Home > Mobile >  Granting Azure SQL MI -> AD read permissions fails with error 400, Invalid object identifier 
Granting Azure SQL MI -> AD read permissions fails with error 400, Invalid object identifier 

Time:10-15

I have a new Azure AD

I've switched my subscription over to it

I created a SQL Server managed instance

I went to the SQL Server MI, and to the active directory admin section of the MI.

I attempted to grant read permissions to the AD via the "click here to grand read permissions link"

I received the following error enter image description here

Any clues?

CodePudding user response:

While clicking on the Grant permissions it should automatically take the User objectId who has logged in to the portal and check the permissions for the user if the user has Global administrator / Directory Reader role(Preview) in the Tenant Or Subscription and finally will perform the operation.

But as you have created a new AD tenant and added it to the subscription it sometimes fails to sync (tenant and subscription) and as per the error Invalid object Identifier null it fails to get the user details .

So, the Issue can be fixed by logging in to the portal from a private window of the browser or signing out of the portal,then clearing the cache of the browser and relogging.

  • Related