I have a Azure AD with all users setup and no servers on-site and no onsite domain everything is in Microsoft 365.
I have Azure Premium for all users.
I now have a need due to an application that the business has purchased to have a domain controller on-site for authentication.
I have set up Azure AD DS and installed a VM in Azure and I am able to join this VM to the Azure domain as a member server.
When I try to promote the server to a Domain Controller I am not able to as I am not a member of Domain Admins or Enterprise Admins and I am not able to add myself to these groups.
How can I promote a server to a Domain Controller even if it is Read-Only so that I can authenticate users locally to the new application?
I do not want to create a local domain and use Azure AD Connect to sync passwords I want the details to come from Azure..
Anyone got any ideas on how I can achieve this?