How to give file permissions to AzureAD user on windows 10?

Question

I'm on a Win10 workstation that's joined to AzureAD like this. How can I grant file permissions to an AzureAD user? When I try to use the File Properties > Security > Edit > Add dialog I can't find/select any users on the AzureAD domain, including the currently logged in user. Entering AzureAD\FirstLast and clicking Check Names gives this:

In general this sort of thing seems to be a problem with AzureAD-joined accounts: windows appears to not know about them, e.g. when adding them to SQL Server. Or perhaps I just don't know the right way to refer to these users?

score 19 · Accepted Answer · answered Nov 28 '16 at 20:53

Thanks to Arni on this thread for the answer:

You can try the following command line. After adding an ACL entry, the Security dialog will display the user and you can change the permissions there.

CACLS "C:\YourPath" /T /E /G AzureAD\FirstLast:C

score 15 · Answer 2 · answered Feb 14 '18 at 17:46

15

My cheating way: Add the Azure user to a unique local group "net localgroup groupname domain\user /add" Then give local group permissions

answered Feb 14 '18 at 17:46

bobby

151

How to give file permissions to AzureAD user on windows 10?

2 Answers2