sure that your AAD user or security group name does not have any reserved characters that are used by SQL, as this can affect the syntax of your query. For example, the characters  as per the below:
Group name : [Azure] GroupName
In this scenario you need to take into consideration altering the script to allow having these characters as below:
CREATE USER [[Azure]] GroupName] FROM EXTERNAL PROVIDER
4) In case you are trying to add a service principle, you can use the objectID to add it to your Azure SQL database, using the script below:
CREATE USER [Azure_AD_Object] FROM EXTERNAL PROVIDER
You can get the object ID from Azure Portal à Azure Active Directory -> Enterprise Applications.