You only really care about a limit once you hit it. Some limits are so high they’re effectively unlimited. Some are quite attainable. One of these such limits is the Azure-stipulated limit of the number of Azure AD objects a non-admin user can create. Microsoft publish the Azure AD limits here.
This affects Microsoft Teams because each Team created causes an object to be created in Azure AD. For the average user this isn’t going to be an issue.
However, in our environment we have locked down Office 365 Group creation as detailed here. This leaves a small number of Administrators creating all the groups across the org.
Today, one of our admins started to get the following error:
I suspected they had reached the 250 limit but had to find a way to confirm this.
I found the
Get-AzureADUserCreatedObject cmdlet in the Azure AD PowerShell module to list the objects created by a particular user. If you don’t have it installed yet, take a visit here to get the Azure AD PowerShell module.
Then you can count them using a command similar to this:
(Get-AzureADUserCreatedObject -ObjectId c62f02de-50df-4cee-xxxx-xxxxxxxxxxx -All $true).count
Note: There are a few ways to get the ObjectId of your user but easiest way if you have the PowerShell module loaded is with an command similar to below:
Get-AzureADUser -SearchString email@example.com | Select ObjectId
The Azure AD limit for non-admin users is a fixed one. There is no way to increase this and even if the limit was doubled, you’re still likely to have people that reach that limit.
The answer in this instance is in the question. This limitation is here because this user is a non-admin. Making the user an admin will resolve this.
I could of course make the user an Office 365 Global Admin. This is massive overkill though. Microsoft recently introduced 4 brand new admin roles for Microsoft Teams. The most powerful of the new roles, the Teams Service Administrator role includes (amongst other things) the ability to manage and create the underlying Office 365 Groups. It also has the benefit of bypassing the 250 team limit for non-admin users.
This didn’t take effect immediately in my environment but did start working the next day, so I’m unsure how long this takes to take to start working. Give it some time though.
Interestingly (if you’re a nerd), I had kind of expected that the count for the
Get-AzureADUserCreatedObject to exceed 250 for this Administrator but it doesn’t. It still stays at 250 for this user and the new Office 365 Groups don’t show up in their list of created objects. I guess that once the user has been assigned the Teams Service Administrator role it means when creating the underlying Office 365 group it must create the object without checking how many objects the user has created previously.