I have setup a new Azure AD Domain Services and an Azure VM running ADFS. I now want to connect ADFS to the Azure AD Domain Services.
I run the Active Directory Federation Services Configuration Wizard and the first step is to specify an account with domain administrator permissions to configure ADFS. When I enter an account that is a global administrator and a member of AAD DC Administrators, it gives me the following error:
The credentials provided is not a domain administrator. Provide a credential that is a member of the Domain Admins group and try again.
I cannot find the Domain Admins group in Azure and when I try and this group using the AD Remote Admin tools, it gives me the following error:
You do not have permission to modify the group myadfs.onmicrosoft.com/Users/Domain Admins.
How to I create an account that is part of the Domain Admins group so that I can use it to configure ADFS?
Note that this is a new Azure cloud-only setup with no existing AD services or users.