Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Unable to download Azure AD Connect

November 4, 2015, 7:19 am
$
0
0

I am wanting to set up Azure Active Directory and sync it with my corporate AD. When I click the link on the directory setup page to "Download Azure AD Connect" in step 2, I get a Live.com sign in error page that says "Something went wrong and we can't sign you in right now. Please try again later." I've been trying for several days.

Any help would be appreciated. (I also get the same error message if I Bing "Azure AD Connect Download" and click the link there.)

Eric.

Eric Logsdon Cooperative Technologies, Inc.

Search

Failed to enable AAD Domain services

November 5, 2015, 4:20 am
$
0
0

I'm having problems enabling our Domain services. 

I chose dns domain name in form azure.ourdomain.com (our was exactly 15 letters) and I added it to existing Azure network which is in North Europe, so it should be enabled. The process runs for 1,5 hours and the slider goes back to "No" without any error messages. If I try to change network and try to run it again, it gives a message "Unable to save Domain Services settings". Any ideas?

AAD Domain Services - Group Policy Replication Failure

November 5, 2015, 7:46 am
$
0
0

I just setup AAD Domain Services yesturday. I got my first 2 VMs joined and was able to log in with domain accounts created in AAD. I started making changes to the 1 GPO we are allowed to edit (AADC Computers GPO) and noticed that none of the changes are syncing to the other domain controller. When I click Detect Now in the GPO MMC, it shows the second domain controller as having a replication in progress and has never been updated (still on version 1). 

I let things sit overnight and the repliaction issue still exists. I'm not surprised to see a replication failure, as I ran into this quite often when running Domain Controllers on Azure VMs, but since we don't have access to the Domain Controllers created for us when using Domain Services (as to be expected), I'm at a loss as to how to resolve this.

Also, today, when I go back in and try to edit the GPO, I only see some of my changes in the UI. If I click on the settings tab for the GPO object in the MMC, I see all my changes listed, but when I click on edit and navigate to some of them, they do not exist. 

Why can't I see an AAD that I'm global admin for?

October 27, 2015, 1:24 am
$
0
0

Hi.

I've added my Microsoft Account to an AAD created by another user and assigned my user in the AAD Global Admin rights. Despite this I can't see this particular AAD when I log on with my Microsoft Account, only the two AADs that I've explicitly created with that particular Microsoft Account.

As far as I can understand, giving my user Global Admin rights in an AAD should be enough for me to se an manage that AAD.

What am I missing?

Thanks.

Azure AD Connect Export Configuration

November 5, 2015, 9:10 am
$
0
0

Hello everyone

I have installed an Azure AD Connect (AAD Connect) server, and it is functioning successfully.

I am starting the process to install a second AAD Connect server as a staging server.

Is there a way to export the configuration from the first server to allow an import on the second server? When installing the staging server the usual wizard starts, and to complete the install I need to enter some synchronization information, once complete, then I could import the MA configurations from the other server. Is there other configuration outside of the MAs needed? That just seems a bit clunky.

On the staging server I can run the azureadconnect.exe cmd to start the Import configuration wizard, but on the active server, the azureadconnect.exe cmd to start the wizard with the "Export Settings" (as when run on a legacy Dirsync server) just starts the usual post install wizard.

Summary: how to export the configuration of an Azure AD Connect server to allow it to be imported on a second staging server.

Thanks

Alexis

QAlexis75

Why doesn't the My Apps mobile app published by the Azure Active Directory team for password-based SSO applications work on iPad?

November 5, 2015, 9:45 am
$
0
0

I got the Microsoft "My Apps" app from iTunes on my iPad Air 2, but it does not work. 

Specifically:

Start the app on iPad with iOS 9.1

Enter email valid address for Azure Organizational Account

Hangs with "Redirecting ... We're taking you to your organization's sign-in page

This prevents employees for using any of the password-based SSO apps we have provisioned in Azure AD. 

Neil

Troubleshooting "Insufficient privileges to complete the operation" When Attempting To Read AAD Graph

October 29, 2015, 2:24 pm
$
0
0

My company runs an Azure-hosted multi-tenant web app that successfully uses our company AAD to authenticate users but when the app tries to read the AD Graph for an authenticated user it reports the error "Insufficient privileges to complete the operation". The graph read attempts include users, getMemberObjects and checkMemberGroups all using api-version=1.6.

The app has the following delegated permissions in the AAD configure portal: Read all groups, Access the directory as the signed-in user, Read directory data, Sign in and read user profile. No application permissions are set.

In the web app C# server code, an authorization header is created and added to the HttpClient that makes the Graph call.

