Windows – How to add Azure Active Directory User to Local Administrators Group

active-directoryadministratorazureuser-accountswindows 10

With Windows 10 you can join an organisation (=Azure Active Directory) and login with your cloud credentials.

Based on the information provided here the first account per computer that joins the organisation is a local administrator. The accounts that join after that are not.

How do I make them local administrators?

The standard group add dialog does not allow me to select users from AzureAD, search from users from AzureAD. I simply can see that my first account is in the list (listed as AzureAD\AccountName).

Interesting is also:
When I login with the second account and get prompted for a local administrator (for applying computer settings – UAC I assume) it will not accept the first account even though it is a local administrator.

Best Answer

You can do this via command line! I just had this same issue and after searching and getting nothing but "you can't" from everywhere, I (for giggles and grins) tried this through the command line and IT WORKED!!

  1. Login to the PC as the Azure AD user you want to be a local admin. This gets the GUID onto the PC.

  2. Log out as that user and login as a local admin user.

  3. Open a command prompt as Administrator and using the command line, add the user to the administrators group. As an example, if I had a user called John Doe, the command would be "net localgroup administrators AzureAD\JohnDoe /add" without the quotes.

Log back in as the user and they will be a local admin now.