Share via

How to fix AADSTS65001

HASSAN BIN NASIR DAR 351 Reputation points
Jan 11, 2023, 11:14 PM

Hi,

I am going to tenant to tenant migration by bititan. For the modern authentication, I have registered a new app registration in Azure AD. I am getting this error:

our migration failed while checking destination credentials. AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxxxx' named 'MYAPP'. Send an interactive authorization request for this user and resource. Trace ID: xxxxxxxxxxxxxxxxxx Correlation ID: xxxxxxxxxxxxxxxxxxxx Timestamp: 2023-01-11 10:37:54Z

Can you give me any tip to resolve this issue?

I had followed these steps: (Please find snapshots)

1

2

3

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,553 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Matthew Bechtol 481 Reputation points
    Feb 27, 2023, 5:50 AM

    This error means it need either admin or user consent

    to add admin consent

    go to application

    then API permissions

    select Grant admin consent

    0 comments
  2. JamesTran-MSFT 36,816 Reputation points Microsoft Employee
    Feb 27, 2023, 10:29 PM

    @Anonymous

    Thank you for your detailed post and I apologize for the delayed response!

    Error Message:

    AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxxxx' named 'MYAPP'. Send an interactive authorization request for this user and resource. Trace ID: xxxxxxxxxxxxxxxxxx Correlation ID: xxxxxxxxxxxxxxxxxxxx Timestamp: 2023-01-11 10:37:54Z

    From your error message, this usually occurs when you missed granting admin consent to the added scope while retrieving an access token. As shown in your second screenshot, it looks like you added the API permission EWS.AccessAsUser.All, and needed to Grant admin consent.

    To resolve your issue, please make sure you grant admin consent:

    1. Sign in to the Azure portal with one of the roles listed in the prerequisites section.
    2. Select Azure Active Directory, and then select App registrations.
    3. Select the application to which you want to grant tenant-wide admin consent.
    4. Select API permissions.
    5. Carefully review the permissions that the application requires. If you agree, select Grant admin consent.

    User's image

    I hope this helps!

    Additional Links:

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.