Hello MS Team,
Is Microsoft Azure Rights Management Service works with Zimbra mailing system?
If its work then what are the limitation with it & what is the reason of limitation?
↧
Azure Rights Management Service
↧
Add user to Azure Active Directory in code
I am planning to implement a self-register page for my web application, so I need a way to add user to my AAD in PROGRAMMING way instead of MANUALLY.
Thank you!
↧
↧
Receiving notifications of sync errors for Azure AD Connect/DirSync, but error is blank
From Adam Fowler
@AdamFowler_IT via Twitter
"@AzureSupport Hi, @mikeyzx and I seperately are receiving notifications of sync errors for Azure AD Connect/DirSync, but error is blank?
Nothing's changed, and every user who changes their password is now showing me an error at sync time - but the error's blank."
https://twitter.com/AzureSupport/status/671926390606856192
Thanks,
@AzureSupport
↧
Use Azure Active Directory to manage user's Azure Storage Account
I am planing to build a small project using AAD and Blob services.
Below is the requirements:
1. The project will have an AAD;
2. In the AAD, there will be two groups - Group A and Group B ; User A in Group A and User B will be in Group B;
3. There will be two Storage Accounts - Storage A and Storage B;
4. I will use RBAC to set User A as the owner of Storage A and User B will be the owner of Storage B;
5. In the project (web or native app), if User A login, he/she could see the content in his/her storage (Storage A). Same for User B;
I know I could configure step 1-4 using Azure Portal or Azure PowerShell.
The hardest part for me is doing step 5 in code. I know the available tools might be Graph apis, ARM apis.
But I feel hard to start.
Questions:
1. After a user is authenticated by AAD, how the user could connect to the storage that belongs to him/her?
Thanks!
↧
Azure Active Directory Connect
I am trying to sync all of my 365 users to a on premise server for single sign on.
1. I need to be able to create a new user in 365 and the username/password sync to my on premise server.
2. If i make a change in my on premise AD I want it to reflect in Azure AD and 365.
3. I have Azure Active Directory Connect installed, but it looks like user writeback is not working as no users show up in my on premise AD. It still says "In cloud" in the 365 portal.
4. My overall goal is to setup a user in 365 or on premise AD and have it sync between them and to have the user login to 365 apps or a windows domain computer all with the same log in. (single sign on)
From my research I have found that DirSync worked with user syncing to on premise AD but it does not currently work in the latest version of AADC.
Any help is much appreciated.
↧
↧
Dirsync emails with blank description
All,
Some customers may have received an email similar to the following in the past few hours for any objects that were recently updated on their on-premise.
----
Hello <Technical notification admin email ID>,
You can troubleshoot this issue by running the Directory Synchronization troubleshooter on the server that has Azure Active Directory identity synchronization tools installed.
The Identity synchronization tool batch run was completed on <Day, Date, GMT Time> for directory Tenant Name [Contoso.onmicrosoft.com].
The following errors occurred during synchronization:
Identity Error Description sourceAnchor
User1@contoso.com <Blank or Null> <Blank or Null> SourceAnchor1
User2@contoso.com <Blank or Null> <Blank or Null> SourceAnchor2
Tracking ID: <GUID >
-----
Note: the blank error and descriptions fields being reported in the emails.
After investigation, we have determined these are false positives. If a customer sees this it means the object was actually provisioned/updated successfully. Please verify this by reviewing the object modified on their Azure Active Directory ex. the respective portal or powershell.
Our Development team is actively working to fix this issue and deploy it soon. We will update this forum post when the fix is deployed. Meanwhile, if you suspect that synchronization is not working, please feel free to use normal support channels and we will be happy to assist you.
- Shravan
< on behalf of the Azure Active Directory team>
↧
Graph API to delete user from AD.
Hi ,
i'm trying to delete user from the AD using the graph API
https://graph.windows.net/myorganization/users/{user_id}[?api-version]
i have provided the following permission and trying to delete the users from AD. But still i'm facing the following permission issue.
Token Properties.
{
"token_type": "Bearer",
"expires_in": "3599",
"scope": "Directory.Write Files.ReadWrite Files.ReadWrite.AppFolder offline_access Tasks.ReadWrite User.Read User.ReadWrite User.ReadWrite.All",
"expires_on": "1448438984",
"not_before": "1448435084",
"resource": "https://graph.windows.net",
"access_token": "********************"
}
Error while delete request
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
So, what all additional application permission should be given to remove user from AD.
Requester of API possess "User Administrator" Role.
