{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Luminary・发光体 的问题《Cannot add user to VSTS from Azure Active Director》','https://www.manongdao.com/q-910673.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Problem:
I've created VSTS from Azure portal. I'm now unable to add more team members to VSTS: https://myteamaccount.visualstudio.com/_user
Environment details:
VSTS and Azure subscription both connected to the same AAD. I log in to both, Azure portal and VSTS with my company credentials: user.name@mycompany.com
The AAD is custom project specific AAD. In azure portal, I need to switch to project-subscription that is connected to project-AAD so in the top right corner click on:
user.name@mycompany.com myproject123hotmail (DEFAULT DIRECTORY)Then I see the Team Services Account and Team Project Resources
The other users are in the AAD as well: In the Azure portal in the
VS-MyTeamAccount-Group -> Access Control (IAM)I can see the other users as contributors, so they must be in the same AAD as well, don't they?For some weird reason I'm not owner of this Resource Group although I created it.
I've also tried to add desired team member to the project AAD as a guest users. Invitation was sent.
In the new Azure portal, when I click the Azure Active Directory Tab, I don't have access to see, find or add users.
Question:
How do I add users to my team project?
Since you add the account as guest user in the AAD, the user can be added to your VSTS (also will be added automatically when that user first access your VSTS), you need to grant the permission for that user in VSTS, for example, add it to Team Project Administrators group.
There is a blog about inviting directory guest to AAD-backed VSTS accounts.
The user just in guest user of AAD can't find others in VSTS.
For those who come after, this put me on the right track.
Guest users cannot search the Azure Active Directory list, even when they are Global Administrators on Azure AD AND the owner of the DevOps Organization (I was both). Essentially they must be converted to a Member rather than Guest.
This link from the developer community forums helped me sort out the issue. I have quoted the answer at the base of this post in case it disappears.
The solution was to
Install-Module AzureADConnect-AzureAD -TenantId [your tenant id]Set-AzureADUser -ObjectId [User object id] -UserType MemberOnce I logged out and in again (clearing my cookies) - tadaa! All my Azure AD groups/users were visible to me in the add screens of my DevOps organization.
Quote from the developer community post: