I'm working on setting up Administrative Units and I'm hitting a wall in the final step. Here's the situation: I have multiple groups of users who need management by a select few admins, and since the groups change often, I want this system to be dynamic. I've created a Dynamic Administrative Unit that successfully pulls users based on their Department field, so that's all working well. Now I want to assign a role to a group of users so they can manage things like changing passwords.
I tried using the Helpdesk Role, and while I can manually add users to it without issue, I ran into a problem when I attempted to add a distribution list. It didn't show up, and I learned that it needs to be a Security Group instead. I created a matching Security Group, which does appear. However, the members of that group aren't receiving the permissions as expected. Can anyone help me figure out what I might be missing? Thanks!
2 Answers
You can't assign roles directly to Dynamic Groups. You can only assign roles to groups that were created with the 'Microsoft Entra roles can be assigned to this group' option enabled. Make sure that's set properly, as there are some restrictions for group members associated with that setting. Also, remember that when you add a group to the Administrative Unit, it doesn't automatically give permissions to its members; you have to set those permissions separately.
Sounds like you're on the right track, but just double-check that the group you created has the necessary settings enabled. If it's properly configured as a Security Group, it should work. Also, sometimes there can be a delay in permissions being applied, so give it a little time and then test again. If it still doesn't work, you might want to check if there are any other conflicting settings in your Azure configuration that could be affecting the permissions.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads