Forum Discussion

Christopher Anderson's avatar
Christopher Anderson
Copper Contributor
Mar 26, 2019

Error: User is not authorized to query the management service

When following the directions below, I always run into an error related to querying the management service.   https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketpl...
Christian_Montoya's avatar
Christian_Montoya
Icon for Microsoft rankMicrosoft
Jun 14, 2019

Oletho : The local AD user that will domain-join the VMs does not need to have any Azure permissions (my test tenant certainly does not). 

Erjen Rijnders's avatar
Erjen Rijnders
Brass Contributor
Jun 14, 2019

Christian_Montoya then how is it able to push PowerShell DSC commands? You need permissions on your Azure tenant.

  • Christian_Montoya's avatar
    Christian_Montoya
    Icon for Microsoft rankMicrosoft
    Jun 17, 2019

    Erjen Rijnders : The permission to retrieve and run DSC is authorized when you run the template. Afterwards, as long as the VM can reach out and download the DSC package, it will run it (not exactly sure if it runs in the context of the local admin or the Azure VM Agent).

  • Oletho's avatar
    Oletho
    Copper Contributor
    Jun 15, 2019

    Erjen Rijnders @christianmontoya

     

    My hostpool succeeded, domain joining with a local AD user (not AAD sync'ed) with no permissions but joining computers to my local AD. Exactly the behaviour I was hoping for.

     

    I cannot tell about the PS DSC question, but all lights are green and I take that as a good sign.

Resources