Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Code example for combining AAD SSO and Azure Storage account

November 13, 2015, 1:29 pm
$
0
0

Is there any code example that meets following requirements: (Could be web either application or native application)

1. Provide SSO Authentication with Azure Active Directory;

2. User could also self-register to the application;

3. After login, a user can access his own database data. (from azure sql database service);

4. After login, a user can upload or download files to or from his/her own folder.(to or from azure storage account service);

Is there any code example can meet as many requirement as possible from above.

Search

I cannot add my email account used in AAD joined machine to Windows 10 email app.

November 11, 2015, 3:25 am

It is supported to change/reduce the default schedule of the "Azure AD Sync Scheduler" task?

November 10, 2015, 1:09 pm
$
0
0

Hi,

As the title says... It is supported to change/reduce the default schedule of the "Azure AD Sync Scheduler" task created by AADSync in a hybrid Exchange environment? I would like to reduce drastically the time between runs of this task so I can be sure that if a password change occurs on-prem then no more than lets say 10 minutes will pass between syncs.

Thanks.

Azure AD Connect with Password Hash Sync

November 11, 2015, 9:10 am
$
0
0

I have a very urgent question to ask. My client has ADFS v2 already in production and married to Azure AD. When users try to sign into Azure, they get redirected to ADFS v2 for authentication.

I have installed Azure AD Connect at client site in staging mode. In the User Sign-In screen, I selected “Do not configure” because they already have ADFS and also want to do all authentication in ADFS. We don’t want to disturb that setup.

Now, client is requesting to also sync Passwords to Azure AD for backup purposes before we take out AAD Connect from staging mode. I ran the AAD Connect wizard again to customize the settings. “Password hash synchronization” box is disabled!

How do I enable password hash synchronization in this situation? Please help!

Getting "Authorization_RequestDenied" error message when try to change a password to the user in role "User"

November 11, 2015, 2:01 am
$
0
0

Hi,

We have change password functionality which had been working till now, but all of sudden it stopped working and throwing "Insufficient Privileges Exception".

The user am trying to change the password is in "User" role in AD. and I have enabled all the Application Permission and Delegated Permission.But Still I am getting the error.Please look at the below code on How I am acquiring the token.

// Instantiate an AuthenticationContext for my directory (see authString above).               AuthenticationContext authenticationContext = new AuthenticationContext(GetConfigValue(Constants.AuthString), false);               
 // Create a ClientCredential that will be used for authentication.               // This is where the Client ID and Key/Secret from the Azure Management Portal is used.               ClientCredential clientCred = new ClientCredential(GetConfigValue(Constants.ClientID), GetConfigValue(Constants.ClientSecret));               // Acquire an access token from Azure AD to access the Azure AD Graph (the resource)              // using the Client ID and Key/Secret as credentials.               AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(GetConfigValue(Constants.ResAzureGraphAPI), clientCred);               AccessToken = authenticationResult.AccessToken;               // Return the access token.              
 return authenticationResult.AccessToken;

Transfering my Azure AD used by O365

November 14, 2015, 10:39 pm
$
0
0

From: @XBRMann

Is it possible to transfer my Azure AD that is used by O365 to another one of my subscriptions?

Thanks,

@AzureSupport

Cannot install Azure Active Directory Module for Windows PowerShell. MOSSIA is not installed

June 15, 2013, 8:56 am
$
0
0

On my Windows Server 2008 R2, when trying to install Windows Azure Active Directory Module for Windows PowerShell i got the following error message (although Microsoft Online Services Sign-In assistant version 7.0 is installed) 

"In order to install Windows Azure Active Directory Module for Windows PowerShell, you must have Microsoft Online Services Sign-In Assistant version 7.0 or greater installed on this computer"

 NB : on  a french server  "Pour installer le Module Windows Azure Directory pour windows PowerShell, l'Assistant de connexion de Microsoft Online Service 7.0 ou version ultérieure doit être installé sur cet ordinateur".

Tried to uninstall/ /repair / ... Microsoft Online Service Sign-In assistant, but not helped....

Etienne Bailly | SharePoint Consultant | My Blog

Move Co-admins to a read-only role for Azure resources

November 15, 2015, 5:25 pm
$
0
0

Hi,

Looking at way of moving co-admins to a read-only role of Azure WebApp, API Management and SQL database services such that the user can only consume provisioned services and cannot create new Azure services.

Search

Effective Pricing for Azure AD B2C

November 15, 2015, 8:13 pm
$
0
0

I have what I hope is a simple question. Azure AD B2C pricing is here, and it currently says that each authentication (after the free tier) is $0.0028/auth.

Let's say that I configure my AD B2C tenant for a 3-day token expiration, with a 14-day refresh token, and let's assume that an unauthenticated user visits my web site, logs in, and then visits once a day after that. At the end of 5 days... will that count as 5 authentications, or because I'm seeing a valid, unexpired token sent back to me from the user for the first 3 days, will it have been only 2 auths - the 1 initial authentication + 1 token refresh (after three days)?

Thanks!

Scott

Rest Graph API how use para for AccessToken

November 8, 2015, 6:19 pm
$
0
0

The rest graph api url is:https://graph.windows.net/myorganization/users?api-version=1.6

How i send the accessToken parameter?

Feedback on Connect Health for AADSync

November 15, 2015, 10:56 pm
$
0
0

Some feedback on the items reported through Connect Health for AADSync. First of all, Connect Health seems to report the wrong version number for AADSync:

The version number reported is 1.0.8641.0, whereas the actual version is 1.0.9125.0 (the latter version number is shown on the miiserver.exe and other executables).

