azuread Error: Cannot import non-existent remote object

Question

I'm trying to import an existing azure active directory resource into the terraform state. I used the following:

terraform import azuread_service_principal.example 00000000-0000-0000-0000-000000000000

The 00000000-0000-0000-0000-000000000000 is the object_id of the above resource.

but when I run the command, I get this error:

Error: Cannot import non-existent remote object

do I need to do anything special in my script before I run this command?

Answer 1

I just had the same error with the User resource instead of service principal.

My fault was to be still logged in with az login on the command line to another tenant when importing the user with terraform import

After logging into the correct tenant, the user's objectId was the same in the portal as well as on the command line with az ad user show --id <upn>

Answer 2

I tested the same in my lab and importing the service principal using the objectId (from portal) returns an error that non-existent remote object cannot be imported .

Solution: Run the command mentioned below using azure CLI for your service principal you want to import and get the objectID for it .

az ad sp list --display-name "Your Service Principal Name"

After getting the objectID of the service principal, run the terraform import command using the objectId obtained from CLI and not the objectId from portal and it will successfully get imported.

terraform import azuread_service_principal.example your-service-principal-objectId

Note: The ObjectId shown in the Portal refers to the objectId of the application rather than the ObjectId of Service Principal.

## My Main.tf File  
 
provider "azuread" { 

  version = "=0.7.0" 

} 

resource "azuread_service_principal" "example" { 

}