Regards,
Bharamagouda.
↧
SSO - Webapplication - Windows 10 - Azure AD
Hi
i have setup Azure AD Connect in federation with a on-premises domain.
is it possible to make SSO work for webapplications with domain pass-through/windows authentication hosted in the on-premises domain from Windows 10 devices joined in Azure AD?
UPN is fisrt.last@domain1.com in the on-premises AD and in Azure of course since tkey are synced.
The name of the on-premises domain is not the same as the UPN suffix for the users, onpremdomain1.com
↧
App Proxy IWA (Intergrated Windows Authentication), blank screen
Hello,
I've deployed App Proxy on our Azure environment. Some Internal Apps use IWA to authenticate a user.
I've setup this for multiple webapps, but only one is not working. I don't get an error or something just a white screen after clicking the app on myapps.microsoft.com. I know my settings are right, because other apps work the same way. Also when I disable
IWA on the specific app the app works, but obviously I'm not logged in. The only thing I can think of is that the one app that's not working is running on a 2003 R2 server. Other apps are running on 2008R2 or newer. I hope someone knows a solution.
↧
↧
Occationally getting "An error occurred while processing your request" for recorded webtest
We have created a webtest and running it using GSM monitor. Occasionally we are getting below error which causes intermittent alert spam. Any clue what is the cause
https://msdn.microsoft.com/en-us/library/ms182538(v=vs.90).aspx
An error occurred while processing your request.
| HTTP Error Code: | 400 |
| Message: | ACS20012: The request is not a valid WS-Federation protocol message. |
| Trace ID: | b5a36aec-e3cd-4164-b410-8247876d11d3 |
| Timestamp: | 2015-11-17 05:33:30Z |
Sudheer K
↧
Redirect URI and other URIs
Hi,
1. The azure portal tooltip has this to say about redirect uri:
"The URI to which Microsoft Azure AD will redirect in response to an OAuth 2.0 request. The value does not need to be a physical endpoint, but must be a valid URI. Microsoft Azure AD will also check that the redirect URI your application supplies in the OAuth 2.0 request matches one of these registered values."
The statement seems contradictory. If the redirect uri is not a physical endpoint, how can AAD do the "redirect in response"?
2. There are redirect uri, reply uri, app id uri, and sign-on uri. I have not been able to find clear definitions on them. Can someone please provide some good definitions, usages, relations among them, relations to Oauth standard etc.
Thanks!
↧
Azure AD Sync Setup - Two On Premise Forests
We're preparing to install Azure AD Sync in our environment and have a few questions. We currently have two AD forests. We're in the process of migrating users to a new forest.
We wondered if we should setup Azure AD Sync in our new forest or if it matters. From what I understand, we can configure Azure AD sync to point at two forests.
Orange County District Attorney
↧
Providing SSO services to clients using MS products
Hi,
Our university lead organisation wants to be able to offer institutions that use MS products internally, or use MS cloud products, to use their MS authentication as a SSO source to provide access to our systems by the institutions users.
Searching around the internet is proving most unfruitful. I have found many articles about how to get MS products to use an external SSO but we are an external product that wants it's clients to be able to use MS authentication as an SSO to our product.
I am happy to read up on this, I'm having trouble finding what to read. I've yet to find any article that even explains any basics.
We currently provide the ability to institutions to use their shibboleth or Gmail SSO to access our service, how can I offer the same for institutions that use MS products?
Please please can someone point me the right way, it's proving most frustrating. It's also tricky to even find the right place to ask questions.
Many thanks,
Dave
↧
↧
Authenticating webforms application with Azure AD and Adding it to web role and deploy in cloud service
Hi Team,
I am trying to Authenticate application using Azure AD and Deploy it in cloud service but not able to achieve it
Steps which I have followed
1.Created Azure active directory and added users
2.Created a new project(Webforms Application) in Visual studio 2013 and changed the authentication to Organization accounts and configured such that application points Azure AD and this is running on https//localhost:4300
3.Added the application under Azure AD Applications with SIgn URL And URI giving same URL https//localhost:4300
4.Run the application ,its working fine redicting to login page and sucessfull
5.Added cloud service project and Added a web role and pointed webrole to web forms application
6. Run the application(http//localhost:xxx) , BUt this time its going to sign in page and post sign in it in the redirecting to https//localhost:4300 and not running the application
Appretiate your help in configuring Azure AD for WebForm's application and deploy it in azure cloud service
Regards
Ashok Padarthi
↧
Problems authenticating using subdomain
Hi! :)
We have an Azure subscribtion and we are using our company domain synched with our Azure domain.
