Need to add entra user / group to a vm local admin group

Question

Need to add entra user / group to a vm local admin group

Jose Calderin 60

I am trying to add an entra security group to a vm local admin group. It can't find the name from the VM computer management and logged in as local admin

Jose Calderin 60 Reputation points

2025-04-23T03:53:51.2833333+00:00

The box was already Entra joined.

I did follow the steps in the link provided to add the assignments, however when i went back in the box to see if the local admin group already had the users assigned... no such luck.

I was able to manually add the users manually via the account settings.

If you can show me why it did not work with the assignments made on entra it would be a great help.

Thank you
Marcin Policht 46,770 Reputation points MVP Moderator

2025-04-23T11:28:42.85+00:00
From what I recall, this might be a limitation of the interface.

Once you sign in as the user, run

whoami /groups

or

net localgroup administrators

to validate that the change you applied via an assignment took effect

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Jose Calderin 60 Reputation points

2025-04-24T17:53:57.7766667+00:00

as suspected, i ran the net localgroup administrators and only the local admin originally created was the only member. There is something else that may need to happen in order for the entra user to be added to the group.
Nikhil Duserla 7,205 Reputation points Microsoft External Staff Moderator

2025-04-25T18:27:58.4233333+00:00

Hello @Jose Calderin,

Did your issue get resolved, or are you still looking for assistance? Do let me know—I'm happy to help you."

Thank you!
Nikhil Duserla 7,205 Reputation points Microsoft External Staff Moderator

2025-04-28T11:50:00.4566667+00:00

Hello @Jose Calderin,

Did your issue get resolved, or are you still looking for assistance? Do let me know—I'm happy to help you."

Thank you!
Mounika Reddy Anumandla 5,465 Reputation points Microsoft External Staff Moderator

2025-05-05T09:36:10.1+00:00

Hello @Jose Calderin,

Just checking in to see if you had a chance to review the response provided by Nikhil Duserla to your question.

If you have any further queries, please let me know.

If the information is helpful, please click "upvote" to let us know.
Alex Burlachenko 5,830 Reputation points

2025-05-13T12:00:41.23+00:00

Dear Jose Calderin ,

Could you please let me know if you’ve had time to review my response? Would you need any additional explanations or further assistance? If everything works for you, please let us know and accept my answer.

Thank you!

Best regards,

Alex

3 answers

Your answer

Jose Calderin 60 Reputation points

2025-04-23T03:53:51.2833333+00:00

The box was already Entra joined.

I did follow the steps in the link provided to add the assignments, however when i went back in the box to see if the local admin group already had the users assigned... no such luck.

I was able to manually add the users manually via the account settings.

If you can show me why it did not work with the assignments made on entra it would be a great help.

Thank you
Marcin Policht 46,770 Reputation points MVP Moderator

2025-04-23T11:28:42.85+00:00

From what I recall, this might be a limitation of the interface.

Once you sign in as the user, run

whoami /groups

or

net localgroup administrators

to validate that the change you applied via an assignment took effect

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Jose Calderin 60 Reputation points

2025-04-24T17:53:57.7766667+00:00

as suspected, i ran the net localgroup administrators and only the local admin originally created was the only member. There is something else that may need to happen in order for the entra user to be added to the group.
Nikhil Duserla 7,205 Reputation points Microsoft External Staff Moderator

2025-04-25T18:27:58.4233333+00:00

Hello @Jose Calderin,

Did your issue get resolved, or are you still looking for assistance? Do let me know—I'm happy to help you."

Thank you!
Nikhil Duserla 7,205 Reputation points Microsoft External Staff Moderator

2025-04-28T11:50:00.4566667+00:00

Hello @Jose Calderin,

Did your issue get resolved, or are you still looking for assistance? Do let me know—I'm happy to help you."

Thank you!
Mounika Reddy Anumandla 5,465 Reputation points Microsoft External Staff Moderator

2025-05-05T09:36:10.1+00:00

Hello @Jose Calderin,

Just checking in to see if you had a chance to review the response provided by Nikhil Duserla to your question.

If you have any further queries, please let me know.

If the information is helpful, please click "upvote" to let us know.
Alex Burlachenko 5,830 Reputation points

2025-05-13T12:00:41.23+00:00

Dear Jose Calderin ,

Could you please let me know if you’ve had time to review my response? Would you need any additional explanations or further assistance? If everything works for you, please let us know and accept my answer.

Thank you!

Best regards,

Alex

Answer 1

Your VM would have to be Entra joined

Once you join it, follow https://learn.microsoft.com/en-us/entra/identity/devices/assign-local-admin

Manually elevate a user on a device

In addition to using the Microsoft Entra join process, you can also manually elevate a regular user to become a local administrator on one specific device. This step requires you to already be a member of the local administrators group.

Starting with the Windows 10 1709 release, you can perform this task from Settings -> Accounts -> Other users. Select Add a work or school user, enter the user's user principal name (UPN) under User account and select Administrator under Account type

Additionally, you can also add users using the command prompt:

If your tenant users are synchronized from on-premises Active Directory, use net localgroup administrators /add "Contoso\username".
If your tenant users are created in Microsoft Entra ID, use net localgroup administrators /add "AzureAD\UserUpn"

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Answer 2

Hello @Jose Calderin,

The user reports that when they run the command net localgroup administrators on the virtual machine (VM), it only shows the local admin account that was originally created, and not the Azure AD (Entra ID) user or group they tried to add. This likely means the VM is not joined to Azure AD, the user or group name was entered incorrectly, or additional configuration is required to allow Azure AD accounts to be added as local administrators.

For Azure AD users or groups to be added to local groups on a VM, the VM must be either Azure AD joined, or Hybrid Azure AD joined. If the VM is not joined in this way, the system won't be able to recognize or resolve Azure AD accounts, and they cannot be added to local groups.

Answer 3

Hi Jose Calderin,

Thanks for posting your question on the Q&A portal! To add an Entra ID (formerly Azure AD) user or group to a VM’s local admin group, you’ll need to use Azure AD authentication and ensure the VM is properly joined to Azure AD.

Here are some helpful docs:

Azure AD login for Windows VMs

Assign local admin roles via Azure AD groups

If the VM isn’t Azure AD-joined, you’ll need to set that up first. Let me know if you run into issues!

Best regards,
Alex
P.S. If my answer help to you, please Accept my answer
PPS That is my Answer and not a Comment

Share via

Need to add entra user / group to a vm local admin group

3 answers

Your answer