Hello everyone,

I am working on a new ASP.NET MVC 5 application hosted on a Azure Web App.
I want to configure the authentication with Azure Active Directory.

I already achieved that in the past with the old Azure management portal for an other application.

However, right now, i can't link my web app with the Azure Active Directory app i just created.

When i want to configure the link, the old portal redirect me to the new one with a button :
"go to authentication / authorization settings in preview portal"

And an error occured on the new page :

Unable to locate blade 'EasyAuthenticationBlade' in extension definition. Search path:'[0]WebsitesExtension-[1]EasyAuthenticationBlade'.

By Browsing into the new portal i can access to the "Authentication / authorization" section of my web app, but the page is loading indefinitely.

How can i configure my link between my web app and my Active Directory App ?

Thanks for reading.
Anthony.

Hi! Trying to do an in-place upgrade from Dirsync to AADConnect but it fails in the Configuring stage, stating it cannot find the MSOL svc acct in the schema. Dirsync was working fine prior so this account used by Dirsync to AD was functional and exists. When I hit Retry, it says The system cannot find the file specified, but doesn't specify exactly which file. Partial logs state:

[09:57:02.948] [ 10] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (DirSync Upgrade).
[09:57:02.952] [ 10] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[09:57:02.955] [ 10] [INFO ] Starting a background thread in Ready to configure. Background Task Id: 3.
[09:57:04.033] [ 10] [WARN ] The Azure directory has been synchronized recently.
[09:58:24.604] [  1] [INFO ] Starting a background thread in Configuring. Background Task Id: 4.
[09:58:24.606] [  7] [INFO ] PerformConfigurationPageViewModel.ExecuteDirSyncUninstallCore: Preparing to uninstall DirSync (WizardMode=DirSyncInPlaceUpgrade).
[09:58:24.606] [  7] [INFO ] PerformConfigurationPageViewModel: Staring Dirsync uninstall.
[09:58:24.609] [  7] [INFO ] dirsyncUninstallTool = D:\Program Files\Windows Azure Active Directory Sync\UninstallDirectorySync.exe
[10:04:39.629] [  7] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=DirSyncInPlaceUpgrade).
[10:04:39.642] [  7] [INFO ] Starting Sync Engine installation
[10:04:39.786] [  7] [INFO ] SyncEngineSetup: Using custom install location d:\Program Files\Microsoft Azure AD Sync
[10:04:39.788] [  7] [INFO ] SyncEngineSetup: Using custom groups FIMSyncAdmins, FIMSyncBrowse, FIMSyncOperators, FIMSyncPasswordSet
[10:05:31.651] [  7] [WARN ] TaskSchedulerAdapter: Exception encountered while removing sync scheduler task Azure AD Sync Scheduler. This may be an expected error if the task did not already exist. Details: Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1.

Details: ERROR: The system cannot find the file specified.

