SALES: 1-800-867-1380

Azure AD Graph Error Codes


Updated: May 26, 2015

Important: the content in this topic may be out of date. See the new interactive Graph API documentation for the most up-to-date reference documentation for Azure AD Graph API. With the interactive documentation, you can try REST operations against a sample tenant from inside the documentation itself. Documentation updates are only being made in the interactive documentation, and this topic will be removed in the future.

This topic lists Azure AD Graph error codes, error messages, and actions to consider when correcting errors.

In general, HTTP 500-series errors respond to retries, preferably distributed over increasingly long time intervals ("retry with a back-off interval") and with a random distribution factor. However, 400-series errors indicate a problem that must be fixed before retrying.

HTTP Status Code

Error code

Error message




Result Size Limit was Exceeded

The request cannot be fulfilled because it is associated with too many results. This error occurs very infrequently.



Bad request. Please fix the request before retrying.

Indicates an error in the request, such as an invalid property value or an unsupported query argument. Fix the request before retrying.



The GET request is unsupported. Fix the request parameters and try again.



Your access token has expired. Please renew it before submitting the request.

Access token has expired. Renew the token and then resubmit.



Access Token missing or malformed.

The access_token value in the authorization header is missing or malformed. This value is required. Use the value in the authentication token. For more information, see Walk through for building a .Net application for accessing Azure Active Directory Graph Service.



The calling application principal is disabled.

The principal specified in the access token is in the directory, but is it disabled.  Re-enable the account in the directory, and try again.



The identity of the calling application could not be established.

The principal specified in the access token was not found in the directory. This might occur because the token is stale, the principal was deleted from the directory, or directory synchronization is delayed.



Unauthorized request.

The token contains invalid or unsupported claims. Get the request token again and then retry the request.



The specified credentials do not have sufficient privileges to make this request.

The request is denied due to insufficient privileges. For example, a non-administrative principal does not have permission to delete a resource.



The directory object quota limit for the <tenantName> has been exceeded. Please ask your administrator to increase the quota limit or delete objects to reduce the used quota.

A directory quota has been exceeded. The tenant might have too many objects or the objects might have too many values. This also occurs when too many objects are created on for the principal. Increase the maximum allowed object count for the tenant or principal, or reduce the number of values included in the create/update request.



Resource <resource> does not exist or one of its queried reference-property objects are not present.

The resource identified by the URI does not exist. Revise the value and retry the request.



Encountered an internal server error.

Internal server error while processing the request.



“... Service Unavailable...”

A server acting as a gateway or proxy encountered an error from another server while processing the request. Wait a few minutes and then retry the request.



Your request is throttled temporarily. Please try after {0} seconds.

The token request rate has exceeded the limit that the service can manage. Wait a few minutes and retry the request with increasing back-off intervals. Increasing the delay between retries makes it more likely that the request succeeds and the backlog is eliminated.


Internal server error.

This error code is used when other error codes do not apply.


The type of token presented is not handled. Only bearer tokens are supported.

The token type is not supported. Revise the token type before trying the request again.


Tenant information is not available locally. Use the following Urls to get the information.

When the tenant partition is not available in the datacenter, clients must connect to the URl returned in the response.


Tenant information is not available locally. The server encountered an internal error while trying to populate the nearest datacenter endpoints.

When a binding redirection exception occurs, the list of nearest datacenter endpoints for the service is populated. This error indicates an exception when populating the list. Try the query again.


Unable to read the company information from the directory.

An error occurred while loading company information from the directory service.


The preferred replica is unavailable. Please retry without any replica session key header.

Omit the x-ms-replica-session-key header and then retry.


The data contract version header is missing. Include x-ms-dirapi-data-contract-version in your request.

The client contract version is missing from the request.


Header {0} is not currently supported.

The request contains an unsupported HTTP header. Change the header and try the request again.


The replica session key provided is not valid.

Fix the replica session key and try the request again.


Your request is throttled permanently. Please call support to address the issue.

The tenant repeatedly and persistently exceeded the token request rate limit. Requests from the tenant are rejected until the service is renegotiated. For help, contact Microsoft Support.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft