Account Admin should always be a Global Admin in a domain's active directory
We recently went through the process of transitioning our domain subscriptions to our admin assistant by making her our Account Admin.
This was made more difficult because the Account Admin is not automatically added to the active directory of the domain when the domain is transferred to them.
(1) log on as DevUser and create a domain on Azure
(2) as DevUser set up a subscription
(3) as DevUser transfer subscription to another user AdminUser (change the Account Admin for the subscription to that user).
(4) as AdminUser, transfer Service Admin back to original user DevUser.
(5) as DevUser, notice that this domain no longer has a subscription.
You cannot do anything from either user to recover or assign the subscription to this domain.
The magic is then:
(6) as DevUser, edit the Active Directory for this domain and add the AdminUser as a "Global Admin" for it.
(7) as AdminUser, transfer Service Admin back to AdminUser.
(7) as AdminUser, log onto the manage portal, then choose the subscription, and change the subscription Directory to the Active Directory of the domain. (this was not possible before because the AdminUser was not a User / Global Admin of that directory and the directory was not visible in the selection list).
(8) as AdminUser, go to the account portal and edit subscription changing the Service Admin to be the DevUser.
(9) the DevUser now can log onto the management portal and the domain now has a subscription and is usable.
This would all be solved if the Account Admin was always a user of any domain they were an Account Admin for (i.e., at the time of transfer, register them with the Active Directory of that domain), and prevent the Service Admin / Co-Administrator from ever removing them from the Active Directory of the domain that they are account administrators for.