Why AdminA Can't access the options of Azure AD Group Users added in Administrative Unit?

krishna572 876 Reputation points
2023-03-05T11:44:16.63+00:00

User's image

This is my Architecture of one of the requirement.

In Azure AD, I have done following:

  1. Created 10 Users in which the users named as User A to H, Admin A to B.
  2. Created 2 Groups (Logistics-grp, General-grp)
  3. User C, D are added to Logistics-grp. User G, H are added to General-grp
  4. Make Admin B as User Administrator in Assignments.
  5. AD > Administrative Units > Add - Department A as Name, Admin A as User Administrator.
  6. Added the User A, B, Logistics-Grp to the Administrative Unit. Here Admin B will have the permissions to the options "Edit Properties" and "Reset Password" of all users because of User Administrator role to entire directory.

and Admin A will have the permissions to the options of "edit properties" and "Reset Password" of the users A, B, (C & D are part of Logistics-grp) added to Administrative Unit.

But Admin A is unable to get the access to the options "edit properties", "reset password" of User C & D.

Why? Where I'm doing mistake?

Could anyone point me in right direction?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,459 questions
{count} votes

Accepted answer
  1. Vasil Michev 95,181 Reputation points MVP
    2023-03-05T12:16:03.88+00:00

    As mentioned in the documentation:

    Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but not the members of the group. In other words, an administrator scoped to the administrative unit can manage properties of the group, such as group name or membership, but they cannot manage properties of the users or devices within that group (unless those users and devices are separately added as members of the administrative unit).

    Add the users directly if you want to be able to perform management actions against them.

    2 people found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful