question

GrahamCottle-2880 avatar image
0 Votes"
GrahamCottle-2880 asked GrahamCottle-2880 commented

Global Administrator locked out of AAD

Hello,
Years ago, I created a "Azure Active Directory (self-service)" account to enable me to use PowerBI. It had the same email address as my personal Microsoft Account, which is the one I want to prevail. I was thinking to try to delete the account and the directory from Office.Com and Azure.Com as they were getting in my way. I found that I wasn't the Global Administrator for the AAD and managed to follow the instructions to become the administrator by creating a TXT record on the DNS entry. I then tried to continue along the path of deleting the domain, but still wasn't able to do so as my account had an email address with the domain. I changed the email address to the @domain.onmicrosoft.com version and got booted out. Subsequently, I haven't been able to log back in and get the "incorrect password" message. I hadn't got any password recovery mechanism setup and thus am stuck where I cannot get back in. I thought I might try creating a new self-service account, which was successful and I can login to the AAD again, but only as a user and not an administrator. I thought I might be able to try the same trick to become administrator again, but when I visit https://portal.office.com/admintakeover while logged in as the new user I get an authorisation failure (probably rightly so).

So I am now stuck.

In the shorter term, I wanted to delete the AAD and all traces of it so that I can use things like Teams on my personal Microsoft account.
In the medium term, I want to to start again with the domain in Azure and add something like Microsoft 365 Business Basic or possibly Microsoft 365 F3 and migrate my on-premises Exchange to it. I would want to join my local domain (which is a .local) to the AAD and have synchronisation from my local domain controller to AAD to enable my users to login to Exchange seamlessly (ie no additional credentials). I would then make use of Teams etc.

Can anyone help me to get the locked out global administrator user in AAD back in again. I tried calling support this morning and spoke with several people, none of whom really were able to help.

Many thanks
Graham Cottle

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JaiVerma-7010 avatar image
0 Votes"
JaiVerma-7010 answered GrahamCottle-2880 commented

Contact O365 support team, they can unblock/elevate an existing non admin account to GA from backend.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JaiVerma-7010
Do you know if they have any kind of web presence? I ended up on a support line this morning and got passed around before the line dropped. On the second attempt, I did manage to speak to someone who gave me a ticket, but I got no further than that.

Many thanks
Graham

0 Votes 0 ·

Sadly, that didn't work. I started with the bot and got to the point where it would let me select the issues and put Azure in. It then sent me across to the Azure support site, which isn't too helpful. I have logged a ticket with them again and will see what happens.
Many thanks for your advice
Graham

0 Votes 0 ·
Show more comments
ManuPhilip avatar image
0 Votes"
ManuPhilip answered GrahamCottle-2880 commented

Hello,

Go through the following Microsoft help docs and see if it helps to recover the Global Admin account

https://docs.microsoft.com/en-us/office365/troubleshoot/sign-in/forgot-sign-in-password
https://support.microsoft.com/en-us/help/17875/microsoft-account-reset-or-recover-password

Thanks,
Manu

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ManuPhilip-7542
Many thanks - I will take a look at them.
Graham

1 Vote 1 ·
michev avatar image
0 Votes"
michev answered GrahamCottle-2880 commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I think that was where I was going to end up. I called then this morning and got passed around and no-one helped. I did try again and at least got a ticket raised, but I was hoping I could fix myself. I will wait for someone to call me.
Thanks
Graham

0 Votes 0 ·