When I enable Remote Desktop for a Worker Role in Visual Studio, it asks for a login and password.
I'd like to give my team automatic (auditable) access to Remote Desktop enabled Worker Roles. Ideally, access should be granted to people that belong to a given group. Is that possible?
Hi guys,
I would to check if it is possible to run Azure Active Directory Powershell (MSOnline) without installation of
I'm coming from the point of application deployment where the objective is to reduce additional installation to the server and to package the DLL, PSD1 (if required) of the Azure AD Module and run it like a portable app.
Did anyone manage to do that?
i found the modules installed in one of my testing machine C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline and i tried to run the module in a new server without any installation of those mentioned above, it gives Type Initialization error. I believe it is caused by lacking of Microsoft Online Service Sign-In Assistant.
Where are the dlls stored for MS Online Sign-In Assistant so that i can try to copy to the new server and test?
Thanks in advance!
Cheng
I've downloaded the latest version of Microsoft Azure Active Directory Sync Services and run through the configuration. The AD is in Sync is configuring and syncing the directories but failing on the password write back option with the message saying that it has the incorrect licence. I have AD Premium through Enterprise Mobility Suite and have assigned EMS Licences to several users?
From the logs:
Information: 904 : Changing password hash sync feature state in the directory for tenant 'DOMAIN' - AAD, enable=True
Information: 904 : Changing password hash sync channel state ('FOREST' to 'DOMAIN- AAD') : enabled=True
Error: 906 : Apply Configuration Page: Failed to configure password write-back (True) for connector ("domain"- AAD). Details: Server detected an invalid configuration (Error HRESULT E_FAIL has been returned from a call to a COM component.).
AAD Password reset configuration may be in an invalid state. Try removing the configuration.
infologic telecom
Hello
i have currently some problems with the Azure Active Directory Connect Public Preview Wizard.
If i trying to connect to the active directory we receive the following error:
One or more Domains could not be reached while validating the forest contoso.com. Please verify Network connectivity and Firewall policies for the following partitions: subcontoso.contoso.com.
We already checked the network connectivity and are also able to connect to the
subcontoso.contoso.com domain controller via ldap.
Is there a way to exclude subdomains for the wizard?
Hi,
I have setup ADFS and have sync'd on premise AD with WAAD but my user account is showing as being sourced from "Microsoft Account" rather than on premise active directory. I have attached some screenshots below.
Is there something I can do to get the user account to sync up correctly?
Many Thanks,
Iain
--------------------------
Screen View from Office365 Portal
---------------------------------------Screen View from WAAD Portal
We have implemented authentication for multi tenant SaaS solution which uses Azure Ad single sign on using OpenIdConnect authentication and its working fine.
The problem is when user is logged in in azure management portal with his live account and in other tab he try to open our app, then he directly gets below error on Microsoft login page.
Additional technical information:
Correlation ID: 78e13474-6f92-40ec-b463-91e36a6dae84
Timestamp: 2015-04-14 12:27:20Z
AADSTS50020:
User account 'xxx@xxxx.com' from external
identity provider 'live.com' is not supported for application
'https://xxxxx.onmicrosoft.com/xxxx'. The account needs to
be added as an external user in the tenant. Please sign out and sign in
again with an Azure Active Directory user account.
This works fine if I will pass "prompt=login" query string parameter in sign in request, But in that case single sign on is not working. Is there any way to resolve this issuewithout loosing single sign on experience?
hi all,
Has anyone encountered this issue: Sharefile.eu with Azure single sign on? I have been able to get sharefile.com working with AAD and SSO but not sharefile.eu
Has anyone had this issue and who can I contact about this?
From PS:
ServicePrincipalNames : {http://adapplicationregistry.onmicrosoft.com/sharefile/primary, https://*.sharefile1.com/saml/info, c10f22a5-0a5b-45d2-8fb1-xxxxxxx}
And when trying to update reply URL, I get this:
PS C:\Windows\system32> $replyUrl = New-MsolServicePrincipalAddresses -Address h
ttps://xxx.sharefile.eu/saml/acs
PS C:\Windows\system32> Set-MsolServicePrincipal -AppPrincipalId "c10f22a5-0a5b-
45d2-8fb1-xxxxxxxx" -Addresses $replyUrl
Set-MsolServicePrincipal : Unable to complete this action. Try again later.
In Zeile:1 Zeichen:1
+ Set-MsolServicePrincipal -AppPrincipalId
"c10f22a5-0a5b-45d2-8fb1-xxxxx" ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : OperationStopped: (:) [Set-MsolServicePrincipal]
, MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.Inter
nalServiceException,Microsoft.Online.Administration.Automation.SetServiceP
rincipal
Thanks
Noel
ws-fedp redirects from Microsoft.net, microsoftonline, etc have changed recently (inducing all sort of bugs, our end).Of course, these are our fault (not that we know the engineering criteria used by the team to protect against future changes).
