1

What I am aiming to do is add an Azure Group "Local_Admins" SID:b42afbaf-7e4d-4d1b-b2c1-39630ccec6b2 to the local Administrator group on devices.

I know there is a solution for adding users to the local admin group and that works fine, but adding and removing users from that group constantly is extremely undesirable and thus I would prefer to be able to add users to an Azure group to have the same effect.

I attempted the following:

net localgroup administrators "AzureAD\LocalAdmins" /add

Result: There is no such global user or group AzureAD\LocalAdmins

net localgroup administrators "AzureAD\Local_Admins" /add

Result: There is no such global user or group AzureAD\Local_Admins

net localgroup administrators "AzureAD\b42afbaf-7e4d-4d1b-b2c1-39630ccec6b2" /add

Result: Syntax Error

net localgroup administrators "b42afbaf-7e4d-4d1b-b2c1-39630ccec6b2" /add

Result: Syntax Error

If anyone has a good solution for this issue, I would love to hear from them.

Improve this question

1 Answer 1

Reset to default
0

You might have to leverage Microsoft Intune (Microsoft Endpoint Manager)

See here: https://www.inthecloud247.com/add-an-azure-ad-group-to-the-local-administrators-group-with-microsoft-intune/

In that post I already showed how the local administrators group on a Windows 10 machine can be managed with Microsoft Intune (Microsoft Endpoint Manager), but I only showed how to add Azure AD user accounts to the administrators group.

But as described on Microsoft docs, also Azure AD Groups are supported;

The member SID can be an user account or a group in AD, Azure AD, or on the local machine.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .