Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Graph Client : Throwing "insufficient privileges to complete the operation" on creating ad user

October 12, 2015, 6:12 am
$
0
0

All of sudden, when we try to add user using graph client (version 2.1.0 of Microsoft.Azure.ActiveDirectory.GraphClient), we get Authorization_Request denied "insufficient privileges to complete the operation".

We do have permission set right for the ad application, and there has been no change in it:




Please help why all of a sudden this issue started without any changes.

Thanks in advance!
Search

Azure AD Connect Installation error

November 9, 2015, 9:06 am
$
0
0

Fresh install to a 2012R2 VM using AzureADConnect.exe /migrate, using the exported configuration from existing DirSync server v1.0.6862.0 for running in parallel. I only have to enter three credentials. One for the global admin, one for the enterprise admin and one for the service account. I've logged in with all three of these credentials and still cannot figure out which account it is complaining about.

Below is the log where I'm getting an error that username or password is bad. MSOL account gets created, remote SQL database is created. Scheduled task gets created, local groups get created and  

[08:27:59.818] [ 18] [INFO ] Synchronization account will have account name <MYDOMAINNAME>\MSOL_6e2057dab686

[08:28:00.062] [ 18] [INFO ] Synchronization account was created successfully.
[08:28:00.180] [ 18] [ERROR] Caught exception while creating synchronization account.
Exception Data (Raw): System.Security.Authentication.AuthenticationException: The user name or password is incorrect.
 ---> System.DirectoryServices.DirectoryServicesCOMException: The user name or password is incorrect.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.Domain.GetDirectoryEntry()
   at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
   at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.GrantAllActiveDirectoryPermissions(NetworkCredential enterpriseAdminCredential, String syncAccountName)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateSynchronizationAccount(NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, EventHandler`1 progressChanged, Guid& currentActivityType)
[08:28:00.236] [ 18] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[08:28:00.238] [ 18] [INFO ] Updating state of activity ConfigureSyncEngineForPwdSync from InProgress to Failed

mike

Something went wrong when trying to join Windows 10 Enterprise to Azure AD.

November 6, 2015, 5:03 am
$
0
0

hi

I get a something went wrong error when trying to join any windows 10 Enterprise machines to AAD.

The error message doesn't tell me a lot (something went wrong). I can't attache a screenshot, as I have to verify my account.

In Azure, I have under Devices: Users may join devices to azure ad -> All

Users may Register their devices with azure ad -> All is selected but greyed out

In Intune, admin-mdm - mdm device Management authority -> set to Microsoft intune.

Has anyone any ideas?

Thanks

Noel

MSOnline module displays no commands in get-module

March 2, 2015, 12:54 pm
$
0
0
I have installed the Microsoft Online sign on assistant and the current version of Microsoft Windows Azure Active Directory module; however the list of exported commands is blank when runningGet-Module -ListAvailable MSOnline.  The module loads but I do not have access to the cmdlets. I have already uninstalled and re-installed both the online assistant and the Azure Active Directory module but this has not helped. 

***** This posting is provided "AS IS" with no warranties, and confers no rights.

It is supported to change/reduce the default schedule of the "Azure AD Sync Scheduler" task?

November 10, 2015, 1:09 pm
$
0
0

Hi,

As the title says... It is supported to change/reduce the default schedule of the "Azure AD Sync Scheduler" task created by AADSync in a hybrid Exchange environment? I would like to reduce drastically the time between runs of this task so I can be sure that if a password change occurs on-prem then no more than lets say 10 minutes will pass between syncs.

Thanks.

authorization for third party web applications using Azure AD

November 10, 2015, 8:39 pm
$
0
0

hi,

An web application URL has been registered with Azure AD hence users are redirected to Azure login and able to authenticate using Azure AD credentials when accessing these web URLs via browsers. However, users are also able to enter their personal live id to reach the application page as well. Currently, users using their personal live id would see application error as applications check for authorization against their username.

Hence, I would like to check if this is the expected correct behavior. The authorization to web applications would be handled within applications.

Or are Azure AD administrators able to configure and lockdown further during application registration with Azure AD. Thanks

Failed to enable AAD Domain services

November 5, 2015, 4:20 am
$
0
0

I'm having problems enabling our Domain services. 

I chose dns domain name in form azure.ourdomain.com (our was exactly 15 letters) and I added it to existing Azure network which is in North Europe, so it should be enabled. The process runs for 1,5 hours and the slider goes back to "No" without any error messages. If I try to change network and try to run it again, it gives a message "Unable to save Domain Services settings". Any ideas?

Getting "Authorization_RequestDenied" error message when try to change a password to the user in role "User"

November 11, 2015, 2:01 am
$
0
0

Hi,

We have change password functionality which had been working till now, but all of sudden it stopped working and throwing "Insufficient Privileges Exception".

The user am trying to change the password is in "User" role in AD. and I have enabled all the Application Permission and Delegated Permission.But Still I am getting the error.Please look at the below code on How I am acquiring the token.

// Instantiate an AuthenticationContext for my directory (see authString above).               AuthenticationContext authenticationContext = new AuthenticationContext(GetConfigValue(Constants.AuthString), false);               
 // Create a ClientCredential that will be used for authentication.               // This is where the Client ID and Key/Secret from the Azure Management Portal is used.               ClientCredential clientCred = new ClientCredential(GetConfigValue(Constants.ClientID), GetConfigValue(Constants.ClientSecret));               // Acquire an access token from Azure AD to access the Azure AD Graph (the resource)              // using the Client ID and Key/Secret as credentials.               AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(GetConfigValue(Constants.ResAzureGraphAPI), clientCred);               AccessToken = authenticationResult.AccessToken;               // Return the access token.              
 return authenticationResult.AccessToken;

Search

Azure AD Connect Install Error - Password Policy Requirements

November 10, 2015, 8:51 am
$
0
0

I have tried installing the most recent Azure AD connect on 3 different Windows Server 2012 R2 VM's. The installation gets all the way to the point where it is creating the local AD sync account, then fails with an error that the password doesn't meet password requirements. I have changed the Default Domain Policy GPO to no complexity/0 passwords remembered/6 characters AND back to complexity/8 characters/24 passwords remembered. I ran GPUPDATE on the DC and installation VM after each GPO change, but the installation continues to fail. Anyone experience this or have any ideas?

Thank you for any advice.

[11:38:08.547] [ 10] [INFO ] Synchronization account will have account name XXXXXXXXXXX.LOCAL\MSOL_a0966afb0e72
[11:38:08.727] [ 10] [ERROR] Caught exception while creating synchronization account.
Exception Data (Raw): System.DirectoryServices.AccountManagement.PasswordException: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Exception from HRESULT: 0x800708C5) ---> System.Runtime.InteropServices.COMException: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Exception from HRESULT: 0x800708C5)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.AccountManagement.ADStoreCtx.Insert(Principal p)
   at System.DirectoryServices.AccountManagement.Principal.Save()
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.AccountManagementAdapter.CreatePrincipalCore(Principal principal)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.AccountManagementAdapter.CreateUser(String userSamAccountName, SecureString userSecurePassword, String userDescription, Boolean userPasswordNeverExpires)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateSynchronizationAccount(NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
[11:38:08.728] [ 10] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed

I cannot add my email account used in AAD joined machine to Windows 10 email app.

November 11, 2015, 3:25 am

ActiveDirectoryClient only get 100 users

October 27, 2015, 1:51 am
$
0
0

hi,

I want get users from azure by using ActiveDirectoryClient.

But it only return 100 uses.

My ActiveDirectoryClient version is 2.0.6(Microsoft.Azure.ActiveDirectory.GraphClient.2.0.6).

How can i do with this?

my code is:

retrievedUsers = activeDirectoryClient.Users.ExecuteAsync().Result.CurrentPage.ToList();

Azure Active Directory Sync Service tool in a multi-forest environment: which attribute to choose? (Not DirSync)

October 1, 2014, 3:41 am
$
0
0

Hi all,

I've already asked this on Office 365 Community Forum http://community.office365.com/en-us/f/613/t/267826.aspx.

Our scenario: we have a multi-forest environment due to a recent merger, with one forest with resources and some accounts and another forest with accounts only that should be migrated to the first one during time. We're at Wave 15 on our tenant.

