question

JustinGrote-2114 avatar image
0 Votes"
JustinGrote-2114 asked ·

Windows Admin Center Active Directory Minimum Permissions

Windows Admin Center active directory requires you to connect to a DC for it to appear. As far as we can tell you must be a domain admin, however there are plenty of scenaiors like helpdesk where WAC would be useful to update user information without those users having domain admin rights. Is it possible to use WAC active directory extension without having domain admin rights?

windows-server-management
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KarlieWeng-MSFT avatar image
0 Votes"
KarlieWeng-MSFT answered ·

Hello Justin @JustinGrote-2114

Windows Admin Center supports the following end-user roles:

74677-image.png

Reference article:
User access options with Windows Admin Center
Configure User Access Control and Permissions


Best Regards
Karlie


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (20.2 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GroteJustin-0079 avatar image
0 Votes"
GroteJustin-0079 answered ·

@KarlieWeng-MSFT thank you for your reply but I don't think you read my request at all. I don't care about the Windows Admin Center roles, I care about the minimum Local Server permissions for Windows Admin Server users to connect to a Domain Controller to run the Active Directory Extension without needing to be Domain Admin

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hi, sorry for that didn't help :(.

0 Votes 0 ·
GroteJustin-0079 avatar image
0 Votes"
GroteJustin-0079 answered ·

After doing my own research, your answer should have been "you need to configure a JEA endpoint on the domain controller" and provide documentation for what minimum permissions and how to configure the JEA endpoint so that users can manage active directory without being a domain admin. That documentation doesn't exist as far as I can tell, so I guess I may need to write an article on it.


https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/plan/user-access-options#role-based-access-control

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

it would be great you can mark this as answer .

have a great day !

Thanks

0 Votes 0 ·

Hi @GroteJustin-0079

kindly mark useful reply as answer which would also help other community members.

Have a great day!
Thanks a lot.

0 Votes 0 ·