Home / server / Questions / 883977
In Process
Patrick
Asked: 2017-11-18 09:48:36 +0800 CST

Azure AD; no global admin

  • 772

I've got a new Azure instance up and running. I've got a few services running in it and I've decided I need a Azure AD environment too.

On opening up the Azure AD Admin panel I immediately get told I don't have some rights to view the dashboard elements and I need a global admin to configure that for me.

On navigating to the users panel (more services > Users and Groups > All Users) all my configured users (Everyone in my 365 subscription) are listed as 'member', including both administrator accounts I have configured on 365 (one of which I am currently logging into azure as).

If I got to the 'directory role' option under any of my user accounts (including the one I'm pretty sure I started the Azure account under) the three options are greyed out and only member is selected.

The first line in the Microsoft Docs 'Assign a user to an admin role' is simply 'login with a global admin account'.

Doc here : https://docs.microsoft.com/en-us/azure/active-directory/active-directory-users-assign-role-azure-portal

Catch 22, I can't get a global admin without already having a global admin.

How am I able to elevate a user to the global admin role from this position?

azure-active-directory

4 Answers

  1. I had the same issue and it took me a while to figure it out.

    The problem was, that my domain ownership could not be verified.

    For me it works this way:

    1. Login to the microsoft partner center with my work/school account.
    2. Go to Account Settings / User Management. There you find a link how you become the Global Admin
    3. Follow the desriptions in the link and add a txt entry to your dns entries of your domain provider.
    4. Get a coffee and wait some minutes till the dns server a synchronized ...et voila.
    • 3

  2. I encountered a similar situation. I had just set up my azure account, with my account set as global administrator. I was able to register an application, allowed power bi api access, setup power bi workspace etc.

    I think I clicked an Office 365 link sometime after setup. When I logged in again to the azure portal, some functionalities are now grayed out. Had to do some backtracking and fiddling. It appears that I needed to finish setup of the Office 365 account. I had to claim or verify that the domain I registered is indeed mine. Instructions included added a TXT value to my account at enom then clicked the verify button at the office 365 setup. When this was done, I went back to the azure portal. This fixed my issue.

    • 1

  3. Ensure the account which you have logged in is already a global admin. Pay attention to the step 1 in that document:

    1. Sign in to the Azure AD admin center with an account that's a global admin for the directory.

    Your scenario:

    Catch 22, I can't get a global admin without already having a global admin.

    If you have not a global admin account, you cannot assign other accounts to a global admin. Only global admin can assign global admin role to other accounts. I suggest that you could contact the global admin in your directory to help you .

    Hope this helps!

    • 0

  4. How am I able to elevate a user to the global admin role from this position?

    No,You are not able to do this. It's just caused by azure design. As @Wayne Yang said, This action should be avoided and you should understand the rule that you can do something or not in azure. Just contact your global admin. If you still want to do something with out admin's consent since you are just a user in that directory, I really couldn't understand it.

    • 0