Share via

Windows 10 Azure AD connect local administrator of PC

Anonymous
2015-11-20T23:37:07+00:00

Hi Everyone,

Haven't seen a lot around this problem (bar a post or two) but we've got clients on Office 365 Small Business Premium wanting to connect to Office 365 Azure AD. We can do this successfully on Windows 10, but the problem is that the user isn't a part of the local administrator's group on the PC. I cannot figure out how to add 'domain users' as local admins as the computer doesn't register that it's part of a 'normal' domain.

Any help appreciated. Thanks!

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2016-02-16T09:33:07+00:00

    You can do this via command line! I just had this same issue and after searching and getting nothing but "you can't" from everywhere, I (for giggles and grins) tried this through the command line and IT WORKED!!

    1. Login to the PC as the Azure AD user you want to be a local admin. This gets the GUID onto the PC.
    2. Log out as that user and login as a local admin user.
    3. Open a command prompt as Administrator and using the command line, add the user to the administrators group. As an example, if I had a user called John Doe, the command would be "net localgroup administrators AzureAD\JohnDoe /add" without the quotes.

    Log back in as the user and they will be a local admin now.

    5 people found this answer helpful.
    0 comments
  2. Anonymous
    2016-02-16T20:59:54+00:00

    Good find @ChrisAngell

    Helpful if a remote staff member can join a new computer to AzureAD and then later on administrators can add or remove them from local PC admin rights.

    The only other way I've seen to give an AzureAD account local PC admin rights on the machine is via AzureAD web portal. -> Configure -> scroll down under the devices section.

    --Additional administrators on Azure AD Joined devices--

    With Azure AD Premium, you can choose which users are granted local administrator rights to the device.

    Global Administrators and the device owner are granted local administrator rights by default.

    0 comments
  3. Anonymous
    2015-11-22T01:29:45+00:00

    Thanks for your reply. It seems ridiculous that this is the case. I understand with full blown Azure it's a different story but it's pretty silly to not have this ability - It's basically useless unless you want users to just be users of their machines and not be allowed to install software etc.

    0 comments
  4. Anonymous
    2015-11-21T03:29:41+00:00

    Hi AITS,

    By default, only the one who first joined the work or school account into Azure AD on Windows 10 and the global admin of the organization will be the local administrator. We cannot add common users as the admin.

    You may consider monitoring this thread. Hopefully other community members who have related experiences can share their ideas.

    Thanks for your understanding. 

    Regards,

    Iris

    0 comments