What is ESTS? out of interest, in the wctx field?
wctx=estsredirect=2&estsrequest=3wEBD09BdXRoMkF1dGhvcml6ZQEPT0F1dGgyQXV0aG9yaXplAAECAQ9vYXV0aDIuYXV0aGNvZGUBFW9wZW5pZGNvbm5lY3QuaWR0b2tlbgABJGh0dHBzOi8vbWFuYWdlbWVudC5jb3JlLndpbmRvd3MubmV0LwEBJDAwMDAwMDEzLTAwMDAtMDAwMC1jMDAwLTAwMDAwMDAwMDAwMAEgaHR0cHM6Ly9tYW5hZ2Uud2luZG93c2F6dXJlLmNvbS8BGXVzZXJfaW1wZXJzb25hdGlvbiBvcGVuaWQAAAAAAAAAAAABARoAAAABIGh0dHBzOi8vbWFuYWdlLndpbmRvd3NhenVyZS5jb20vAQoBDEJyYW5kaW5nSGludAEGNTAwODc5AQNjaWQBJGYyMmVhYmFkLTI5OGQtNDJlZC04NjY4LWYwOTI0MjQxODgzMAEKRG9tYWluSGludAEAAQllcnJvcl91cmkBIGh0dHBzOi8vbWFuYWdlLndpbmRvd3NhenVyZS5jb20vAQ9pbmNsdWRlX2F0X2hhc2gBATEBC2ludGVyYWN0aXZlAQExAQVOb25jZQEkNWI4MTcxOTItZDcwNC00ZWEyLThkY2UtNjM4MGNjYzFlOTZhAQxSZXNwb25zZU1vZGUBBXF1ZXJ5AQlzZXNzaW9uSWQBJGQ0MGNlY2M4LWY2YmUtNGJmMS05ZWZlLWUxYjdhMjhmMzkyOAEPbGltaXRfdG9rZW5zaXplAQEx7Q2
How can I decode the request?
Assume I'm paranoid of Microsoft and Apple (and others) working hand in hand with NSA, coverty probably, to spy on log files with protocol request data...). Assume that only obsessive "transparency" provides any mitigation of the coopted-spying assumption.
Hi,
I am using Azure AD for user and role management operations from my MVC web application. I am using version of Graph API as 1.5 and Microsoft.Azure.ActiveDirectory.GraphClient .Net library 2.0.6.
I need to remove an AppRoleAssignement (Application Role) assigned to user by calling Graph API. I was referring Stackoverflow link. Is there any method available in which I can use in my C# code to delete AppRoleAssignment.
When I get users from active directory, the AppRoleAssignement always come null, even if an application role is assigned to a user.
Kindly, help me providing a correct version of dll and available method to delete AppRoleAssignment.
Thank you.
Hi all,
We aim to implement Azure AD connection health to monitor and gather reports on our ADFS infrastructure.
I know that the service stills in preview but is there any options to tune the information gathering or monitoring check periods ? Can we configure the installed agents ?
For example:
Regards, Samir Farhat Infrastructure and Virtualization Consultant || Virtualization, Cloud, Azure ? Follow and Ask here https://buildwindows.wordpress.com
Click reply and tell us what you think:Tutorial: Azure Active Directory Integration with Bamboo HR |
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Hi all,
we are planing to implement Azure Active Directory Connect Health. Azure Active Directory Connect Health will gathers and collects information.
Can you explain us more about this process:
- Where these information,ns are stored (Blob table i guess??)
- Can we control the information growth (Retention period, long term retention (datawarehousing))
I know that the service stills in preview but we are excited to use it and to know more about it
Regards, Samir Farhat Infrastructure and Virtualization Consultant || Virtualization, Cloud, Azure ? Follow and Ask here https://buildwindows.wordpress.com
Hi the Azure AD Connect Health community,
Can you please add more details on information posted on the technet
documentation. Can we know what are the information reported by Azure AD Connect Health. This
blog presents some of this information, but can we have a complete article about it
Regards, Samir Farhat Infrastructure and Virtualization Consultant || Virtualization, Cloud, Azure ? Follow and Ask here https://buildwindows.wordpress.com
Hello Experts,
we have on boarded to WAAD as a 1st party and we have developed amulti-tenant application for user and license management.
we have created a filter (like office 365) for displaying User with Global Admin Role/ user with User Management Role/ User with License /User without License.
Current Implementation:
we loop through the user list and for each user we are making a call to get the license information/ role information.
Issue:
it works fine with limited number of data, but with large number of users/license, it is creating problem.
Ask:
Need guidance on how to solve this issue?
Note: we are using Graph client version 2.0.
Any help would be much appreciated.
Thanks,
Ritesh
I have recently created a new Azure account via our Action Pack subscription so that I could activate the Azure credits benefit. I contacted Microsoft Support and they migrated everything across from the old Azure subscription to the new Azure subscription OK. They said that I would have to migrate Active Directory manually.
