< All Topics
Print

HOWTO: Add Azure AD User to local administrator group

To add an Azure AD (now called Entra ID) user to the local Administrators group on a Windows machine, follow these steps. Ensure that the system is already joined to Entra ID before proceeding.

Prerequisites

  • The system must be joined to Entra ID.
  • You must be logged in as a local administrator or have elevated privileges to manage groups.

Steps to Add an Azure AD User to the Local Administrators Group

  1. Open PowerShell as Administrator:
    • Right-click on the Start button.
    • Select Windows PowerShell (Admin) or Command Prompt (Admin) depending on your system configuration.
  2. Run the Command to Add the User to Administrators Group: Use the following command in PowerShell, replacing AzureAD\YourUserName with the actual Entra ID user name you wish to add:
    powershell
    Add-LocalGroupMember -Group "Administrators" -Member "AzureAD\YourUserName"
    • Example: If the user’s UPN (User Principal Name) is johndoe@yourdomain.com, the command would be:
      powershell
      Add-LocalGroupMember -Group "Administrators" -Member "AzureAD\johndoe@yourdomain.com"
  3. Verify the User Has Been Added: After running the command, you can verify the user has been added to the local Administrators group by using:
    powershell
    Get-LocalGroupMember -Group "Administrators"

    This will list all the members in the Administrators group, and you should see the Entra ID user listed.

  4. Log Out and Log Back In: The changes take effect after the user logs in again, so either log out or restart the system if needed.

Additional Notes:

  • If you’re unable to use PowerShell or prefer a graphical method, you can add the Azure AD user to the Administrators group using the Computer Management console.
    1. Open Computer Management (press Win + X > Computer Management).
    2. Navigate to Local Users and Groups > Groups > Administrators.
    3. Click Add, then select Locations and switch to Azure AD.
    4. Type in the Entra ID username and confirm the addition.

That’s it! The Azure AD user should now have local administrative privileges on the machine.

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
Please Share Your Feedback
How Can We Improve This Article?
Table of Contents
0

No products in the cart.