Hi, 

Each time i try to generate Key for my application. 

I get an error however on refreshing the page , the key is added but it is hidden.

I am unable to copy the key.

Any pointers for resolving this.

Thanks 

Hi to all,

there is a way to list with powershell, all devices self joined by users (ex. Azure AD Join on Windows 10 devices) on AAD?

Thanks in advance.

Hi,

We have change password functionality which had been working till now, but all of sudden it stopped working and throwing "Insufficient Privileges Exception".

The user am trying to change the password is in "User" role in AD. and I have enabled all the Application Permission and Delegated Permission.But Still I am getting the error.Please look at the below code on How I am acquiring the token.

// Instantiate an AuthenticationContext for my directory (see authString above).               AuthenticationContext authenticationContext = new AuthenticationContext(GetConfigValue(Constants.AuthString), false);               
 // Create a ClientCredential that will be used for authentication.               // This is where the Client ID and Key/Secret from the Azure Management Portal is used.               ClientCredential clientCred = new ClientCredential(GetConfigValue(Constants.ClientID), GetConfigValue(Constants.ClientSecret));               // Acquire an access token from Azure AD to access the Azure AD Graph (the resource)              // using the Client ID and Key/Secret as credentials.               AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(GetConfigValue(Constants.ResAzureGraphAPI), clientCred);               AccessToken = authenticationResult.AccessToken;               // Return the access token.              
 return authenticationResult.AccessToken;

I am trying to leverage Cisco UCS virtual environment to create prototype Microsoft EMS with ADFS on premises. I added two servers and one with active directory, Federation service. I was trying to run the Azure AD Connect and get stuck at error:

NullReferenceError:

Object reference not set to an instance of an object.

Attached is log I get:

