I've set up the an Azure AD and AADDS along with a VM following the guides provided by Microsoft on the forums.
I'm trying to have an account 'Admin' be able to edit/create GPO's and User information on the Active Directory Administrative Centre on the VM (2016). On the Azure Portal the account has the 'Global Admin' Rights but when logged into the VM it's like the Account has next to no permissions.
The Account is in Domain Users and the group that gets created with the ADDS Admin group. I think in order to have the account be able to do the changes it needs to be in the Domain Admin group, but the account doesn't have the permissions to change that.
So, Is it possible to have that and/or How would it be done?
When i log onto the VM with the account and go into Active Directory Administrative Centre -> User 'Admin' -> Member Of -> Add -> "AADDS Service Administrators Group" It throws out and Error Of "Failed to save "Admin". "Failed to save the group membership for the object. Could not add member(s) to one or more ADGroup."
If i try to add the account "Admin" to 'Domain Admins' Via Powershell (Admin) it says that the account im using (Which is the account im trying to add to the domain admins) Doesn't have the right access to do that command and it will be processed at the domain Controller.
The Account is apart of the Local Administrators group, Along with the Domain Users and the AAD DC Administrators Group.