The service admin of Azure account has added me as a co-admin, and also has assigned me the role of Global Admin, but I am unable to see Default Directory in Active Directory section. Do I need to have any other permission apart from the above mentioned ?
By default only global administrator will have access to the default azure active directory in a given subscription. Or You will have to be user administrator in order to create and manage users in the default active directory. But they cannot create a new administrator though.
https://azure.microsoft.com/en-in/documentation/articles/active-directory-assign-admin-roles/
Related
I am not sure weather azure storage account is domain joined or not. I want to access files from the azure file share storage as shared path without mounting this file share.
• You can check if the storage account is domain joined or not by checking the on-premises ADDS environment for a computer account or a service logon account with User Principal Name/Service Principal Name as ‘cifs/your-storage-account-name-here.file.core.windows.net’. For this purpose, you should have ‘ADUser.Read’ permissions on the Active Directory environment or you should logon to the AD Users and Computers console with the ID who is a member of ‘Domain Members’ group.
• If you have ‘Contributor’ role access to Azure resources in your tenant, execute the below command in Azure cloud powershell to know detailed information regarding the storage account authentication with Active Directory. If the storage account is domain joined to an ADDS environment, then it will display accordingly: -
Debug-AzStorageAccountAuth -StorageAccountName $StorageAccountName -ResourceGroupName $ResourceGroupName -Verbose
Also, to know whether the Azure files authentication for on-premises identities is enabled or not, kindly refer to the below documentation link. It describes a powershell script which shows the Active Directory service options for files share in your storage account: -
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable#confirm-the-feature-is-enabled
Account is domain joined or not, can be checked from the Azure file share itself when we click the connect button it show authentication method as active directory enabled. and also we can check it from the overview of the account also.
This is a question regarding the setup we have with our azure sentinel instance its only visible to the global admin that set it up and not to other global admins .So how do I as the second global administrator get to see the azure sentinel instance , log analytics workspace and resource group ? As at the moment I can only see the subscription .
A global admin does not necessarily have access to all Azure Subscriptions.
I guess Sentinel was created in a subscription where your account does not have access.
Ask your other global admin to add you to the subscription/resource group, or you can gain access this way.
https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
First of all I want to pose my question and elaborate further down this post:
How should it be done to add an administrator to Connected Factory solution accelerator?
https://learn.microsoft.com/en-us/azure/iot-accelerators/iot-accelerators-connected-factory-features
The resource downloaded from here is used.
https://github.com/Azure/azure-iot-connected-factory
It was possible to develop to a subscription of a target using "build.ps1". But only the account which developed is an administrator, and the way to make the other accounts an administrator isn't understood.
How should it be done to change the setting?
Firstly assign global admin roles to another account. (Remember to select "Global administrator" in the Directory roles)
Then you need to assign a subscription administrator to the account. (Select the Owner role)
I am on the Biz Spark program. My resources were moved from a normal account to Biz-Spark subscription and ever since then I cannot give access to external users/developers to my resources in Azure portal.
I add a user through the Azure Active Directory, then I go to the resource group which they should be able to access and make them "owner" level of that group. The guest user gets an Email invitation, but when they log in, they do not see any resources.
I've even tries adding the user as subscription admin as explained here: https://learn.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator.
They still do not see any resources when they log in.
When I go into the classic portal, Settings on the left, select my subscription, When I click edit to 'Change the associated directory' I only have 'None' in the drop-down. I think this s breaking my SQL AD Authentication. I have a directory set up with users and groups and I can see it and manipulate it in the new portal. I can't however log in to a SQL instance using AD username/password.
How can I get my directory to show up in the list?
That seems like it would be the issue, if you can't see the directory listed and you see 'None' then you need to verify you are an the account administrator of the subscription and global administrator of the directory otherwise you will not be able to associate it with your subscription.