When we use a managed service like Google Cloud’s Managed Service for Microsoft Active Directory or AWS Managed Microsoft AD, we don’t get full domain admin access to Active Directory. Instead, the services grant us delegated admin access, which is fairly powerful, but not as powerful as domain admin. One example where the lack of domain admin access can become an issue is AD FS. By default, installing AD FS requires domain admin access, and the deployment wizard refuses to cooperate if w...
