HI,

I want to Authenticate service management rest api using the Active Directory. Can you please mention the Steps?

I have tried to authenticate using node.js module as follows it shows as the authorization error. Please let me know anything i have missed in the following

var adal=require('adal-node');
var AuthenticationContext= adal.AuthenticationContext;
var tenantID="57d091d4-4dae-41e2-9a2b-0bc0644688df";
var clientID="fd6bec69-7e92-49a0-85b1-affb20a9d7af";
var resource="https://management.azure.com/";
var authURL="https://login.windows.net/" + tenantID;
var secret="E7ZaMHCNqcO4qHzzJm6RI4X7kS7CTVUjNJ/13eCltvI=";
var context=new AuthenticationContext(authURL);

var rest=require('restler');

context.acquireTokenWithClientCredentials(resource,clientID, secret, function(err,tokenResponse) {

console.log('err:'+err);
console.log('tokenResponse:'+JSON.stringify(tokenResponse,null,2));

authHeader = tokenResponse['accessToken'];
requestURL="https://management.azure.com/subscriptions/84da9df4-cf54-4040-9743-9fbbda1903f0?api-version=2015-01-01";
rest.get(requestURL, {accessToken:authHeader}).on('complete',function(result)
{
    console.log('result:'+JSON.stringify(result,null,2));

});
});

Response:-

tokenResponse:{
  "expiresIn": 3599,
  "tokenType": "Bearer",
  "expiresOn": "2015-08-13T06:03:39.986Z",
  "resource": "https://management.azure.com/",
  "accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzU3ZDA5MWQ0LTRkYWUtNDFlMi05YTJiLTBiYzA2NDQ2ODhkZi8iLCJpY
XQiOjE0NDA2NzY5OTgsIm5iZiI6MTQ0MDY3Njk5OCwiZXhwIjoxNDQwNjgwODk4LCJ2ZXIiOiIxLjAiLCJ0aWQiOiI1N2QwOTFkNC00ZGFlLTQxZTItOWEyYi0wYmMwNjQ0Njg4ZGYiLCJvaWQiOiIyMTQ4MTBmNy02OGRiLTRlZDEtOTdjOC0wZGJlMTNkZjI1NzAiLCJzdWIiOiIyMTQ4MTBmNy02OGRiLTRlZDEtOTdjOC0wZGJlMTNkZjI1NzAiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ld
C81N2QwOTFkNC00ZGFlLTQxZTItOWEyYi0wYmMwNjQ0Njg4ZGYvIiwiYXBwaWQiOiJmZDZiZWM2OS03ZTkyLTQ5YTAtODViMS1hZmZiMjBhOWQ3YWYiLCJhcHBpZGFjciI6IjEifQ.upG8bCJKLz0pkzkiUoBGtiRBlIFLVf7DImDRq3KfbL24g7CoORV3EExl2Pio-AskofIUuP1hEFgkNve75vEv_jNIeQKfbDSeJzhM9phUj2mRR40TnUmN3mgPv72hYzGtWPH7Btlbeq93gsNjPCmLRqwZd6pdRzLOuH
P4RC8TABw_9tuqwZQB_ShzX6-0kIGno48kFqZWk61HrSjkQEV9h9quqYbafn1HkHr4i_huhQx4OxN8w8y8ab0xF0VRDkXIKysDdCHc9uaXj0eaGMc8SqZ6uDUaN6iWkpV4MR96jjbTgK5ll6TkLL3TAfuyNP_Q9fxI4ef0JwlMm10SF1ccZQ",
  "isMRRT": true,
  "_clientId": "fd6bec69-7e92-49a0-85b1-affb20a9d7af",
  "_authority": "https://login.windows.net/57d091d4-4dae-41e2-9a2b-0bc0644688df"
}
result:{
  "error": {
    "code": "AuthorizationFailed",
    "message": "The client '214810f7-68db-4ed1-97c8-0dbe13df2570' with object id '214810f7-68db-4ed1-97c8-0dbe13df2570' does not have authorization to perform action 'Microsoft.Resources/subscriptions/read' over scope '/subscriptions/84da9df4-cf54-4040-9743-9fbbda1903f0'."
  }
}

Hi ,

i'm trying to delete user from the AD using the graph API 

https://graph.windows.net/myorganization/users/{user_id}[?api-version]

i have provided the following permission and trying to delete the users from AD. But still i'm facing the following permission issue.