[22:59:27.152] [  1] [INFO ]
[22:59:27.152] [  1] [INFO ] ================================================================================
[22:59:27.152] [  1] [INFO ] Application starting
[22:59:27.152] [  1] [INFO ] ================================================================================
[22:59:27.168] [  1] [INFO ] Application Version: 1.0.0.0-1427405107
[22:59:27.652] [  1] [INFO ] App Properties/Metrics:
[22:59:27.652] [  1] [INFO ]    Runtime.Start=2015-06-01T22:59:27-07:00
[22:59:27.652] [  1] [INFO ]    Application.Version=1.0.0.0-1427405107
[22:59:27.652] [  1] [INFO ]    Application.IsDebugBuild=False
[22:59:27.652] [  1] [INFO ]    Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
[22:59:27.652] [  1] [INFO ]    Environment.OperatingSystem.Platform=Win32NT
[22:59:27.652] [  1] [INFO ]    Environment.OperatingSystem.ServicePack=
[22:59:27.652] [  1] [INFO ]    Environment.OperatingSystem.ProductType=DomainController
[22:59:27.652] [  1] [INFO ]    Environment.OperatingSystem.Sku=8
[22:59:27.652] [  1] [INFO ]    Environment.OperatingSystem.Language=0409
[22:59:27.652] [  1] [INFO ]    Environment.OperatingSystem.IsDomainJoined=True
[22:59:27.652] [  1] [INFO ]    Runtime.EncodedPageNavigationBytes=
[22:59:27.808] [ 10] [INFO ] Starting Telemetry Send
[22:59:28.933] [  6] [INFO ] InstallPrerequisitesPageViewModel CheckLocalMachine: ProductType=DomainController
[22:59:28.949] [  6] [INFO ] InstallPrerequisitesPageViewModel CheckLocalMachine: WindowsVersion=6.3.9600
[22:59:28.949] [  6] [INFO ] LocalMachineInformationProvider.IsRebootPending: Skipping pending file rename operations check.
[22:59:28.949] [  6] [INFO ] LocalMachineInformationProvider.IsRebootPending: No pending reboot found.
[22:59:28.965] [  6] [INFO ] SecurityProvider: current user matches logged-on user
[22:59:28.965] [  6] [INFO ] InstallPrerequisitesPageViewModel CheckLocalMachine: Completed without error.
[22:59:28.965] [  6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[22:59:28.980] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:28.996] [  6] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[22:59:28.996] [  6] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[22:59:28.996] [  6] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[22:59:28.996] [  6] [INFO ] Performing direct lookup of upgrade codes for: Windows Azure Active Directory Module for Windows PowerShell
[22:59:28.996] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:28.996] [  6] [VERB ] Package=Windows Azure Active Directory Module for Windows PowerShell, Version=1.0.0, ProductCode=43cc9c53-a217-4850-b5b2-8c347920e500, UpgradeCode=bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c
[22:59:28.996] [  6] [INFO ] Determining installation action for Windows Azure Active Directory Module for Windows PowerShell (bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c)
[22:59:28.996] [  6] [INFO ] Product Windows Azure Active Directory Module for Windows PowerShell (version 1.0.0) is installed.
[22:59:28.996] [  6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[22:59:28.996] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:28.996] [  6] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[22:59:28.996] [  6] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[22:59:28.996] [  6] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[22:59:28.996] [  6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[22:59:28.996] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:28.996] [  6] [INFO ] GetInstalledPackages({dc9e604e-37b0-4efc-b429-21721cf49d0d}): upgrade code not found.
[22:59:28.996] [  6] [INFO ] GetInstalledPackages({bef7e7d9-2ac2-44b9-abfc-3335222b92a7}): upgrade code not found.
[22:59:29.011] [  6] [INFO ] Determining installation action for Microsoft Directory Sync Tool (00000000-0000-0000-0000-000000000000)
[22:59:29.011] [  6] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[22:59:29.011] [  6] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[22:59:29.011] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:29.011] [  6] [INFO ] GetInstalledPackages({dc9e604e-37b0-4efc-b429-21721cf49d0d}): upgrade code not found.
[22:59:29.011] [  6] [INFO ] GetInstalledPackages({bef7e7d9-2ac2-44b9-abfc-3335222b92a7}): upgrade code not found.
[22:59:29.011] [  6] [VERB ] Package=Microsoft Azure Active Directory Connect synchronization services, Version=1.0.629.0, ProductCode=4e882d8a-3eb4-444f-a028-c2ba0c4f6131, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[22:59:29.011] [  6] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[22:59:29.136] [  6] [INFO ] Product Azure AD Sync Engine (version 1.0.629.0) is installed.
[22:59:29.246] [  6] [ERROR] AzureADSyncEngineComponent: unexpected value retrieved for upgrade mode (0)
[22:59:29.246] [  6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[22:59:29.246] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:29.246] [  6] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.0.2100.60, ProductCode=9d573e71-1077-4c7e-b4db-4e22a5d2b48b, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[22:59:29.246] [  6] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[22:59:29.246] [  6] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.0.2100.60) is installed.
[22:59:29.246] [  6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[22:59:29.246] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:29.246] [  6] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.1.3000.0, ProductCode=6c026a91-640f-4a23-8b68-05d589cc6f18, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[22:59:29.246] [  6] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[22:59:29.246] [  6] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.1.3000.0) is installed.
[22:59:29.246] [  6] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[22:59:29.246] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:29.246] [  6] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.0.2100.60, ProductCode=49d665a2-4c2a-476e-9ab8-fcc425f526fc, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[22:59:29.246] [  6] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[22:59:29.246] [  6] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.0.2100.60) is installed.
