Intune Assign a Dynamic group as members of local administrators on devices
Question
Hi All
Following Microsofts article it states you can get a group assigned to be a member of local administrators on devices which are in intune. I’d like to be able to assign a Dynamic group to be assigned to local administrators groups on machines.
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-restrictedgroups
As per microsoft
<groupmembership> <accessgroup desc = “Group1”> <member name = “S-1-15-6666767-76767676767-666666777″/> <member name = “contosoAlice”/> </accessgroup> <accessgroup desc = “Group2”> <member name = “S-1-15-1233433-23423432423-234234324″/> <member name = “contosoGroup3“/> </accessgroup> </groupmembership>
in my scenario Group3 = [email protected]
I have attempted with object id also, as it is a azure group there is no sid.
However when attempting I’m always receiving remediation failed. Error code 0x87d1fde8
Has anyone had any luck to assign a group within the administrators group of a machine?
OMA-URI
ConfigureGroupMembership [./Device/Vendor/MSFT/Policy/Config/RestrictedGroups/ConfigureGroupMembership]
Answers ( 5 )
Hi just want to feedback on this if anyone else faces the issue. Groups is only managed from 2004 onwards.
No response hence closing the thread
Manage administrator privileges using Azure AD groups (preview)
https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview
Thanks but is the request I have mentioned possible? or can you only assign individual users only?
The best option is to check the event logs and registry to understand more details about errors
I have explained how to troubleshoot in free intune training videos