Token Properties.

{
    "token_type": "Bearer",
    "expires_in": "3599",
    "scope": "Directory.Write Files.ReadWrite Files.ReadWrite.AppFolder offline_access Tasks.ReadWrite User.Read User.ReadWrite User.ReadWrite.All",
    "expires_on": "1448438984",
    "not_before": "1448435084",
    "resource": "https://graph.windows.net",

    "access_token": "********************"

}

Error while delete request

{
    "odata.error": {
        "code": "Authorization_RequestDenied",
        "message": {
            "lang": "en",
            "value": "Insufficient privileges to complete the operation."
        }
    }
}

So, what all additional application permission should be given to remove user from AD.

Requester of API possess "User Administrator" Role.

Regards,

Bharamagouda.

Hopefully that title is descriptive of the problem... 

Here's what I'm trying to do: We have our an on-prem domain (e.g. corp.contoso.com) and an O365/AAD domain (contoso.com).  We'd like to have a consistent login experience between these two.  When setting up AADConnect, it overwrites accounts in AAD from user@contoso.com to user@contoso.onmicrosoft.com.  I can fix this manually after the fact but that doesn't really scale.

Ideally I'd like to be able to add new users to my on-prem AD (corp\user2 or user2@corp.contoso.com) and have it properly provisioned in AAD as user2@contoso.com.  It seems like there's a very involved way to do this with ADFS and Alternate Login or per "recommended best practices" of changing my on-prem domain, both which are non-starters.

I haven't been able to find any solutions from searching these forums, TechNet, blogs, stack overflow, reddit, or anywhere else, but I'm really hoping that I'm missing an easy obvious solution.  Is there something sly I can do with sync rules?  Run an AAD Powershell script to fix it?  Wish real hard?  Contact the AADC PM and bribe them? 

Thanks --pete

Hi Everyone,

I have successfully installed Azure AD Application Proxy Connector on my server. When I run the troubleshooter, I see updater is failed in the report

"Connectivity to update service failed

Error connecting to URL: 'https://updater.msappproxy.net:8080/'. Error: 'The operation has timed out'. Make sure firewall and proxy configuration are properly and that the necessary outgoing ports are open – see http://go.microsoft.com/fwlink/?LinkID=401510"

I tested with telnet with command "telnet https://updater.msappproxy.net 8080", it connects successfully. Also if I puthttps://updater.msappproxy.net:8080 URL in my web browser, I see successful connection and am also able to see the certificate which also confirms the connection.

Is this a false positive or something that needs to be fixed?

Thanks in advance!

From: Toniolo Consulting @TonioloAus via Twitter

I've joined my Windows 10 computer to the AZ AD, and signed as my work user account. Since doing this however, I can no longer sync with my OneDrive for Business - "We cannot connect to specified SharePoint site". Even after logging into OneDrive f B and clicking sync/copying link. It only seems possible to me that these changes are related - any thoughts?