We're configuring AAD Sync Service, but we need to choose the attribute to use as sourceAnchor; we think that the approach suggested in http://blog.msresource.net/2014/03/10/windows-azure-active-directory-connector-part-3-immutable-id/ should work.

In short:

  • if the mS-DS-ConsistencyGuid is empty, we'll generate the sourceAnchor value from objectID, then populate the mS-DS-ConsistencyGuid with the sourceAnchor value
  • if the mS-DS-ConsistencyGuid is populated, use that as the sourceAnchor (so we can match a user even if it is moved from one forest to the other)

Should that work? How can we get the tool to write back the sourceAnchor value to mS-DS-ConsistencyGuid?

Thanks

Join userid and domain name as one of the claim attribute

November 11, 2015, 12:17 pm
$
0
0

We have an requirement to send a unique identifier as userid@domainname.com as part of SAML token. Our current AD contains over 100 domain which cannot be accomodated as valid domain on the application as it exceed their limit. So sending the email or UPN seems like not an option.

Does Azure allow to concatenate any string as part of attribute. May be user.onpremisessamaccountname+"@Domainname". IS this a possibity while setting up the SSO configuration?

Please let me know if you need any additonal information that can help answer the question.

Thanks,

Gayatri

Azure AD Connect with Password Hash Sync

November 11, 2015, 9:10 am
$
0
0

I have a very urgent question to ask. My client has ADFS v2 already in production and married to Azure AD. When users try to sign into Azure, they get redirected to ADFS v2 for authentication.

I have installed Azure AD Connect at client site in staging mode. In the User Sign-In screen, I selected “Do not configure” because they already have ADFS and also want to do all authentication in ADFS. We don’t want to disturb that setup.

Now, client is requesting to also sync Passwords to Azure AD for backup purposes before we take out AAD Connect from staging mode. I ran the AAD Connect wizard again to customize the settings. “Password hash synchronization” box is disabled!

How do I enable password hash synchronization in this situation? Please help!

if migrate sql fba accounts in sp2010 to azure ad guest accounts in sp2013

November 11, 2015, 1:00 pm
$
0
0
I am migrating farm from sp2010 to 2013.  my company plans on premise deployment and has configured azure ad to integrate with us.  ADFS and app proxy server setup to direct credentials from external to internal server.  Have sql fba accounts which I want to move into azure ad.  I don't know but I think they are called guest accounts.  currently using fba 2010 pack from codeplex for these accounts-does azure guest account allow for delegated user management and self service (like account provisioning, password reset) for these accounts?
Search

how to differentiate between on premise user and cloud user azure

November 3, 2015, 11:47 am
$
0
0

Hello Experts,

how to differentiate between on premise user and cloud user azure ? I mean which property in user entity can tell me if user is synced from On Premise AD or in Azure AD.

I am confused whether to user  dirSyncEnabled or immutableId.

or  there is some other way. Please provide some guidence.

Thanks,

Ritesh



get user specified data after login

November 11, 2015, 12:32 pm
$
0
0

After login through azure active directory, a user should be able to see his own data. How should I control what a user can access after login using azure active directory.

Thanks for Santhosh's reminding. Here is some update info. So I have an desktop application and I use azure active directory to manage authentication for my application. I want to give each user a specific folder or any kind of resources. The thing is the resources has to be related to the specific user and other people can not see it for security reason. My question is: is there any way to do it using some services provided by azure? If that is not possible, what should I do with coding?

Updating: An application would have more than one level of data access rights. I need a way to specify the levels a user can access. For example, I have three levels of data in my application: basic articles, advanced articles and new articles. I want to assign user A level 1 and 2 (basic and advanced articles) and I want to give user B the access to just level 1 (basic articles). What could I do with azure active directory?

Azure AD Application Proxy Connector Updater

November 11, 2015, 2:39 pm
$
0
0

Hi Everyone,

I have successfully installed Azure AD Application Proxy Connector on my server. When I run the troubleshooter, I see updater is failed in the report

"Connectivity to update service failed

<dir><dir>

Error connecting to URL: 'https://updater.msappproxy.net:8080/'. Error: 'The operation has timed out'. Make sure firewall and proxy configuration are properly and that the necessary outgoing ports are open – see http://go.microsoft.com/fwlink/?LinkID=401510"

</dir></dir>

I tested with telnet with command "telnet https://updater.msappproxy.net 8080", it connects successfully. Also if I puthttps://updater.msappproxy.net:8080 URL in my web browser, I see successful connection and am also able to see the certificate which also confirms the connection.

