AAD User Account Doesn't Exist... RRS feed

  • Question

  • In attempting to authorize Power BI in our D365 Finance and Operations Enterprise (AX) demo environment we are getting the following error related to Azure Active Directory and I am struggling to get a resolution.

    AADSTS50020: User account 'tmercurio@turnkeytec.com' from identity provider 'https://sts.windows.net/e53d2a43-6254-40d3-bf7e-6cb773a25285/' does not exist in tenant 'Test_Test_ContosoAX' and cannot access the application 'a7982f30-1619-4eee-9882-7c852d308434' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

    I am not clear on what the reference to 'Test_Test_ContosoAX' is referring to as I don't see this in any of the details I have reviewed or verified at the present.

    Any input or direction will be greatly appreciated.


    Tony Mercurio

    Thursday, August 17, 2017 1:12 PM


All replies

  • Is 'e53d2a43-6254-40d3-bf7e-6cb773a25285' ID of your Azure AD or it points to 'Test_Test_ContosoAX'?

    You need to provide tenantID of your Azure AD behind 'https://sts.windows.net/'.

    Here is how to get you TenantID:


    Mustafa Toroman, Azure MVP

    • Proposed as answer by Wayne.Yang Friday, August 18, 2017 2:36 AM
    Thursday, August 17, 2017 1:41 PM
  • Mustafa,

    Appreciate the information, unfortunately I am not versed enough in Azure to know how to follow the steps in the URL you provided in order to acquire the GUID information, and then figure out where this needs to be provided "behind https://sts.windows.net".

    Any additional guidance here would be most appreciated.


    Tony Mercurio

    Thursday, August 17, 2017 3:44 PM
  • Go to Azure AD in Azure portal, select app registration. On top of new blade that opens, select 'Endpoints.

    Locate Microsoft Azure AD Graph API Endpoint and copy URL. It will be like https://graph.windows.net/e53d2a43-6254-40d3-bf7e-6cb773a25285

    Everything behind https://graph.windows.net/ is your tenant ID that you need to add behind https://sts.windows.net/ . 

    Mustafa Toroman, Azure MVP

    • Marked as answer by TMercurio Friday, August 18, 2017 8:36 PM
    Thursday, August 17, 2017 10:29 PM
  • I located the details based on your directions and applied this and while I no longer get the AAD error as prior instead now it just throws the HTTP 404 error that the page cannot be found.

    So I am possibly further than before but still not getting the authorization to complete.

    Friday, August 18, 2017 2:44 PM
  • Thank you again for the information and direction. I played around with the setting in the configuration using all the pieces and I have gotten this working at the present and appear to be all set.

    Thank you again!

    Friday, August 18, 2017 8:36 PM
  • Hi Tony,

    I am running into the same issue. What configuration changes did you make to get this to work?


    Wednesday, August 30, 2017 12:15 AM