Closed tleepa closed 5 years ago
@dijyotir for comment
@dijyotir Hello. Any update?
@MyronFanQiu Hi, this functionality is right now only available in Portal. Right now CLI and Powershell does not support this functionality.
@tleepa Should I change this issue into a feature request?
@MyronFanQiu Yes, please. Thank you.
@dijyotir i'm not quite sure if this is the correct place to ask this question. But i'm working with the Azure CLI to link a VNET to a private DNS as well. However, my VNET is in a different resource group than the Private DNS is, and I suspect that this is giving me the following error:
'Can not perform requested operation on nested resource. Parent resource 'my-zone-name' not found.'
Could this have to do something with this feature request as well?
@roblohmann The error seems to suggest that you are trying to create a virtual network link under a private zone but that zone doesn't exist.
@roblohmann The error seems to suggest that you are trying to create a virtual network link under a private zone but that zone doesn't exist.
That was also my inital thought, however I'm sure it exists and linking the VNET to the Private DNS Zone through the portal is not an issue. I just see that I got a response on Stackoverflow to my question regarding this issue, so I'll see what that brings. Otherwise I'll open a new tread here I think.
@roblohmann The error seems to suggest that you are trying to create a virtual network link under a private zone but that zone doesn't exist.
That was also my inital thought, however I'm sure it exists and linking the VNET to the Private DNS Zone through the portal is not an issue. I just see that I got a response on Stackoverflow to my question regarding this issue, so I'll see what that brings. Otherwise I'll open a new tread here I think.
For future references: Got the answer on Stackoverflow, had to get the virtual network id and pass that in. Also see https://stackoverflow.com/a/59384739/291293
I'm not sure if this solution was available due to the bug filed, but I ran into the same problem. By doing this through PowerShell using New-AzPrivateDnsVirtualNetworkLink there is a parameter called -RemoteVirtualNetworkId you can use to reference a VNET in a different tenant.
Describe the bug
I have two tenants (tenant1, tenant2). Each tenant has a subscription (sub1, sub2), resource group (rg1, rg2), vnets (vnet1, vnet2). I am able to create a peering between vnet1 and vnet2 using the IAM roles configured (added user from tenant1 to rg2 with Network Contributor role) I am trying to register vnet2 as a resolution network (old nomenclature) to the private zone created in sub1. Tried both previous and current preview version of Private DNS zone feature - both failing with similar messages. Documentation only specifies permissions necessary to create vnet peering between different tenants - Network Contributor. Do I need any other permissions?
Is it possible at all?
az account list
for user1:Command Name
az network private-dns link vnet create
Errors:
To Reproduce:
az network private-dns link vnet create --resource-group rg1 --name linkname --zone-name zonename --virtual-network /subscriptions/sub2/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/vnet2 --registration-enabled false --subscription sub1