Thanks,

@AzureSupport

Hi all,

I've been struggling with this for more then a day now, let me explain. So we have a created a SAML2 IDP but I can't get the Powershell cmdlets to configure office365 to the idp

I've created a new MSOL-Domain. Verified it using DNS but now with the Set-MsolDomainAuthentication it gives an error 

PS C:\tmp> Set-MsolDomainAuthentication -DomainName $domainName -FederationBrandName $brandName -Authentication Federated -PassiveLogOnUri $ssoUri -IssuerUri $issuerUri -LogOffUri $logoutUri -SigningCertificate $cert
Set-MsolDomainAuthentication : Unable to complete this action. Try again later.
At line:1 char:1
+ Set-MsolDomainAuthentication -DomainName $domainName -FederationBrand ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [Set-MsolDomainAuthentication], MicrosoftOnlineException
    + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Administration.Automation.SetDomainAuthentication

These are the variables that I have used

$issuerUri = "https://idp.myservice.io/idhub/saml2"
$ssoUri = "$issuerUri/sso"
$logoutUri = "$issuerUri/slo"
$soapUri = "$issuerUri/soap"
$proto = "SAMLP"

$domainName = "demo.myservice.io"

$brandName = "IDP"

$certFile = "c:\tmp\idp.crt"

$cert = [IO.File]::ReadAllText($certFile)
$cert = $cert.replace("-----BEGIN CERTIFICATE-----","")
$cert = $cert.replace("-----END CERTIFICATE-----","")
$cert = $cert.replace("`r","")
$cert = $cert.replace("`n","")

The CRT file was verified using openssl and the windows ssl stuff, The certificate is fine. The stuff I did here I found at a help site of Ping (another IDP). I am totally at a loss here? I've tried to manually putting everything on one line (like suggested with other posts) but nothing changed.

Thanks for any help/pointers you can give me.

Gerry

Business Scenario:

Newly formed organization with no established Windows network.  Currently all users are authenticated to local machines and to Office 365 E3 licenses.  

There will be two lines of business.  The root forest and core domain will be for the corporate holding company.  Assume abc.com for the domain for this entity.

There will be a second forest for a second organization xyz.com that will be operated separately and may need to split off in the future.   Xyz.com domain has multiple branch locations with a local domain controller/app server.  These will largely be RODC. 

All administration of the network for all lines of business are done centrally from one location so there is no need to delegate network or server administration.

AD for xyz.com will primarily be for machine authentication, group policy management and access to services in Azure (files, Office 365, Azure hosted Apps, Azure Data Warehouse, etc.).

General Design:

Setup abc.com as forest root in AD and xyz.com as a separate tree in the same forest.  For now the plan is to use groups to delineate locations versus separate organizational units.

Question:

Should I setup the AD on on-prem at abc.com and replicate to an instance on Azure for setup on Azure first and replicate to the on-prem network?  It's my understanding that network charges are egress from Azure and not ingress (to Azure).  I don't want any additional costs if not needed.  The DCs on xyz.com would sync with Azure instance to get directory details.

My main concern was replication impact, cost and wanted to take into account any other issues as far as which environment to make the root of the forest.

Should I consider using the new AD as a service versus a VM with AD installed within Azure?

Thanks...Kevin

Does Azure supports true IDP initiated SSO Solution like below?

• A user has logged on to the IdP.
• The user requests access to a protected SP resource. The user is not logged on to the SP site.
• The IdP’s SSO service returns an HTML form to the browser with a SAML response containing the authentication assertion and any additional attributes. The browser automatically posts the HTML form back to the SP.

Thanks,

Gayatri

When I click on the Join Azure AD button from the System Settings screen my screen flashes briefly but nothing happens.  I never get presented with the next screen...

I'm trying to understand if Azure Active Directory Connect would simplify our current setup. Here's some info about our network:

1. We're entirely on Azure. No on-premises network or servers
2. We have our organizational AD running in a VM in our virtual network on Azure
3. We use Office 365 which is integrated with our organizational AD for single sign-on
4. We also heavily use Azure and Visual Studio Team Services -- aka Visual Studio Online

We want full integration in all these services and want to have single sign-on.

Currently, we have 5 VMs for AD management:

1. Domain Controller 1
2. Domain Controller 2
3. DirSync
4. ADFS
5. WAP

We hired a Microsoft partner to set all this up for us and this is the configuration they recommended and set up for us. To be perfectly honest, I still don't understand why we need ADFS, DirSync and WAP all at the same time. I thought ADFS would suffice.

