diff --git a/coderd/database/migrations/000086_no_org_admins.down.sql b/coderd/database/migrations/000086_no_org_admins.down.sql
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/coderd/database/migrations/000086_no_org_admins.up.sql b/coderd/database/migrations/000086_no_org_admins.up.sql
new file mode 100644
index 0000000000000..6801a912511e4
--- /dev/null
+++ b/coderd/database/migrations/000086_no_org_admins.up.sql
@@ -0,0 +1,6 @@
+UPDATE 
+  organization_members
+SET 
+  roles = ARRAY [] :: text[]
+WHERE 
+  'organization-admin:'||organization_id = ANY(roles);
diff --git a/coderd/organizations.go b/coderd/organizations.go
index 9068f523488ad..27da001482f2d 100644
--- a/coderd/organizations.go
+++ b/coderd/organizations.go
@@ -76,7 +76,11 @@ func (api *API) postOrganizations(rw http.ResponseWriter, r *http.Request) {
 			CreatedAt:      database.Now(),
 			UpdatedAt:      database.Now(),
 			Roles: []string{
-				rbac.RoleOrgAdmin(organization.ID),
+				// TODO: When organizations are allowed to be created, we should
+				// come back to determining the default role of the person who
+				// creates the org. Until that happens, all users in an organization
+				// should be just regular members.
+				rbac.RoleOrgMember(organization.ID),
 			},
 		})
 		if err != nil {
diff --git a/coderd/users.go b/coderd/users.go
index b3e42cba75c91..ea47cd66d4553 100644
--- a/coderd/users.go
+++ b/coderd/users.go
@@ -1071,7 +1071,11 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create
 				return xerrors.Errorf("create organization: %w", err)
 			}
 			req.OrganizationID = organization.ID
-			orgRoles = append(orgRoles, rbac.RoleOrgAdmin(req.OrganizationID))
+			// TODO: When organizations are allowed to be created, we should
+			// come back to determining the default role of the person who
+			// creates the org. Until that happens, all users in an organization
+			// should be just regular members.
+			orgRoles = append(orgRoles, rbac.RoleOrgMember(req.OrganizationID))
 
 			_, err = tx.InsertAllUsersGroup(ctx, organization.ID)
 			if err != nil {
diff --git a/coderd/users_test.go b/coderd/users_test.go
index 9b78f6179ecaa..56b891b3301e0 100644
--- a/coderd/users_test.go
+++ b/coderd/users_test.go
@@ -817,15 +817,6 @@ func TestGrantSiteRoles(t *testing.T) {
 			Error:        true,
 			StatusCode:   http.StatusForbidden,
 		},
-		{
-			Name:         "MemberAssignMember",
-			Client:       member,
-			OrgID:        first.OrganizationID,
-			AssignToUser: first.UserID.String(),
-			Roles:        []string{},
-			Error:        true,
-			StatusCode:   http.StatusForbidden,
-		},
 		{
 			Name:         "AdminUpdateOrgSelf",
 			Client:       admin,
@@ -921,7 +912,7 @@ func TestInitialRoles(t *testing.T) {
 	}, "should be a member and admin")
 
 	require.ElementsMatch(t, roles.OrganizationRoles[first.OrganizationID], []string{
-		rbac.RoleOrgAdmin(first.OrganizationID),
+		rbac.RoleOrgMember(first.OrganizationID),
 	}, "should be a member and admin")
 }