| title | Domain Name Administrator |
|---|---|
| description | Domain Name Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
This is a privileged role. Users with this role can manage (read, add, verify, update, and delete) domain names. They can also read directory information about users, groups, and applications, as these objects possess domain dependencies. For on-premises environments, users with this role can configure domain names for federation so that associated users are always authenticated on-premises. These users can then sign into Microsoft Entra based services with their on-premises passwords via single sign-on. Federation settings need to be synced via Microsoft Entra Connect, so users also have permissions to manage Microsoft Entra Connect.
[!div class="mx-tableFixed"]
Actions Description microsoft.directory/domains/allProperties/allTasks Create and delete domains, and read and update all properties microsoft.office365.supportTickets/allEntities/allTasks Create and manage Microsoft 365 service requests microsoft.office365.webPortal/allEntities/standard/read Read basic properties on all resources in the Microsoft 365 admin center