   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartProcessCore(String fileName, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile, Boolean hideWindow, Boolean waitForExit, Boolean traceArguments)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.TaskSchedulerAdapter.<>c__DisplayClass8.<RemoveSyncSchedulerTask>b__7()
[10:05:31.847] [  7] [INFO ] AddSyncSchedulerTask: Executing schtasks.exe /create /F /NP /SC:HOURLY /MO:3 /TN:"Azure AD Sync Scheduler" /TR:"'D:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe'" /RU:AADSyncSched_b86db /RP:<hidden>
[10:05:32.080] [  7] [VERB ] Current identity: domain\*******
[10:05:33.219] [  7] [INFO ] InstallSyncEngineStage: Sync Engine was successfully installed.
[10:05:33.219] [  7] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[10:05:33.227] [  7] [INFO ] PerformConfigurationPageViewModel.StartInstallation: Preparing to configure sync engine.
[10:05:33.245] [  7] [VERB ] GetAdminCredential called with account domain\*******
[10:05:33.245] [  7] [VERB ] AdministratorUsername is in NTAccount format.
[10:05:33.245] [  7] [VERB ] GetAdminCredential returning account domain\*******
[10:05:33.245] [  7] [INFO ] DirSync upgrade is in-place. Preparing for password reset.
[10:05:33.245] [  7] [INFO ] Resetting password for service account
[10:05:33.880] [  7] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[10:08:13.884] [  1] [INFO ] Opened log file at path C:\Users\*******\AppData\Local\AADConnect\trace-20151126-095232.log
[10:11:34.092] [  1] [INFO ] Starting a background thread in Configuring. Background Task Id: 5.
[10:11:34.092] [ 20] [INFO ] PerformConfigurationPageViewModel.ExecuteDirSyncUninstallCore: Preparing to uninstall DirSync (WizardMode=DirSyncInPlaceUpgrade).
[10:11:34.092] [ 20] [INFO ] PerformConfigurationPageViewModel: Staring Dirsync uninstall.
[10:11:34.093] [ 20] [INFO ] dirsyncUninstallTool = D:\Program Files\UninstallDirectorySync.exe
[10:11:34.111] [ 20] [ERROR] Error running the Dirysync uninstall tool D:\Program Files\UninstallDirectorySync.exe, System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
   at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
   at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
   at Microsoft.Online.Deployment.Framework.Providers.ProcessProvider.Execute(String domain, String username, SecureString password, String filename, String arguments, TimeSpan timeout, Boolean waitForAllInstance, Int32[] allowedExitCodes)
   at Microsoft.Online.Deployment.Framework.Providers.ProcessProvider.Execute(String filename, String arguments, TimeSpan timeout, Boolean waitForAllInstance, Int32[] allowedExitCodes)
   at Microsoft.Online.Deployment.OneADWizard.Providers.EngineSetupProvider.UninstallDirSync(Guid installedProductCode)
[10:11:34.111] [ 20] [ERROR] Caught exception while performing upgrade from DirSync.
Exception Data (Raw): System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
   at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
   at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
   at Microsoft.Online.Deployment.Framework.Providers.ProcessProvider.Execute(String domain, String username, SecureString password, String filename, String arguments, TimeSpan timeout, Boolean waitForAllInstance, Int32[] allowedExitCodes)
   at Microsoft.Online.Deployment.Framework.Providers.ProcessProvider.Execute(String filename, String arguments, TimeSpan timeout, Boolean waitForAllInstance, Int32[] allowedExitCodes)
   at Microsoft.Online.Deployment.OneADWizard.Providers.EngineSetupProvider.UninstallDirSync(Guid installedProductCode)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteDirSyncUninstallCore(AADConnectResult& result)
[10:14:37.447] [  1] [INFO ] Opened log file at path C:\Users\*******\AppData\Local\AADConnect\trace-20151126-095232.log

Hi,

I am currently trying to configure a new Web Application on an Azure Active Directory associated with an O365 tenant. I've followed the instructions found here and all but the Key functionality is set up fine. But I need a key and this is where my problem begins. When I go to create a key I click the drop down and select either 1-year or 2-year options and click the Save button. It waits for a moment, and eventually returns an error like this one: "Could not update the configuration for app 'mynewapp'.". The result is it does not show me a key because the portal thinks it failed. However when I refresh the browser and load the application configuration back up I can see that in fact a key has been created.

Any thoughts as to what's causing this problem and how I can work around it?

Regards.

We've been using individual user accounts authentication for years but now that most people in our organization have Azure AD accounts, we'd like to use that authentication too.

We still have users that don't have AD accounts that need to access our system via the "Individual User Accounts" option.

We're using the ASP Identity framework and I can't find any documentation on how to use both at the same time; only one or the other.

Any pointers or links on how to accomplish this would be great.

Thanks!

Hello everyone:

Can anyone share a proven procedure for adding a new domain to Azure AD along with the SSO option enabled - particularly the domain verification steps?

