Forum Discussion

alexander tikhomirov's avatar
alexander tikhomirov
Brass Contributor
Apr 02, 2019

New-RdsRoleAssignment : User is not authorized to query the management service

Hello

I am trying to follow this manual to create service principal name to use it on Azure Portal in the blade of creating new single host pool 

https://docs.microsoft.com/en-us/azure/virtual-desktop/create-service-principal-role-powershell

 

All command I am executing using Global Admin.

New App Registration was created "Windows Virtual Desktop Svc Principal" but according to manual next step it is to assign RDS Owner role to this app.

 

New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantName

 

After doing this I have an error:

New-RdsRoleAssignment : User is not authorized to query the management service."

 

Any ideas what I missed?

//Alexander

 

  • alexander tikhomirov's avatar
    alexander tikhomirov
    Apr 08, 2019
    was my bad, I successfully executed this command to grant permission RDS Owner to "Windows Virtual Desktop Svc Principal" I have just used wrong TenantName

    //Alexander
  • The same error when I tried to execute using Global admin account which has Tenant
    Get-RdsDiagnosticActivities

    //Alexander

    • alexander tikhomirov's avatar
      alexander tikhomirov
      Brass Contributor

      Stefan Georgiev 

      I used my Global Admin credential. And the same account when I am checking has RDS Owner role and also this account was used to create new wvd tenant.

       

      //Alexander

      • alexander tikhomirov's avatar
        alexander tikhomirov
        Brass Contributor
        was my bad, I successfully executed this command to grant permission RDS Owner to "Windows Virtual Desktop Svc Principal" I have just used wrong TenantName

        //Alexander

Resources