Is this a false positive or something that needs to be fixed?

Thanks in advance!

Azure AD Connect - Generic Failure - An error has occured

November 11, 2015, 2:15 pm
$
0
0

Hello!

My Azure AD Connect sync has failed. I noticed a lot of failures over the last week and now see an alert in O365 that nothing has been in sync for 3-days. I can't upload images so here's what is says:

Active Directory synchronization: DeactivateDirectory Sync |  ManageDirectory Sync |   Warning: Last synced more than 3 days ago |  Troubleshoot about Directory Sync 

When I try to run the Microsoft Azure Active Directory Connect configuration tool it only complains of a generic error and to hit the forums!


Please see the attached Log: 

[14:08:22.386] [  1] [INFO ] 
[14:08:22.401] [  1] [INFO ] ================================================================================
[14:08:22.401] [  1] [INFO ] Application starting
[14:08:22.401] [  1] [INFO ] ================================================================================
[14:08:22.448] [  1] [INFO ] Application Version: 1.0.0.0-1440008509
[14:08:23.511] [  1] [INFO ] App Properties/Metrics:
[14:08:23.511] [  1] [INFO ]    Runtime.Start=2015-11-11T14:08:22-08:00
[14:08:23.511] [  1] [INFO ]    Application.Version=1.0.0.0-1440008509
[14:08:23.511] [  1] [INFO ]    Application.IsDebugBuild=False
[14:08:23.511] [  1] [INFO ]    Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
[14:08:23.511] [  1] [INFO ]    Environment.OperatingSystem.Platform=Win32NT
[14:08:23.511] [  1] [INFO ]    Environment.OperatingSystem.ServicePack=
[14:08:23.511] [  1] [INFO ]    Environment.OperatingSystem.ProductType=DomainController
[14:08:23.511] [  1] [INFO ]    Environment.OperatingSystem.Sku=7
[14:08:23.511] [  1] [INFO ]    Environment.OperatingSystem.Language=0409
[14:08:23.511] [  1] [INFO ]    Environment.OperatingSystem.IsDomainJoined=True
[14:08:23.511] [  1] [INFO ]    Runtime.EncodedPageNavigationBytes=
[14:08:23.526] [ 10] [INFO ] Starting Telemetry Send
[14:08:23.667] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[14:08:23.792] [  1] [INFO ] Found existing persisted state context.
[14:08:23.870] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[14:08:23.886] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[14:08:23.933] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:23.995] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: verified product code {d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}.
[14:08:23.995] [  1] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[14:08:24.011] [  1] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[14:08:24.011] [  1] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[14:08:24.011] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[14:08:24.011] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.011] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: verified product code {43cc9c53-a217-4850-b5b2-8c347920e500}.
[14:08:24.011] [  1] [VERB ] Package=Windows Azure Active Directory Module for Windows PowerShell, Version=1.0.0, ProductCode=43cc9c53-a217-4850-b5b2-8c347920e500, UpgradeCode=bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c
[14:08:24.011] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell (bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c)
[14:08:24.011] [  1] [INFO ] Product Microsoft Azure Active Directory Module for Windows PowerShell (version 1.0.0) is installed.
[14:08:24.011] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[14:08:24.011] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.011] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[14:08:24.011] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[14:08:24.011] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[14:08:24.011] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[14:08:24.011] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[14:08:24.026] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.026] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[14:08:24.026] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[14:08:24.042] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[14:08:24.042] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[14:08:24.042] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[14:08:24.042] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {d160c994-0bfb-44fa-bf51-750cd607427f}.
[14:08:24.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[14:08:24.042] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[14:08:24.042] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.0.8667.0, ProductCode=d160c994-0bfb-44fa-bf51-750cd607427f, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[14:08:24.042] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[14:08:24.604] [  1] [INFO ] Product Azure AD Sync Engine (version 1.0.8667.0) is installed.
[14:08:24.808] [  1] [ERROR] AzureADSyncEngineComponent: unexpected value retrieved for upgrade mode (0)
[14:08:24.808] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine Health Agent
[14:08:24.808] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.808] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[14:08:24.808] [  1] [INFO ] Determining installation action for Azure AD Sync Engine Health Agent (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[14:08:24.808] [  1] [INFO ] Product Azure AD Sync Engine Health Agent is not installed.
