Azure Site Recovery: Automatic VMM User Roles Assignment to VMs upon Failover

While I was playing with Azure Site Recovery I had scenario where I needed to assign VMM User Role to the VMs that were being replicated to the replica site. To be more specific you have VMM server on Primary Site and another VMM server on Replica Site and you are using ASR to take care for the mapping and failover tasks. So on the replica VMM server I need to assign User Roles to the replicated VMs in VMM. Unfortunately while a VM is being replicated you cannot change any of its properties in VMM. Basically the replicated VMs are in locked state. Of course when failover is being initiated VMs are no longer locked. In that case my solution trough the scripts that you can use in Recovery plans to assign User Roles to the VMs when they are being failover. You can find the script on TechNet Gallery.

The script aims to be just a sample. The script is executed with the VMM service account so that account needs to have administrator permissions in VMM. I am using a variables that are forwarded from the ASR service to the script when it is executed so I can know the IDs of the VMs that are being failover and also the direction of failover as I want to just apply the script when Failover is from Primary to Replica site. As I will be assigning the VMs within the context of Tenant Admin User role I am using the following connection to VMM:

$VMMobject=Get-SCVMMServer -ComputerName -ForOnBehalfOf -ConnectAs Administrator

The user role to which the VMs are being assigned is taken from variable:


but there are a lot of ways to make this variable more dynamic. Such example would be to name the Recovery Plans with the same name as the User Role. The Name of the recovery plan being executed is forwarded into the script trough a variable. Having the name you can easily find the User Role.

I first assign the VMs to the default Administrator User Role and the VMM service account as I’ve found issue when the VMs have no User Role assigned and you need to assign them Tenant Admin User Role right away.

After you’ve setup your script you can simply include it in every Group of VMs that you will failover as pre-step:


That way roles will be assigned before VM start.

With such sample you can for example create a script that will change VM hardware properties based on certain hardware properties you have defined. Such scenario is Tenant has VM that has 1 vCPU and 1,5GB RAM but you as provider do not have such profile so you take the closest you’ve defined like 1 vCPU and 1GB RAM.

Hope this was helpful for you,


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s