The reason for my question:

1. I want us to use the latest and most reliable solutions and was wondering if Azure Active Directory Connect (AADC) would be right solution for us
2. If AADC is the right solution for us, would it simplify our current set up i.e. get rid of a few of these pieces DirSync, WAP, etc.
3. If we could remove some unnecessary elements, it would also save us money on VM charges

I'd appreciate your comments on this. 

Thanks, Sam

I'm trying to figure out how to implement a windows service that can be configured to talk with our WebApi in a multi-tenant scenario. The closest example I could find was the one posted hereactive-directory-dotnet-daemon. The problem with this sample is doesn't show how you would deal a multi-tenant scenario. If you use the same AppKey for every tenant wouldn't it be possible to impersonate another tenant if someone decided to search the app for the ClientID and AppKey? It seems like one way around this would be to generate a new AppKey for every tenant who joins our service. This AppKey would need to be provided to the windows service as a configuration parameter when customer installed the service. Is this the correct approach? It doesn't seem like this the correct direction since it wouldn't be obvious from the AAD portal which AppKey is associated with which tenant. Looks like you would have to manage this yourself. I know you have to pass tenant ID as part of the authority, but these IDs are not like AppKey or passwords. What's the correct approach for this scenario?

         Thanks.

I am attempting to extend our AD to Azure using Azure AD Connect but am having issues during the installation phase.
The Azure AD Connect throws a System.FormatException: Index (zero based) must be greater than or equal to zero and less than the size of the argument list.

Further inspections of the Installation Log gives a 80070005 when retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05}. I've checked the Local Activation permission in dcomcnfg for Microsoft Azure AD Sync and these are setup correctly for my Enterpirsie Admin user.

I'm able to provide the full installation log if this is required.

Thanks

I wish to migrate the users away from Google apps but to synchronize them with Azure cloud AD. As of now azure is our sso authority. I followed the guide below. Which means that when I create users in Azure AD they are created on Google apps. The problem is that most of our users already exist in Google apps and I don't want to recreate them on azure cloud for fear of losing important docs or emails. Is there a known solution to my problem?

https://github.com/Azure/azure-content/blob/master/articles/active-directory/active-directory-saas-google-apps-tutorial.md

Hi,

when I try to access my AD B2C tenant at https://portal.azure.com/%7Bdirectory%7D.onmicrosoft.com/?Microsoft_AAD_B2CAdmin=true#blade/Microsoft_AAD_B2CAdmin/TenantManagementBlade/id/{tenant}.onmicrosoft.com

(having replaced {tenant} accordingly)

then I get an error message that says: "Access Denied".

Of course I'm signed in with the same account as when creating the tenant in the first place.

Any idea how to recover from this?

Thanks in advance,

    Robert

Changing the world... bit by bit.

I am trying to create a role assignment using the Azure Resource Management REST API.

https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{role-assignment-id}?api-version={api-version}

I've verified that the principalID in question does in fact exist. I can also create the assignment using xplat cli and PowerShell using the same PrincipalId. Any ideas why i'm getting this error when attempting this with the REST call?

Phil Jirsa - Senior Consultant | Rackspace

Hi,

On the very last step of the DIRSync to AD Connect migration wizard we lost network connectivity. The wizard failed and would not allow a retry. Upon closing the wizard and re opening Azure AD Connect I get an error:..

"An error has occurred on the Root page, preventing Azure AD Connect from continuing. To protect your existing data, the wizard must be closed.

A Internal problem has occurred.

It appears that you are resuming a scenario which was not completed previously during installation. Please uninstall and try again.

