Why AdminA Can't access the options of Azure AD Group Users added in Administrative Unit?

vaishu-143 716 Reputation points
2023-03-05T11:44:16.63+00:00

User's image

This is my Architecture of one of the requirement.

In Azure AD, I have done following:

  1. Created 10 Users in which the users named as User A to H, Admin A to B.
  2. Created 2 Groups (Logistics-grp, General-grp)
  3. User C, D are added to Logistics-grp. User G, H are added to General-grp
  4. Make Admin B as User Administrator in Assignments.
  5. AD > Administrative Units > Add - Department A as Name, Admin A as User Administrator.
  6. Added the User A, B, Logistics-Grp to the Administrative Unit. Here Admin B will have the permissions to the options "Edit Properties" and "Reset Password" of all users because of User Administrator role to entire directory.

and Admin A will have the permissions to the options of "edit properties" and "Reset Password" of the users A, B, (C & D are part of Logistics-grp) added to Administrative Unit.

But Admin A is unable to get the access to the options "edit properties", "reset password" of User C & D.

Why? Where I'm doing mistake?

Could anyone point me in right direction?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,465 questions
No comments
{count} votes

Accepted answer
  1. Vasil Michev 66,011 Reputation points MVP
    2023-03-05T12:16:03.88+00:00

    As mentioned in the documentation:

    Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but not the members of the group. In other words, an administrator scoped to the administrative unit can manage properties of the group, such as group name or membership, but they cannot manage properties of the users or devices within that group (unless those users and devices are separately added as members of the administrative unit).

    Add the users directly if you want to be able to perform management actions against them.

    2 people found this answer helpful.
    No comments

0 additional answers

Sort by: Most helpful