[22:59:29.246] [  6] [INFO ] Performing direct lookup of upgrade codes for: Forefront Identity Manager Windows Azure Active Directory Connector
[22:59:29.246] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:29.246] [  6] [VERB ] Package=Forefront Identity Manager Windows Azure Active Directory Connector, Version=1.0.8223.18, ProductCode=706efae8-26a7-4e27-bbd0-2c3c1d7c194d, UpgradeCode=fb3feca7-5190-43e7-8d4b-5eec88ed9455
[22:59:29.246] [  6] [INFO ] Determining installation action for Forefront Identity Manager Windows Azure Active Directory Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[22:59:29.246] [  6] [INFO ] Product Forefront Identity Manager Windows Azure Active Directory Connector (version 1.0.8223.18) is installed.
[22:59:29.246] [  6] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[22:59:29.340] [  6] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[22:59:29.340] [  6] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[22:59:29.340] [  6] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[22:59:29.340] [  6] [VERB ] Getting list of installed packages by upgrade code
[22:59:29.340] [  6] [VERB ] Package=Microsoft Azure Active Directory Connect, Version=1.0.629.0, ProductCode=f7c834b6-88db-47e6-8826-e3a0b48773fc, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[22:59:29.340] [  6] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[22:59:29.340] [  6] [INFO ] Product Azure Active Directory Connect (version 1.0.629.0) is installed.
[22:59:29.340] [  6] [INFO ] Sync engine is already installed and meets version requirement.
[22:59:29.449] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[22:59:29.449] [  1] [INFO ] Property Username failed validation with error Username must be in the format name@domain.com or name@domain.onmicrosoft.com
[22:59:29.449] [  1] [INFO ] Property Username failed validation with error Username must be in the format name@domain.com or name@domain.onmicrosoft.com
[22:59:57.363] [  1] [INFO ] Property Password failed validation with error A Windows Azure password is required.
[23:00:07.661] [  6] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credentials validation.
[23:00:09.031] [  6] [INFO ] AzureTenantPage: Credentials successfully validated for Windows Azure.
[23:00:09.594] [  6] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 0f3f9625-d0f1-436c-ac62-d509e8366783.
[23:00:09.594] [  6] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=False
[23:00:09.609] [  6] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Disabled
[23:00:09.609] [  6] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[23:00:09.859] [  6] [INFO ] AzureTenantPage: Successfully retrieved 2 domains from the tenant.
[23:00:09.859] [  6] [INFO ] AzureTenantPage: Successfully connected to persisted state store.
[23:00:14.719] [  6] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[23:00:14.719] [  6] [INFO ] AzureTenantPage: Current state found
[23:00:15.103] [  6] [INFO ] ResumeConfigurationPage: Current Activity is 2 (state=NotStarted) (type={b7144e43-3428-4cc0-957a-443781a38f45})
[23:00:19.715] [  1] [INFO ] Property Username failed validation with error Enterprise Administrator credentials are required
[23:00:19.715] [  1] [INFO ] Property Username failed validation with error Enterprise Administrator credentials are required
[23:00:42.027] [  1] [INFO ] Property Password failed validation with error A password is required.
[23:00:45.299] [ 14] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials.
[23:00:45.322] [ 14] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user dcastro@parexusamobility.com
[23:00:45.323] [ 14] [INFO ] ConvertUpnToSam: Given username dcastro@parexusamobility.com needs to be converted.
[23:00:45.333] [ 14] [INFO ] ConvertUpnToSam: Given username dcastro@parexusamobility.com was successfully convert to PAREXUSAMOBILIT\dcastro.
[23:00:45.405] [ 14] [INFO ] ConfigOnPremiseCredentialsPage: Validating local domain
[23:00:45.425] [ 14] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[23:00:45.427] [ 14] [INFO ] Validating forest with FQDN parexusamobility.com
[23:00:45.450] [ 14] [INFO ] Examining domain parexusamobility.com (:0% complete)
[23:00:45.455] [ 14] [INFO ] Successfully examined domain parexusamobility.com GUID:1feb0f22-b435-4700-b32a-4f15dc532d58  DN:DC=parexusamobility,DC=com
[23:00:45.456] [ 14] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[23:00:45.493] [  6] [INFO ] PerformConfigurationPageViewModel: Successfully connected to persisted state store.
[23:00:45.805] [  6] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Online.Deployment.Types.AadSyncConfigurationHelper.<GetConfigurationSteps>b__0(AzureADSyncDirectory forest)
   at System.Linq.EnumerableSorter`2.ComputeKeys(TElement[] elements, Int32 count)
   at System.Linq.EnumerableSorter`1.Sort(TElement[] elements, Int32 count)
   at System.Linq.OrderedEnumerable`1.<GetEnumerator>d__0.MoveNext()
   at Microsoft.Online.Deployment.Types.AadSyncConfigurationHelper.GetConfigurationSteps(IAadSyncContext context, IAadSyncContext activeSyncFeatures)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.GenerateActions()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize()
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.Online.Deployment.Types.AadSyncConfigurationHelper.<GetConfigurationSteps>b__0(AzureADSyncDirectory forest)
   at System.Linq.EnumerableSorter`2.ComputeKeys(TElement[] elements, Int32 count)
   at System.Linq.EnumerableSorter`1.Sort(TElement[] elements, Int32 count)
   at System.Linq.OrderedEnumerable`1.<GetEnumerator>d__0.MoveNext()
   at Microsoft.Online.Deployment.Types.AadSyncConfigurationHelper.GetConfigurationSteps(IAadSyncContext context, IAadSyncContext activeSyncFeatures)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.GenerateActions()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize()
   at System.Threading.Tasks.Task.Execute()<---

