Share via

AADSTS50011 Error when referencing Azure Active Directory Powershell

Daniel Seitz (DXC Technology Services LLC) 20 Reputation points Microsoft Vendor
2024-10-03T21:07:10.5166667+00:00

I'm attempting to set up a controlled-access computer such that users can only access the machine if they are in a corresponding Security Group. The code I've been advised to run for this setup is below. When I run it, I get an AADSTS50011 error when I go to authenticate that I'm not sure how to resolve (pasted below), I've double-checked that the client ID is correct.

"""

    1. Launch Powershell ISE as an Administrator.

2. Run the following script to setup MS Graph:
```Install-Module Microsoft.Graph

```yaml
3. Run the following script to set your Execution Policy:
```Set-ExecutionPolicy -ExecutionPolicy Unrestricted

```sql
4. Run the following script to add the SG to the permissions level you want. You will need to change XXXXXXXX to your specific object ID from your SG, and you will need to change YYYYYYY to either User or Power User depending on the permissions you want to give them.
```Connect-MgGraph -ClientId 1b730954-1685-4b74-9bfd-dac224a7b894 -Scopes .default -TenantId microsoft.com

```powershell
#get the objectID from AAD



$ObjID = "XXXXXXXXXXXXXXXXXXX"



$SID = (Get-MgGroup -GroupId $ObjID -Property securityidentifier).securityidentifier



Add-LocalGroupMember "YYYYYYYYYY" -Member $SID
```"""

![Error Message 1](/api/attachments/31e8cd87-e4ca-49e8-8f85-f1cf2fe16f9d?platform=QnA)
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
814 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,807 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,904 questions
0 comments
Accepted answer
  1. Akhilesh Vallamkonda 9,840 Reputation points Microsoft Vendor
    2024-10-08T18:32:30.82+00:00

    Hi @Daniel Seitz (DXC Technology Services LLC)

    Thank you for reaching Microsoft Q&A Forum!

    Based on the error code AADSTS50011 it indicates that there is a mismatch between the reply address configured for the Azure Active Directory application and the reply address in the authentication request. Make sure the redirect URI matches the reply Url configured on your application.

    Kindly update reply url in the application by navigating to Entra admin center Portal > Identity> Applications > App Registrations > All apps > Search with client ID (aka app ID) > Under Authentication blade of the application > update the reply url.

    Reference: Error AADSTS50011 with OpenID authentication: The redirect URI specified in the request does not match
    Error AADSTS50011 with SAML authentication - The reply URL specified in the request does not match

    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.