AADSTS500571 - Guest User Account Disabled

AADSTS500571 – Guest User Account Disabled

Error: AADSTS500571 – The guest user account is disabled

This error typically happens when your named user account (used for delegated admin access) has been added to the customer tenant as a guest user — usually from SharePoint, OneDrive, or Teams sharing.


Cause: Microsoft blocks access via guest accounts if they’re disabled or conflict with delegated access roles. This affects named users much more than dedicated service accounts.

Resolution

Option 1 – Check and Remove Guest Account in Customer Tenant

  1. Login to the customer’s Microsoft Entra ID portal
  2. Navigate to Users → Guest users
  3. Search for the delegated admin account (e.g., your named user)
  4. If found, delete the guest user record from the customer tenant

Option 2 – Use a Service Account Instead of a Named User

To avoid this issue permanently, create a dedicated service account in your partner tenant for delegated admin access.

See setup guidance: 3 – Configure Microsoft 365 Partner Admin Account

    • Related Articles

    • User Not Found – Account Does Not Exist or Is Inactive

      Error: User was not found This error usually appears when the partner relationship between your tenant and the customer has been removed — or the GDAP relationship has expired or wasn’t set up properly. Cause: Without a valid and active GDAP ...

    • AADSTS135011 – Device Used During Authentication Is Disabled

      Error: AADSTS135011 – The device used during authentication is disabled This error occurs when the device associated with your delegated admin account in Entra ID (Azure AD) has been disabled or deleted. Cause: Microsoft links authentication tokens ...

    • The account does not have access to partner center

      Error: The account does not have access to partner center This can come up while trying to grant partner center consent. There are a couple reasons this can happen. When prompted to grant consent, ensure you tick the box to grant permissions for the ...

    • AADSTS50177 – User Not Found in Target Tenant

      Error: AADSTS50177 – User does not exist in tenant and cannot access the application This error means the user referenced in the delegated access attempt isn't recognized in the customer tenant. It typically results from a broken or missing GDAP ...

    • Management Role Error – User Not Assigned Roles

      Error: The user isn't assigned to any management roles This error means the delegated admin account does not have the required directory roles assigned within the customer tenant — typically via the GDAP security group. Cause: The delegated admin ...