Fix AADSTS50177 - User Not Found in Tenant

AADSTS50177 – User Not Found in Target Tenant

Error: AADSTS50177 – User does not exist in tenant and cannot access the application

This error means the user referenced in the delegated access attempt is not recognised in the customer tenant. It commonly occurs when the GDAP relationship is missing, expired, or incorrectly assigned. It can also occur when the customer tenant does not have the required CSP partner relationship with your partner tenant.


Cause: The delegated admin account or service principal may not be correctly assigned in the GDAP relationship, the GDAP relationship may have expired, or the customer may not have an active Partner Center customer/reseller relationship such as Cloud Reseller or Reseller.

Free GDAP tool: If the GDAP relationship is missing, expired, or assigned to the wrong group, you can use the free Sync 365 GDAP Builder to create a new relationship for Sync 365 access.

Resolution

Check both access paths before retrying the Sync 365 connection or sync action:

  • GDAP relationship: required for delegated admin permissions.
  • Partner Center customer/reseller relationship: required so the customer tenant is linked to your partner tenant as a CSP customer.

1. Verify the GDAP relationship

Confirm the GDAP relationship for the affected tenant:

  • Confirm that the tenant has an active GDAP relationship with your partner tenant.
  • Ensure that the correct security group is used in the GDAP permissions.
  • Ensure your delegated admin account is a member of that group.
  • Confirm the relationship has not expired.

You can follow the full validation steps here: Checking your GDAP relationship

2. Check the Partner Center customer relationship

GDAP access alone may not be enough. The customer tenant also needs to exist under your Microsoft Partner Center customers with the correct partner relationship.

  1. Sign in to Microsoft Partner Center.
  2. Go to Customers.
  3. Search for the affected customer tenant.
  4. Confirm the customer appears in your customer list.
  5. Open the customer and confirm there is an active customer/reseller relationship, such as Cloud Reseller or Reseller.
  6. If the customer does not appear, create a new partner relationship request from Partner Center.
  7. Send the generated relationship link to the customer.
  8. Ask the customer to accept the relationship request in the Microsoft 365 admin center.
  9. Once accepted, confirm the customer appears in Partner Center, then retry the Sync 365 connection or sync action.
Important: Both relationships need to be valid. GDAP provides the delegated permissions. The Partner Center customer/reseller relationship links the customer tenant to your partner tenant as a CSP customer. If either relationship is missing, expired, or incorrectly configured, delegated access can fail with AADSTS50177.

Common checks

  • The tenant appears under Partner Center > Customers.
  • The customer has an active relationship such as Cloud Reseller / Reseller.
  • The GDAP relationship is active and has not expired.
  • The delegated admin account is in the security group assigned to the GDAP roles.
  • The Sync 365 consent or sync action is retried after the relationships are corrected.
    • Related Articles

    • AADSTS700003 – Device Object Not Found in Tenant

      Error: AADSTS700003 – Device object was not found in the tenant This error occurs when the device originally used for delegated admin access has been deleted from your directory. Cause: If the Azure AD device associated with your delegated admin ...
    • User Not Found – Account Does Not Exist or Is Inactive or AADSTS90072

      Error: User was not found Or: AADSTS90072: User account '{EUII Hidden}' from identity provider 'https://sts.windows.net/658bfa###' does not exist in tenant 'Tenant' and cannot access the application '3efeacdc-560a-41a1-b337-e302923082ea'(Sync 365 ...
    • AADSTS500571 – Guest User Account Disabled

      Error: AADSTS500571 – The guest user account is disabled This error typically happens when your named user account (used for delegated admin access) has been added to the customer tenant as a guest user — usually from SharePoint, OneDrive, or Teams ...
    • Group Mapping Error – Group ID Not Found

      Error: GroupId not found – Username to Database update This error occurs when a custom license or contact filter in Sync 365 is configured to use a Microsoft Entra ID (Azure AD) group that no longer exists or has been renamed. Cause: The group ...
    • Management Role Error – User Not Assigned Roles

      Error: The user isn't assigned to any management roles This error means the delegated admin account does not have the required directory roles assigned within the customer tenant — typically via the GDAP security group. Cause: The delegated admin ...