Forum Discussion
Linking local admin account to Intune / AD
Hi Louis_H440,
To link a local admin account to an AD account in Intune, you can use the following steps:
- Create a new user account in Azure AD for the local admin account. The user account must have the same username and password as the local admin account.
- Enable Azure AD Connect to synchronize the new user account to your on-premises Active Directory.
- Once the user account has been synchronized, you can enroll the device in Intune using the company portal.
- When the device is enrolled, Intune will create a new user account on the device using the Azure AD user account.
- Intune will also add the Azure AD user account to the local administrators group on the device.
Once the device is enrolled and the user account is linked to the AD account, the user will be able to log in to the device using their Azure AD credentials and will have local administrator privileges on the device.
Here are some additional things to keep in mind:
- You can also use the Microsoft Endpoint Manager Admin Center to link a local admin account to an AD account. To do this, go to Devices > All devices > [Device name] > Account. Under Local admin account, click Link to Azure AD account.
- If you are using a hybrid Azure AD environment, you must make sure that Azure AD Connect is configured to synchronize user accounts from your on-premises Active Directory to Azure AD.
- Once a user account is linked to an AD account, the user cannot log in to the device using a local admin account.
Here are some useful links you can use: - Manage local administrators for Azure AD joined devices: https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
- Link a local admin account to an Azure AD account in Intune: https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
- so the process of Azure AD connect works only from on-premises to cloud. Whilst it is capable of things like password write back and device writeback, you cannot create users in Azure AD and sync them back to on-premises AD
- Correct but this can be accomplished with the Intune Connector
Hi Abdullah_Ollivierre and Louis_H440,
Abdullah_Ollivierre you are right, there is no way to link an existing local admin account to an AD account in Intune without using a third-party solution, unless you have an on-premises Active Directory environment and you can use Azure AD Connect to synchronize the local admin account to Azure AD (on-prem to cloud)
If you do not have an on-premises Active Directory environment, or if you do not want to use Azure AD Connect, then you will need to use a third-party tool to link the local admin account to the AD account.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
- wait a sec.. "Enable Azure AD Connect to synchronize the new user account to your on-premises Active Directory." can AAD Connect sync a cloud-only user back to on-prem ?
Thanks for the quick response, LeonPavesic! I'll test the process and get back to you.
