Is it possible for user with the role User Account Administrator scoped on an Administrative unit to create a user ?
In Azure portal, when I look at the role description, the user/create right is there (see https://framapic.org/CrD8yjSzN9aH/d8ToqzVMLhOH.png)
But when I try to create a user in power shell, it fails with an access denied error:
PS C:\Users\pdl> New-AzureADUser -UserPrincipalName "user4@mytenant.onmicrosoft.com" -DisplayName "User 4" -UsageLocation "FR" -AccountEnabled $true -PasswordProfile $passwordProfile -MailNickName "user4"
New-AzureADUser : Error occurred while executing NewUser
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
Other operations like Set-AzureADUser are OK.