How to change the default directory for an existing Azure subscription

2015-08-07 | Toni Pohl

Recently I opened a new Azure subscription with my Microsoft Account. Since every Azure subscription needs to have an Azure Active Directory (AAD) for the subscription management in the background, Microsoft assigns a new or an existing AAD to that subscription.

In the Azure management portal you can see the default directory for an Azure subscription in the “Settings” / Subscriptions in the “Directory” column. The following screenshot shows an example.

SNAGHTML4452a67_thumb2

Here are two Azure subscriptions (Azure and AzureS) managed by one AAD (mvpdemo2014.onmicrosoft.com – which is a more than one year old, no longer active Office 365 demo 30-days-trial).

Why would you want to change the default AAD?

So far so good. What if the assigned AAD for an Azure subscription is not the one you want to use?
For example in an organization you maybe want to use your (federated or Office365) AAD?

The second problem – in my case – was that I could not add other Co-Admins to the specific Azure subscription. The portal always delivered an error: “The account 'xy@atwork.at' could not be made a co-administrator due to a directory error.” Troublesome…

I found out that the underlying AAD (mvpdemo2014.onmicrosoft.com) seemed to be the problem because in other Azure subscriptions adding Co-Admins worked. So I had no idea what caused the problem in the AAD and I could not fix it myself in the AAD. The following steps were the solutions for that issue.

How to change the default AAD

The Azure portal shows the default directory of Azure subscriptions on the “settings” / “subscriptions” as mentioned above.

SNAGHTML456b52f_thumb2

The way is very simple: Select the Azure subscription and click “Edit directory” in the menu below.

image_thumb11

Now choose the new desired AAD from the Directory dropdown.
(You can also create a new AAD in the Azure portal before performing this step if you like…)

image_thumb8

In my sample I selected my default directory I am using in another Azure subscription.

The next steps informs if existing Co-Admins are affected - or not. Take care that you are global admin of the new AAD, otherwise you could loose the permission to manage the Azure subscription.

image_thumb5

After confirming the portal must reload: Ok.

image_thumb2

After the reload don’t worry, if the Azure subscription is gone now… (as in the background of the following screenshot). You need to switch to the “new” AAD in the subscriptions menu.

image_thumb20

In my case I selected my “Default” Active Directory where I now can see and manage the “AzureS” subscription.

image_thumb32

That’s it. The Azure subscription is now managed by the “new” AAD.

Add new Co-Admins

Now add new Co-Admins to that Azure subscription. You can add new users or use existing users (as I did because other users already had permissions to other Azure subscriptions) and select the subscription permissions. With “edit” this looks like here.

image_thumb29

The result: Voila, it worked!
(No more error “The account 'xy@atwork.at' could not be made a co-administrator due to a directory error.”… the “new” AAD fixed that problem.)

image_thumb23

So this is how to change an Azure subscription management to another AAD. Hope it helps!

Categories: Azure, Cloud, Microsoft

Source: https://blog.atwork.at/post/How-to-change-the-default-directory-for-an-existing-Azure-subscription