How to fix AADSTS65001

HASSAN BIN NASIR DAR 306 Reputation points
2023-01-11T23:14:06.1533333+00:00

Hi,

I am going to tenant to tenant migration by bititan. For the modern authentication, I have registered a new app registration in Azure AD. I am getting this error:

our migration failed while checking destination credentials. AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxxxx' named 'MYAPP'. Send an interactive authorization request for this user and resource. Trace ID: xxxxxxxxxxxxxxxxxx Correlation ID: xxxxxxxxxxxxxxxxxxxx Timestamp: 2023-01-11 10:37:54Z

Can you give me any tip to resolve this issue?

I had followed these steps: (Please find snapshots)

1

2

3

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,663 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Matthew Bechtol 461 Reputation points
    2023-02-27T05:50:05.3666667+00:00

    This error means it need either admin or user consent

    to add admin consent

    go to application

    then API permissions

    select Grant admin consent

    0 comments
  2. JamesTran-MSFT 36,456 Reputation points Microsoft Employee
    2023-02-27T22:29:59.25+00:00

    @Anonymous

    Thank you for your detailed post and I apologize for the delayed response!

    Error Message:

    AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxxxx' named 'MYAPP'. Send an interactive authorization request for this user and resource. Trace ID: xxxxxxxxxxxxxxxxxx Correlation ID: xxxxxxxxxxxxxxxxxxxx Timestamp: 2023-01-11 10:37:54Z

    From your error message, this usually occurs when you missed granting admin consent to the added scope while retrieving an access token. As shown in your second screenshot, it looks like you added the API permission EWS.AccessAsUser.All, and needed to Grant admin consent.

    To resolve your issue, please make sure you grant admin consent:

    1. Sign in to the Azure portal with one of the roles listed in the prerequisites section.
    2. Select Azure Active Directory, and then select App registrations.
    3. Select the application to which you want to grant tenant-wide admin consent.
    4. Select API permissions.
    5. Carefully review the permissions that the application requires. If you agree, select Grant admin consent.

    User's image

    I hope this helps!

    Additional Links:

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    0 comments