Click reply and tell us what you think:Tutorial: Azure Active Directory Integration with Druva |
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
↧
Tutorial: Azure Active Directory integration integration with Druva
↧
Get Users with License/ with Global admin role/ with User Management Admin Role
Hello Experts,
we have on boarded to WAAD as a 1st party and we have developed amulti-tenant application for user and license management.
we have created a filter (like office 365) for displaying User with Global Admin Role/ user with User Management Role/ User with License /User without License.
Current Implementation:
we loop through the user list and for each user we are making a call to get the license information/ role information.
Issue:
it works fine with limited number of data, but with large number of users/license, it is creating problem.
Ask:
Need guidance on how to solve this issue?
Note: we are using Graph client version 2.0.
Any help would be much appreciated.
Thanks,
Ritesh
↧
↧
WAAD SSO Airwatch / Attribute SAML claim Role?
Hello
We have configured WAAD SSO with our Airwatch applicaiton. I can see that we have got a new option on the application called "Attributes" where you can add and edit the existing SAML claims. How can we add a new claim for user ROLE??
We need to send out the list of the groups user is member of in WAAD, How can we do this?
http://schemas.microsoft.
Regards,
Maqsood.
↧
Graph API Directory Extension (User)
Hello
I have registered a Directory Extension on User Object using Graph API. But I'm wondering where I can see this new extension visible on the User in Azure Management Portal or in Office365 Admin Portal??.
And how can it be exposed on Application Attributes for WAAD SSO /SAML assertions???
Regards,
Maqsood.
↧
The German Version is automatically offered - can´t download the English Version
AdministrationConfig-de.msi is offered on my machine, since I use a German Keyboard and have choosen language preferences German therefore.
Since the rest of this machine is set to english I would be pleased, to have a choice to install the english Version of the *.msi file.
Thanks and Greetings,
Josef
↧
↧
Unable to delete Azure AD
Hi All,
I have a test Azure AD that I use for testing the beta directory and is now no longer used.
I've tried to delete the Azure AD from the console, however it is complaining that "Directory has one or more applications"
I found that there is a "Tenant Schema Extension app" that was created during the sync.
I'm having trouble in deleting this application as it keeps on returning an error "Unable to complete this action. Try again Later"
I've tried to connect to it with the Azure AD powershell with a Global Admin account and tried the "Remove-MsolServicePrincipal" cmdlet and got the same error
I'm stumped just now and is not sure what else i can try in order to delete the app and subsequently delete the un-used Azure AD.
Can anyone help? it will be much appreciated
Cheers
Jerri
↧
Switch from DirSync to AADSync: "An item with the same key has already been added"
Hi all,
I tried to migrate from DirSync to AADSync.
Followed the steps in http://msdn.microsoft.com/en-us/library/azure/dn783462.aspx "Install AADSync on the same server" and http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx.
On step "Connect to Active Directory Domain Services" I added our forest and clicked next.
Error message appears on the bottom of the assistant: "An item with the same key has already been added."
EventViewer gives this:
System.Management.Automation.CmdletInvocationException: An item with the same key has already been added. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: An item with the same key has already been added. at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchemaFromDirectory(Connector connector, Boolean commit) at Microsoft.IdentityManagement.PowerShell.Cmdlet.UpdateADSyncConnectorSchemaCmdlet.ProcessRecord() --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.TypeDependencies.InvokePipeline(Pipeline pipeline) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand(String commandName, IDictionary`2 commandParameters, Boolean isScript) at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.ConnectorConfigAdapter.UpdateConnectorSchema(Connector connector) at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.UpdateConnectorSchema() at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.WizardPages.ADDSSourceDirectoryPageViewModel.SetupADDSConnectorCore(BackgroundWorker backgroundWorker) at Microsoft.Azure.ActiveDirectory.Synchronization.UserInterface.UI.Controls.Wizards.ProgressReportingTaskViewModel.ExecuteAction(Action action, Boolean isProgressIndeterminate)
AADSync version I used for installation is 1.0.0475.1202.
