Non-admin users cannot create more than 250 Teams…

Matt Ellis
Nov 1, 2018 · 3 min read

You only really care about a limit once you hit it. Some limits are so high they’re effectively unlimited. Some are quite attainable. One of these such limits is the Azure-stipulated limit of the number of Azure AD objects a non-admin user can create. Microsoft publish the Azure AD limits here.

Image for post
Image for post

This affects Microsoft Teams because each Team created causes an object to be created in Azure AD. For the average user this isn’t going to be an issue.

However, in our environment we have locked down Office 365 Group creation as detailed here. This leaves a small number of Administrators creating all the groups across the org.

Today, one of our admins started to get the following error:

Image for post
Image for post
“We’re having trouble creating your team. Please try again later.”

I suspected they had reached the 250 limit but had to find a way to confirm this.

I found the Get-AzureADUserCreatedObject cmdlet in the Azure AD PowerShell module to list the objects created by a particular user. If you don’t have it installed yet, take a visit here to get the Azure AD PowerShell module.

Image for post
Image for post
Get-AzureADUserCreatedObject

Then you can count them using a command similar to this:

(Get-AzureADUserCreatedObject -ObjectId c62f02de-50df-4cee-xxxx-xxxxxxxxxxx -All $true).count
Image for post
Image for post
Get-AzureADUserCreatedObject Count

Note: There are a few ways to get the ObjectId of your user but easiest way if you have the PowerShell module loaded is with an command similar to below:

Get-AzureADUser -SearchString matt@domain.com | Select ObjectId
Image for post
Image for post
Get-AzureADUser

Workaround/Fix

The Azure AD limit for non-admin users is a fixed one. There is no way to increase this and even if the limit was doubled, you’re still likely to have people that reach that limit.

The answer in this instance is in the question. This limitation is here because this user is a non-admin. Making the user an admin will resolve this.

I could of course make the user an Office 365 Global Admin. This is massive overkill though. Microsoft recently introduced 4 brand new admin roles for Microsoft Teams. The most powerful of the new roles, the Teams Service Administrator role includes (amongst other things) the ability to manage and create the underlying Office 365 Groups. It also has the benefit of bypassing the 250 team limit for non-admin users.

Image for post
Image for post
Team admin roles in Azure AD portal…

This didn’t take effect immediately in my environment but did start working the next day, so I’m unsure how long this takes to take to start working. Give it some time though.

Interestingly (if you’re a nerd), I had kind of expected that the count for the Get-AzureADUserCreatedObject to exceed 250 for this Administrator but it doesn’t. It still stays at 250 for this user and the new Office 365 Groups don’t show up in their list of created objects. I guess that once the user has been assigned the Teams Service Administrator role it means when creating the underlying Office 365 group it must create the object without checking how many objects the user has created previously.

365 UC

Stories from the world of UC by a bunch of UC…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store