azure:qnd:azure_iam

This is an old revision of the document!

Azure IAM

  • https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview
  • Azure has two separate/distinct scopes of access control — one for Azure AD and one for Azure resources.
  • A user with the Global Administrator role in AAD can elevate themselves to have the RBAC User Administrator role at the root (/) level over all subscriptions and management groups. This allows them to assign RBAC roles to themselves and others.

Misc Tools/Commands

  • Windows command dsregcmd /status can be used to check if machine is AAD joined

Azure Active Directory Domain Services/AADDS

  • Be mindful when joining Windows VMs to an AADDS domain that only the first 15 characters of the VM name are used for the machine name. So when the machine is joined to the domain there will be a name conflict of the first 15 characters are not unique.

Related

  • azure/qnd/azure_iam.1662066468.txt.gz
  • Last modified: 2022/09/01 21:07
  • by mgupton