Is there anyone who can point me in the right direction?
Would be great.
Kind regards
Sascha
↧
Office365 REST API, Client authentication
Hi,
I am writing a windows service for fetching calendar events from an Office365 tenant.
I understand that my service must be registered in Azure AD and that I need to use 'auth strength of 2'. So I have created a self-signed x509 certificate and modified the manifest file of my application.
My question is: Can I call the Office365 REST API directly from my windows service or do I have to use some kind of 'Two tier access' as suggested here and in this sample?
I'm confused. Given that my application is registered in AAD and I have the certificate registered and I use it when authenticating I should be able to access the Office365 REST API directly? No?
Thanks and best regards,
↧
Azure AD for Single Tenent SaaS
Hello,
We have a unique scenario where we are building a Windows Store App that will be deployed across multiple single tenants. All of our tenants will be Azure and Office 365 customers. The use case that we have is:
- Every tenant has its own Azure subscription with its own database, service bus, active directory etc.
- All tenants use a single Windows store application to run their business
- The application code does not change between multiple tenants
- The application needs to integrate with each tenant's own cloud services (database, service bus etc.) for authentication, authorization and send/receive data
- One person can be an authorized user on more than one tenants. An authorized person may need to interact with each tenant's cloud services (database, service bus etc.) for which s/he is added as an authorized user
- Every user needs to have Single Sign On capability across all the tenants that s/he is an authorized user of
The attached diagram represents the graphical depiction of this scenario.
We are hitting a roadblock when we are trying to implement the "Single Sign On" capability across multiple tenants. The idea is to implement something like the following:
- Tenant 1 logs in to the Windows Store App using its office 365 credentials through Azure AD
- Azure AD authenticates Tenant 1 and gives it a token
- Tenant 1 uses that token to authorize itself against its own Azure account through the Windows Store App
- Tenant 1 uses the Azure AD token to authorize itself against another tenant 3's Azure Subscription
- Azure authorizes the Tenant 1 based upon its original sign in credentials and allows it to access Tenant 3's web services and databases
Is there a way to achieve this in Windows Azure? We were able to do it using Office 365 where users were able to access lists and libraries across subscription but so far unable to make it work on Windows Azure. Any help you can render in solving this issue will be greatly appreciated.
Khurram
↧
↧
Gain/Grant access to Azure rights protected files of Ex-Employee
Hello,
We will be soon rolling out the Azure RMS in our organization. We have our custom RMS templates to be published for the users. There is a viewer template that allows View, Reply and Reply All protection to files. An employee has some files which he has protected
using this template and now he is no longer with the company. How can I(as an admin) access those files. I believe we can have full access added to the admin group for those templates. By that way admins can recover the data. However in our case we want that
ex-employees manager to go through his data. He is not an admin. How can we change rights for those files so that ex-employee's manager can access them.
All i could think of was, me as an admin will have to access that file and change the rights of that file. What if there are thousands of such files. How can this be made easier in such litigation requests.
Please suggest.
↧
Switching to another tenant/directory with old portal
Hi,
I am really confused regarding accounts mess with Azure. Now this is my situation:
A friend and I got an Azure pass. We both assigned them with our MS-Accounts. So I have my Microsoft account called "firstuser@live.de" which was used for creating my azure account/subscription (when I went to manage.windowsazure.com it was showing the account "@firstuserlive.onmicrosoft.com" in the url. No I always used the old portal because I liked it more. However, the other friend who used the pass for his account (seconduser@live.de) added me as owner in his portal (using the new portal).
When I go to the new portal now, I can switch between both directories when I click on the top right. There I can switch between My and his account/subscription. However, when I click on "Classic Portal" I only see MY account with MY subscriptions. How can I use the old portal within HIS account/subscription???
Thanks!!
Best,
Christian
↧
Question about the SLA and Active Directory ("Default Directory")
Our team is drafting an SLA to pass on to our customers based on the products we're using and we were confused by the 'Default Directory' that is tied to our Azure account.