I have tried the doing the following after logging in to the new Azure subscription:
•Active Directory > Add Directory > Use Existing Directory
•Tick the box that says "I am ready to be signed out" then signed back in with the Office365 credentials
•Accepted the message to 'use xxxx directory with Microsoft azure' then clicked Continue
•Saw a message saying "You can now use the 'xxxx' directory with Microsoft Azure when you sign in using your Microsoft account 'blah'
•Signed back in to Azure as 'blah' and found that it still shows there a 0 Active Directory
Is there something I am doing wrong? Is this because the new Azure subscription is a Microsoft Partner Network subscription (linked to our Action Pack)
Thanks in advance.
I have a basic (Pay-As-You-Go) Azure subscription registered with my personal Microsoft account (dale.newhart@outlook.com) The tenant is statlab.onmicrosoft.com. It was set up a few years ago as for trial, training and testing. While working at a customer site last year, implementing Office 365 and Intune, I managed to assign the customer's Azure AD (user and group objects associated with Office 365 and InTune) to this Azure subscription. My dale.newhart@outlook.com account is listed as a Global Administrator for the customer's Azure AD. I am no longer working with this customer and would like to remove the customer's Azure AD from my Azure subscription. Is this even possible? Is there some documentation on how to do this without hosing the customer's Azure AD?
Thanks!
I am new to Azure AD, and more specifically using the Single Sign-On capabilities for web based applications listed in the Single Sign On catalog. ADFS and Password sync is (correctly?) configured already for Office 365. Meaning, users can enter their user@domain.org email and are automatically logged in. Please forgive my ignorance...
I am attempting to understand why users are prompted to either enter their email address, or click a button on our organization's Access Panel, for applications configured for single-sign on. Screen Shot attached.
With competing services, for example OneLogin, when configured correctly, end-users on a domain joined workstations, logged in with their Active Directory credentials, are immediately logged into a supported application.
As is built now, when I utilize Azure AD Single Sign-On capabilities, users are prompted to verify their identity - either requiring a username@domain.org or by clicking a box with their username@domain.org already filled in.
I am using the Single Sign-On URL listed for the specific app in question found in the Azure management interface. When a configured end-user uses that link, they are directed to a page living on login.microsoftonline.com and forced to click a button with their corporate email. Below that is an option to use another account.
How do I bypass this? Is there an option to have users directly sent to the application and logged in without first having to enter (or confirm) their corporate account?
Thank you in advance!
Hello,
I wrote myself a little user management tool using the GraphApi (Microsoft.Azure.ActiveDirectory.GraphClient). If I let the tool sign in with a user that only has the role user assigned:
it cannot create or delete users, but assign new passwords to other users with the following code:
List<IUser> users = await getUsers().ConfigureAwait(false);
IUser userToModify = users.Find(user => user.UserPrincipalName == CurrentUser.UserPrincipalName);
userToModify.PasswordProfile = new PasswordProfile
{
Password = password,
ForceChangePasswordNextLogin = false,
};
userToModify.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword";
await userToModify.UpdateAsync().ConfigureAwait(false);Below you find the code to authenticate against ad:
/// <summary>
/// Async task to acquire token for User.
/// </summary>
/// <returns>Token for user.</returns>
public static async Task<string> AcquireTokenAsyncForUser()
{
return GetTokenForUser();
}
/// <summary>
/// Get Token for User.
/// </summary>
/// <returns>Token for user.</returns>
public static string GetTokenForUser()
{
var redirectUri = new Uri("https://localhost");
AuthenticationContext authenticationContext = new AuthenticationContext(Constants.AuthString, false);
if (TokenForUser == null)
{
if (Configuration.AuthenticationMode == AuthenticationMode.ProvidedCredentials)
{
var userCredentials = new UserCredential(Configuration.UserName, Configuration.Password);
AuthenticationResult userAuthnResult = authenticationContext.AcquireToken(Constants.ResourceUrl,
Constants.ClientIdForUserAuthn, userCredentials);
TokenForUser = userAuthnResult.AccessToken;
}
else if (Configuration.AuthenticationMode == AuthenticationMode.CredentialsDialog)
{
AuthenticationResult userAuthnResult = authenticationContext.AcquireToken(Constants.ResourceUrl,
Constants.ClientIdForUserAuthn, redirectUri, PromptBehavior.Always);
TokenForUser = userAuthnResult.AccessToken;
}
else
throw new InvalidOperationException("Invalid mode: " + Configuration.AuthenticationMode);
}
return TokenForUser;
}
/// <summary>
/// Get Active Directory Client for User.
/// </summary>
/// <returns>ActiveDirectoryClient for User.</returns>
public static ActiveDirectoryClient GetActiveDirectoryClientAsUser()
{
Uri servicePointUri = new Uri(Constants.ResourceUrl);
Uri serviceRoot = new Uri(servicePointUri, Constants.TenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await AcquireTokenAsyncForUser());
return activeDirectoryClient;
}Any idea how that can be?
Hi,
I have an expired trial subscription which holds my azure ad for office 365 and has my personal domain name registered with it.
I also have an msdn azure subscription. I'd like my Azure AD for Office 365 to be in the msdn azure subscription.
Can I move the azure AD between subscriptions?
Thanks,
Lee