2,306 questions
You may be getting 403 if the user account is a guest. Recommended approach is to execute an External admin takeover.
Unsure how to find global administrator
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 45%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AstroJeremy
31
Reputation points
I recently discovered we have a bit of a disjointed account/domain setup and hoping to clean it up. Problem is one of the domains I have yet to figure out who might be the global administrator for. Is there a way to find out? The one user I've so far found that has an account on that domain, gets an error trying to view the user/roles list in Azure. They're also listed as just a user in the AD tenant info.
Hoping once I figure this out, that I can consolidate us into a single domain setup, is that also possible?
Accepted answer
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,461 Reputation points2020-06-29T23:59:10.703+00:00
3 additional answers
Sort by: Most helpful
-
T. Kujala 8,721 Reputation points2020-06-27T03:45:38.037+00:00 You can find all Global Administrators by using the Azure portal.
Login to the Azure portal https://portal.azure.com.
Select Azure Active Directory in the left side.
Select Roles and administrators.
Click Global administrator and you will find all Global Administrators.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 0%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Jonathan 1 Reputation point2020-07-10T22:31:49.28+00:00 Not helpful. "Roles and administrators" shows up as "No Access" with none of the information shown on the screenshots provided.
Sign in to comment -
-
AstroJeremy 31 Reputation points
2020-06-29T15:15:31.96+00:00 So far that doesn't work. I'm only aware of 1 person that's even in this domain, but they have no access to the relevant areas that list administrators. when he tries your suggestion he gets a no access (403) error.
my hope is to find out who if anybody is there so i can take over admin and ideally merge our disparate domains/azure accounts into one if that's possible, but yet to identify who might have access if at anybody.
-
AstroJeremy 31 Reputation points
2020-07-03T19:42:23.343+00:00 external admin takeover looks promising, and looks like it'd bring in any resources/users/etc in? This might help sort at least some of the separate domains we have. The only issue with the one where the user gets a 403 is i'm not sure there's any domains we control on it, it might just be a "name.onmicrosoft.com" domain. if we don't find anybody else on that domain, I assume we can just have that user leave that domain to leave it be and just work on the ones we know we have control over.