We have a new web-app which will require it's own AD - so we created this.
The website is located at http://subdomain.companydomain.dk/ and the new Azure domain has had subdomain.companydomain.dk added to it's list.
The problem occurs when we create users called ex. jim@subdomain.companydomain.dk. Before we get any option to enter password, we are redirected to the companydomain's login page - instead of the newly created subdomain.companydomain.
Is it not possible to use subdomains as this? I would think so as all setup went fine and got verified without any issues?
Hope you understand my question and I am looking forward to hear back from you guys! :)
Any questions which will help clarifying the issue - let me know.
Thanks!
/Jim
↧
Can't connect to OneDrive
From: Toniolo Consulting @TonioloAus via Twitter
I've joined my Windows 10 computer to the AZ AD, and signed as my work user account. Since doing this however, I can no longer sync with my OneDrive for Business - "We cannot connect to specified SharePoint site". Even after logging into OneDrive f B and clicking sync/copying link. It only seems possible to me that these changes are related - any thoughts?
Thanks,
@AzureSupport
↧
MSOnline module displays no commands in get-module
I have installed the Microsoft Online sign on assistant and the current version of Microsoft Windows
Azure Active Directory module; however the list of exported commands is blank when runningGet-Module -ListAvailable MSOnline. The module loads but I do not have access to the cmdlets.
I have already uninstalled and re-installed both the online assistant and the Azure Active Directory module but this has not helped.
***** This posting is provided "AS IS" with no warranties, and confers no rights.
↧
↧
Azure AD: User account from external identity provider is not supported for application
Here's the situation. I have 2 Azure AD Directories (in 2 separate tenants), Dir A and Dir B. I have two separate web applications where one app is registered with Dir A and the other app is registered Dir B. In my browser, I navigate to the app registered with Dir A and login via Azure AD login page. That works fine and I'm able access the app. If I open another tab in my browser and try to navigate to the second app registered with Dir B, I get the following error page:
I can usually fix this by logging out of the app registered with Dir A (sometimes I need to clear my cache) and then I'm able navigate to the app registered with Dir B and log in successfully. This doesn't seem right. Why should I have to logout of a completely separate app registered to a completely separate Azure AD Directory in a separate tenant just so I can access the app registered to Dir B? When I want to log into Facebook and Twitter using the same browser I don't have to log out of one to access the other. Seems ridiculous. Is there a way around this?
↧
Azure AD Connect Setup
We're currently trying to configure the AD Connect tool to sync local AD users to our Azure AD.
Halfway through the install we're running into the following error when it tries to initialize the Synchronization Service:
Synchronization Service_Install.log
MSI (s) (7C!54) [13:11:08:516]: Product: Microsoft Azure AD Connect synchronization services -- Error 25009.The Microsoft Azure AD Connect synchronization services setup wizard cannot configure the specified database. Invalid object name 'mms_management_agent'. A required privilege is not held by the client.
CustomAction ConfigDB returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
trace-xxx.log:
[11:58:14.067] [ 13] [ERROR] InstallSyncEnginePageViewModel: Error occurred while installing sync engine.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service. Please see the event log for additional details. ---> Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1603.
Setup:
- Using domain administrator account when installing AD Connect who is in the Administrators group in AD
- Machine running Windows Server 2008 R2 Standard with SP1
- Prerequisites already installed as prompted by setup (.NET 4.5.2 and Management Framework)
- Verified the user has permissions mentioned here:
https://msdn.microsoft.com/en-us/library/azure/jj151831.aspx?f=255&MSPPError=-2147217396#BKMK_UserPermissionsandRelatedSettings
Found someone else having a similar issue here but doesn't seem to have a resolution:
https://community.office365.com/en-us/f/613/t/406971
I can see the LocalDB\ADSync instance is created in SQL Express but the database seems to get created then rolled back during installation due to the above error.
Any help on this issue is much appreciated.
Thanks,
Rukshan
↧
ACS with AAD and ADFS as IDPs
I have set up ACS to work with AAD and an ADFS as IDPs. The web app authenticates fine with ADFS. I was able to provide work email and it redirects me to adfs forms authentication page. With Azure AD I get redirected to Microsoft account login page which is perfect. However, When I put the credentials I get an error AADSTS70001 with description 'trouble signing in'.
The app is MVC 5 with on-premises authentication settings. I supplied ACS federation metadata. I published the app and even added it to the AAD/Applications. Any idea what could be possibly going wrong? Please help.
↧