I am trying to create a role assignment using the Azure Resource Management REST API.
https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{role-assignment-id}?api-version={api-version}
I've verified that the principalID in question does in fact exist. I can also create the assignment using xplat cli and PowerShell using the same PrincipalId. Any ideas why i'm getting this error when attempting this with the REST call?
Phil Jirsa - Senior Consultant | Rackspace
We currently have our student domain, email.mydomain.com, synced to O365 using DirSync. I am configuring our production domain, production.mydoman.com to use OneDrive as a My Docs redirect. Will I need a separate tenant apart from my student domain to do this, or is it possible to use the same global admin amount from my student O365 presence? My planned course of action is to install AAD Connect using only password hash sync on a production domain member server (not a DC) into the current O365 tenant alongside our student domain.
Am I on the right track?
Tony
The new Azure SCIMv2 provisioning uses some parts of the SCIM v2 specification that are optional, namely: -
I'm getting an error when trying to delete a directory.
The error says:
The following issue(s) prevent deletion of this directory:When I go into the directory and list the applications, I see these:
Name | Publisher | Type | App URL |
|---|---|---|---|
| Office 365 Management APIs | Microsoft Corporation | Web application | |
| Visual Studio Online | Microsoft Corporation | Web application | https://www.visualstudio.com/ |
I can't delete either of these so I don't know how to correct this problem. Any ideas on where to start with solving this?
Hi,
I use Office 365 Sharepoint Online, for all my 240 users.
140 of them don't have a PC, and they only use SharePoint Online.
I use Azure AD Sync, so all 240 have Azure AD Free.
I would like to convert the 140 users to Azure AD Basic, and use password reset.
Anyone know if this is possible, and how ?
Is there an easy way to convert the users from free to basic ?
Thx.
From: Toniolo Consulting @TonioloAus via Twitter
I've joined my Windows 10 computer to the AZ AD, and signed as my work user account. Since doing this however, I can no longer sync with my OneDrive for Business - "We cannot connect to specified SharePoint site". Even after logging into OneDrive f B and clicking sync/copying link. It only seems possible to me that these changes are related - any thoughts?
Thanks,
@AzureSupport
Hello Sir,
I'm using Office 365 RMS powered by Azure Rights Management (Azure Active Directory). Do I have to assign Azure Rights Management license to every user or administrators only? Thanks.
Regards,
Ryan
I am developing an application that uses AD single organization authentication and AD RBAC roles in an MVC Web App. Using the old Azure Portal, I was able to create a new Application and register the groups/users and client key (secret), however I cannot seems to find this option using the new Azure Portal. I cannot access the old portal with this particular subscription. Is there a way to do this from the new portal or using PowerShell? I have been able to create an app using the following:
$azureAdApplication = New-AzureADApplication -DisplayName $applicationName -HomePage $applicationHomePage -IdentifierUris $applicationHomePage -Password $applicationPassword
And assign roles to users using:
New-AzureRoleAssignment -ResourceGroupName $resourceGroupName -SignInName $signinName -RoleDefinitionName 'Contributor'
How do I create the customer key?
David Downing
First, it's important to note that we're 100% Azure based with no on-premises network or servers.
We currently have a bunch of VMs in our virtual network on Azure. Our organizational AD which runs on a VM is linked to our Azure AD and Office 365 AD via ADFS and DirSync which are also running in the same virtual network on Azure.
Here's what I want to do next:
We have a second Azure subscription where we're developing a new web based product. The developers who are building this new product are members of the same organization that owns the first subscription and it would make a lot of sense to extend our organizational AD to this second subscription so that we can continue to manage all our resources from the same AD and have single sign-on in the second subscription as well.
Thanks, Sam
Hi All,
I have successfully synchronized from all users of on premise ADDS to office 365 ( SPO) and can login in SPO.
But I have been experiencing issue in AAD connect tool when ever I run sometime of after reboot machine or after couple of days. When I uninstall then install it works fine but same issue occurs again and again.
Below is the Error log. ( My on premise environment has all components SP13, SQL , ADDS so all components on single machine )
During setup , I provide Admin accounts of both environment ( on-premise , SPO ) but SP services are running under another service account including both FIM service. Also , MS Azure AD sync is running under new service account created by tool setup.
Here is complete log :-
[04:24:26.629] [ 1] [INFO ]
Anupam soni
Hi all,
I have successfully set up a small azure box and set up VPN to my on premise AD. Then I installed AD connect to this virtual box and successfully synced users.
Then, I successfully registered for a test version of SharePoint online.
But I cannot get these two work together. The domains from AD connect and Office 365 are different, and I do not know how to sync these.
From my point of view, it doesn't make much sense to now again add the Azure domain to the Office 365 domains, and even if I would this does not work, because I cannot make the TXT record in the Azure AD.
So, I think I missed something. I assume I would have to somehow generate the sharepoint / office 365 out of Azure portal, so that these two are automatically tight together, but I did not find a way.
So, anyone with a guide out there on what to do in which order?
