How do I add Azure Active Directory User to Local Administrators Group

windows-10 user-accounts administrator active-directory azure
174,384

Solution 1

You can do this via command line! I just had this same issue and after searching and getting nothing but "you can't" from everywhere, I (for giggles and grins) tried this through the command line and IT WORKED!!

  1. Login to the PC as the Azure AD user you want to be a local admin. This gets the GUID onto the PC.

  2. Log out as that user and login as a local admin user.

  3. Open a command prompt as Administrator and using the command line, add the user to the administrators group. As an example, if I had a user called John Doe, the command would be net localgroup administrators AzureAD\JohnDoe /add.

Log back in as the user and they will be a local admin now.

Solution 2

I found this Microsoft document related to this question:
"Connect to remote Azure Active Directory-joined PC".

You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once and then running the following PowerShell cmdlet:

net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"

where FirstnameLastname is the name of the user profile in C:\Users, which is created based on DisplayName attribute in Azure AD.

This command only works for AADJ device users already added to any of the local groups (administrators). Otherwise this command throws the below error. For example:

  • For cloud only user: "There is no such global user or group : name"
  • For synced user: "There is no such global user or group : name"

In Windows 10, version 1709, the user does not have to sign in to the remote device first.

In Windows 10, version 1709, you can add other Azure AD users to the Administrators group on a device in Settings and restrict remote credentials to Administrators. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.

Please keep this sentance in mind:

In Windows 10, version 1709, the user does not have to sign in to the remote device first.

Solution 3

I just landed here with a similar problem - how do I add my Azure user to the local "Hyper-V Administrators" group.

Apart from the best-rated answer (thanks!), turns out you can with the following PS command as well:

PS> ([adsi]"WinNT://./Hyper-V Administrators,group").Add("WinNT://$env:UserDomain/$env:Username,user")

which I found on https://docs.okd.io/latest/minishift/troubleshooting/troubleshooting-driver-plugins.html#troubleshooting-driver-hyperv

Share:
174,384

Related videos on Youtube

Alex Duggleby
Author by

Alex Duggleby

Updated on September 18, 2022

Comments

  • Alex Duggleby
    Alex Duggleby over 1 year

    With Windows 10 you can join an organisation (=Azure Active Directory) and login with your cloud credentials.

    Based on the information provided here the first account per computer that joins the organisation is a local administrator. The accounts that join after that are not.

    How do I make them local administrators?

    The standard group add dialog does not allow me to select users from AzureAD, search from users from AzureAD. I simply can see that my first account is in the list (listed as AzureAD\AccountName).

    Interesting is also: When I login with the second account and get prompted for a local administrator (for applying computer settings - UAC I assume) it will not accept the first account even though it is a local administrator.

    • ckozl
      ckozl about 8 years
      you need to change the accepted answer... Chris Angell has the simple 1-liner command line that makes everything work right
  • Monstieur
    Monstieur almost 8 years
    What about filesystem permissions? Is there any way to use the GUI for filesystem permissions?
  • munrobasher
    munrobasher over 7 years
    You could maybe use fileacl for file permissions?
  • Alfie Anil
    Alfie Anil over 6 years
    Step 2: You don't have to log out+ log in as local admin. From any account you can open CMD as admin (it will ask for admin credentials if needed). Then next time that account logs in it will pull the new permissions.
  • Keith Robertson
    Keith Robertson over 4 years
    @Monstieur I created a local (user) group with no one in it (called $MYUSERNAME_user), added the AD user with the above instructions, then used the GUI to add the local group (and therefore the user) for filesystem permissions. It's a kluge, but it works. Probably not good for a widely-used system lest someone add more users to the local group, but adequate for a single-user workstation.
  • SergG
    SergG about 4 years
    And another hint from Managing Local Admins with Intune Azure AD Join devices “net localgroup administrators AzureAD\[email protected] /add > nul 2> nul” | cmd “net localgroup administrators AzureAD\[email protected] /add > nul 2> nul” | cmd

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Administrator", "DefaultAccount", "Guest": Can I remove these accounts?
Can't join Azure Active Directory
Account folder moved to "Administrator.000"?
File permissions "Administrators: Full Control". Why isn't it always sufficient?
Settings can't be opened using the Built-in Administrator account in Windows 10
Administrator account prevents me from reverting Windows 10 to 8.1
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
Get Azure Active Directory Token with username and password
TF246017 Error when opening TFS Administration Console
POSTMAN: "You do not have permission to view this directory or page" with Bearer Token