I can verify the domain just fine in the Azure Management Portal when I am adding the domain without the SSO option (I get the DNS TXT attributes, set it on my domain, and verify - done) however when I select the SSO option when adding the domain I am stuck - when I hit "Verify" in the Domains section I do not get the DNS TXT parameter but rather a message "To verify ownership of XYZ.COM and configure it for single sign-on by users in your local Active Directory, go to the Directory Integration page and complete the steps to install and run Azure AD Connect. "

This is described also in another post at 

http://stackoverflow.com/questions/22380653/verify-a-domain-name-in-azure-active-directory

however the solution offered there (via PowerShell) does not work in my case either. While get-msoldomain does see my new unverified domain xyz.com the Get-MsolDomainVerificationDns reports it as non-existent (please see below). The description of the PS commands is at https://msdn.microsoft.com/library/azure/dn919677.aspx.

What am I missing? Is this the right procedure?

Thank you,

Zdenek

 This is what happens when I try to use PowerShell:

PS> get-msoldomain

Name                                                                                   Status          Authentication

----                                                                                   ------          --------------

mydomain.onmicrosoft.com                                                       Verified        Managed

xyz.com                                                                       Unverified      Federated

PS > Get-MsolDomainVerificationDns -DomainName xyz.com -Mode dnstxtrecord

Get-MsolDomainVerificationDns : This domain does not exist. Check the name and try again.

At line:1 char:1

+ Get-MsolDomainVerificationDns -DomainName xyz.com -Mode dnstxtrecord

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo         : OperationStopped: (:) [Get-MsolDomainVerificationDns], MicrosoftOnlineException

    + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.DomainNotFoundException,Microsoft.Online.Administration.Automation.GetDomainVerificationDns

An employee of our company installed and configured dirsync, and this person didn't no how to do it right. We have now every single user object from our company AD (including service accounts, etc.) in Azure AD. And all the users have the wrong domain assigned (...onmicrosoft.com instead of <companyname>.com.)

Have upgraded the dirsync tool to Azure AD connect and selected only the OU with the user accounts that we want to have in Azure/O365. Azure AD connect works without any errors, but it seems to sync only new objects and does not touch the other objects. What I like to do is to perform a "real sync" that does synchronize the objects that are in definied in the scope (just one OU selected) and delete all other objects in Azure.

I'm unable to delete any federated object in the Azure Management Portal. There are people with the same problem, but there are only solutions avauilable that work with the old dirsync (like http://blogs.technet.com/b/hot/archive/2011/12/01/how-to-remove-synced-users-from-cloud-side.aspx), but we need a solution that works with Azure AD connect.

Thank you all in advance for any help.

Kind regards, Franz

Hi to all,

there is a way to list with powershell, all devices self joined by users (ex. Azure AD Join on Windows 10 devices) on AAD?

Thanks in advance.

Hello,

I was referred to here from the Office 365 forums, see: https://community.office365.com/en-us/f/613/p/420776/1053031

I had upgraded to Azure AD Connect and enabled password writeback and I thought online password reset, but at this time it appears that the admin user was synchronized back to my local directory and somehow its password was overwritten.  Azure AD Sync was failing locally and at this point I am both unable to connect Azure AD Sync from my server to Azure AD and unable to login to Azure AD (or reset the password).

Please assist!

Thank you,

Matthew Yauch

From Rodrigo Martensen @rcmartensen via Twitter

Need to know if Azure RMS can open protected documents encrypted by old Microsoft RMS. I have some excel files that are encrypted by old Microsoft RMS and now I am not able to open them. Seems the support has ended and the connection with the server does not complete.

Thanks,

@AzureSupport

From Russ Michaels @RussMichaelsvia Twitter

@AzureSupport signed up for Azure AD, when I enable domain services it wants a virtual network, but the drop down list is empty?  I do not have any virtual machine I am simply trying to setup azure active directory so we can use it for logins. so how can we use azure active directory option on windows 10?

Checked out these posts:aka.ms/d7736261&aka.ms/d7736262. However, this all seems to related to joining an on premise AD? we do not have it on premise, thus why I signed up online.

https://twitter.com/RussMichaels/status/668877064917884929

Thanks,

@AzureSupport

Hi,

when I try to access my AD B2C tenant at https://portal.azure.com/%7Bdirectory%7D.onmicrosoft.com/?Microsoft_AAD_B2CAdmin=true#blade/Microsoft_AAD_B2CAdmin/TenantManagementBlade/id/{tenant}.onmicrosoft.com

(having replaced {tenant} accordingly)

then I get an error message that says: "Access Denied".