[14:08:24.808] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[14:08:24.808] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.808] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {9d573e71-1077-4c7e-b4db-4e22a5d2b48b}.
[14:08:24.808] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.0.2100.60, ProductCode=9d573e71-1077-4c7e-b4db-4e22a5d2b48b, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[14:08:24.808] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[14:08:24.808] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.0.2100.60) is installed.
[14:08:24.808] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[14:08:24.808] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.808] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {6c026a91-640f-4a23-8b68-05d589cc6f18}.
[14:08:24.808] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.1.3000.0, ProductCode=6c026a91-640f-4a23-8b68-05d589cc6f18, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[14:08:24.808] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[14:08:24.808] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.1.3000.0) is installed.
[14:08:24.808] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[14:08:24.808] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.808] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {d411e9c9-ce62-4dbf-9d92-4cb22b750ed5}.
[14:08:24.808] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.1.3000.0, ProductCode=d411e9c9-ce62-4dbf-9d92-4cb22b750ed5, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[14:08:24.808] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[14:08:24.808] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.1.3000.0) is installed.
[14:08:24.808] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Azure AD Connector
[14:08:24.808] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:24.808] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: verified product code {706efae8-26a7-4e27-bbd0-2c3c1d7c194d}.
[14:08:24.808] [  1] [VERB ] Package=Microsoft Azure AD Connect Azure AD Connector, Version=1.0.8667.0, ProductCode=706efae8-26a7-4e27-bbd0-2c3c1d7c194d, UpgradeCode=fb3feca7-5190-43e7-8d4b-5eec88ed9455
[14:08:24.808] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Azure AD Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[14:08:24.808] [  1] [INFO ] Product Microsoft Azure AD Connect Azure AD Connector (version 1.0.8667.0) is installed.
[14:08:24.808] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[14:08:25.104] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[14:08:25.104] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[14:08:25.104] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[14:08:25.104] [  1] [VERB ] Getting list of installed packages by upgrade code
[14:08:25.104] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {dd19288c-0faa-4336-a52c-e1d1f1395a64}.
[14:08:25.104] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.0.8667.0, ProductCode=dd19288c-0faa-4336-a52c-e1d1f1395a64, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[14:08:25.104] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[14:08:25.104] [  1] [INFO ] Product Azure Active Directory Connect (version 1.0.8667.0) is installed.
[14:08:25.104] [  1] [INFO ] DetectInstalledComponents stage: Sync engine is already installed and meets version requirement.
[14:08:25.104] [  1] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[14:08:25.667] [  1] [ERROR] Caught an exception while creating the initial page set on the root page.
Exception Data (Raw): System.Management.ManagementException: Generic failure 
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
   at System.Linq.Enumerable.<CastIterator>d__b1`1.MoveNext()
   at Microsoft.Azure.ActiveDirectory.Synchronization.SyncServiceProvider.SyncServiceProvider.IsRunInProgress(String& connectorName)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.DetectInstalledComponents.ValidateConfigChangesArePermitted()
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.DetectInstalledComponents.Execute(String& message)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.RootPageViewModel.GetInitialPagesCore()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.RootPageViewModel.GetInitialPages()
[14:08:44.714] [  1] [INFO ] Opened log file at path C:\Users\CSchneider_EP\AppData\Local\AADConnect\trace-20151111-140822.log

Multifactor bypass for registered devices in Azure AD

July 27, 2015, 1:53 am
$
0
0

For applications that authenticate directly against ADFS, we can bypass MFA for "registered devices".

Are there any plans to extend this capability for Azure MFA when authenticating against Azure AD?  Ideally we would like to be able to bypass MFA for on-prem domain-joined devices (Windows) and Azure AD workplace-joined devices (Android)

While the "trusted ips" capability in Azure MFA would be sufficient for most organisations, 80% of our fleet are on mobile devices outside of the corporate network, so this feature is of limited value to us.

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>