Also, Connect Health reports the Synchronization Service Account, but it would be useful to report also the accounts that AADSync uses to connect to the OnPrem AD and Azure AD.

Cheers,
Kimmo

Does ARA work with AAD DS?

November 16, 2015, 1:56 am
$
0
0

I am designing a new environment to support vendors, so that we can move out the external accounts from the production AD DS domain.

We have a handful of win32 apps used by these vendors and I am wondering if  the route of AAD + AAD Domain Services is a viable option, this would be cloud only, no sync from AD DS.

To access these legacy apps, Azure Remote App is being considered as well. I’m sure it’s been asked before but I don’t see any thread. Does ARA work with AAD DS

Azure AD Connect and Single-Sign-on

November 16, 2015, 5:13 am
$
0
0

Hello,

we have a on premises domain (e. g. domain.local). We will sync this AD to azure AD so the users can login with the local domain account to Visual Studio Online. Is this possible with a non-public domain like .local?What things should I consider. Have I use Active Directory Federation Services, UPN, Single Sign-on,...
Thanks for your help.

Regards
Jochen

Azure AD Connect Installation error

November 9, 2015, 9:06 am
$
0
0

Fresh install to a 2012R2 VM using AzureADConnect.exe /migrate, using the exported configuration from existing DirSync server v1.0.6862.0 for running in parallel. I only have to enter three credentials. One for the global admin, one for the enterprise admin and one for the service account. I've logged in with all three of these credentials and still cannot figure out which account it is complaining about.

Below is the log where I'm getting an error that username or password is bad. MSOL account gets created, remote SQL database is created. Scheduled task gets created, local groups get created and  

[08:27:59.818] [ 18] [INFO ] Synchronization account will have account name <MYDOMAINNAME>\MSOL_6e2057dab686

[08:28:00.062] [ 18] [INFO ] Synchronization account was created successfully.
[08:28:00.180] [ 18] [ERROR] Caught exception while creating synchronization account.
Exception Data (Raw): System.Security.Authentication.AuthenticationException: The user name or password is incorrect.
 ---> System.DirectoryServices.DirectoryServicesCOMException: The user name or password is incorrect.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.Domain.GetDirectoryEntry()
   at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
   at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.GrantAllActiveDirectoryPermissions(NetworkCredential enterpriseAdminCredential, String syncAccountName)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateSynchronizationAccount(NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, EventHandler`1 progressChanged, Guid& currentActivityType)
[08:28:00.236] [ 18] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[08:28:00.238] [ 18] [INFO ] Updating state of activity ConfigureSyncEngineForPwdSync from InProgress to Failed

mike

Join userid and domain name as one of the claim attribute

November 11, 2015, 12:17 pm
$
0
0

We have an requirement to send a unique identifier as userid@domainname.com as part of SAML token. Our current AD contains over 100 domain which cannot be accomodated as valid domain on the application as it exceed their limit. So sending the email or UPN seems like not an option.

Does Azure allow to concatenate any string as part of attribute. May be user.onpremisessamaccountname+"@Domainname". IS this a possibity while setting up the SSO configuration?

Please let me know if you need any additonal information that can help answer the question.

Thanks,

Gayatri

Search

Just connected Office365 to Azure and no history for reports?

November 15, 2015, 4:20 pm
$
0
0

I connected our Office365 portal to the Azure AD tenant and the only history (90 day) I can view is from audit reports.  When I run all reports for User Activity and Anomalous Activity, I only see data from the date I connected to Azure. Not only do I NOT see data within the past 90 days, I can't even see any reports from the past 7 -- only from the point in time I connected to Azure tenant.  Is this by design?  Is there any way to get that history?  I would think so..  These reports look great so would be wonderful if only I could get some history!

Thank you!

Azure AD Connect Sync Health error

November 16, 2015, 7:21 am
$
0
0

We upgraded our Azure AD Connect server on Friday to the new version that support the Azure AD Connect Health for Sync in the portal, and while the server seemed to check in once, it's not uploading data now and the "Azure AD Connect Health Sync Insights Service" won't start.  When we try to start it, the service stops immediately and we get this error in the event logs:

Startup.Main;Failed to start:Missing configuration value: TenantName 
System.InvalidOperationException: Missing configuration value: TenantName
   at Microsoft.Online.Reporting.MonitoringAgent.Configuration.GetConfigValueThrowIfNull(String settingName)
   at Microsoft.Online.Reporting.MonitoringAgent.Configuration.Initialize()
   at Microsoft.Online.Reporting.MonitoringAgent.Agent.Start(EventWaitHandle shutdownEvent)
   at Microsoft.Online.Reporting.MonitoringAgent.Startup.Program.Main(String[] args)

We've been running DirSync and then AAD Connect for a long time and the syncs themselves are healthy.  Is there a good way to repair the insights agent without reinstalling the whole application?

Graph Client : Throwing "insufficient privileges to complete the operation" on creating ad user

October 12, 2015, 6:12 am
$
0
0

All of sudden, when we try to add user using graph client (version 2.1.0 of Microsoft.Azure.ActiveDirectory.GraphClient), we get Authorization_Request denied "insufficient privileges to complete the operation".

We do have permission set right for the ad application, and there has been no change in it:




Please help why all of a sudden this issue started without any changes.

Thanks in advance!

Dirsync attribute writeback for Exchange hybrid - Network ports

November 16, 2015, 9:00 pm

Trying to find a worked example of @azure AD authing a vNext MVC app AND javascript Web Api in same project.

November 17, 2015, 1:47 am
Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>