This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 99%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
When logged into the Azure portal as the Azure Account Owner, I cannot create a new user in AD and unsure why. There is only one user currently in this account being myself, the one who registered the azure account originally i.e. the bill payer.
The Create button is also greyed out.
I hadnt changed any role assingments for my own account. I also dont have the option to add additional roles to my own account so unsure how I can elevate my own access as the account owner in order to give myself the privaledges to add additional users...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 1%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
HI ,
This is clearly an Access issues , based on the screenshot , it is not clear what all other roles you have access to apart from Service Support Admin. Can you share that screenshot so that it can be validated. You can find that in the Assigned Roles Tab in your user section , like below.
Ive just updated my question showing the roles i currently have, in addition when revieweing the 'Azure Role Assingment' for myself, it shows me as the owner. So i'm unsure why I dont have the required privaledges.
HI ,
None of these access will enable you to create/Delete Users.
Add User Administration or Global Administration roles to you account and this shall work for you.
Hi ,
None of these permission will enable you to Create/Delete users.
Please add User Administration or Global Admin access to your id and this shall work for you,
@Erkan SAHIN I have checked various parts of the portal and can't see any logical reason why my own account as the Azure Account Owner is not given any privaledges to either:- add users, or elevate my on access or role memberships.
I can try to contact Azure support but given the fact I'm not paying for a support plan, means I likely wont get any support unless I pay for a subscription.
Responses to your suggested steps:
1 - "Go to the Subscription settings in the Azure portal and check if there are any restrictions set on the subscription or the AD that may be preventing you from creating new users" kindly please advise what you want me to check exactly?
Under my subscription, it says I am an administrator:
Under the Role Assignement for this subscription, it shows me as the Owner:
Current Role Assingments:
2 - Checking roles assigned to my account in the Azure portal. It doesnt look like I have "Global Administrator" or "User Administrator" role assigned, however I cannot ask another Global Administrator or User Administrator to grant me the necessary role becuase there are no other users to grant it to me, as already advised in original question, I am the account owner and no ther users currently exisit in my AD deployment:
3 - Azure Active Directory is NOT synced with an on-premise Active Directory
4 - "Ensure that you have the necessary licenses to create new users in Azure AD. If not, you may need to purchase additional licenses to create new users" what licenses? I've never had to purchase licenses before when adding users to AD, I'm only using AD for authenticating with my .NET Core apps. and Azure appears to show I'm using Azure AD Free license:
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sorry for the inconvenience on this.
I would like to explain you couple of things in Azure.
There are multiple Azure roles. Few roles can be assigned on the Azure subscription/resource groups/resource levels. These are called as RBAC. As per your explanation and screenshot, you are the owner on the subscription. This means you will be able to do anything on the subscription level. That is you can create resources, assign roles for other users on subscription/resource group/resource level.
Keeping owner role does not allow complete access on the Azure active directory.
There are seperate set of roles which are part of Azure Active Directory.
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
Above article talks about the built in roles in Azure Active Directory. Each role will have different permissions using which different tasks can be performed with Azure Active Directory.
By looking at screenshot that you shared, I see that you have Dynamics 365 admin, exchange admin, helpdesk admin, power BI admin, Service support admin, SharePoint admin and skype for business admin roles assigned.
None of the above role has permission to create new user's or assign roles to any other users within Azure active directory.
Since you mentioned that there is no other user in the Azure AD apart from you, then my question is who assigned these roles to your user account.
Ideally there should be some other user in your Azure AD who will be carrying global admin or user administrator role.
You can access Azure Active directory and click on Users blade on the left side.
See if you can see any other user accounts apart from your account.
If you are still unable to see any other user accounts, then you will have to contact data protection team.
You can reach out to the Azure Data Protection team to restore access. 866-807-5850
Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.
https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access
Some other support option include;
azcommunity@microsoft.com
or creating a ticket through a different account: https://learn.microsoft.com/en-us/microsoft-365/admin/get-help-support?view=o365-worldwide#phone-support
Do let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.