Azure AD DS and Azure AD

Florian Micliuc 1 Reputation point
2023-01-06T13:44:25.777+00:00

Hi!

I have the following issue:

I have created a domain and a VM in Azure and I managed to domain join the VM to my domain. Now, when using Azure AD connect I am prompted to insert an Enterprise Admin Account which is not possible to be found anywhere. Additionally, a domain admin account would suffice, but I have no permissions to add myself to the domain admin.

Question is: How can I gain those privileges? Checked everywhere but there is no straight answer. I have seen the need to be in an Enterprise Agreement with Microsoft to be able to have an Enterprise Admin Account which seems a bit redundant.

Thank you!

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,997 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Rahul Therayil 86 Reputation points
    2023-01-06T16:49:00.243+00:00

    Hi! To be sure I understand it correctly (because the subject says Azure ADDS) that you likely provisioned Azure AD Domain Service and then joined a VM to this domain, if yes then AAD connect is not suitable for this architecture. AADDS is a managed domain service for supporting legacy application for customer's benefit when they do lift & shift, and all high privileged accounts (EA, DA, etc) are locked out with Microsoft.

    https://learn.microsoft.com/en-us/azure/active-directory-domain-services/synchronization

    Thanks!

    1 person found this answer helpful.

  2. Alan Kinane 16,921 Reputation points MVP
    2023-01-06T15:15:24.863+00:00

    Hi Florian, these are the built-in security groups in Active Directory and are required for the administrator account that you are using to configure Azure AD Connect. If you managed to perform a domain join then you likely are a member of the required security roles already or else you can add yourself to them.

    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups#default-active-directory-security-groups


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.