Management Role Error - User Not Assigned Roles

Management Role Error – User Not Assigned Roles

Error: The user isn't assigned to any management roles

This error means the delegated admin account does not have the required directory roles assigned within the customer tenant — typically via the GDAP security group.


Cause: The delegated admin account is either not part of the GDAP group, or the GDAP group is missing required roles like Global Reader or Application Administrator.

Resolution

To resolve this, validate and update the GDAP permissions for the affected tenant:

  1. Go to your partner tenant’s Microsoft Partner Center
  2. Open the customer’s GDAP configuration
  3. Ensure that:
    • The correct security group is linked to the GDAP relationship
    • The group includes your delegated admin account
    • The group has at least:
      • Application Administrator
      • Global Reader

Refer to the full guide: Checking your GDAP relationship

After updating, allow up to 30 minutes for permissions to propagate.

    • Related Articles

    • Master Index Page for Troubleshooting Microsoft 365 Errors

      Troubleshooting Microsoft 365 Errors If you've received an error in Sync 365 related to authentication, consent, token refresh, or license sync, use the links below to find the exact resolution. Authentication& MFA Errors AADSTS50078 – MFA expired ...

    • Access Denied – Caller Lacks Valid Entra Role

      Error: Access Denied – Caller should have a valid Entra role This error means the account making the request is not assigned any valid role in Microsoft Entra ID (formerly Azure AD) within the customer tenant — often due to GDAP misconfiguration. ...

    • AADSTS500571 – Guest User Account Disabled

      Error: AADSTS500571 – The guest user account is disabled This error typically happens when your named user account (used for delegated admin access) has been added to the customer tenant as a guest user — usually from SharePoint, OneDrive, or Teams ...

    • User Not Found – Account Does Not Exist or Is Inactive

      Error: User was not found This error usually appears when the partner relationship between your tenant and the customer has been removed — or the GDAP relationship has expired or wasn’t set up properly. Cause: Without a valid and active GDAP ...

    • Consent Error – Administrator Has Not Granted Consent

      Error: The user or administrator has not consented to use the application This error occurs when the Sync 365 app hasn’t been granted proper consent within the customer tenant — either because the app was deleted or the GDAP permissions are ...