Share via

Error_description":"AADSTS50034: The user account {EmailHidden} does not exist in the "domain.onmicrosoft.com"!

khaled 26 Reputation points
2022-02-23T23:25:15.467+00:00

Background to the problem:
A- Given:
1- Azure AC Connect is successfully installed. No error appeard during the installation or syncing.
2- Azure AD Connect Cloud Sync was later installed after the error appeared. To see if the a different error appears.

B- Error:
When syncing the On-Prem AD to AAD with Azure AD Connect, the following "Provisioning Quarantined" error appears at the Azure AD Connect cloud sync screen:

" User and group sync
Status
Quarantine
Last successful run
Never
Error code
AzureActiveDirectorySyncAccountDoesNotExist
Error message
We found an issue with the service account that is used to run Azure AD Connect Provisioning. You can repair the cloud service account by following the instructions at https://go.microsoft.com/fwlink/?linkid=2150988 If the error persists, please contact support with Job ID (from status pane of your configuration). Additional Error Details: Error Code: invalid_grant Status: UserInteractionRequired Message: extendedMessage: AADSTS50034: The user account {EmailHidden} does not exist in the teibasec365b.onmicrosoft.com directory. To sign into this application, the account must be added to the directory. Trace ID: 0dcb5daa-4b68-4e58-9037-2336244e5001 Correlation ID: 8af9c775-a946-44ae-ae24-f5bf6d4d22da Timestamp: 2022-02-23 22:12:42Z webException: {"error":"invalid_grant","error_description":"AADSTS50034: The user account {EmailHidden} does not exist in the teibasec365b.onmicrosoft.com directory. To sign into this application, the account must be added to the directory.\r\nTrace ID: 0dcb5daa-4b68-4e58-9037-2336244e5001\r\nCorrelation ID: 8af9c775-a946-44ae-ae24-f5bf6d4d22da\r\nTimestamp: 2022-02-23 22:12:42Z","error_codes":[50034],"timestamp":"2022-02-23 22:12:42Z","trace_id":"0dcb5daa-4b68-4e58-9037-2336244e5001","correlation_id":"8af9c775-a946-44ae-ae24-f5bf6d4d22da","error_uri":"https://login.microsoftonline.com/error?code=50034","suberror":"bad_token"} STS endpoint: HTTPS://LOGIN.MICROSOFTONLINE.COM/TEIBASEC365B.ONMICROSOFT.COM
Next attempt to lift the quarantine
2/24/2022, 12:12:42 AM GMT+1"

It is not clear to me which "AzureActiveDirectorySyncAccountDoesNotExist" is meant as it appears in the Error Code above.

Also when performing a User Provisioning Test, the error appears, although the user is already successfully synced to AAD!
Below are two screenshots of the error.
Can any one please help? e.g. How can I list down or see any hidden or corrupted service accounts that my cause this problem.

Thanks.

177284-screenshot-1.pdf[177316-screenshot-2.pdf][2] [2]: /api/attachments/177316-screenshot-2.pdf?platform=QnA
177333-screenshot-1.pdf

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,459 questions
Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. khaled 26 Reputation points
    2022-02-24T23:47:14.747+00:00

    Hi @James Hamil , Thank you for you reply.

    The error appears due to "certain user" does not exist as the error message suggests. While I see many users being successfully synced from AD to AAD. The error message is talking about some certain accounts whose email addresses "are hidden" that cause the quarantine to happen, yet I cannot know which single account is this because I cannot identify them from the many users that were synced. I cannot count all the users with bare eyes to find out which one does not exist at AAD and needs to be added to the directory, as the error message suggests.

    The error message says : "If the error persists, please contact support with Job ID (from status pane of your configuration)". The error really persists.

    If the data correlating to the error above is not sufficient, I could get the latest Job ID, if this helps.

    No external users. All belong to the Verified, Managed domain on AAD that belongs to the on-Premise AD.
    Regards

    2 people found this answer helpful.
    0 comments
  2. khaled 26 Reputation points
    2022-02-26T00:28:48.673+00:00

    I found the solution to the problem: by executing the instructions set in the link:
    https://go.microsoft.com/fwlink/?linkid=2150988 and preparing and executing the Prerequisites to the instructions at this above link. (The prerequisites can be found at:https://learn.microsoft.com/en-gb/azure/active-directory/cloud-sync/reference-powershell#install-the-aadcloudsynctools-powershell-module)

    After executing the above procedure, the Azure AD Connect cloud sync utility now shows "Healthy" sync status.

    2 people found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.