The same web app registered as multi-tenant against a development AAD with the same delegated permissions granted is able to authenticate users and then read the AD graph to retrieve user and group information. I have not been able to identify any differences in the AAD or web app configuration between production and development.

One difference between the two scenarios is that against the development AAD, the first time an admin user signed-in he was prompted to grant permissions for the app to access the AD graph but against the production AAD the admin user was never prompted.

Any suggestions on troubleshooting this, what settings to check in the production AD or how to force AAD to prompt an admin user to grant access to the AD graph?

Thanks,

Frank Rolinson

Custom domain to improve sign on experience ?

November 5, 2015, 10:15 pm
$
0
0

I wanted to know what improvements are  meant besides the custom URL ' by adding custom domain tot office online ?what i think 

Now login user@my. onMicrosoft.com is in azure /officeonline domain ? if its  user@custom.com wil'login at https://custom.com were the  domain controller checks azureAD ? 

This comes tot me by adding my windows 10 PC to the domain my.onMicrosoft.com but when i try log on  to PC seems local version of the .onmicroft user still need for liveid.  As i can not make a liveID with office online email i am missing something..?

Thanks for any info '

zfrut

Search

ActiveDirectoryClient only get 100 users

October 27, 2015, 1:51 am
$
0
0

hi,

I want get users from azure by using ActiveDirectoryClient.

But it only return 100 uses.

My ActiveDirectoryClient version is 2.0.6(Microsoft.Azure.ActiveDirectory.GraphClient.2.0.6).

How can i do with this?

my code is:

retrievedUsers = activeDirectoryClient.Users.ExecuteAsync().Result.CurrentPage.ToList();

Os State Roaming

October 19, 2015, 5:09 am
$
0
0

Hi,

I have something very new. A Windows 10 Azure Ad joined machine to Office 365. But OS state roaming. (Synchin my settings for one Windows 10 to another windows 10 device is not working. When I check settings in Windows 10 it is greyed out.

Where in Office 365 or azure can I turn this on? I have no idea if this feature is available for an azure ad account yet.

Kind Regards

David

Screen shot

Can I use "Azure Active Directory Domain Services" to domain-join my desktops from my on-premise network through VPN?

November 6, 2015, 2:32 am
$
0
0

Hello,

we are a new company with 20 employees. We don't have a local Active Directory. Instead we are only using "Azure Active Directory" and the "Azure AD"-domain-join feature of Windows 10 to provide SSO for our employees. 

However we would now like to start using "Group policies" to manage our desktop clients. Is the new service "Azure Active Directory Domain Services" meant to replace local AD installations as well or is it only useful within our Azure network for server VMs? 

In other words, can we setup "Azure Active Directory Domain Services" for a "virtual network" in our Azure Subscription which has a VPN connection to our local on-premise network and use this to domain-join our desktops from our on-premise network? 

If yes, can we use all features of "group policies" or does "Azure Active Directory Domain Services" provide only a subset of group policy features?

thanks for your help and best regards, christian

Azure ACS

November 5, 2015, 10:57 am
$
0
0

This is a general Azure ACS questions and if this is the wrong place to post this please point me in the right direction.

We have setup ACS Name Spaces for various environments we have for authentication (INT, QA, Staging, Production, etc).

We have a couple identity providers for each (ie, providers for 2 different companies to do SSO authentication)

In a particular environment say QA, we have these 2 identity providers and also a relying party setup with a realm site and a return URL.

We were wanting to have 2 different return URL's for the 2 different companies that do SSO auth into our site.

It seems like we are only allowed to have 1 realm per name space so we are not able to add a second relying party to the second return URL using the same realm.

Is there another way to have a second URL based on which identity provider the auth comes through?

Thanks in advance.

Thanks Lance

Reset passwords for user in partners AD

October 12, 2015, 7:06 am
$
0
0

Hello guys,

My company is participant of Microsoft Cloud Solution Parther program. Now we are investigating how to admin AD users of our clients. The first task is reset a password for user from client's AD. We have an access to all our clients via Partner web application (https://portal.office.com/Partner/Default.aspx) Using my company admin's credentials it is possible to open admin center for each client. It is turned out that being logged as my company admin I can manage users from client's AD. For example, I logged as admin@mycompanysb.onmicrosoft.com but can manage any user from customer1mycompanysb.onmicrosoft.com domain. (mycompanysb is partner for customer1). Now I want to reset a password for one user in  customer1mycompanysb.onmicrosoft.com domain programmatically. Here is the code:

            string authString = string.Format("https://login.windows.net/{0}", "mycompanysb.onmicrosoft.com");
            var authenticationContext = new AuthenticationContext(authString, false);

            var clientCred = new ClientCredential(clientId, clientSecret);
            string resource = "https://graph.windows.net";

            AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
            string adToken = authenticationResult.AccessToken;
	    Customer.ResetAdminPassword("cust1mycompanysb.onmicrosoft.com", adToken);

...

        public static void ResetAdminPassword(string domain, string saToken)
        {
            var client = new RestJsonClient(string.Format("https://graph.windows.net/{0}/users/admin@{0}?api-version={1}", domain, "1.6"));
            var request = new RestRequest(Method.PATCH);

            request.AddHeader("Authorization", " Bearer " + saToken);
            dynamic body =
            new {
                passwordProfile = new
                {
                    password = "Password1",
                    forceChangePasswordNextLogin = false
                }
            };
            request.AddJsonBody(body);
            client.Execute(request);
        }

and I got a 400 response with message "Invalid domain name in the request url." in 

	    Customer.ResetAdminPassword("cust1mycompanysb.onmicrosoft.com", adToken);

however the password can be set for mycompany without error:

	 Customer.ResetAdminPassword("mycompanysb.onmicrosoft.com", adToken);

How I should obtain token that would be applicable for cust1mycompanysb.onmicrosoft.com domain too?



AD Connect - Mulitple Servers

November 6, 2015, 4:40 am
$
0
0

Is it possible to have AD Connect running on multiple servers through out the domain or is advisable to have it running only on one with a secondary as a backup only that is not active?

Thanks for you help.

“Bring your own app” with Azure AD Self-Service SAML configuration - Support for Identity provider initiated login?

October 26, 2015, 8:39 am
$
0
0

“Bring your own app” with Azure AD Self-Service SAML configuration -  Support for Identity provider initiated login?

http://blogs.technet.com/b/ad/archive/2015/06/17/bring-your-own-app-with-azure-ad-self-service-saml-configuration-gt-now-in-preview.aspx

We are looking for support for Identity provider initiated login for our App. Does anyone know when it coming or is on the RoadMap?

Regards,

Maqsood.

Search

AD Connect Sync Error

November 6, 2015, 12:19 pm
$
0
0

I have just recently setup AD Connect to do smtp mapping between our onsite AD and Azure AD. I made sure all the account information matched before I did the sync as.

I have one user that I always get the following error with that I cannot figure out what to do. I have tried every trick and article I can find. All my other users synced fine.

Unable to update this object because the
following attributes associated with this object have values that may already
be associated with another object in your local directory services:
[UserPrincipalName jsmith@mydomain.com;].
Correct or remove the duplicate values in your local directory. Please refer to
http://support.microsoft.com/kb/2647098
for more information on identifying objects with duplicate attribute values.

Display Name                                    User Name                                                Status

Joe Smith                                          jsmith@mydomain.com                              In Cloud

Joe Smith                                          jsmith@mydomain.onmicrosoft.com            Synchronized with Active Directory

Something went wrong when trying to join Windows 10 Enterprise to Azure AD.

November 6, 2015, 5:03 am
$
0
0

hi

I get a something went wrong error when trying to join any windows 10 Enterprise machines to AAD.

The error message doesn't tell me a lot (something went wrong). I can't attache a screenshot, as I have to verify my account.

In Azure, I have under Devices: Users may join devices to azure ad -> All

Users may Register their devices with azure ad -> All is selected but greyed out

In Intune, admin-mdm - mdm device Management authority -> set to Microsoft intune.

Has anyone any ideas?

Thanks

Noel

Azure AD Connect Health - Health service data is not up to date

November 6, 2015, 10:18 am
$
0
0
Installed the service on four servers, a two server AD FS farm and two WAP proxies. They all worked for a few days, then the two AD FS servers started giving the warning in the title. One has cleared up on its own but the other server still shows the warning. No errors in the event log. Tried uninstalling and reinstalling. No luck. Any suggestions?

Can you join Win 7 do AzureAD?

November 7, 2015, 9:01 pm
$
0
0

Hello,

Is it possible to join a Windows 7 PC to Azure AD? For a goal, let's start with enforcing password strength. I have been told by MS sales that it is possible, but Office365 support and everything I have found on the internet only shows Windows 8 and 10. If it is possible, can you please provide instructs for that? Thank you in advance.

how to differentiate between on premise user and cloud user azure

November 3, 2015, 11:47 am
$
0
0

Hello Experts,

how to differentiate between on premise user and cloud user azure ? I mean which property in user entity can tell me if user is synced from On Premise AD or in Azure AD.

I am confused whether to user  dirSyncEnabled or immutableId.

or  there is some other way. Please provide some guidence.

Thanks,

Ritesh



Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>