Azure portal is showing wrong service Principal object Id

0
votes

Why the service principal object id displayed in Azure Portal is different than the object id we get by running the following command:

az ad sp show --id=Appli/ClientID_ofSP

I was working on Azure terraform role assignment and it only worked with the object id displayed on the Azure az sp command. But when I used the object id mentioned in the Azure Portal -> AD -> App Assignment, it failed with the following error:

Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal xxxxxxobjectID does not exist in the directory xxxxxTenantID."

This is also been discussed on Azure github issue. I didn't understand why it is not flagged as a bug.

1
azureazure-devopsazure-active-directoryterraformterraform-provider-azure

1 Answers

2
votes

Are you maybe mistaking the object id of the service principal for the object id of the application registration? When you open the application registration from the portal it has an object id, but when you look at the properties of the service principal in the enterprise directory it will show you a different one.