I am trying to create a custom policy to add users as local admin on devices with the OMA-URI "./Device/Vendor/MSFT/Policy/Config/RestrictedGroups/ConfigureGroupMembership".
This works fine when I specify Azure user accounts (accounts created in AAD, not synced from local AD). However, when I try to add users synced from AD to the policy it fails and does not add the user to local admin group on my Windows 10 computer.
Has anyone managed to do this?
The syntax I use is as follows:
<groupmembership> <accessgroup desc = "Administrators"> <member name = "Administrator" /> <member name = "AzureAD\firstname.lastname@example.org"/> <member name = "AzureAD\email@example.com"/> </accessgroup> </groupmembership>
Test.user is a cloud only user, while test.user2 is synced from local AD. Test.user gets added to the local admin group just fine, but test.user2 is not added.