Why am I getting 404 in crossTenantIdentitySyncPolicyPartner even when I have permissions and cross-tenant exists?

Question

Why am I getting 404 in crossTenantIdentitySyncPolicyPartner even when I have permissions and cross-tenant exists?

Gurkirat Singh 40

When I am trying to execute the following request

Invoke-RestMethod -Method Get -Headers @{Authorization = "Bearer $MSGraphToken"} -Uri "https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/partners/[REDACTED]/identitySynchronization"

It is giving me HTTP 404 Not Found error with following JSON body

{
  "error": {
    "code": "Directory_ObjectNotFound",
    "message": "Unable to read the company information from the directory.",
    "innerError": {
      "date": "2025-05-04T13:10:29",
      "request-id": "fe575774-3703-47b7-bb90-37f7fdd4c61d",
      "client-request-id": "fe575774-3703-47b7-bb90-37f7fdd4c61d"
    }
  }
}

It is given that partner tenant records exists in Get-MgPolicyCrossTenantAccessPolicyPartner cmdlet output and the requesting application token has Policy.Read.All permission.

1 answer

Your answer

Answer 1

Moosa Khan 175 Microsoft External Staff Moderator

Hello Gurkirat Singh,

The error message you're encountering:

"code": "Directory_ObjectNotFound",
"message": "Unable to read the company information from the directory."
, indicates that the specified partner tenant ID does not have an existing cross-tenant identity synchronization policy. This situation can arise due to several reasons, even if the cross-tenant relationship exists and you have the necessary permissions.

Check API Permissions: Ensure that your application has the required Microsoft Graph API permissions, such as Policy.ReadWrite.CrossTenantAccess.
Grant Admin Consent: If your application requires admin consent for these permissions, ensure that consent has been granted. Ensure that the tenant ID used in your requests is correct.

Microsoft Document-:
Configure cross-tenant synchronization using PowerShell or Microsoft Graph API - Microsoft Entra ID | Microsoft Learn
Github Document : https://github.com/MicrosoftDocs/entra-docs/blob/main/docs/identity/multi-tenant-organizations/cross-tenant-synchronization-configure-graph.md?utm_source=chatgpt.com#symptom---directory_objectnotfound-error

User's image

Moosa Khan 175 Reputation points Microsoft External Staff Moderator

2025-05-06T19:45:12.4666667+00:00

Hello Gurkirat Singh,

Did you get a chance to see my previous comment? Please feel free to reach out if you have any further questions.
Gurkirat Singh 40 Reputation points

2025-05-06T20:34:50.5733333+00:00

Yes, but if you have checked the documentation it says Policy.Read.All in the Least privileged permissions so your solution doesn't make sense in this case.
Moosa Khan 175 Reputation points Microsoft External Staff Moderator

2025-05-06T23:25:04.3466667+00:00

I would like to check this up offline with you to understand the scenario better. Please share your contact details over private message.
Moosa Khan 175 Reputation points Microsoft External Staff Moderator

2025-05-08T21:29:01.4233333+00:00

Hello Gurkirat ,
I just wanted to follow up and check if you had a chance to review my private message. Please let me know at your convenience. Looking forward to your response!

Share via

Why am I getting 404 in crossTenantIdentitySyncPolicyPartner even when I have permissions and cross-tenant exists?

1 answer

Your answer