Adding AzureAD/Office365 users to local security groups

Over the past 12 months we have been transitioning our clients away from domain and local logins to AzureAD. Most of our clients are using Office365 using AzureAD/Office365 usernames and passwords for their local workstation login has made the login process simpler and easier.

The problem however is that there are some "features" which expect a local user account and AzureAD/Office365 user accounts do not "exist" as local users in the traditional sense. This has been an issue when clients need or want their account to be added to the local Administrator group or to the Remote Desktop Users group.

This can be done in a few steps from the command line.

First, you need to identify the Office365 UserPrincipalName (UPN). This is easily done by looking in the c:\Users folder. Office365 UPN are typically in the form of FirstnameLastname. This is not always the case so it is best to check this first.

Second, open an elevated command prompt.

Third, use net localgroup command to add AzureAD user to a local group

net localgroup <"Local Group"> /add "AzureAD\<UserPrincipalName>"

Replacing "Local Group" with the appropriate local group e.g. "Administrators", "Remote Desktop Users", etc. and replacing <UserPrincipalName> with the appropriate username.