EntraID users can be created in Windows 10/11 - using their email address as a username and 365 password. By default, these are created as a "User" instead of "Administrator". The following adds them to the Administrators group in Windows.
- Ensure access to a local administrator (“User”, “ITW4”, 365 Administrator account, etc.)
- Join a Microsoft account through Work or School settings in Windows
- Open an elevated command prompt (Win > "cmd" > Run as administrator)
-Type “net localgroup administrator azuread\(user email address) /add” and hit enter
-Note, you may have to sign in as the user once before doing this, in order to allow Windows to set up the user locally. The above command will also work on the Entra user’s account by supplying another admin’s credentials when prompted.
- Sign out of the Entra user - if they are signed in at this point
- Sign into the Entra user
- Test administrative privileges by running cmd as an administrator – you should then be prompted to click “Yes” or “No” instead of supplying other credentials.
-If you get prompted to enter other credentials, click “No” then type the following in the non-administrative command prompt: “net localgroup administrators” and it will output a list of local administrators.
-If the target user is not listed, the command was not successful. If the target user IS listed, there was an issue during the “Sign out, and back in” process – and they will have admin upon next sign in.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article