Principal ***** does not exist in the directory ****

This post has been republished via RSS; it originally appeared at: Azure Database Support Blog articles.

It’s been observed that Users while configuring any management service feature like Vulnerability Assessment , Auditing , Threat protection etc. for their Azure SQL DB/Server seldom fails with an error message { “:\”PrinicipalNotFound\”,\”message\”:\”Principal ***** does not exist in the directory ****. \”}  with HTTPS status code 400 (bad request)


This error states , There is no Azure AD Identity assigned  for your Azure SQL Server . To solve the problem you may need to create an Azure AD  identity and assign the identity to the Azure SQL logical server with below steps.


  • Open a new cloud shell window  from the top right side of  azure portal or you may use PowerShell to connect with your Azure subscription.

  • Paste the below PowerShell code and execute it ,  it will create a function(Assign-AzSQLidentity)  for the current PowerShell session.Function Assign-AzSQLidentity { Param ( [parameter(Mandatory=$true)][string]$ResourceGroup, [parameter(Mandatory=$true)][string]$ServerName ) "Checking if server identity exists..." if(Get-AzADServicePrincipal -DisplayName $ServerName) { "Server identity already exists" Get-AzADServicePrincipal -DisplayName $ServerName } else { "Server identify for server " + $ServerName + " does not exist" "Assigning identity to server " + $ServerName Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity } }
  • Use the function and execute it on Command Window , you need to Provide the parameters Resource Group and SQL Server name when prompts.Assign-AzSQLidentity
  • Once the Identity is assigned , Please retry the management operation (Setting Auditing /VA etc..) , it should work now.


     I hope this helps , Please let me know if you have any feedback or queries on it on the comment section .

    Thank you @Yochanan Rachamim for guidance.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.