Share via

confusion between lab 01 and demo 01

marouf 60 Reputation points
2025-05-02T15:35:26.0533333+00:00

Hello,

I have a problem with the links here:

https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/

In Lab 02a- Manage subscriptions and RBAC - is OK but when I use it with the Demonstration 01: Administer Identity, I feel it's way off.

For instance, as per the demo 01, I cut-paste the subscription ID in the RBAC text file. Then I opened a PS session, where I named my storage and fileshare accounts. I then uploaded the file az104-02a-customRoleDefinition-2.txt (It's a JSON file, but I changed it to txt file to upload it here).

After that, when I type the command to create a custom role,

New-AzRoleDefinition -InputFile $HOME/az104-02a-customrRoleDefinition.json

It's saying "Operation returned an invalid status code 'NotFound"

And hence, I am not able to continue further with the automated demo.

Kindly, please guide me what's the problem because this simply looks too off track compared to the steps and 4 tasks in hands-on (Lab 02a). And as I am preparing for AZ 104, I need to understand how this works practically.

Thank you

best regards

marouf

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
927 questions
0 comments
Accepted answer
  1. SrideviM 3,115 Reputation points Microsoft External Staff Moderator
    2025-05-05T07:06:14.57+00:00

    Hello marouf,

    I understand you are trying to follow Demo 01: Administer Identity alongside Lab 02a: Manage Subscriptions and RBAC, and you're seeing an error when trying to create a custom role using the New-AzRoleDefinition command.

    The error "NotFound" usually occurs when there's a problem with the values defined in the role file. To check the file content being used, you can run:

    Get-Content -Path "$HOME/az104-02a-customRoleDefinition.json"

    User's image

    In many cases, this happens when the "AssignableScopes" section includes a management group or subscription that doesn't exist or isn't accessible.

    To confirm that the scope values are valid, run the following:

    Get-AzManagementGroup
Get-AzSubscription

    User's image

    Please check whether a management group named az104-02-mg1 has been created. If the name in your JSON doesn't match exactly, the command will fail. Scope names must be precise, including hyphens and casing.

    After updating the name to the correct one, command succeeded:

    New-AzRoleDefinition -InputFile $HOME/az104-02a-customRoleDefinition.json

    User's image

    Make sure you're working within the right subscription context:

    Get-AzContext
Set-AzContext -SubscriptionId "<your-subscription-id>"

    Also, confirm that your account has either Owner or User Access Administrator permissions, as these are required for custom role creation.

    Hope this clarifies things a bit!

    If the issue still persists, please share your contact details and time zone in the Private Message window so we can connect offline and help resolve it.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

    User's image

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.