Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
AADSTS650052 – Missing service principal for Microsoft Password Reset Service during Entra Connect setup
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 79%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Martin B
0
Reputation points
I'm trying to complete the installation of Microsoft Entra Connect Sync in my tenant (Tenant ID: 601a00a2-3e59-4321-a19c-46d787b18550), but the setup fails with the following error:
AADSTS650052: The app is trying to access a service '93625bc8-bfe2-437a-97e0-3d0060024faa' (Microsoft password reset service) that your organization lacks a service principal for.
Steps I've already tried:
- Admin consent via Azure Portal and direct URL
- Manual service principal creation via Microsoft Graph PowerShell
- Verified correct Global Administrator account
- Installed Entra Connect Sync Engine successfully, ADSync service is running
- Created a service principal with Owner role on the resource group via Azure CLI
Request ID: 1dd0a3da-97b6-4e2d-b654-fb996fc12e01
Correlation ID: eca0b4a-c912-4360-bc29-31465e9f5090
Timestamp: 2025-12-03T08:46:11Z
This is part of a graded exam assignment. I do not have access to paid support and need Microsoft to provision the missing service principal for the Microsoft Password Reset Service so I can complete the setup.
Azure Role-based access control
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shubham Sharma 6,200 Reputation points Microsoft External Staff Moderator2025-12-03T10:32:34.5066667+00:00 Hey Martin! It looks like you're encountering a frustrating issue with the Microsoft Entra Connect setup due to the missing service principal for the Microsoft Password Reset Service. Here are some steps you can take to address the situation:
- Verify Service Principal Existence: Make sure the service principal for the Microsoft Password Reset Service (App ID:
93625bc8-bfe2-437a-97e0-3d0060024faa) actually exists in your directory. You can check this in the Microsoft Entra admin center:- Go to Enterprise applications and select All applications.
- Search for the application ID listed above.
- Recreate the Service Principal: If the service principal is missing, you can recreate it using Microsoft Graph PowerShell:
- First, ensure you have the Microsoft Graph PowerShell SDK installed. If not, install it using:
Install-Module Microsoft.Graph -Scope CurrentUser - Then, execute the following command:
New-MgServicePrincipal -AppId "93625bc8-bfe2-437a-97e0-3d0060024faa"
- First, ensure you have the Microsoft Graph PowerShell SDK installed. If not, install it using:
- Assign Required Permissions: After creating the service principal, ensure it has the necessary permissions to operate. You may need to assign the appropriate roles:
- Make sure to give it Directory Readers permission.
- Admin Consent: Since you've mentioned that you've already tried admin consent via the Azure Portal, double-check that you've completed this step properly:
- Navigate to the App registrations section in the Azure portal and confirm admin consent is granted.
- Consult Additional Documentation: For a comprehensive understanding of accounts and permissions, you can refer to the following resources:
If these steps don't resolve your issue, here are a few follow-up questions that could help pinpoint the problem:
- Have you checked if the app ID
93625bc8-bfe2-437a-97e0-3d0060024faais indeed registered in your Microsoft Entra directory? - Are you running into any permission-related issues when trying to recreate the service principal?
- Can you verify that the service principal you created has been granted the necessary permissions to operate?
- Are there any specific features or configurations within Entra Connect that you have opted out of that might require additional permissions?
Hope this helps you get closer to resolving the setup! Let me know if you have any further questions.
Note: This content was drafted with the help of an AI system. Please verify the information before relying on it for decision-making.
- Verify Service Principal Existence: Make sure the service principal for the Microsoft Password Reset Service (App ID:
Sign in to comment
Sign in to answer