Critical severityauthentication
Power BI Error:
AADSTS50057
What does this error mean?
The user account attempting to sign in is disabled in Microsoft Entra ID (Azure AD) and cannot authenticate.
Common causes
- 1User account was explicitly disabled by an admin in the Entra ID / Azure AD admin center (accountEnabled = false)
- 2Account was disabled by an automated lifecycle workflow or HR-driven offboarding sync (e.g. employee left, license cleanup script)
- 3On-premises AD account is disabled and the disabled state was synced to Entra ID via Entra Connect / AD Connect
- 4Conditional Access or identity protection automation disabled the account after risk detection (compromised credentials, impossible travel)
- 5Service account used by a Power BI dataset, dataflow, or ADF linked service was disabled, blocking scheduled refresh authentication
How to fix it
- 1Verify the user's status in the Microsoft Entra admin center → Users → select user → check 'Account enabled'. If 'No', the cause is confirmed.
- 2Re-enable the account: in the Entra admin center toggle 'Account enabled' to Yes, or run PowerShell: `Update-MgUser -UserId <upn> -AccountEnabled:$true` (Microsoft Graph) or `Set-AzureADUser -ObjectId <upn> -AccountEnabled $true` (legacy AzureAD module).
- 3If the account is synced from on-premises AD, re-enable it in on-prem Active Directory (Enable-ADAccount) and wait for the next Entra Connect sync cycle (or force one with `Start-ADSyncSyncCycle -PolicyType Delta`) — disabling it directly in Entra will be overwritten.
- 4Check the audit logs in Entra ID (Monitoring → Audit logs, filter on 'Disable user') to identify who or what disabled the account, so you can prevent recurrence (lifecycle workflow, risk policy, manual action).
- 5For Power BI / Fabric / ADF refresh failures: replace the disabled identity on the affected dataset, dataflow, gateway data source, or linked service — preferably with a service principal or managed identity instead of a personal account that can be offboarded.