[23:00:45.829] [ 14] [INFO ] Starting Telemetry Send
[23:02:05.312] [  1] [INFO ] Opened log file at path C:\Users\dcastro\AppData\Local\AADConnect\trace-20150601-225927.log

What is the api that I can call to list azure resources that belongs to an azure active directory user.

Thanks!

Azure active directory B2C:

Can groups be returned in claims by editing the manifest file and setting "groupMembershipClaims" to "All" ? When uploading the updated manifest json file received following error.

ParameterValidationException=Invalid parameters provided; BadRequestException=Updates to converged applications are only available on the converged api endpoint.;

Even if I tried to upload the json file without any modifications same error pops out.

Is there any other way to return groupclaims after sign in?

This is a password synced users case

1. Admin reset user password on premise ad. User able to login to myapps portal with the new password and able to perform self service password change/reset. AAD to AD via AD premium license is valid

2. Admin reset user password using office 365 portal/azure ad management portal which replace the original user password on premise ad. User able to login to myapps portal with the new password. User requested to change password upon first login prompt to change password. User changed password successfully.

But after half an hour when user perform self service password change/reset, error user see is "make sure your entry is correct" for the current password field. We have no restriction on min password age.

At the same time, we see error from on premise ad

How do we troubleshoot this? Thanks.

During the installation of Azure AD Connect i get this error message: E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY

In eventlog:

ADSync 6309The server encountered an unexpected error while performing an operation for a management agent."BAIL: MMS(12040): ..\parser.cpp(2295): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)BAIL: MMS(12040): ..\parser.cpp(2200): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)BAIL: MMS(12040): ..\parser.cpp(2076): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)BAIL: MMS(12040): ..\schema.cpp(89): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)ERR_: MMS(12040): ..\mastate.cpp(15668): Error creating MA schema object: 0x80230910BAIL: MMS(12040): ..\mastate.cpp(15866): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)BAIL: MMS(12040): ..\mastate.cpp(5741): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)BAIL: MMS(12040): ..\ma.cpp(672): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)BAIL: MMS(12040): ..\ma.cpp(954): 0x80230910 (E_MMS_SCHEMA_CYCLE_IN_CLASS_HIERARCHY)Azure AD Sync 1.0.9125.0"

Found on internet a similar issue with Sharepoint 2010 User Profile Sync which is also based on FIM technology:

https://social.technet.microsoft.com/Forums/en-US/b0f3d2b7-736f-432c-bc68-783648454cb3/error-6306-and-unable-to-process-create-message-when-trying-to-create-a-ad-connection?forum=sharepointadminprevious

A Microsoft employee 'Cyrtiac' from Microsoft France is answering that topic. The problem was a custom AD schema extension, a auxiliary class was made as subclass of "person". He says auxiliary should always subclass of top.

In our Active Directory we also made a auxiliary subclass of "person". I can't delete this subclass because the attributes are still used in our environment.

Why is it not allowed to create a auxiliary class as subclass of any other than 'top' ? I cannot find any documentation on this.

How can we install Azure AD connect and leave this subclass intact?

Hi all,

I have successfully set up a small azure box and set up VPN to my on premise AD. Then I installed AD connect to this virtual box and successfully synced users.

Then, I successfully registered for a test version of SharePoint online.

But I cannot get these two work together. The domains from AD connect and Office 365 are different, and I do not know how to sync these.

From my point of view, it doesn't make much sense to now again add the Azure domain to the Office 365 domains, and even if I would this does not work, because I cannot make the TXT record in the Azure AD.

So, I think I missed something. I assume I would have to somehow generate the sharepoint / office 365 out of Azure portal, so that these two are automatically tight together, but I did not find a way.

So, anyone with a guide out there on what to do in which order?

Tanks, Sebastian

P.S. I had to install the AD connect on an Azure box, because in the final state I will have to sync multiple Domains to this Azure AD, so the only way to have access to all these on premise domains is VPN tunnels from a cloud box.

I have an Azure hosted Web Server, Azure Active Directory Sync and ADFS. Normally when I connect to the web site it authenticates fine (so it goes first to Azure AD, realises it's a federated domain name and then re-directs to ADFS, authenticates and takes me straight to the web site)

Occasionally I see the Azure AD login screen and I get prompted to 'click' my login name, when it then continues as before!

Any ideas why I am being prompted to click and how I get it to just sign in automatically?

Thanks

Mark

Hi

i have setup Azure AD Connect in federation with a on-premises domain.

is it possible to make SSO work for webapplications with domain pass-through/windows authentication hosted in the on-premises domain from Windows 10 devices joined in Azure AD?

UPN is fisrt.last@domain1.com in the on-premises AD and in Azure of course since tkey are synced.

