AZURE

AADServicePrincipalNotFound - AAD Service Principal Not Found: Principal Does Not Exist

AADServicePrincipalNotFound surfaces when Azure AD (Entra ID) can't find the service principal—wrong object ID or application ID, the principal never got created from your app registration, or it was deleted. This 404 client-side error happens when Azure AD validates service principal identifiers before operations. Service principals don't auto-create when you register an app—you must explicitly create them using 'az ad sp create'. Most common in service principal authentication for VM deployments, but also appears in AKS cluster authentication, Azure SQL database connections, and App Service deployment operations. Service principal IDs must be valid GUIDs.

#Common Causes

  • Invalid Service Principal Identifier: The service principal ID (object ID) or application ID is incorrect or contains typos. Service principal IDs must be valid GUIDs. The identifier may reference a non-existent principal or have formatting errors. This is persistent—you must use the correct identifier.
  • Non-Existent Service Principal: The service principal hasn't been created from the application registration. Service principals must be explicitly created from applications using 'az ad sp create --id <app-id>'. Application registrations don't automatically create service principals. This is persistent—you must create the service principal before operations.
  • Deleted Service Principal: The service principal has been deleted from Azure AD. Deleted service principals aren't accessible via standard queries. Service principals may be deleted during cleanup or configuration changes. This is persistent—you must create a new service principal from the application or restore the deleted one if possible.

Solutions

  1. 1Step 1: Diagnose - List all service principals to see available identifiers: az ad sp list --query "[].{DisplayName:displayName,AppId:appId,ObjectId:id}" --output table
  2. 2Step 2: Diagnose - Search for service principal by application ID: az ad sp show --id <app-id> --query "{DisplayName:displayName,AppId:appId,ObjectId:id}" --output table
  3. 3Step 3: Diagnose - Search for service principal by display name: az ad sp list --filter "displayName eq '<name>'" --query "[].{DisplayName:displayName,AppId:appId}" --output table
  4. 4Step 4: Fix - If identifier is wrong, use the correct service principal ID or application ID from the list. Verify GUID format.
  5. 5Step 5: Fix - If service principal doesn't exist, create it from the application registration: az ad sp create --id <app-id>
  6. 6Step 6: Fix - If service principal was deleted, create a new one from the application. Deleted service principals can't be restored directly—you must recreate them.
  7. 7Step 7: Verify - After creating the service principal, retry your operation. It should succeed instead of returning AADServicePrincipalNotFound.

</>Code Examples

Azure AD Service Principal Lookup and Creation
1# This script helps diagnose AADServicePrincipalNotFound by finding and creating service principals
2
3# Step 1: Set application ID (replace with your application ID)
4APP_ID="12345678-1234-1234-1234-123456789012"
5echo "Checking service principal for application: ${APP_ID}"
6
7# Step 2: Try to get service principal by application ID
8echo "Searching for service principal by application ID..."
9if az ad sp show \
10  --id ${APP_ID} \
11  --query "{DisplayName:displayName,AppId:appId,ObjectId:id}" \
12  --output table 2>&1; then
13  echo "Service principal found by application ID"
14else
15  echo "Service principal not found by application ID"
16  echo "The service principal may not have been created from the application"
17fi
18
19# Step 3: List all service principals to see available principals
20echo "Listing all service principals in tenant..."
21az ad sp list \
22  --query "[].{DisplayName:displayName,AppId:appId,ObjectId:id}" \
23  --output table | head -20
24
25# Step 4: Search service principal by display name
26DISPLAY_NAME="My Service Principal"
27echo "Searching for service principal by display name: ${DISPLAY_NAME}..."
28az ad sp list \
29  --filter "displayName eq '${DISPLAY_NAME}'" \
30  --query "[].{DisplayName:displayName,AppId:appId,ObjectId:id}" \
31  --output table
32
33# Step 5: Get service principal by object ID (if you have it)
34OBJECT_ID="12345678-1234-1234-1234-123456789012"
35echo "Searching for service principal by object ID: ${OBJECT_ID}..."
36if az ad sp show \
37  --id ${OBJECT_ID} \
38  --query "{DisplayName:displayName,AppId:appId,ObjectId:id}" \
39  --output table 2>&1; then
40  echo "Service principal found by object ID"
41else
42  echo "Service principal not found by object ID"
43fi
44
45# Step 6: Check if application exists (service principal is created from application)
46echo "Checking if application exists..."
47if az ad app show --id ${APP_ID} &>/dev/null; then
48  echo "Application exists"
49  echo "Creating service principal from application..."
50  
51  # Create service principal from application
52  if az ad sp create --id ${APP_ID} 2>&1; then
53    echo "Service principal created successfully"
54    
55    # Get the newly created service principal
56    az ad sp show \
57      --id ${APP_ID} \
58      --query "{DisplayName:displayName,AppId:appId,ObjectId:id}" \
59      --output table
60  else
61    echo "ERROR: Failed to create service principal"
62    echo "The service principal may already exist or there was an error"
63  fi
64else
65  echo "WARNING: Application not found"
66  echo "You must create the application registration first before creating a service principal"
67fi
68
69# Step 7: Verify service principal exists
70if az ad sp show --id ${APP_ID} &>/dev/null; then
71  echo "Service principal exists and is accessible"
72  
73  # Get service principal role assignments
74  echo "Getting service principal role assignments..."
75  az role assignment list \
76    --assignee ${APP_ID} \
77    --query "[].{Role:roleDefinitionName,Scope:scope}" \
78    --output table
79else
80  echo "Service principal still not found"
81  echo "You may need to create it manually or check application registration"

Related Errors

ResourceNotFoundAADApplicationNotFound

Provider Information

This error code is specific to AZURE services. For more information, refer to the official AZURE documentation.

AADServicePrincipalNotFound - AAD Service Principal Not Found: Principal Does Not Exist | AZURE Error Reference | Error Code Reference