Checking your GDAP relationship
This provides instructions on how to check your GDAP relationship and permission settings with one of your customer tenants.
- Log into the Microsoft partner center and go to the customer list - https://partner.microsoft.com/en-us/dashboard/commerce2/customers/list
- Open the customer and click the "admin relationships" tab on the left side.
- Make sure you have an active relationship that has not expired
- Open the relationship and make sure it has the Microsoft Entra Roles for "Global Reader" and "Application Administrator" as a minimum
- Look at the security groups below. Ensure the security group that has your Sync 365 user in it is listed. Click on the security group
- Make sure that the security group has Global Reader and Application Administrator selected in the roles
- Make sure you have an active relationship that has not expired
- If the delegated admin account that is used in Sync 365 is not in one of the group with the permissions assigned
- In your own Azure AD (Entra) tenant make sure the account is added to the group to fix the issue
After this is resolved in Sync 365 you can click Refresh Data> Refresh Office 365 data to force a refresh.
Related Articles
User Not Found – Account Does Not Exist or Is Inactive
Error: User was not found This error usually appears when the partner relationship between your tenant and the customer has been removed — or the GDAP relationship has expired or wasn’t set up properly. Cause: Without a valid and active GDAP ...AADSTS50177 – User Not Found in Target Tenant
Error: AADSTS50177 – User does not exist in tenant and cannot access the application This error means the user referenced in the delegated access attempt isn't recognized in the customer tenant. It typically results from a broken or missing GDAP ...System Exception – CoreException Thrown by Provider
Error: Exception of type 'Providers.Common.V1.CoreException' was thrown. This is a generic exception triggered when Sync 365 is unable to access data from the customer tenant due to missing permissions. Cause: The delegated admin account lacks the ...Access Denied – Caller Lacks Valid Entra Role
Error: Access Denied – Caller should have a valid Entra role This error means the account making the request is not assigned any valid role in Microsoft Entra ID (formerly Azure AD) within the customer tenant — often due to GDAP misconfiguration. ...Management Role Error – User Not Assigned Roles
Error: The user isn't assigned to any management roles This error means the delegated admin account does not have the required directory roles assigned within the customer tenant — typically via the GDAP security group. Cause: The delegated admin ...