Windows Admin Center Active Directory Minimum Permissions

Justin Grote 1 Reputation point

Windows Admin Center active directory requires you to connect to a DC for it to appear. As far as we can tell you must be a domain admin, however there are plenty of scenaiors like helpdesk where WAC would be useful to update user information without those users having domain admin rights. Is it possible to use WAC active directory extension without having domain admin rights?

Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
367 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Grote, Justin 11 Reputation points

    After doing my own research, your answer should have been "you need to configure a JEA endpoint on the domain controller" and provide documentation for what minimum permissions and how to configure the JEA endpoint so that users can manage active directory without being a domain admin. That documentation doesn't exist as far as I can tell, so I guess I may need to write an article on it.

    1 person found this answer helpful.

  2. Karlie Weng 8,746 Reputation points Microsoft Vendor

    Hello Justin @Justin Grote

    Windows Admin Center supports the following end-user roles:


    Reference article:
    User access options with Windows Admin Center
    Configure User Access Control and Permissions

    Best Regards


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Grote, Justin 11 Reputation points

    @Karlie Weng thank you for your reply but I don't think you read my request at all. I don't care about the Windows Admin Center roles, I care about the minimum Local Server permissions for Windows Admin Server users to connect to a Domain Controller to run the Active Directory Extension without needing to be Domain Admin