It gives me a log for more details which is below:

[15:21:27.247] [  1] [INFO ]
[15:21:27.247] [  1] [INFO ] ================================================================================
[15:21:27.247] [  1] [INFO ] Application starting
[15:21:27.247] [  1] [INFO ] ================================================================================
[15:21:27.278] [  1] [INFO ] Application Version: 1.0.0.0-1446499270
[15:21:28.372] [  1] [INFO ] App Properties/Metrics:
[15:21:28.388] [  1] [INFO ]    Runtime.Start=2015-12-02T15:21:27+00:00
[15:21:28.388] [  1] [INFO ]    Application.Version=1.0.0.0-1446499270
[15:21:28.388] [  1] [INFO ]    Application.IsDebugBuild=False
[15:21:28.388] [  1] [INFO ]    Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
[15:21:28.388] [  1] [INFO ]    Environment.OperatingSystem.Platform=Win32NT
[15:21:28.388] [  1] [INFO ]    Environment.OperatingSystem.ServicePack=
[15:21:28.388] [  1] [INFO ]    Environment.OperatingSystem.ProductType=Server
[15:21:28.388] [  1] [INFO ]    Environment.OperatingSystem.Sku=7
[15:21:28.388] [  1] [INFO ]    Environment.OperatingSystem.Language=0809
[15:21:28.388] [  1] [INFO ]    Environment.Computer.Make=microsoft corporation
[15:21:28.388] [  1] [INFO ]    Environment.Computer.Model=virtual machine
[15:21:28.388] [  1] [INFO ]    Environment.OperatingSystem.IsDomainJoined=True
[15:21:28.388] [  1] [INFO ]    Runtime.EncodedPageNavigationBytes=
[15:21:28.388] [ 11] [INFO ] Starting Telemetry Send
[15:21:28.497] [  1] [INFO ] Acquired sync config changes mutex: True
[15:21:28.560] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[15:21:28.622] [  1] [INFO ] Found existing persisted state context.
[15:21:28.731] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[15:21:28.747] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[15:21:28.763] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:28.778] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: verified product code {d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd}.
[15:21:28.778] [  1] [VERB ] Package=Microsoft Online Services Sign-in Assistant, Version=7.250.4556.0, ProductCode=d8ab93b0-6fbf-44a0-971f-c0669b5ae6dd, UpgradeCode=03c97135-0e31-4334-9215-63827d4f07d4
[15:21:28.794] [  1] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[15:21:28.794] [  1] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals (version 7.250.4556.0) is installed.
[15:21:28.794] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[15:21:28.794] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:28.794] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: verified product code {43cc9c53-a217-4850-b5b2-8c347920e500}.
[15:21:28.794] [  1] [VERB ] Package=Windows Azure Active Directory Module for Windows PowerShell, Version=1.0.0, ProductCode=43cc9c53-a217-4850-b5b2-8c347920e500, UpgradeCode=bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c
[15:21:28.794] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell (bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c)
[15:21:28.794] [  1] [INFO ] Product Microsoft Azure Active Directory Module for Windows PowerShell (version 1.0.0) is installed.
[15:21:28.794] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[15:21:28.794] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:28.794] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[15:21:28.794] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[15:21:28.794] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[15:21:28.794] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[15:21:28.794] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[15:21:28.794] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:28.794] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[15:21:28.794] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[15:21:28.810] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[15:21:28.810] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[15:21:28.810] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[15:21:28.810] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:28.810] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {7b21e0d0-f190-4f2f-b15d-277eb215d68a}.
[15:21:28.810] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[15:21:28.810] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[15:21:28.810] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.0.9125.0, ProductCode=7b21e0d0-f190-4f2f-b15d-277eb215d68a, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[15:21:28.825] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[15:21:29.075] [  1] [INFO ] Product Azure AD Sync Engine (version 1.0.9125.0) is installed.
[15:21:29.231] [  1] [ERROR] AzureADSyncEngineComponent: unexpected value retrieved for upgrade mode (0)
[15:21:29.231] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine Health Agent
