![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 79%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hey Martin! It looks like you're encountering a frustrating issue with the Microsoft Entra Connect setup due to the missing service principal for the Microsoft Password Reset Service. Here are some steps you can take to address the situation:
- Verify Service Principal Existence: Make sure the service principal for the Microsoft Password Reset Service (App ID:
93625bc8-bfe2-437a-97e0-3d0060024faa) actually exists in your directory. You can check this in the Microsoft Entra admin center:- Go to Enterprise applications and select All applications.
- Search for the application ID listed above.
- Recreate the Service Principal: If the service principal is missing, you can recreate it using Microsoft Graph PowerShell:
- First, ensure you have the Microsoft Graph PowerShell SDK installed. If not, install it using:
Install-Module Microsoft.Graph -Scope CurrentUser - Then, execute the following command:
New-MgServicePrincipal -AppId "93625bc8-bfe2-437a-97e0-3d0060024faa"
- First, ensure you have the Microsoft Graph PowerShell SDK installed. If not, install it using:
- Assign Required Permissions: After creating the service principal, ensure it has the necessary permissions to operate. You may need to assign the appropriate roles:
- Make sure to give it Directory Readers permission.
- Admin Consent: Since you've mentioned that you've already tried admin consent via the Azure Portal, double-check that you've completed this step properly:
- Navigate to the App registrations section in the Azure portal and confirm admin consent is granted.
- Consult Additional Documentation: For a comprehensive understanding of accounts and permissions, you can refer to the following resources:
If these steps don't resolve your issue, here are a few follow-up questions that could help pinpoint the problem:
- Have you checked if the app ID
93625bc8-bfe2-437a-97e0-3d0060024faais indeed registered in your Microsoft Entra directory? - Are you running into any permission-related issues when trying to recreate the service principal?
- Can you verify that the service principal you created has been granted the necessary permissions to operate?
- Are there any specific features or configurations within Entra Connect that you have opted out of that might require additional permissions?
Hope this helps you get closer to resolving the setup! Let me know if you have any further questions.
Note: This content was drafted with the help of an AI system. Please verify the information before relying on it for decision-making.