Matt Ellis
Nov 1, 2018 · 3 min read

You only really care about a limit once you hit it. Some limits are so high they’re effectively unlimited. Some are quite attainable. One of these such limits is the Azure-stipulated limit of the number of Azure AD objects a non-admin user can create. Microsoft publish the Azure AD limits here.

This affects Microsoft Teams because each Team created causes an object to be created in Azure AD. For the average user this isn’t going to be an issue.

However, in our environment we have locked down Office 365 Group creation as detailed here. This leaves a small number of Administrators creating all the groups across the org.

Today, one of our admins started to get the following error:

“We’re having trouble creating your team. Please try again later.”

I suspected they had reached the 250 limit but had to find a way to confirm this.

I found the Get-AzureADUserCreatedObject cmdlet in the Azure AD PowerShell module to list the objects created by a particular user. If you don’t have it installed yet, take a visit here to get the Azure AD PowerShell module.

Get-AzureADUserCreatedObject

Then you can count them using a command similar to this:

(Get-AzureADUserCreatedObject -ObjectId c62f02de-50df-4cee-xxxx-xxxxxxxxxxx -All $true).count
Get-AzureADUserCreatedObject Count

Note: There are a few ways to get the ObjectId of your user but easiest way if you have the PowerShell module loaded is with an command similar to below:

Get-AzureADUser -SearchString matt@domain.com | Select ObjectId
Get-AzureADUser

Workaround/Fix

The Azure AD limit for non-admin users is a fixed one. There is no way to increase this and even if the limit was doubled, you’re still likely to have people that reach that limit.

The answer in this instance is in the question. This limitation is here because this user is a non-admin. Making the user an admin will resolve this.

I could of course make the user an Office 365 Global Admin. This is massive overkill though. Microsoft recently introduced 4 brand new admin roles for Microsoft Teams. The most powerful of the new roles, the Teams Service Administrator role includes (amongst other things) the ability to manage and create the underlying Office 365 Groups. It also has the benefit of bypassing the 250 team limit for non-admin users.

Team admin roles in Azure AD portal…

This didn’t take effect immediately in my environment but did start working the next day, so I’m unsure how long this takes to take to start working. Give it some time though.

Interestingly (if you’re a nerd), I had kind of expected that the count for the Get-AzureADUserCreatedObject to exceed 250 for this Administrator but it doesn’t. It still stays at 250 for this user and the new Office 365 Groups don’t show up in their list of created objects. I guess that once the user has been assigned the Teams Service Administrator role it means when creating the underlying Office 365 group it must create the object without checking how many objects the user has created previously.

365 UC

Stories from the world of UC by a bunch of UC professionals…

Matt Ellis

Written by

Unified Communications Architect, Pompey fan, burger eater, coffee drinker...

365 UC

365 UC

Stories from the world of UC by a bunch of UC professionals…

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade