How to Make a Domain Admin in Azure Domain Services
I had an issue the other week where I logged in thinking I was as an admin but I wasn’t able to create any OU’s or group policies.
In my case I was building out a Windows Virtual Desktop deployment for a client, created the Domain Services in Azure then added a server to the domain. I then found I couldn’t manage it. In the image below the ‘new’ section from the menu is missing.
Luckily there is an easy fix once you know how.
Login to Azure or your 365 tenant as a global admin and click on ‘Azure Active Directory’.
Next click on ‘Groups’.
Locate ‘AAD DC Administrators’ and double click on it.
Click on ‘Members’.
Click on ‘Add members’ and add the user account you wan to make a domain services administrator. This will grant access to make changes to the domain itsself such as creating new ou’s, new group policies etc.
Next sign out of the server or desktop and log back in and you will have full permissions to manage the domain.