Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Change the username (email) of my microsoft account in the default directory

September 15, 2015, 7:59 pm
$
0
0

Hi,

I activated my azure account using my old Microsoft account email (A@old.com). Later I changed my Microsoft account to use another email (B@new.com).

When I tried to create a Key Vault today, I got this error:

New-AzureKeyVault : Cannot find the Active Directory object 'B@new.com' in tenant
'some tenant'. Please make sure that the user or application service principal you are
authorizing is registered in the current subscription's Azure Active directory. The TenantID displayed by the cmdlet
'get-AzureSubscription -current' is the current subscription's Azure Active directory.

So I looked at the default directory, and found the user name is listed as A@old.com, even though I logged in using B@new.com username.

Is there anyway to update the default directory to use the B@new.com address instead?

Thanks.

Search

Import-Module : The specified module 'msonline' was not loaded because no valid module file was found in any module directory

September 28, 2015, 9:20 am
$
0
0

tried to install the Azure AD powershell module on my computer so I'd be able to make PSSession using the MSONLINE cmdlets.

After I installed the Microsoft Online Services Sign-in Assistant (version7.250.4556.0) and then installed the latest Windows Azure AD Module for Windows Powershell, I get the above error in the title.

I can do following cmd and get output :

(get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion

1.0.8362.1

The error pops up when I try to load the module by typing :

Import-Module MSOnline

Computer : Microsoft Surface Pro 3

OS Version : Windows 8.1 64-bit

PowerShell Version : Major 4 Minor 0 Build -1 Revision -1

Any help with this is greatly appreciated.

How can I filter by group in Azure Active Directory Connect?

September 28, 2015, 9:06 am
$
0
0

Hi ,

We had a working synchronization with AADC to Azure with a select group. We configure it using the following option (as explained at https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-get-started-custom/ )

We accidentally changed this to sync all users during some testing however we would like to revert to just synchronization the one group we originally had. The problem is that the entire "Filtering" sub menu has disappeared from the sidebar when we run the configuration again and we cannot revert back. Obviously synchronizing a group can be done as it was an option before, how can I bring this option back? Thank you in advance.

Joe

How to Setup Azure AD/Sharepoint Farm for Training Purposes

September 28, 2015, 8:36 am
$
0
0

Hello! Twitter customer @r_chokshi would like some advice on the following scenarios: "I am setting up a SharePoint 2013 farm in Azure for Training purposes for a customer with an Azure EA subscription. Azure will be used standalone and the Azure AD will NOT connect with the On Prem AD. Should I used Azure AD Basic for training and SharePoint Service accounts for Azure OR should I setup a Domain controller and domain on an Azure VM and use account on that? Thanks."

Thank you for your assistance!

@AzureSupport

The specified domain either does not exist or could not be contacted (Exception from HRESULT:0x8007054B)

July 1, 2015, 10:22 am
$
0
0

We have an Active Directory with a "dotted" NETBIOS domain name (e.g. "CONTOSO.ORG" rather than "CONTOSO").

We had to rebuild our DirSync server and decided to take a clean install approach using the GA release . Here are the steps we've taken:

  1. Clean install of Windows 2012 R2
  2. Downloaded and installed the GA release of the new Azure AD Connect tool
  3. Successfully completed the installation wizard using an account with Azure Global Administrator role as well as being a member of the local AD's Enterprise Administrators group.
  4. Launched the Synchronization Service Manager and opened the properties of the connector for the "Active Directory Domain Services" and attempted to view/edit the selection of the directory partitions.
  5. Got the error message of "The specified domain either does not exist or could not be contacted. (Exception from HRESULT:0x8007054B)
  6. Attempted to "Refresh Schema" for the connector and get the following message of "An error was encountered during the schema refresh. Please try again later."

...could these errors be related to the fact that our local AD's legacy NETBIOS name has a "dot" in it?  We're too scared to do a domain rename operation at this point, but will need to consider it if this is indeed the root cause.

Any help would be GREATLY appreciated!



Unable to remove Azure AD Premium trial plan from AAD instance

September 23, 2015, 12:02 pm
$
0
0

Hi all, I've been digging around for a while now and haven't see anything that could help so I figured I would ask.  I set up a test Azure AD instance in our Azure portal and was trying out some Azure AD Premium features with a trial license plan that you can assign that instance.  The trial expired and now I'm trying to remove the Azure AD instance, but it doesn't seem to let me giving the error:

  • Directory has one or more subscriptions to Microsoft Online Services.

I suspect the trial for AAD Premium is the subscription is complaining about, but wasn't sure if there was a way to delete that license plan?  Is the only way a support ticket, or is there something I can do to delete it through AAD Powershell?

Thanks in advance...

