AADSTS50034 - User Account Not Found
Azure AADSTS50034 is a directory lookup failure indicating that the user account does not exist in the targeted Microsoft Entra tenant. The identity cannot be resolved because the username (UPN) is incorrect or the user is not provisioned in that specific directory.
Last reviewed: April 2, 2026|Source-backed guidance under our editorial policy
Start Here
Use the closest compare guide, playbook, or adjacent error page to narrow the decision faster before you start changing production systems.
This page is part of the Error Reference library. Learn more about the project or report a correction.
What Does User Account Not Found Mean?
AADSTS50034 is an identity discovery failure. Entra ID knows which tenant you are targeting, but it cannot find any record (Object ID) matching the provided username in that directory. This usually stems from confusion between email address and user principal name (UPN), or the user simply has not been invited to that specific environment yet.
Common Causes
- -UPN vs. Alias Confusion: The user attempts to sign in with an email alias instead of their primary user principal name.
- -Wrong Tenant Targeting: The application is pointing to a legacy or test tenant where the user was never created.
- -Guest Not Provisioned: In B2B scenarios, the external user exists in the world but has not been added to the local directory.
- -Sync Latency: An on-prem AD user was created, but AD Connect has not synced them to the cloud yet.
- -Personal Account Mix-up: Trying to log in to a work or school tenant using a personal Microsoft account (
@outlook.com).
How to Fix User Account Not Found
- 1Verify the UPN: Go to Entra ID > Users, copy the exact user principal name, and use it in the login box.
- 2Check the Authority URL: Ensure the login request is not hardcoded to the wrong
tenant-id. - 3Complete Guest Invite: If the user is an external partner, ensure they appear in the all users list as a guest.
- 4Force Sync: If hybrid-synced, check AD Connect health and trigger a manual sync if necessary.
Step-by-Step Diagnosis for User Account Not Found
- 1Inspect the exact username string in the error message for typos or wrong domains.
- 2Search for the user via
az ad user showto confirm their existence in the specific tenant. - 3Analyze the login request in the Network tab to see which tenant endpoint is being queried.
- 4Ensure the account is enabled; sometimes deleted or disabled accounts trigger lookup failures in specific flows.
UPN vs. Alternate Email Alias
- -By default, Entra ID expects the primary UPN. If a user’s email is
info@company.combut their UPN isj.doe@company.com, the login will fail with AADSTS50034 if they type the email.
Implementation Examples
az ad user show --id user@yourdomain.com --query "userPrincipalName"Seen in Production
Dev/Prod Environment Mix-up
Frequency: high
Example: A developer targets the production tenant in their code, but tries to log in with a user that only exists in the sandbox tenant.
Fix: Update the authority URL to the correct sandbox tenant ID.
Debugging Tools
- -Entra ID Users Blade: To confirm the user exists and find their correct UPN.
- -Entra Sign-in Logs: To see exactly what username string was sent to Azure.
How to Verify the Fix
- -Confirm the user can sign in using the verified UPN.
- -Verify that guest users appear with
UserType: Guestin the directory list. - -Check the sign-in logs to see the success status paired with the correct Object ID.
How to Prevent Recurrence
- -Standardize Identifiers: Keep UPNs and primary email addresses identical whenever possible (best practice).
- -Automate Guest Onboarding: Use access packages to ensure partners are always provisioned before they attempt login.
- -Pro-tip: In your app’s error handling, provide a hint to the user: "Account not found. Are you using your full work email address?"
Official References
Provider Context
This guidance is specific to Azure services. Always validate implementation details against official provider documentation before deploying to production.