New-RdsRoleAssignment : User is not authorized to query the management service

Brass Contributor


I am trying to follow this manual to create service principal name to use it on Azure Portal in the blade of creating new single host pool


All command I am executing using Global Admin.

New App Registration was created "Windows Virtual Desktop Svc Principal" but according to manual next step it is to assign RDS Owner role to this app.


New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantName


After doing this I have an error:

New-RdsRoleAssignment : User is not authorized to query the management service."


Any ideas what I missed?



6 Replies

The same error when I tried to execute using Global admin account which has Tenant


@alexander tikhomirov 

Add-RdsAccount -DeploymentUrl ""
New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantName


So this fails for the service principal? What account did you use for the Add-RdsAccount prompt...

@Stefan Georgiev 

I used my Global Admin credential. And the same account when I am checking has RDS Owner role and also this account was used to create new wvd tenant.



best response confirmed by alexander tikhomirov (Brass Contributor)
was my bad, I successfully executed this command to grant permission RDS Owner to "Windows Virtual Desktop Svc Principal" I have just used wrong TenantName


@alexander tikhomirov  You are obviously trying to follow the same guide I am trying to follow. Did you use you Azure AD tenant name here: $myTenantName = "" or did you use what was defined in this command New-RdsTenant -Name blahblahblahblahblah????

@alexander tikhomirov Where did you find your tenant name? I've been looking for WAY too long and the Get-RdsTenant and Get-RdsContext commands won't work for me.