Getting error" User is not a member of the domain Admins group" While configuring Azure AD connect *Federation with AD FS* in Credentials section

Question

I trying to configure Azure AD connect and federation with AD FS, I'm logging into the VM Server(This server is not AD DC Server , This VM is Where IIS & Apps are hosted) using my Administrator Id& pass(this is how I generally login to VM)

But it throws error saying you must be logged in as a domain user to configure federation with AD FS

I switched & logged into the VM Server using my own AD Id(having global administrator access) & password rather than administrator id.

and while connecting to Azure AD & connecting Directories I use my own AD Id & password

As I enter my Ad Id and Password ,It says, User is not a member of domain admin group of domain

I'm not sure what credentials should I enter in the domain credentials area.

Note : I have only Azure Active Directory and I use Azure Active Directory domain services (I don't have any domain Controller on any windows sever)

Answer 1

I tried to reproduce the same in my environment like below:

Configured Azure AD connect and federation with ADFS

Logged into global admin account and clicked next

To add directory I created new AD account and Enter your "Enterprise Admin Credential" like imran\Admininstrator

After you Configured Directories Select "Next"

• In Azure AD sign-in configuration check the dialog box of continue without matching all UPN suffixes to verified domains
• Domain and OU filtering All domains and organisational units (OUs) are synchronised by default. You can uncheck the relevant boxes if you don't wish to synchronise certain domains or OUs with Azure AD.

Here enter your domin account imran\Admininstrator to access ADFS services like below:

Getting error" User is not a member of the domain Admins group" While configuring Azure AD connect Federation with AD FS in Credentials section

This error may cause if the account you are using to set up Azure AD Connect does not have enough permissions.

• Make sure the account you're using to set up Azure AD connect belongs to the Domain Admins group. On the server where Azure AD Connect is installed, make sure the account has been added as a member of the local Administrators group.
• Verify that the user right to "Act as part of the operating system" is granted to the account. Using the Local Security Policy MMC snap-in, you may confirm this. Ensure that the account is added as a member of the "Enterprise Admins" group in Active Directory

Reference:

Setup Your Hybrid Environment Using Azure AD Connect (c-sharpcorner.com)