Q. How can I add an Azure AD user to a local group on an Azure AD joined Windows 10 machine?
A. When a Windows 10 machine is Azure AD joined then Azure AD accounts can logon to the box however normal dialogs cannot list the members of the Azure AD instance which means you cannot easily add Azure AD users to a local group, for example administrators. The solution is a multi-part process
- Logon to the machine as the user you wish to make a local administrator (or other group)
- Logout and login as a local administrator (the first Azure AD user who logged on during join was made the local administrator)
- From the command line use:
net localgroup <group> <Azure AD domain single label>\<user name>
net localgroup administrators savilltech\bond /add
To grant file system access to Azure AD accounts I would create a local group with the users in then grant that group access to the file system resources.