AADC Configuration database with the same name already exists

August 28, 2015, 7:39 am
$
0
0

Running through the Azure Active Directory Connect setup and I get an error that states:

"An error occurred executing Configure New ADFS Task task: An error occurred while executing the "Install-AdfsFarm' command. An AD FS configuration database with the same name already exists; specify that the existing database is to be overwritten.

We had a test deployment of ADFS 2.0 on another server that I thought I had removed. I am using a different ADFS service name than the old installations (old was adfs.xxx.xxx new is sso.xxx.xxx)


RBAC with Azure Active Directory

September 23, 2015, 6:38 am
$
0
0

I'm trying to setup Role-based access control in the Azure Preview Portal using Azure AD accounts.  In the full (non-preview) Azure Portal I have added an existing Azure AD (an Office 365 account).  I can now view the users and groups in that Azure AD from that Portal.

My understanding is that I should be able to go the Azure Preview Portal and assign access control to resources and subscriptions using the users and groups in that Azure AD.  When I try to do this, it does not find those users.  I can only assign users with Microsoft Accounts.

I've looked here: http://weblogs.asp.net/scottgu/azure-sql-databases-api-management-media-services-websites-role-based-access-control-and-more
and here: https://azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/
But I don't see any additional steps that I'm missing.

Am I missing a something?  Should this work?

Thank you,
Tony Bianucci

Search

How to use LDAP to connect to Azure AD

September 28, 2015, 11:31 pm
$
0
0

Hi All,

I am completely new to Azure AD. I have developed a web based application and planning to deploy the application onto Azure Tomcat. My application has LDAP configuration done in one of the xml file as showed below.

             <property name="server" value="ldap://ldaphostname" />
                <property name="port" value="ldapport" />
                <property name="user" value="uid=admin,ou=system" />
                <property name="password" value="password" />

   I can't change this configuration to something else as large coding was done using this. Now I have created AD on Azure and created some users and groups. But I have no clue how to get the above details to use in my application configuration. Basically I am looking for ldaphostname, ldapport, uid and OU.

And also the user id's created in Azure AD is attaching lwbad.onmicrosoft.com  as domain name. which I don't want.

Any quick help is appreciated.

Azure Password Reset - Challenge Data beig forced to two responses when Password Policy is set to one in Azure

September 28, 2015, 10:24 pm
$
0
0

Hi

Azure Cloud AD and Local Ad Domain - Federated

Writeback enabled and working


I am trying to trouble-shoot an issue with our Azure AD Password writeback settings

I have set the a Azure Password reset policy to one set of challenge data (from a choice of two methods set at registration)


The problem I'm having is that when we use the password reset portal passwordreset.microsoftonline.com

we are forced to answer two challenge questions (despite the recommended my company only wants one)


Has anyone experienced this issue, and/or have any suggested resolutions?


thanks for any help

AD FS 2.0 and Azure AD Connect Compatibility

September 17, 2015, 8:55 am
$
0
0

Hi,

We are in the process of designing a solution around Microsoft Intune and would like to utilise Single Sign-On. In order to do this we need to use Azure AD Connect and we would like to use the SSO federated option. The on-premise infrastructure consists of an existing AD FS 2.0 farm that is running on Windows Server 2008 R2.

I've logged a case with Microsoft Support but they are unable to categorically tell me that this configuration will not work.

Is anyone able to assist with my query?

Thanks

Cormac

Adding ADFS to an exising Azure AD Connect install

September 29, 2015, 3:28 am
$
0
0

Hi,

Looking for some guidance around this scenario. We have built a new domain and implemented Azure AD Connect to sync with our O365 tenant. This all works fine and as expected. Now I want to use Azure AD Connect to install and configure AD Federation Services to implement SSO. The Azure AD Connect install doesn't allow you to add the ADFS option once installed. So what are the implications of uninstalling Azure AD Connect and reinstalling it with ADFS options selected, or I do have the option of running the install on another server and just selecting the ADFS options, which would be the best way to go?

Thanks

Computastar

AADC Functionality? - sync only a few attributes and leave rest editable in Azure

September 29, 2015, 12:46 am
$
0
0

To keep this a little more structured, we have many customers, who have the same issues as this guy here :

https://community.office365.com/en-us/f/613/t/410305

This lead me to ask questions about the old DirSync, etc, which obviously would never offer the functionality to edit a user on 365 who had been synced from onprem to 365 as the source of authority was onprem! - This I understand, and although it was rather frustrating, and several people decided to remain onprem because of this exact fact, editing users on prem without exchange is not exactly simple, and although it will keep us comfortable with ADSIedit in a job, its not very customer friendly.

Then AADC was released, and I noticed the ability to only sync certain attributes, and thought this would mean i could finally sync only a couple of attributes, enough to soft match users, and sync the password hash. but still have the nice GUI functionality to edit things like email addresses etc. - I've tested it here on a few environments and had no luck, which leads me to believe its not possible.