[15:21:29.231] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:29.231] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[15:21:29.231] [  1] [INFO ] Determining installation action for Azure AD Sync Engine Health Agent (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[15:21:29.231] [  1] [INFO ] Product Azure AD Sync Engine Health Agent is not installed.
[15:21:29.231] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect agent
[15:21:29.231] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:29.231] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {781f8332-277b-45bf-a5f4-af5a117ffa73}: no registered products found.
[15:21:29.231] [  1] [INFO ] Determining installation action for Azure AD Connect agent (781f8332-277b-45bf-a5f4-af5a117ffa73)
[15:21:29.247] [  1] [INFO ] Product Azure AD Connect agent is not installed.
[15:21:29.247] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[15:21:29.247] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:29.247] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {9d573e71-1077-4c7e-b4db-4e22a5d2b48b}.
[15:21:29.247] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.0.2100.60, ProductCode=9d573e71-1077-4c7e-b4db-4e22a5d2b48b, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[15:21:29.247] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[15:21:29.247] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.0.2100.60) is installed.
[15:21:29.247] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[15:21:29.247] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:29.247] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {6c026a91-640f-4a23-8b68-05d589cc6f18}.
[15:21:29.247] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.1.3000.0, ProductCode=6c026a91-640f-4a23-8b68-05d589cc6f18, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[15:21:29.247] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[15:21:29.247] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.1.3000.0) is installed.
[15:21:29.247] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[15:21:29.247] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:29.247] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {d411e9c9-ce62-4dbf-9d92-4cb22b750ed5}.
[15:21:29.247] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.1.3000.0, ProductCode=d411e9c9-ce62-4dbf-9d92-4cb22b750ed5, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[15:21:29.247] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[15:21:29.247] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.1.3000.0) is installed.
[15:21:29.247] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Azure AD Connector
[15:21:29.247] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:29.247] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: verified product code {706efae8-26a7-4e27-bbd0-2c3c1d7c194d}.
[15:21:29.247] [  1] [VERB ] Package=Microsoft Azure AD Connect Azure AD Connector, Version=1.0.9125.0, ProductCode=706efae8-26a7-4e27-bbd0-2c3c1d7c194d, UpgradeCode=fb3feca7-5190-43e7-8d4b-5eec88ed9455
[15:21:29.247] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Azure AD Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[15:21:29.247] [  1] [INFO ] Product Microsoft Azure AD Connect Azure AD Connector (version 1.0.9125.0) is installed.
[15:21:29.247] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[15:21:29.403] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[15:21:29.403] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[15:21:29.403] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[15:21:29.403] [  1] [VERB ] Getting list of installed packages by upgrade code
[15:21:29.403] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {b8c6506c-843a-4e91-9a91-975260716ac1}.
[15:21:29.403] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.0.9125.0, ProductCode=b8c6506c-843a-4e91-9a91-975260716ac1, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[15:21:29.403] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[15:21:29.403] [  1] [INFO ] Product Azure Active Directory Connect (version 1.0.9125.0) is installed.
[15:21:29.403] [  1] [INFO ] DetectInstalledComponents stage: Sync engine is already installed and meets version requirement.
[15:21:29.403] [  1] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[15:21:29.497] [  1] [INFO ] Checking for DirSync conditions.
[15:21:29.497] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[15:21:29.513] [  1] [INFO ] Initial configuration is incomplete.
[15:22:25.380] [  1] [INFO ] Opened log file at path C:\Users\administrator.HOLGATE\AppData\Local\AADConnect\trace-20151202-152127.log

What can I do to ensure the migration completes successfully, as I understand DIRSync uninstallation has completed.

Regards,

Pete

What is the api that I can call to list azure resources that belongs to an azure active directory user.

Thanks!

I found this cmdlet in the MSDN documentation, but I don't know how to install this cmdlet or relative module. How can I install this cmdlet or module?

https://msdn.microsoft.com/en-us/library/dn986794.aspx