I am trying to add Azure AD group in Azure DevOps using the az devops security group create command, but I am encountering a 500 status code error. Here’s what I have attempted:
Command with Project Collection Valid Users:
az devops security group create --origin-id 'object ID from AD' --groups 'vssgp.wwwwww' --scope anization -- '/'
Command with a custom group name:
az devops security group create --origin-id 'object ID from AD' --groups 'vssgp.devlopergrp' --scope "anization" -- '/'
Result: Operation returned a 500 status code.
Since the AD Group is being added to the Azure devops for the first time, it doesn't have a descriptor.
I have verified that:
- The Object ID from AD is correct.
- The Azure DevOps CLI is authenticated and working for other commands.
- The anization URL is valid.
- The descriptor of the Project Collection Valid Users is correct
- I have Project Collection Administrator Permission on Azure DevOps.
What could be causing this issue, and how can I successfully create the group?
I am trying to add Azure AD group in Azure DevOps using the az devops security group create command, but I am encountering a 500 status code error. Here’s what I have attempted:
Command with Project Collection Valid Users:
az devops security group create --origin-id 'object ID from AD' --groups 'vssgp.wwwwww' --scope anization -- 'https://dev.azure/my-/'
Command with a custom group name:
az devops security group create --origin-id 'object ID from AD' --groups 'vssgp.devlopergrp' --scope "anization" -- 'https://dev.azure/my-/'
Result: Operation returned a 500 status code.
Since the AD Group is being added to the Azure devops for the first time, it doesn't have a descriptor.
I have verified that:
- The Object ID from AD is correct.
- The Azure DevOps CLI is authenticated and working for other commands.
- The anization URL is valid.
- The descriptor of the Project Collection Valid Users is correct
- I have Project Collection Administrator Permission on Azure DevOps.
What could be causing this issue, and how can I successfully create the group?
Share Improve this question edited Jan 17 at 15:56 Rui Jarimba 18.2k11 gold badges64 silver badges98 bronze badges asked Jan 17 at 15:51 Nyamat Allah Noorahmad MominNyamat Allah Noorahmad Momin 11 bronze badge 3 |2 Answers
Reset to default 0I can reproduce the same 500 error when trying to add an AAD group to Project Collection Valid Users group. If you add an AAD group manually to this group, you will get the same 500 error in the UI.
According to the official doc, this group contains all users and groups added anywhere within the collection. You can't modify the membership of this group. That is why you get 500 error.
It's suggested that you add your AAD group to other groups at anization level, whether a built-in group or your custom group.
I am trying to add the Azure AD group in the Organization's Project Collection Valid User and I am able to add from the portal.
Adding the group:
Group added:
If I use the descriptor of the Project Collection Valid Users, I'm getting the below error.
--verboseand/or--debugoptions to your commands - see Be aware of globally available arguments. – Rui Jarimba Commented Jan 18 at 16:27