Of course I'm signed in with the same account as when creating the tenant in the first place.

Any idea how to recover from this?

Thanks in advance,

    Robert

Changing the world... bit by bit.

Hi, Team.

I've created an Azure AD by following this instruction:

https://msdn.microsoft.com/dynamics/crm/mt149065.aspx

Then, I got asked to enter domain name like:

Therefore, I'd like to delete the Azure AD I set up. But I can't delete it. How can I delete it? The AAD is integrated with my O365 tenant, aliencubeorg.onmicrosoft.com

Hi, I would like to understand and obtain the list of destination IPs required for Azure AD Connect Server. Internally we need to have firewall lifted to specific IPs for Internet access. Hence for Azure AD Connect to work, we would need the list of IPs. 

From https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US,

the  destinations indicated in below are *.microsoftonline.com, *.windows.net and Certificate Revocation List. Certificate Revocation Lists are referred to as crl.microsoft.com, *.omniroot.com etc 

Where can we obtain the list of IPs that Microsoft is using? The online document only listed * and URLs

Hello,

 I've signed up for a trial of Azure AD Premium, which is linked to my Office 365 subscription. 

There are a number of users who have changed their password, in addition, I've changed their password as an administrator. If I run a "password reset activity" report, I get a "No data is available for this report" - this seems to happen for most of my users, but I don't know why.

I've assigned a licence to myself for Azure AD Premium, my Office subscription is a Office 365 E3. How does the licensing work for AD premium?

Let's say I have 1000 users and 25 Azure AD premium licences, to run reports against my users, does that mean I need to 1000 users? 

If I only assign 25 licences, but 100 users login from multiple geographies, does the report "sign in from multiple geographies" only show those 25 licensed users?

Thanks

Hi

I am working on writing an api in java to read the calendar events from outlook calendar. I am using using grails and the azure-activedirectory-library-for-java in my application.

Following is the code I have written to  get the access token

def getAuthToken(String client_id, String client_secret, def params){

        private final static String AUTHORITY = "https://login.microsoftonline.com/common/oauth2/token";

        JSONObject json = new JSONObject();
        String authCode = params.code;
        String currentUri = "http://xxxxxx.xxxxxx.in/Calendar/calendar/getAuthToken"; // this is the redirect_uri in my azure app
        ClientCredential credential = new ClientCredential(client_id,
                client_secret);
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        ExecutorService service = null;
        try {
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(AUTHORITY, true, service);
            Future<AuthenticationResult> future = context.acquireTokenByAuthorizationCode(authCode, new URI(currentUri), credential, null);
            result = future.get();
        } catch (ExecutionException e) {
            throw e.getCause();
        } finally {
            service.shutdown();
        }

        if (result == null) {
            throw new ServiceUnavailableException(
                    "authentication result was null");
        }
        json.access_token = result.getAccessToken();
        json.refresh_token = result.getRefreshToken();
        return json;
    }

I am getting the access token from this but when I am using it in my method to get the calendar events I am getting error.

My code to get the calendar events

def getEvents(String auth_token){
        JSONObject result = new JSONObject();
        
        SimpleDateFormat isoFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.US);
        isoFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        Date startTime = new Date();
        Calendar cal = Calendar.getInstance();
        cal.setTime(startTime);
        cal.add(Calendar.DATE, 1);
        Date endTime = cal.getTime();
        
        String startTimeUrl = isoFormat.format(startTime);
        String endTimeUrl = isoFormat.format(endTime);
        
