Server admin limit exceeded (AzureAD add password/client secret)

When creating a new password/client secret for an app registration I get the following error. Anyone knows how to fix this?

2023-05-05T10:06:24.9951032Z 2023-05-05T10:06:24.248Z [INFO] provider.terraform-provider-azuread_v2.36.0_x5: 2023/05/05 10:06:24 [DEBUG] ============================ Begin AzureAD Request ============================
2023-05-05T10:06:24.9951240Z Request ID: 1a383e68-291a-f30e-af0b-ba66f5352ce7
2023-05-05T10:06:24.9951250Z
2023-05-05T10:06:24.9951535Z POST /beta/applications//addPassword HTTP/1.1
2023-05-05T10:06:24.9951644Z Host: graph.microsoft.com
2023-05-05T10:06:24.9952169Z User-Agent: HashiCorp Terraform/1.4.6 (+https://www.terraform.io) Terraform Plugin SDK/2.10.1 terraform-provider-azuread/dev Hamilton (Go-http-client/1.1) pid-222c6c49-1b0a-5959-a213-6608f9eb8820
2023-05-05T10:06:24.9952297Z Content-Length: 111
2023-05-05T10:06:24.9952529Z Accept: application/json; charset=utf-8; IEEE754Compatible=false
2023-05-05T10:06:24.9952720Z Content-Type: application/json; charset=utf-8
2023-05-05T10:06:24.9952850Z Odata-Maxversion: 4.0
2023-05-05T10:06:24.9952972Z Odata-Version: 4.0
2023-05-05T10:06:24.9953100Z Accept-Encoding: gzip
2023-05-05T10:06:24.9953107Z
2023-05-05T10:06:24.9953465Z {“passwordCredential”:{“displayName”:“Client secret ”}}
2023-05-05T10:06:24.9953740Z ============================= End AzureAD Request =============================: timestamp=2023-05-05T10:06:24.248Z
2023-05-05T10:06:24.9954246Z 2023-05-05T10:06:24.430Z [DEBUG] provider.terraform-provider-azurerm_v3.52.0_x5: Generated Provider Correlation Request Id: b701e369-4abf-2ad0-a7c3-8a42d0043207: timestamp=2023-05-05T10:06:24.428Z
2023-05-05T10:06:24.9955273Z 2023-05-05T10:06:24.497Z [DEBUG] provider.terraform-provider-azurerm_v3.52.0_x5: GET https://pipelines.actions.githubusercontent.com/fxILq3dfR88qTkMIjzFknhRzOM1t4ENryiQjGtmhgg70I0UxWb/00000000-0000-0000-0000-000000000000/_apis/distributedtask/hubs/Actions/plans/03a0c0d7-1335-4742-bdb0-2f1b6de66fc2/jobs/a6f17224-f3cc-5932-ffeb-e46fa9c7de8c/idtoken?api-version=2.0&audience=api%3A%2F%2FAzureADTokenExchange: timestamp=2023-05-05T10:06:24.496Z
2023-05-05T10:06:24.9955799Z 2023-05-05T10:06:24.582Z [TRACE] maybeTainted: module.environment.module..azuread_application_password.app_registration_password encountered an error during creation, so it is now marked as tainted
2023-05-05T10:06:24.9956357Z 2023-05-05T10:06:24.582Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.environment.module..azuread_application_password.app_registration_password
2023-05-05T10:06:24.9956927Z 2023-05-05T10:06:24.582Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.environment.module..azuread_application_password.app_registration_password
2023-05-05T10:06:24.9957403Z 2023-05-05T10:06:24.582Z [TRACE] evalApplyProvisioners: module.environment.module..azuread_application_password.app_registration_password is tainted, so skipping provisioning
2023-05-05T10:06:24.9957857Z 2023-05-05T10:06:24.582Z [TRACE] maybeTainted: module.environment.module..azuread_application_password.app_registration_password was already tainted, so nothing to do
2023-05-05T10:06:24.9958490Z 2023-05-05T10:06:24.582Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.environment.module..azuread_application_password.app_registration_password
2023-05-05T10:06:24.9959085Z 2023-05-05T10:06:24.582Z [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.environment.module..azuread_application_password.app_registration_password
2023-05-05T10:06:24.9959689Z 2023-05-05T10:06:24.586Z [ERROR] vertex “module.environment.module..azuread_application_password.app_registration_password” error: Adding password for application with object ID “”
2023-05-05T10:06:24.9960120Z 2023-05-05T10:06:24.586Z [TRACE] vertex “module.environment.module..azuread_application_password.app_registration_password”: visit complete, with errors
2023-05-05T10:06:24.9960608Z 2023-05-05T10:06:24.586Z [INFO] provider.terraform-provider-azuread_v2.36.0_x5: 2023/05/05 10:06:24 [DEBUG] ============================ Begin AzureAD Response ===========================
2023-05-05T10:06:24.9960958Z POST https://graph.microsoft.com/beta/applications//addPassword
2023-05-05T10:06:24.9961160Z Request ID: 1a383e68-291a-f30e-af0b-ba66f5352ce7
2023-05-05T10:06:24.9961167Z
2023-05-05T10:06:24.9961261Z HTTP/1.1 400 Bad Request
2023-05-05T10:06:24.9961400Z Transfer-Encoding: chunked
2023-05-05T10:06:24.9961523Z Cache-Control: no-cache
2023-05-05T10:06:24.9961745Z Client-Request-Id: 8e624ae8-710f-49e8-a15b-7050cb9b0e42
2023-05-05T10:06:24.9961896Z Content-Type: application/json
2023-05-05T10:06:24.9961997Z Date: Fri, 05 May 2023 10:06:24 GMT
2023-05-05T10:06:24.9962187Z Request-Id: 8e624ae8-710f-49e8-a15b-7050cb9b0e42
2023-05-05T10:06:24.9962370Z Strict-Transport-Security: max-age=31536000
2023-05-05T10:06:24.9962497Z Vary: Accept-Encoding
2023-05-05T10:06:24.9962871Z X-Ms-Ags-Diagnostic: {“ServerInfo”:{“DataCenter”:“Central US”,“Slice”:“E”,“Ring”:“2”,“ScaleUnit”:“001”,“RoleInstance”:“DS2PEPF00000F45”}}
2023-05-05T10:06:24.9963002Z X-Ms-Resource-Unit: 1
2023-05-05T10:06:24.9963009Z
2023-05-05T10:06:24.9963083Z eb
2023-05-05T10:06:24.9963640Z {“error”:{“code”:“Request_BadRequest”,“message”:“Server admin limit exceeded.”,“innerError”:{“date”:“2023-05-05T10:06:24”,“request-id”:“8e624ae8-710f-49e8-a15b-7050cb9b0e42”,“client-request-id”:“8e624ae8-710f-49e8-a15b-7050cb9b0e42”}}}
2023-05-05T10:06:24.9963719Z 0
2023-05-05T10:06:24.9963726Z
2023-05-05T10:06:24.9963740Z
2023-05-05T10:06:24.9964019Z ============================= End AzureAD Response ============================: timestamp=2023-05-05T10:06:24.582Z

id’s in logs are removed. so no no issues there.

btw, adding the client secret from the portal works fine.