Management Role Error - User Not Assigned Roles

Management Role Error – User Not Assigned Roles

Error: The user isn't assigned to any management roles

This error means the delegated admin account does not have the required directory roles assigned within the customer tenant — typically via the GDAP security group.


Cause: The delegated admin account is either not part of the GDAP group, or the GDAP group is missing required roles like Global Reader or Application Administrator.

Resolution

To resolve this, validate and update the GDAP permissions for the affected tenant:

  1. Go to your partner tenant’s Microsoft Partner Center
  2. Open the customer’s GDAP configuration
  3. Ensure that:
    • The correct security group is linked to the GDAP relationship
    • The group includes your delegated admin account
    • The group has at least:
      • Application Administrator
      • Global Reader

Refer to the full guide: Checking your GDAP relationship

After updating, allow up to 30 minutes for permissions to propagate.

    • Related Articles

    • Master Index Page for Troubleshooting Microsoft 365 Errors

      Troubleshooting Microsoft 365 Errors If you've received an error in Sync 365 related to authentication, consent, token refresh, or license sync, use the links below to find the exact resolution. Authentication& MFA Errors AADSTS50078 – MFA expired ...

    • Access Denied – Caller Lacks Valid Entra Role

      Error: Access Denied – Caller should have a valid Entra role This error means the account making the request is not assigned any valid role in Microsoft Entra ID (formerly Azure AD) within the customer tenant — often due to GDAP misconfiguration. ...

    • AADSTS500571 – Guest User Account Disabled

      Error: AADSTS500571 – The guest user account is disabled This error typically happens when your named user account (used for delegated admin access) has been added to the customer tenant as a guest user — usually from SharePoint, OneDrive, or Teams ...

    • Consent Error – Administrator Has Not Granted Consent

      Error: The user or administrator has not consented to use the application This error occurs when the Sync 365 app hasn’t been granted proper consent within the customer tenant — either because the app was deleted or the GDAP permissions are ...

    • AADSTS50177 – User Not Found in Target Tenant

      Error: AADSTS50177 – User does not exist in tenant and cannot access the application This error means the user referenced in the delegated access attempt isn't recognized in the customer tenant. It typically results from a broken or missing GDAP ...