Jaa


How to find the Global Admin for your Azure AD tenant

The smooth working of a bot will require a proper configuration on Azure AD. Sometimes users themselves don't have the permission to modify settings in AAD, only Global Admin will have the right, then the question becomes: how to find my Global Admin ? For now it's not feasible via Azure Portal, but we can user Powershell commands to achieve this goal.

Here we'll use the Azure Active Directory PowerShell for Graph module. It can be downloaded and installed from the PowerShell Gallery: www.powershellgallery.com. The gallery uses the PowerShellGet module. The PowerShellGet module requires PowerShell 3.0 or newer and requires one of the following operating systems:

Windows 10 / Windows 8.1 Pro / Windows 8.1 Enterprise / Windows 7 SP1 / Windows Server 2016 TP5 / Windows Server 2012 R2 / Windows Server 2008 R2 SP1

PowerShellGet also requires .NET Framework 4.5 or above. You can install .NET Framework 4.5 or above from here. For more information, please refer to this link. For more detailed info on installation of the AzureAD cmdlets please see: Azure Active Directory Powershell for Graph.

1. Launch Windows Powershell console as Administrator;

2. If you have never installed Azure AD module in Powershell, please type "Install-Module AzureAD";

3. You'll receive the following warning:

4. Type Y to continue; or you can type A to accept all so you'll not be asked again;

5. Once installation finished, type command "Connect-AzureAD", a pop-up window for user connection will show up. Please logon with your Azure account;

6. Once you get logged in, some basic information regarding this AAD tenant will be shown in Powershell console:

7. Then execute the command "Get-AzureADDirectoryRole", a list of available roles under this AAD tenant will be shown;

8. From the list, copy the ObjectId for the fole "Company Administrator" into Notepad; (Note: Global Administrator = Company Administrator in this context)

9. Then execute the following command to get the Admin account info (please replace the highlighted part with the ObjectId you've copied in Step 8):

Get-AzureADDirectoryRoleMember -ObjectId "Put-ObjectId-here"

10. You'll get some necessary information from the displayed result regarding your Global Admin.

Hope this article would be useful for you.

Jin W. from Microsoft France IIS/ASP.NET/Azure Bot team

You might also be interested in:

Administrator roles in Azure Active Directory
/en-us/azure/active-directory/active-directory-assign-admin-roles-azure-portal

Azure Active Directory PowerShell 2.0
/en-us/powershell/module/azuread/?view=azureadps-2.0

Comments

  • Anonymous
    November 20, 2018
    Great - exactly what I was looking for - thank you!
  • Anonymous
    April 03, 2019
    This was super helpful, thank you so much for posting this!