How do I add Azure Active Directory User to Local Administrators Group
With Windows 10 you can join an organisation (=Azure Active Directory) and login with your cloud credentials.
Based on the information provided here the first account per computer that joins the organisation is a local administrator. The accounts that join after that are not.
How do I make them local administrators?
The standard group add dialog does not allow me to select users from AzureAD, search from users from AzureAD. I simply can see that my first account is in the list (listed as AzureAD\AccountName).
Interesting is also: When I login with the second account and get prompted for a local administrator (for applying computer settings - UAC I assume) it will not accept the first account even though it is a local administrator.
You can do this via command line! I just had this same issue and after searching and getting nothing but "you can't" from everywhere, I (for giggles and grins) tried this through the command line and IT WORKED!!
-
Login to the PC as the Azure AD user you want to be a local admin. This gets the GUID onto the PC.
-
Log out as that user and login as a local admin user.
-
Open a command prompt as Administrator and using the command line, add the user to the administrators group. As an example, if I had a user called John Doe, the command would be
net localgroup administrators AzureAD\JohnDoe /add
.
Log back in as the user and they will be a local admin now.
I found this Microsoft document related to this question:
"Connect to remote Azure Active Directory-joined PC".
You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once and then running the following PowerShell cmdlet:
net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
where FirstnameLastname is the name of the user profile in C:\Users
, which is created based on DisplayName attribute in Azure AD.
This command only works for AADJ device users already added to any of the local groups (administrators). Otherwise this command throws the below error. For example:
- For cloud only user: "There is no such global user or group : name"
- For synced user: "There is no such global user or group : name"
In Windows 10, version 1709, the user does not have to sign in to the remote device first.
In Windows 10, version 1709, you can add other Azure AD users to the Administrators group on a device in Settings and restrict remote credentials to Administrators. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
Please keep this sentance in mind:
In Windows 10, version 1709, the user does not have to sign in to the remote device first.
I just landed here with a similar problem - how do I add my Azure user to the local "Hyper-V Administrators" group.
Apart from the best-rated answer (thanks!), turns out you can with the following PS command as well:
PS> ([adsi]"WinNT://./Hyper-V Administrators,group").Add("WinNT://$env:UserDomain/$env:Username,user")
which I found on https://docs.okd.io/latest/minishift/troubleshooting/troubleshooting-driver-plugins.html#troubleshooting-driver-hyperv