Forum Discussion
Error: User is not authorized to query the management service
Erjen Rijnders wrote:And make sure, that the user you are using joining the VM's to the domain, is also having Owner access on the Azure subscription.
It needs to be able to run PowerShell DSC on the VM's.
Do you have any pointers to this? I have not seen this mentioned anywhere else, and I am not satisfied with having a local AD user have owner rights on a subscription.
For other reasons I am going to remove my WVD setup and start over, and I want to be sure to do every little bit right this time :-)
Thanks!
MicrosoftOletho : The local AD user that will domain-join the VMs does not need to have any Azure permissions (my test tenant certainly does not).
- Christian_Montoya
Erjen Rijnders : The permission to retrieve and run DSC is authorized when you run the template. Afterwards, as long as the VM can reach out and download the DSC package, it will run it (not exactly sure if it runs in the context of the local admin or the Azure VM Agent).
Erjen Rijnders @christianmontoya
My hostpool succeeded, domain joining with a local AD user (not AAD sync'ed) with no permissions but joining computers to my local AD. Exactly the behaviour I was hoping for.
I cannot tell about the PS DSC question, but all lights are green and I take that as a good sign.
Christian_Montoya then how is it able to push PowerShell DSC commands? You need permissions on your Azure tenant.