        StringBuffer calendarViewUrl = new StringBuffer();
//        calendarViewUrl.append("https://outlook.office365.com/api/v1.0")
        calendarViewUrl.append("https://outlook.office365.com/api")
        .append("/Me/CalendarView?")
        .append("startDateTime=").append(startTimeUrl).append("&endDateTime=")
        .append(endTimeUrl).append("&\$select=Subject,Start,End").append("&\$orderby=Start");
        
        result = makeApiCall(auth_token, calendarViewUrl.toString());
        
        return result;
    }
    
    def makeApiCall( String auth_token, String calendarViewUrl){
        JSONObject result = new JSONObject();

        HttpClient httpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet(calendarViewUrl);
        try {
            httpGet.setHeader("User-Agent", USER_AGENT);
            httpGet.setHeader("Authorization","Bearer "+auth_token);
            httpGet.setHeader("Accept", "application/json");
            httpGet.setHeader("client-request-id", java.util.UUID.randomUUID().toString());
            httpGet.setHeader("return-client-request-id", "true");


            HttpResponse response = httpClient.execute(httpGet);
            HttpEntity respEntity = response.getEntity();

            if (respEntity != null) {
                // EntityUtils to get the response content
//                result =  new JSONObject( (org.apache.http.util.EntityUtils.toString(respEntity)).trim() );
                System.out.println(org.apache.http.util.EntityUtils.toString(respEntity).isEmpty());
            }

        } catch (Exception e) {
            // writing exception to log
            e.printStackTrace();
        }

        return result;
    }

This is my response body from makeApiCall()

HTTP/1.1 401 Unauthorized [Content-Length: 0, Server: Microsoft-IIS/8.0, request-id: 76e71807-f4d4-4444-9f9b-f94f8bb3522f, client-request-id: 238d543c-9cd0-40a8-afea-5b4d87cc42ce, Set-Cookie: ClientId=W28GZPKKVKNKJ8LT5BVTA; expires=Tue, 29-Nov-2016 14:19:12 GMT; path=/; secure; HttpOnly, X-CalculatedBETarget: HK2PR03MB0690.apcprd03.prod.outlook.com, X-BackEndHttpStatus: 401, Set-Cookie: exchangecookie=3e6de459ef824c2da4765e80d47056bc; expires=Wed, 30-Nov-2016 14:19:13 GMT; path=/; HttpOnly, client-request-id: 238d543c-9cd0-40a8-afea-5b4d87cc42ce, x-ms-diagnostics: 2000001;reason="OAuth token submitted with the request can not be parsed.";error_category="invalid_token", X-DiagInfo: HK2PR03MB0690, X-BEServer: HK2PR03MB0690, Set-Cookie: ClientId=W28GZPKKVKNKJ8LT5BVTA; expires=Tue, 29-Nov-2016 14:19:12 GMT; path=/; secure; HttpOnly, X-Powered-By: ASP.NET, X-FEServer: HKXPR03CA0086, WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", authorization_uri="https://login.windows.net/common/oauth2/authorize", error="invalid_token",Basic Realm="",Basic Realm="", Date: Mon, 30 Nov 2015 14:19:12 GMT] org.apache.http.conn.BasicManagedEntity@6f967ae3

Please if anybody knows the problem and solution kindly help

Thanks in advance
Abhisek Sai Deo

Hi there, we have had an on-prem internal/external ADFS 2.0 environment for use for SSO access to 3rd party apps. That worked fine. Last year, we added our Office365 tenant into that ADFS system and set up DirSync. That works fine too. Here's the question: Is there any way to get Azure AD Premium to provide the authentication for Office365 access and O365 services like Dynamics CRM and Power BI instead of the ADFS system?  The reason I ask this is because the ADFS login screen doesn't do well for mobile devices and I'm assuming that the page that users get to when signing into Office365 is better equipped for multi-factor auth and password reset tools than the ADFS login page could provide.

Any feedback appreciated.

Have installed and configured "Azure AD Connect". After that, the "Synchronization Service Manager" has two connectors: One for AD, and one for Windows Azure AD. Have then configured on the AD connector that only the OU with the employees should be synchronized:

Despite that, I have a lot of other undesired users from outher local OU's in Azure AD. Why? 

Thank you in advance for any hint.

Franz Schenk