AzureAD Connect error while executing the command 'Get-MsolUserRole' Access Denied.

Brian Altman 30 Reputation points
2024-05-15T22:43:45.9033333+00:00

We've been running AzureAD Connect for ages. No issues, syncing works. Haven't needed to make a config change for a while but after attempting to upgrade from 2.3.6.0 to the latest we're getting this error when it asks for the password to Connect to Azure AD. Same with an attempt using a different Global Admin. Rolled the version back using a vm restore and getting the same error when attempting to change the user sign-in.

Any suggestions for troubleshooting? CAP policies won't come into play because it's from whitelisted IP.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,918 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Harpreet Singh Matharoo 7,581 Reputation points Microsoft Employee
    2024-05-16T05:16:01.8633333+00:00

    Hello @Brian Altman ,

    Thank you for reaching out to QnA platform. The error you’re encountering "An error occurred while executing the ‘Get-MsoIUserRole’ command. Access Denied. You do not have permissions to call this cmdlet" in Azure AD Connect is typically due to insufficient permissions. Here are a few steps you can take to resolve this issue:

    • Check the Account Permissions:
      • Ensure that the account you’re using to execute the command has Global Administrator permissions.
      • If you’re unsure, try creating another Global Administrator account using your initial domain and use that for troubleshooting.

    You can also refer following thread with similar issue where using a different Global Admin account resolved the issue. https://learn.microsoft.com/en-us/answers/questions/1668447/azuread-connect-error-while-executing-the-command

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.