Share via

'Insufficient privileges to complete the operation' despite global administrator

Clemens Kruse 0 Reputation points
2023-10-08T09:15:22.0233333+00:00

Hello :)

I'm trying to follow the following tutorial currently: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway#configure-a-private-zone-for-dns-resolution-in-the-virtual-network

for some reason I was able to perform all powershell commands 2 days ago without any problem. Today I try simply do 'Get-AzADUser' (after logging in ofc) and I get 'Insufficient privileges to complete the operation' - creating any resources also doesn't work.

When I do $user = Get-AzADUser -UserPrincipalName "<my UserPrincipalName from azure portal>" the $user is just null.

my user has the global administrator role assigned so it should work just fine but it doesn't. does anyone have an idea what's going on here?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
979 questions
Windows for business | Windows Server | User experience | PowerShell
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,511 Reputation points
    2023-10-08T18:26:17.76+00:00

    Hi Clemens,

    Can you confirm via the portal if you have roles and permissions assigned to the account? Might be some policies might have been applied during the testing and revoked your access check the permissions via this page - https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition

    Also check if any conditional access policy is invoked and logs from the AAD Auth logs might give you some pointers.

    Hope this helps.

    JS

    ==

    0 comments
  2. Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator
    2023-10-10T08:31:26.7166667+00:00

    @Clemens Kruse

    Thank you for posting this in Microsoft Q&A.

    As per your issue, it seems like you are unable to create any resource in Azure. Also, you have global admin role assigned to account.

    If you want to create resource in Azure, you need to have a specific role assigned in subscription level. Or if you want to make any changes in resource then you should have specific role in resource level.

    Coming to the global admin role that you have assigned and you are unable to see it, Can you login to Azure AD portal and check the role assigned to your account manually.

    As Jimmy mentioned above in his comment might be some policies might have been applied during the testing and revoked your access.

    Let me know if you have any further queries.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.