Forum Discussion
New-RdsRoleAssignment : User is not authorized to query the management service
Hello
I am trying to follow this manual to create service principal name to use it on Azure Portal in the blade of creating new single host pool
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-service-principal-role-powershell
All command I am executing using Global Admin.
New App Registration was created "Windows Virtual Desktop Svc Principal" but according to manual next step it is to assign RDS Owner role to this app.
New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantName
After doing this I have an error:
New-RdsRoleAssignment : User is not authorized to query the management service."
Any ideas what I missed?
//Alexander
- was my bad, I successfully executed this command to grant permission RDS Owner to "Windows Virtual Desktop Svc Principal" I have just used wrong TenantName
//Alexander
- alexander tikhomirovBrass Contributor
The same error when I tried to execute using Global admin account which has Tenant
Get-RdsDiagnosticActivities
//Alexander - Stefan GeorgievMicrosoft
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantNameSo this fails for the service principal? What account did you use for the Add-RdsAccount prompt...
- alexander tikhomirovBrass Contributor
I used my Global Admin credential. And the same account when I am checking has RDS Owner role and also this account was used to create new wvd tenant.
//Alexander
- alexander tikhomirovBrass Contributorwas my bad, I successfully executed this command to grant permission RDS Owner to "Windows Virtual Desktop Svc Principal" I have just used wrong TenantName
//Alexander