This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 41%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Hi folks,
When using Active Directory Domains and Trusts to add UPN suffixes I see the following error message:
"Windows cannot update the UPN suffixes. Insufficient access rights to perform the operation"
I am signed into a AAD DS joined server and using an AAD DS administrator account in the group "AAD DC Administrators".
The domain names I would like to add as UPN Suffixes are verified as Custom Domains in Azure AD.
Are elevated privileges required to perform this operation?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
You have to use a account member of enterprise Admins and domain admins to perform this action.
*****************Please don't forget to mark this reply as answer if it help you to resolve your issue********************
Thanks @ThameurBOURBITA,
The only account who is a member of both those groups is dcaasadmin which I did not configure so I don't have the password to. I can't find much information on that account but it seems I cannot elevate the privilege of my AAD DC Admin account without it?
Hi,
If know a password of a account member of domain admins in the root domain, you can use it to add another account in enterprise admins group.
Please don't forget to mark this reply as answer if it help you to resolve your issue
Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.