The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Active Directory!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
PrincipalNotFound: Principal xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx does not exist in the directory xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx RRS feed

  • Question

  • I am trying to create a role assignment using the Azure Resource Management REST API.

    https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{role-assignment-id}?api-version={api-version}

    I've verified that the principalID in question does in fact exist. I can also create the assignment using xplat cli and PowerShell using the same PrincipalId. Any ideas why i'm getting this error when attempting this with the REST call?


    Phil Jirsa - Senior Consultant | Rackspace

    Friday, November 20, 2015 3:41 PM

All replies

  • Hello,

    We are researching on the query and would get back to you soon on this.
    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,
    Neelesh
    Saturday, November 21, 2015 2:52 PM
    Moderator
  • Hello Phil,

    Greetings!

    We are pleased to answer your query. With regards to your query, We would appreciate if you can provide fiddler traces while you try to create a role assignment, or provide the entire REST API Request that you are sending. This will help us to answer your query better.

    Best Regards,

    Kamalakar K

    Tuesday, November 24, 2015 9:58 AM
  • Here is my fiddler trace

    request:

    PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments/{roleId}?api-version=2015-07-01 HTTP/1.1
    Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzIwMGFmNjhhLWQwZTAtNGM5Yy1hY2JhLWVlOGQxNzM3ZDIxNy8iLCJpYXQiOjE0NDg5NzcwNTksIm5iZiI6MTQ0ODk3NzA1OSwiZXhwIjoxNDQ4OTgwOTU5LCJhY3IiOiIxIiwiYW1yIjpbInB3ZCJdLCJhcHBpZCI6IjRhYTkwMWVhLTcxNzItNGNmOS1iZDBjLWE3YzY1ZDJiYzBiZCIsImFwcGlkYWNyIjoiMSIsImZhbWlseV9uYW1lIjoiSm9obnNvbiIsImdpdmVuX25hbWUiOiJQYXRyaWNrIiwiZ3JvdXBzIjpbIjFkNjgxODE4LTc5M2QtNGYwNy04NmZkLTZkMTdhMjVhY2Y3MyJdLCJpcGFkZHIiOiI3NS43Mi4xMjkuMjIwIiwibmFtZSI6IlBhdHJpY2sgSm9obnNvbiIsIm9pZCI6ImEzMWU4Zjc5LTQ2OGEtNGI0NS1hNGMzLTNjOTY5ZGM1NDE4YyIsInB1aWQiOiIxMDAzM0ZGRjkwNDc3Qjk5Iiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwic3ViIjoiYURxTDJnazk2U19peEhaYlUwZzR4R0Y5V2QzdjJVcVhqeHlhNmlBaDV1YyIsInRpZCI6IjIwMGFmNjhhLWQwZTAtNGM5Yy1hY2JhLWVlOGQxNzM3ZDIxNyIsInVuaXF1ZV9uYW1lIjoicmF4Y2xvdWRAUmFja3NwYWNlQXp1cmVEZXYwMDEub25taWNyb3NvZnQuY29tIiwidXBuIjoicmF4Y2xvdWRAUmFja3NwYWNlQXp1cmVEZXYwMDEub25taWNyb3NvZnQuY29tIiwidmVyIjoiMS4wIiwid2lkcyI6WyI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiXX0.AqdXpgQaQwTqUpZ9jklbYkXh1ECfxBpxshXeGi9AC80AlZGeCH68uGbUB-T0SvGgx0FEl-ZwmlLZCRLFKmhC_F7jIQQrq0oPDcKQuyZmIg2Vo1eUYDmaOexB5fZoTNKE0X-jFq57qRT8_njhyGal-m57GzqcwZtzv1aKYtCj02a9rstkjVTm_fR8VO43p0kKg8okpVhB0iMG2yImOf_g_mdECE6EZqwjEOceosVDF0iM5kLnRI0CqG_DbGpRThB6vw-NKt3WtOPvxWReukXEo5F4lkxJxt2FLrkjA-NvmcTmfqd_UPGopTRS68SnaMpvALIyo2JVN0dicDqvSMow7g
    User-Agent: Microsoft.Azure.Management.Authorization.AuthorizationManagementClient/1.0.0.0
    Content-Type: application/json; charset=utf-8
    Host: management.azure.com
    Content-Length: 254
    Expect: 100-continue

    {
      "properties": {
        "roleDefinitionId": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}",
        "principalId": "{appId}"
      }
    }

    response:

    HTTP/1.1 400 Bad Request
    Cache-Control: no-cache
    Pragma: no-cache
    Content-Length: 167
    Content-Type: application/json; charset=utf-8
    Expires: -1
    x-ms-request-id: 83edda9d-692b-4947-b9a5-e7c9fdbf26aa
    x-ms-gateway-service-instanceid: PASFE_IN_2
    X-Content-Type-Options: nosniff
    Strict-Transport-Security: max-age=31536000; includeSubDomains
    Set-Cookie: x-ms-gateway-slice=productiona; path=/
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET
    x-ms-ratelimit-remaining-subscription-writes: 1199
    x-ms-correlation-request-id: 1f498cc9-52bd-4ff3-b748-da42e972595b
    x-ms-routing-request-id: SOUTHCENTRALUS:20151201T134422Z:1f498cc9-52bd-4ff3-b748-da42e972595b
    Date: Tue, 01 Dec 2015 13:44:21 GMT

    {"error":{"code":"PrincipalNotFound","message":"Principal {appId} does not exist in the directory 200af68a-d0e0-4c9c-acba-ee8d1737d217."}}

    I have removed sensitive IDs with {} placeholders for posting



    Phil Jirsa - Senior Developer | Rackspace

    Wednesday, December 2, 2015 2:19 PM
  • Hello Phil,

     

    We are pleased to answer your query and sorry for the delay in my response.

     

    This looks like an issue which needs in-depth troubleshooting, we required PLL information and need to look at your AAD application configuration as well to find out the root cause. As this is beyond the purview of the Forums Support, we would request you to create a Technical Ticket so that our engineers can help you appropriately. Also we would need sensitive information regarding the Subscription and Tenant details which should not be disclosed on the Public Forums.

     

    Hope this helps!

    Best Regards

    Kamalakar

    _____________________________________________________________________________________

    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Saturday, December 12, 2015 10:34 AM