You have a computer named C1 that runs win10 enterprise. C1 is member of a home-group. You
plan to join C1 to MS Azure AD tenant named T1. You need to ensure that an Azure AD user
named User1 is a member of the local Administrators group on C1, when C1 is joined to Azure AD.
What should you do?
A.
From azure classic portal modify the membership of T1 global admin group
B.
From the settings app on C1, set up assigned access
C.
From settings app on C1, modify the Work access settings
D.
From settings all on C1, modify the Family & other user settings
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-dsadmin-guide-join-windows-vm
http://www.tomsitpro.com/articles/windows-10-azure-active-directory-domain,2-27.html
I think it’s C. I read somewhere that the user who is logged in will be added to the “local admin” group when he connects to Azure AD. There is no need to add them to the group right?
I think, its D.
A: This is for global admin permissions on azure.
B. This is for restricting accounts to 1 application.
C. This is to connect to Azure AD (but not for adding users/groups).
D. Here you can “Add someone else to this PC”.
But im not sure if you can add a domain user, before you have added PC to domain… ?
Help explain please.
That is the only way to add an Azure AD user to the local administrator group.
This link explains how to add the Azure user through the command line:
How do I add Azure Active Directory User to Local Administrators Group – https://superuser.com/questions/982336/how-do-i-add-azure-active-directory-user-to-local-administrators-group
Login to the PC as the Azure AD user you want to be a local admin. This gets the GUID onto the PC.
Log out as that user and login as a local admin user.
Open a command prompt as Administrator and using the command line, add the user to the administrators group. As an example, if I had a user called John Doe, the command would be “net localgroup administrators AzureAD\JohnDoe /add” without the quotes.
Log back in as the user and they will be a local admin now.
The only other way is through GUI, by adding the Azure AD user to the admin global group – which automagically makes them local admins.