System Center 2012 Virtual Machine Manager Error: The selected user is not a member of any user roles that has this object in its scope

Article ID: 2736792 - View products that this article applies to.
Expand all | Collapse all

Symptoms

When the VMM delegated administrator tries to change the ownership of a VM in System Center 2012 Virtual Machine Manager (VMM) to a user who is a member of the Self-Service User role created by the VMM Administrator, the following error is displayed: 

The selected user is not a member of any user roles that has this object in its scope. Please select another user.

This happens even when the VMM delegated administrator has the cloud in its scope to which the VM is assigned and to which the Self-Service User role has access.

Cause

This is by design as the VMM Delegated Administrators cannot view, modify, or remove user roles created by members of the Administrator user role or by other VMM Delegated Administrator user roles. Due to this fact, a Self-Service User role created by the VMM Administrator is not accessible to the VMM Delegated Administrator. 

Resolution

To allow a delegated administrator in VMM to change the membership of a self-Service user role, that role must be created by the delegated administrator. Below are two methods of creating a self-service user role that can be managed by a delegated administrator.

Method 1:

1. Login to VMM as a Delegated Administrator.

2. Create a new Self-Service User Role (for example SSU_HelpDesk) and assign a user (for example contoso\Vladimir) as the member of this Self-Service User role.

Now the VMM delegated administrator should be able to change the ownership of the virtual machine to contoso\Vladimir as contoso\Vladimir is a member of the Self-Service User role (SSU_HelpDesk) created by the currently logged in VMM Delegated Administrator (assuming that the virtual machine is in the cloud which both the newly created Self-Service User role and the VMM delegated administrator role have in their scope). 

NOTE: If you log in as a member of a different VMM Delegated Administrator role and try to change the ownership of the virtual machine to contoso\Vladimir, you will get the error "The selected user is not a member of any user roles that has this object in its scope. Please select another user" since the Self-Service User role SSU_HelpDesk was created by a different VMM Delegated Administrator role. 


Method 2:

The second option is to use the VMM PowerShell. In this example we are going to create a new Self-Service User role called 'ContosoSSU' and assign 'DelAdmin' VMM delegated administrator user role as an owner of the ContosoSSU which will enable members of the 'DelAdmin' role to change the ownership of a VM to a user who is a member of the 'ContosoSSU'.

1. Login as a VMM Administrator

2. Launch the VMM PowerShell

3. Type: $UserRole=Get-SCUserRole -name "DelAdmin"

4. Press enter

5. Type: New-SCUserRole -Name "ContosoSSU" -UserRoleProfile "SelfServiceUser" -ParentUserRole $UserRole

6. Press Enter

7. Now the new Self-Service User role "ContosoSSU" is created, and a member of the DelAdmin user group should be able to change ownership of a VM to user who is a member of the "ContosoSSU". Note that both DelAdmin and ContosoSSU need to have the same cloud in their scopes.
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2736792 - Last Review: August 6, 2012 - Revision: 2.0
Applies to
  • Microsoft System Center 2012 Virtual Machine Manager
Keywords: 
KB2736792

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com