Unanswered

Error: Failed to create a Microsoft Dataverse system row representing user '...' with code 'UserNotInActiveDirectory' and message 'User with objectId:... does not exist in AD tenantId:...

(1) Share

Report

Posted on by knutaleee

Hi *,

I have a PS script running since a few months that is using a service principal to get all flows from all environments in our tenant. This script used to work fine until approx. two weeks ago, unfortunately I only found out a few days ago, that is has a problem, investigating now since a few hours - without any success.

In the script I run the following lines (GUIDs redacted with XXX):

Get-AdminPowerAppEnvironment -ApiVersion '2021-04-01'
Get-AdminFlow -ApiVersion '2022-03-01-preview'

When I authenticate interactively as PP admin and run these lines, I (presumably - didn't count by hand) get all environments and all flows from all environments in our tenant.

Add-PowerAppsAccount -ApplicationId 51635052-XXX -TenantID ad96ab3f-XXX -CertificateThumbprint XXX

When I authenticate as the service principal using the above line, I get all environments but definitely not all flows from all environments in our tenant (a few hundreds missing). According to my investigation, the flows that are missing cannot be narrowed down to a specific environment, creation date, last modify date or anything similar - it looks like completely random flows seem to be missing in the result when I run above commands as the service principal.

When I investigate one of the missing flows (I just pick one from the list of flows that I get as a PP admin, that is not in the results that I get as SP) using Get-AdminFlow, I get the following error:

Get-AdminFlow -ApiVersion "2022-03-01-preview" -FlowName 3ba3a7ea-XXX -Verbose
VERBOSE: https://api.flow.microsoft.com/providers/Microsoft.ProcessSimple/scopes/admin/environments/~default/flows/3ba3a7ea-XXX?api-version=2022-03-01-preview&$top=50
VERBOSE: Requested HTTP/1.1 GET with 0-byte payload
VERBOSE: Received HTTP/1.1 333-byte response of content type application/json
VERBOSE: Status Code: '400'. Message: 'Failed to create a Microsoft Dataverse system row representing user '029b9846-XXX' with code 'UserNotInActiveDirectory' and message 'User with objectId:029b9846-XXX does not exist in AD tenantId:ad96ab3f-XXX'.'

The user that the error message is talking about (objectID 029b9846-XXX) is the service principal's objectID in Entra ID.

The service principal I am using was created a few months ago following this guide: Creating a service principal application using PowerShell - Power Platform | Microsoft Learn

I'm running Module Microsoft.PowerApps.Administration.PowerShell in v2.0.188.

Please help me with this as I'm completely lost in the meantime.

Best regards,

felix

Categories:

Governance & administering

I have the same question (0)

All responses (3)

Answers (0)

Lopa Das 3 on at

Like (0)

Report

Hi, did you create a Microsoft ticket for this? Any updates? We are seeing the exact same issue. The login and retrieval via service principal works for many of the flows, but gives “user not found” error for certain random flows.

Was this reply helpful? Yes No
knutaleee 6 on at

Like (0)

Report

Hi,
yes, I opened a ticket for that. No response so far.

What I could observe in the recent days is:
By the time of writing this post, I could get approx. 1000 flows from all environments as a service principal. By that time, I got approx. 1400 flows as admin. In the meantime, I get approx. 1200 flows from all environments as SP and still 1400 flows as admin. I took both data, all 1200 flows that I get as SP and all 1400 flows that I get as admin and grouped them by environment to see where the differences are. The interesting thing is: the problem seems to be isolated to two environments. I have one environment where I get exactly one flow as SP - for the others I get the described error when I try to run Get-AdminFlow on them - and I have another environment where I get no flows as SP.
So it looks to me like the situation has improved, however, I still seem to have broken environments where the above error persists. The sad thing is that I cannot find any documentation on this error.

Hope this helps!

Was this reply helpful? Yes No
knutaleee 6 on at

Like (0)

Report

@Lopa_Das another observation I made today: I need to get the number of flow runs. To get that data, I use the cmdlet Get-FlowRun from module Microsoft.PowerApps.PowerShell. There, I see the exact same error message as with Get-AdminFlow described above. Can you please check if it's the same for you?

Was this reply helpful? Yes No