Global Administrator locked out of AAD

Graham Cottle 11 Reputation points

Years ago, I created a "Azure Active Directory (self-service)" account to enable me to use PowerBI. It had the same email address as my personal Microsoft Account, which is the one I want to prevail. I was thinking to try to delete the account and the directory from Office.Com and Azure.Com as they were getting in my way. I found that I wasn't the Global Administrator for the AAD and managed to follow the instructions to become the administrator by creating a TXT record on the DNS entry. I then tried to continue along the path of deleting the domain, but still wasn't able to do so as my account had an email address with the domain. I changed the email address to the @keyman version and got booted out. Subsequently, I haven't been able to log back in and get the "incorrect password" message. I hadn't got any password recovery mechanism setup and thus am stuck where I cannot get back in. I thought I might try creating a new self-service account, which was successful and I can login to the AAD again, but only as a user and not an administrator. I thought I might be able to try the same trick to become administrator again, but when I visit while logged in as the new user I get an authorisation failure (probably rightly so).

So I am now stuck.

In the shorter term, I wanted to delete the AAD and all traces of it so that I can use things like Teams on my personal Microsoft account.
In the medium term, I want to to start again with the domain in Azure and add something like Microsoft 365 Business Basic or possibly Microsoft 365 F3 and migrate my on-premises Exchange to it. I would want to join my local domain (which is a .local) to the AAD and have synchronisation from my local domain controller to AAD to enable my users to login to Exchange seamlessly (ie no additional credentials). I would then make use of Teams etc.

Can anyone help me to get the locked out global administrator user in AAD back in again. I tried calling support this morning and spoke with several people, none of whom really were able to help.

Many thanks
Graham Cottle

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,663 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Jai Verma 451 Reputation points

    Contact O365 support team, they can unblock/elevate an existing non admin account to GA from backend.

  2. Manu Philip 14,546 Reputation points MVP


    Go through the following Microsoft help docs and see if it helps to recover the Global Admin account


  3. Vasil Michev 70,806 Reputation points MVP