I've posted this question here : https://community.office365.com/en-us/f/613/t/410749

So in short, is what i want to achieve possible? or not? and if not is it a future planned feature? or should I just give up!? :)

Thanks in advance, Ben.

Ben Harris


New-AzureADApplication – how to target specific Azure Active Directory domain?

September 29, 2015, 10:09 am
$
0
0

Hi

Does anyone know how to use New-AzureADApplication cmdlet via PowerShell to create a new Azure Active Directory Application but in a specific Azure Active Directory Domain rather than the default one? If it is using the -Profile parameter, how is it done?

https://msdn.microsoft.com/en-us/library/dn986794.aspx

Many thanks, Rob

Azure active directory permission

August 31, 2015, 4:26 pm
$
0
0

Hi,

I am trying to create ad application using powershell script and getting the permission denied error, I am logging in using Microsoft account( MSDN subscription). Please let me know if you have idea how to fix the issue. I can create application on the azure portal without issues.

New-AzureADApplication : {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}
At line:1 char:1
+ New-AzureADApplication -DisplayName 'testss'  -HomePage  'http:\\test.com' -Iden ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzureADApplication], CloudException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.NewAzureADApplicationCommand


Search

Get AAD user name on .NET backend (Azure Mobile App) (SID to objectId)

September 29, 2015, 10:23 am
$
0
0

Hello,

I'm developing an universal app, using the MobileServiceClient. Login to AAD works with no problems.

But on the .NET backend, I'm not able to determine, which user logged in. In the TableController, I can access the User property (type is MobileAppUser):

- User.Id is a security identifer like "sid:xxxxxx".
- User.Identity.IsAuthenticated is true
- User.Identity.Name is null !!!

So, I need a way to get the objectId (of the AAD user) by using the above security identifer.

Any help is appreciated, thank you.

Lars

SAML SSO and Azure AD Signature or Certificate problems

September 10, 2015, 2:55 pm
$
0
0
Looking for help from either Azure Support or other community member with some experience with this.

We are trying to test using Azure AD as an IdP to SSO into Salesforce, but seem to be running into issues with the Assertion Signature or Certificate.

We followed the following steps from Azure MSDN site::
https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-salesforce-tutorial/

But we are getting the following error in the browser trying to access SFDC:
1Login Error
2Your login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.


In the SAML Validator in SFDC I am seeing the following error in step 11:
111. Validating the Signature
2Is the response signed? false
3Is the assertion signed? true
4The reference in the assertion signature is valid Signature or certificate problems
5The signature in the assertion is not valid
6Is the correct certificate supplied in the keyinfo? false

My concern is that the certificate that we have been told by Azure to upload to SFDC may be incorrect or uploaded to the wrong place or there is some other setting in SFDC that we missed, but I have no idea how to verify this and we simply uploaded the certificate from Azure based on the instructions provided.

The consultant we are working with on the Azure side did mention something about Azure AD using "Signing Key Rollover" and that it may be possible that SFDC does not trust the certificate that Azure is sending since the key in the certificate may be changed every so often.

Is anyone able to shed some light on this for me?

Thanks
Miguel =) 

Office 365 Authentication

September 29, 2015, 11:18 am
$
0
0

I see a lot of links on how to enable login of an Office365 account to a web app hosted in Azure but I'm overwhelmed by them. Some questions I have:

1.  It seems I can use Access Control Service, but I also have the option not to, is this right?

2.  Do I need to have an ADFS setup or this is also just another way to do this?

3.  Is there a configuration that must be performed on the company's office 365?

4.  What is the simplest way to have this SSO configured?  By simple I mean the least amount of configuration setup needed.

Can anyone point me to a comprehensive and updated link on how to do this for an existing MVC application?  

Is it possible to have both an "Microsoft Account" and "Organisational Account" with the same email address to co-exist in the same AAD

September 22, 2015, 11:27 am
$
0
0

Hi,

I am having a brain melt down today, mainly because I am sure I've done this in the past but I am starting to think I might have dreamt it all!

Is it possible to have both an "Microsoft Account" and "Organisational Account" with the same email address to co-exist in the same AAD?  As mentioned I am sure I've had this working before but I can't get it to work now, maybe something in MS land has changed or maybe I've lost more brain cells than I first thought.

Thanks

Rob

Azure AD Connect (Attribute Filter) Extended Attribute 1 - Rule Editor

September 29, 2015, 9:24 am
$
0
0

I have 3 scenarios with Extended Attribute 1

It is either filled in with a specific sting value pertaining to this user's role. It can have either "Staff" or "Student". Then there are users with a blank Extended Attribute 1.

I want to create an additional rule in the Synchronization Rule Editor to filter out these users with no value filled in and not Sync them to Azure AD. I do not want to touch the default rules created by the installation.

Hope you can help.

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>