https://learn.microsoft.com/en-us/azure/active-directory/roles/administrative-units
Here are some of the constraints for administrative units.
- Administrative units can't be nested.
- Administrative unit-scoped user account administrators can't create or delete users.
Groups
Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but not the members of the group. In other words, an administrator scoped to the administrative unit can manage properties of the group, such as group name or membership, but they cannot manage properties of the users or devices within that group (unless those users and devices are separately added as members of the administrative unit).
No comments:
Post a Comment