Fix AADSTS50034 Error: User Not in Directory

The AADSTS50034 error occurs because the user account does not exist in the target Microsoft Entra ID (Azure AD) tenant.

The Fix

Follow these methods in order.

Method 1: Convert a Guest User to a Member User

This is the most common fix for applications like UiPath or MigrationWiz that require member accounts.

1. Sign in to the Azure Portal as a Global Administrator.

2. Navigate to Microsoft Entra ID > Users.

3. Search for and select the affected user account.

4. In the user's profile, click Edit.

5. Change the User type from Guest to Member.

6. Click Save. Have the user re-authenticate.

If That Doesn't Work:

Method 2: Add the Missing User to the Directory

The user account may not be provisioned in this tenant.

1. In the Azure Portal, go to Microsoft Entra ID > Users > New user.

2. Choose "Create new user" or "Invite external user".

3. If inviting an external user, select Member as the user type, not Guest.

4. Complete the user creation and assign any required licenses. Have the user sign in again.

If That Doesn't Work:

Method 3: Resolve Hidden Email from Azure AD Connect Cloud Sync

If the error shows {EmailHidden}, a sync issue may be masking the user's UPN.

1. On your sync server, open PowerShell as Administrator.

2. Install and import the required module:

Install-Module -Name AADCloudSyncTools -Force

Import-Module AADCloudSyncTools

3. Run the account fix command:

Invoke-AADCloudSyncAccountFix -TenantId "your-tenant-id.onmicrosoft.com"

4. Force a full synchronization cycle and test authentication.

If That Doesn't Work:

Method 4: Check Application-Specific Configuration

Some applications have unique requirements.

• For YSoft Email Print, ensure "Allow Public Workflows" is enabled.
• For MigrationWiz, verify the service account is a Member and excluded from Conditional Access or MFA requirements.
• As a general step, delete the existing application connection (e.g., in Power BI) and recreate it using a verified member account.

Verify

Have the user attempt to sign in again. To avoid this error:

1. Verify the User Type before configuring service accounts.

2. Create automation service accounts as Member users, not Guests.

3. Confirm the tenant ID in your application configuration matches the user's directory.

Managed IT Services Tacoma | RainCity Techworks

Professional managed IT services for Tacoma businesses. Supporting Port of Tacoma logistics, downtown professional services, and Pierce County healthcare.

RainCity TechworksRainCity Techworks