Getting 'unexpected status 404' error for custom Entra ID roles with azuread_administrative_unit_role_member

[sahangunathilaka]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Terraform v1.5.7
AzureAD 3.0.2

Affected Resource(s)

• azuread_administrative_unit_role_member

Terraform Configuration Files

data "azuread_administrative_unit" "scope" {
  display_name = var.scope
}

data "azuread_user" "principal" {
  user_principal_name = var.principal_name
}

resource "azuread_administrative_unit_role_member" "active_assignment_on_scope" {
  role_object_id                = <template_id of the custom role from portal>
  administrative_unit_object_id = data.azuread_administrative_unit.scope.object_id
  member_object_id              = data.azuread_user.principal.object_id
}

<template_id of the custom role from portal>

Expected Behavior

Create role membership without an issue.

Actual Behavior

The following error was thrown.

╷
│ Error: Adding role member "403xxx04e" to administrative unit "a2xxx0"
│
│ with azuread_administrative_unit_role_member.active_assignment_on_scope,
│ on entraid_role_assignment/main.tf line 54, in resource "azuread_administrative_unit_role_member" "active_assignment_on_scope":
│ 54: resource "azuread_administrative_unit_role_member" "active_assignment_on_scope" {
│
│ unexpected status 404 (404 Not Found) with error: Request_ResourceNotFound: Resource '<custom role template/object id>' does not exist or one of its queried reference-property objects are not
│ present.
╵

Steps to Reproduce

1. terraform init
2. terraform apply