last sync: 2025-Jul-26 17:01:27 Etc/UTC

Domain Name Administrator - 8329153b-31d0-4727-b945-745eb3bc5f31
Entra Id Role definition

Display name Domain Name Administrator
Id 8329153b-31d0-4727-b945-745eb3bc5f31
Description Can manage domain names in cloud and on-premises.
Detailed description For on-premises environments, users can configure domain names for federation so that associated users are always authenticated on-premises (these users can then sign into Microsoft Entra based services with their on-premises passwords via single sign-on). Federation settings need to be synced via AADConnect, so users also have permissions to manage AADConnect.
Categories identity
isPrivileged True Privileged
EntraOps Tier Level ControlPlane
#Resource Actions unique 57
#Resource Actions Operations unique 57
#Resource Actions privileged 1
#Resource Actions direct 3
Resource Actions inherited True
#Resource Actions inherited 54
Resource Actions inherited from Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b)
#Resource Actions overlap direct&inherited 0
Resource Actions overlap direct&inherited
#Resource Actions inherited to 0 other Entra Id Roles
Resource Actions inherited to n/a
#Resource Actions conditioned 0
#Resource Actions unconditioned 57
#NameSpaces 3
NameSpaces microsoft.directory: 55
microsoft.office365.supportTickets: 1
microsoft.office365.webPortal: 1
Actions allTasks: 2
read: 55
Operations actionVerbs GET: 55
n/a: 2
Resource Actions where Consent Policy applies 0
Resource Actions / Consent Policy n/a
JSON enriched
{29 items}
JSON raw (v1.0 endpoint)
GET /roleManagement/directory/roleDefinitions/{id}
{12 items
  • @odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
  • id: "8329153b-31d0-4727-b945-745eb3bc5f31",
  • description: "Can manage domain names in cloud and on-premises.",
  • displayName: "Domain Name Administrator",
  • isBuiltIn: true,
  • isEnabled: true,
  • resourceScopes: [1 item
    • "/"
    ],
  • templateId: "8329153b-31d0-4727-b945-745eb3bc5f31",
  • version: "1",
  • rolePermissions: [1 item
    • {2 items
      • allowedResourceActions: [3 items
        • "microsoft.directory/domains/allProperties/allTasks",
        • "microsoft.office365.supportTickets/allEntities/allTasks",
        • "microsoft.office365.webPortal/allEntities/standard/read"
        ],
      • condition: null
      }
    ],
  • inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('8329153b-31d0-4727-b945-745eb3bc5f31')/inheritsPermissionsFrom",
  • inheritsPermissionsFrom: [1 item
    • {1 item
      • id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
      }
    ]
}
JSON raw (beta endpoint)
GET /roleManagement/directory/roleDefinitions/{id}
{16 items
  • @odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions/$entity",
  • id: "8329153b-31d0-4727-b945-745eb3bc5f31",
  • assignmentMode: "allowed",
  • categories: "identity",
  • description: "Can manage domain names in cloud and on-premises.",
  • displayName: "Domain Name Administrator",
  • isBuiltIn: true,
  • isEnabled: true,
  • isPrivileged: true,
  • resourceScopes: [1 item
    • "/"
    ],
  • richDescription: "For on-premises environments, users can configure domain names for federation so that associated users are always authenticated on-premises (these users can then sign into Microsoft Entra based services with their on-premises passwords via single sign-on). Federation settings need to be synced via AADConnect, so users also have permissions to manage AADConnect.",
  • templateId: "8329153b-31d0-4727-b945-745eb3bc5f31",
  • version: "1",
  • rolePermissions: [1 item
    • {2 items
      • allowedResourceActions: [3 items
        • "microsoft.directory/domains/allProperties/allTasks",
        • "microsoft.office365.supportTickets/allEntities/allTasks",
        • "microsoft.office365.webPortal/allEntities/standard/read"
        ],
      • condition: null
      }
    ],
  • inheritsPermissionsFrom@odata.context: "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('8329153b-31d0-4727-b945-745eb3bc5f31')/inheritsPermissionsFrom",
  • inheritsPermissionsFrom: [1 item
    • {1 item
      • id: "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
      }
    ]
}