The name of the on-premises domain is not the same as the UPN suffix for the users, onpremdomain1.com

Hi,

I'm asking if it's possible to filter Distribution lists based on a AD attribute so Distribution list with a specific attribute (by a inbound filtering rule ) will not be synced to Azure AD (Office 365) without moving it to a no-synced OU ( OU filtering)?

Is there an example or documentation to do that?

It's supported by MS (DL filtering based on attribute)?

I use Azure AD connect.

Thanks

Lourh

Does anyone know if the Azure AD Domain Services Preview feature supports multiple subnets? 

When you enable it in the Portal you have to pick a single subnet and there isn't an option to add others even after it's enabled. I've checked for PowerShell cmdlets and there are only 4 for Azure AD and they seem to just cover non Domain Services stuff.

I connected our Office365 portal to the Azure AD tenant and the only history (90 day) I can view is from audit reports.  When I run all reports for User Activity and Anomalous Activity, I only see data from the date I connected to Azure. Not only do I NOT see data within the past 90 days, I can't even see any reports from the past 7 -- only from the point in time I connected to Azure tenant.  Is this by design?  Is there any way to get that history?  I would think so..  These reports look great so would be wonderful if only I could get some history!

Thank you!

Hi, 

Is there a way to change the password policy on my Azure Active Directory? I mean, the typical settings like expiration, length, and so on.

I come across with this site: https://msdn.microsoft.com/en-us/library/azure/jj943764.aspx, and it says that the account lockout is done after 10 attempts. I've tried it and I was able to try to log in to the Preview Portal as many times as I wanted, so....what are really the values for password policy?

We upgraded our Azure AD Connect server on Friday to the new version that support the Azure AD Connect Health for Sync in the portal, and while the server seemed to check in once, it's not uploading data now and the "Azure AD Connect Health Sync Insights Service" won't start.  When we try to start it, the service stops immediately and we get this error in the event logs:

We've been running DirSync and then AAD Connect for a long time and the syncs themselves are healthy.  Is there a good way to repair the insights agent without reinstalling the whole application?

Hi All,

Please help me on the below request ASAP.

I want to see what O365 license are assigned to 25 users in Azure Powershell. I want a script and also format of .csv file which can give me display name and license assigned to the user. Please help me as I am in need of it..

Regards

Pavan

Hi, Thanks for reading.

I setting up my AAD Connect, this is my scenario:

1. Active Directory on premise with W2012 R2.

2. Just one Forest and one Domain.

3. I need Sync Custom Attributes of my local AD to Azure AD for use in O365.

The Custom Attributes has been configured in my local AD.

When i configuring AAD Connect, the directory extension option is selected and the wizard allow me choose the attributes, but i can't view any custom attribute.

Link reference used: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-get-started-custom/

What can i do for resolve this?

Thanks.

Andrés Echeverri.

Rexix

Ok I have a scenarios where :

Customer already as Office 365 and cloud identities in the cloud

They now wish to use Directory synchronisation and get rid of Message Ops ( which just listens in on password changes and ports them across to Azure AD i believe), i have a number of questions around this.

Scenario:

 AADSync was installed and configured with Password writeback (all account and permissions have been created neccessary for this to happen). We have not ran the initial sync as we wanted to demonstrate to client the concept first therefore an OU is specified in AD service with only a handful of accounts.Once the Ou filter was configured we ran the intial sync through the Syncrhonisation servcie manager. Subsequently we enabled the scheduled task and ran that for good measure.

The sync was left to run and upon checking a few hours later we noticed that the directory sync status in azure ad portal as not showing a successful sync. In this case the client deactivated the directory synchronisation in azure portal with the intention of activating it again . It seems that thsi will be a long wait before we attempt to kick this off again.

My questions are this:

1.They already have cloud identities for all their email in the cloud with user@company.com, we have added upn suffix to onpremises environment with the same upn suffix user@company.com to some accounts for the initial sync. Should these identities not merge and the user continues as the upn's are effectively the same , it will just be that the on premises ad will be the master authority of the id. Should there be any issues in this fashion , such as duplicate id's or anything which has been missed in the process?

2. No changes have been made to the on premises identities we will be doing the initial OU filterd sync. By reactivating the directory sync in azure portal and kicking if off again in aadsync via task scheduler should we expect any issues , such as overwriting id's?

3.Deactivating directory synchrnisation it says can take 72 hours....in your expereince how long have you seen this realistically, i am aware that this depends on the number of objects in the cloud....just curious?

4. Finally message ops still running in tandem in the meantime , is that likely to cause an issue.

Thanks

Can Message Ops still work in tandem once AAD sync