Tanks, Sebastian
P.S. I had to install the AD connect on an Azure box, because in the final state I will have to sync multiple Domains to this Azure AD, so the only way to have access to all these on premise domains is VPN tunnels from a cloud box.
Click reply and tell us what you think:Azure AD integration with Citrix ShareFile |
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
The last version I can get to is:
but the link to current revision is not working.
Hi,
I need some clarity of Reply URL or Redirect URI. As per MSDN document, My understanding is, After azure AD authenticate user, AD sends back response along with token if success. But when we create Application which is of type WEB APplication and or WEB API, documentation or every one says we can give dummy url for sign-in url or App ID URL which is dummy or really exists, If that is the case, after authenticating, Azure AD will send response to above mentioned dummy URL which doesnot exists, how does client either native or webapi gets the token
Hi,
I'm trying to set up a federated domain with a third party IDP. I synchronised the local AD with Azure AD, but I'm getting an 80041317 error on login. While following the instructions on how to fix that I have to run Update-MSOLFederatedDomain, which fails. This is how I run the command:
PS C:\Users\Administrator>Update-MSOLFederatedDomain -Domain ggdevelop.com
Update-MSOLFederatedDomain : 'ggdevelop.com' is not a valid domain name.
At line:1 char:1
+ Update-MSOLFederatedDomain -Domain ggdevelop.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Update-MsolFederatedDomain], FederationException
+ FullyQualifiedErrorId: InvalidDomainName,Microsoft.Online.Identity.Federation.Powershell.UpdateFederatedDomainCommand
The domain is definitely a valid domain name, since I can see it by running Get-MSOLDomain:
PS C:\Users\Administrator>Get-MSOLDomain
Name Status Authentication
---- ------ --------------
ggdevelop.com Verified Federated
I can provide additional information if required. I would appreciate any suggestion on how to fix this, since I'm not sure where to go from here.
Hello,
I was wondering if anyone could point me in the direction of finding out how to do a couple things.
It was presented to us that Azure could import users from another Azure Directory Tenant,
Then we could put that user as an on-prem but Azure managed user. So if they get deleted from the contractors Azure we could replicate the delete or disable down to our on-prem.
Does anyone know where I can find docs how to
A. trust a different companies Azure tenant
B. Import users from one Azure director to another
C. provision users down from Azure.
Thanks
Russ
Russell Lema
Okay, so quick rundown of the situation:
Wednesday night I log into my school email (through Office 365/outlook), and notice I have an email sent from myself to myself with personal threats. I then check my sent email folder and see they messaged two of my instructors (I have since cleared this up with them).
I'd like to mention that I was not phished nor keylogged, and yes I know that for a fact. The person (and I know who did it) had no idea of any information besides my email address for my school email. Yet, they were able to break in and attempt to mess things up for me.
Why was my Office 365 account hacked so easily? I have since changed my password. My old password was only nine numbers. Is bruteforcing an Office 365 account that simple?
---
I was referred here from the Office 365 forums:
"As for your question about the reason of your account being hacked, I would suggest that you post the question to Azure Active Directory forum for expert help since this topic is not supported in our forum."
Hello,
I'm test driving Azure AD. I've created the default directory and added a domain, which I set as primary. Then I've created an AD user and on a Windows 10 device, when I booted it up for the first time, successfully connected that user.
Now I'm on the second Windows 10 device, which is my own, and I wanted to do the same thing. Unfortunately it says that it doesn't recognize my user ID.
I can connect any AD users that I create for my domain, but no luck with my admin account, which is sourced from a Microsoft account.
Any idea what's wrong?
Hi all,
I'm one of three admins for our domain, and we are getting the "Could not verify this domain because it was previously configured for your tenant or for another tenant" error when trying to add a custom domain to our Azure subscription for DirSync.
Is there a method to find out where exactly?
It's certainly not registered in Azure, so maybe an office 365 account?
Neil Rawlinson
We are trying to create an automation tool to provide CSP Azure service to the customers. We are able to create customer account and provide Azure subscription to the customers by using CSP crest API. But customer will not be able to use CSP Azure service until contributor role for the provisioned subscription is assigned to that customer tenant admin. We are using Role assignment but the API is failing with following error message which indicated authentication problem. How to automate contributor role assignment?
"{"error":{"code":"AuthenticationFailed", "message":"The access token is from the wrong issuer 'https://sts.windows.net/4373c423-e185-4710-9230-b75cb44d9783/'. It must match the tenant 'https://sts.windows.net/62bcc712-d922-44f3-8c28-a4bfbe15dd65/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/62bcc712-d922-44f3-8c28-a4bfbe15dd65' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."}}"
We have a azure account where we have created a project in 'manage.windowsazure.com. I have followed the steps on that project which are mentioned in "Set up authentication using the Management Portal" from link 'https://msdn.microsoft.com/en-us/library/azure/dn790557.aspx' . Partner account does not have direct access to login on that portal.
Now we have created the token by authenticating that project (passed client Id & client Secret of that project) with partner’s account credentials programmatically and called that role assignment API and got that error.
Can you please tell me what we are missing?
Thanks
Arunava