locked
Add azure ad users to local admin group RRS feed

  • Question

  • Hi,

    I have created a script in order to read the members of an azure ad group and then add these users to the local admin group on the device. I tried to use "add-localgroupmember" or "net localgroup add" command. However I recieve the error of serviceprincipal not found for the azure ad members that have not et logged on to the device ( no local profile ) 

    Any ideas on how to perform this ?

    

    Monday, November 4, 2019 6:38 AM

Answers

  • thanks to input from a collegue issue is resolved. 

    You can add the Azuread user by using the UPN namen 

    So : net local group "Administrators" /add "Azuread\svc_azureadjoin@....onmicrosoft.com

    Regs

    • Marked as answer by Ginodh112 Tuesday, November 5, 2019 4:37 PM
    Tuesday, November 5, 2019 2:33 PM

All replies

  • Anyone facing the same issue ?
    Monday, November 4, 2019 7:18 PM
  • Hello Ginodh112,

    It looks like you are trying to use add a user to the local group AD group per the docs here : https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/add-localgroupmember?view=powershell-5.1

    What you want to use is the AAD V2.0 powershell cmdlet to add a user. 

    See this cmdlet : https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduser?view=azureadps-2.0

    An example of creating a new user using the AAD v2.0 powershell can be found below. 

    $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
    
    $PasswordProfile.Password = "Password"
    
    New-AzureADUser -DisplayName "New User" -PasswordProfile $PasswordProfile -UserPrincipalName "NewUser@contoso.com" -AccountEnabled $true -MailNickName "Newuser"
    
    ObjectId                             DisplayName UserPrincipalName               UserType
    --------                             ----------- -----------------               --------
    5e8b0f4d-2cd4-4e17-9467-b0f6a5c0c4d0 New user    NewUser@contoso.com             Member

     Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks

    • Proposed as answer by Frank Hu MSFT Tuesday, November 5, 2019 1:35 AM
    Tuesday, November 5, 2019 1:34 AM
  • thanks to input from a collegue issue is resolved. 

    You can add the Azuread user by using the UPN namen 

    So : net local group "Administrators" /add "Azuread\svc_azureadjoin@....onmicrosoft.com

    Regs

    • Marked as answer by Ginodh112 Tuesday, November 5, 2019 4:37 PM
    Tuesday, November 5, 2019 2:33 PM