Assigning "Desktop Virtualization User" role to users using Azure Runbook
I am trying the below command in Azure Run Book to assign the "Desktop Virtualization User" role to users in an application group. If i execute the same command "Clod Shell", it is working fine. But if i execute the same command from Runbook, i am getting "object reference not set to an object error". Here is the command.
New-AzRoleAssignment -ObjectId $userobjectid -RoleDefinitionName 'Desktop Virtualization User' -ResourceGroupName 'RGName' -ResourceName 'providers/Microsoft.DesktopVirtualization/applicationgroups/AppGroupName' -ResourceType 'Microsoft.DesktopVirtualization' -Verbose
I am a global admin on this tenant and i don't see a reason for failure of the above command related to access. Can somebody please suggest if i am making any mistakes or any limitation for the New-AzRoleAssignment in runbook.
Thanks, Venu
When you do not have appropriate permissions to access a specific resource, an error object reference not set to an instance of an object occurs.
Need to check below:
To access users from Azure AD within the automation account, you must first have a "User Access Administrator" or "Owner" roles.
To assign a role assignment to a user, you need to have an admin consent for the application. However, under registrations, delegated API permissions are usually provided for the apps. Now to delegate permissions for the user, you need to visit graph explorer.
Go to your profile >> Login >> Consent to Permissions in the upper right corner.
Search for Directory.ReadWrite.All once you've opened it and consent by clicking on the consent button.
Once you are done with the above, try executing the script and it worked for me as expected.
connect-Azaccount -identity
$userobjectid = "09fxxxxxxfc9"
New-AzRoleAssignment -ObjectId $userobjectid -RoleDefinitionName "Desktop Virtualization User" -ResourceName "providers/Microsoft.DesktopVirtualization/applicationgroups/newpool-DAG" -ResourceGroupName "Jahnavi" -ResourceType 'Microsoft.DesktopVirtualization' -Verbose
Output:
Role added successfully:
- WinSCP Disable ResumeSupport in PowerShell
- ConvertFrom-Json : Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys
- How to pull the model name of a Lenovo ThinkCenter M75q Gen 2
- How to do a topological sort in PowerShell
- Error: "The operation was rejected by your operating system" when trying to create new angular project using windows powershell
- powerShell Set-acl strange error : there is not enough space on the disk
- How to append XML elements with Attributes using Powershell
- Automation Account Importing PowerShell Module Issue
- Trying to get Codesys to run a batch file from the HMI
- Is it possible to save the output from a write command in a file? (API and Powershell)
- PowerShell script to monitor IIS logs for 500 errors every 10 minutes
- Where to find documentation about add_<eventname>(<scriptblock>) like add_click, add_shown using powershell?
- How do you get the icons out of shell32.dll?
- How do I extract fields from the tabular text output of the Cloud Foundry CLI?
- Shortcut to pull up all file explorer windows that are open
- PowerShell LDAPFilter multiple conditions
- Create new System.Collections.Generic.Dictionary object fails in PowerShell
- How to calculate the CRC32 of a string in Powershell?
- How do you do a ‘Pause’ with PowerShell 2.0?
- Writing program version to INI file in Inno Setup at compile time
- Extract email:password
- HTTP request to update Service Principal Entra
- How to show the diff in all files having leftover conflict marker?
- How to get ALL AD user groups (recursively) with Powershell or other tools?
- Which version of XPath is installed
- Using powershell, how can I extract the OU path for a computer currently in AD?
- MSGraph Query Not returning group info
- PowerShell - Overwriting line written with Write-Host
- How do I get a certificate (public and private key) into a windows container in AKS?
- script to remove unused drivers - pnputil