This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 88%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
How do I assign a user a Hybrid Identity Admin in Azure to setup AAD connect when we don’t have users yet because we haven’t connected to AD DS
See my previous answer above for the permissions required. You need just the Global Admin to install:
Once installed, you can assign the Hybrid Identity Admin to any user you want or you do not need to assign it and you can use the existing Global Admin account to access the Menus in Azure for AADConnect health
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
If I pretty understand your question, you want create a admin account to manage and configure Azure AD connect.
To setup AAD connect you have to use a admin account in same domain of AAD connect.
A admin cloud-only can't setup azure AD connect.
This admin account should be not synched in azure. It's not recommended to synchronize on-premise admin account.
Please don't forget to mark helpful answer as accepted
I read in the documentation that we need a user with Hybrid Identity privileges for AAD Connect. That privilege is in Azure. If I haven’t gotten any users into Azure, how do I assign this privilege.
Hi @Justin lee
If you are talking about the first installation of Azure AD connect , you have to use a cloud only account (not a hybrid identity) member of Global Admin group to connect to Azure AD during the first installation and another admin account member of local administrators group of Azure AD connect to launch the installation:
Please don't forget to mark helpful answer as accepted*
That’s great! Thanks so much! Now how do I get one of my admins logged into Azure AD to create a global admin account? How do I get the first person licensed to be able to use Azure? I guess that’s my real question.
If you have already a tenant , you have to ask a admin with the role Global admin to create a admin account for with the role Global Admin. If the tenant is not created , when you create it , the first user is Global Admin: Create a new tenant in Azure Active Directory.
Regarding the licence I invite you to read the following link:
HI, the AADConnect setup requires a Global Admin to initially set things up:
The hybrid Identity Role role is a standard one in Azure. You can certainly add any account you want to this role to manage options in Azure.
To assign:
https://learn.microsoft.com/en-us/azure/active-directory/roles/manage-roles-portal#assign-a-role
Yes I knew it was a standard role. I’m just unsure of how to assign roles if I have no users in AAD because I haven’t setup AAD connect. Do I just manually add a user to assign this to?