Does this 'Default Directory' by default fall under any SLA?
We're aware that the Free level does not have an SLA unlike the Basic and Premium products. We want to make sure everything is covered by an SLA. I noticed there's an option to upgrade to premium, but there's no indication if the 'Default Directory' is Free or Basic.
We do not use this Active Directory in our application other than to manage accounts and team access to our Azure subscription. We do not have any on-premise cloud connectivity that seems to come up in all of our searches for an answer.
Thanks for any insight!
↧
Unable to verify custom domain during the Active Directory Connector install.
Unable to verify custom domain during the Active Directory Connector install.
Error: Create AAD Trust Microsoft Online Deployment. types. AzureDomainNotVerified
↧
↧
AADSync to Office 365 not showing in Azure
We have successfully deployed AADSync and Federation so our users can log into Office 365. However, if I go to our Azure directory and try to add our domain it says "Sync has never run"
Do we need to have two separate instances of AADSync? Are the office 365 and azure ADs linked or separate?
↧
Add Office 365 tenant to my Azure AD Tenant
Hi I have a Office 365 Tenant up and running and I just configured Azure AD. I would like to be able to have Dirsync establish between the two. I has in some documentation that I need to Add my Office 365 Microsoft ID user name @onmicrosoft.com to my Azure AD tenant. When I do this, in Azure, it tells me that my Microsoft ID does not exist. I'm at a lost as I'm able to login to my Office 365 with it.
Thanks
↧
Single sign on setup possible without a onpremises AD
Hello, I have a customer case that are currently on a 365 E3 Plan with Azure ad. They want to get SSO for al of there users. But i dont know if its possible without a on premises DC OR a Virtual server with a DC?
Do i need to make dc and sync it with azure ad??
Facts
there are employés i 4 different contries
They have 7 domain names incorporated into 365
Clients are using Windows 7 & 8 Pro.
Kind regards
Jonas
Denmark
↧
How to retrieve AAD security token?
Hi:
Regarding get AAD security token, I post request to below URL
https://login.windows-ppe.net/{ResellerDomain}.ccsctp.net/oauth2/token?api-version=1.0
Should I keep parameter "api-version=1.0"?
Regarding request body, what's the meaning for "resource=https://graph.ppe.windows.net"?
Best Regards
Richard
↧
↧
AD Federation Server is must or not
Hi All,
I am working on to move 500 users to Office 365 from my on premises Exchange server 2013. need to know that i must have to deploy ADsync and ADFS servers Or only single ADsync server will be enough?
i don't need single sign on right now.
Regards
Nawaz
Nawaz
↧
Azure AD Selfreset service on customer with Exchange/SharePoint Online users
Hi,
we have a customer with two kind of users:
user A - Exchange Online + SahrePoint Online licenses
user B - SharePoint Online licenses
We are trying to use this new service (Selfreset). All works fine with users A licensed with Exchange Online
P1 + SharePoint Online. We are not able to activate this service with users B licensed only with SharePoint Online. We do not see the option into the panel. Do you know the reason?
Regard,
Technical Support
NetVisory (Microsoft Cloud Partner)
↧
User Credential Verification failed
Our company has an Azure AD as well as a domain. I'm trying to create a simple Hello, World web app to do some testing. Using VS 2013 I create a ASP.NET MVC project, then click on Change Authentication. I select Organization Accounts because I want people in our Azure AD domain and ONLY people in our Azure AD domain to be able to access the site. I enter the name of our domain, pick Cloud - Single Organization and Single Sign On and I get the following error:
User credential verification failed.
Error: Authorization Failed. The logged in user doesn't have Global Admin rights.
Which is correct, I don't. I'm the developer, not the network administrator, I don't have access to muck with the Active Directory nor should I. I'm just the guy who makes the programs for our users to use, those users are defined in the AD by someone else.
I won't be getting Global Admin AD rights, so if that's required, this little experiment is at an end.
Can I get a little clarification on this? Is this access required or have I done something wrong.
↧