We are using Azure Active Directory Basic edition to manage user authentication to our Enterprise application. For Company branding, we have customized the Sign In Page Illustration and Banner Logo, these elements are getting updated on the Sign In Page.

The issue that we are facing currently is how to remove the Microsoft logo and other corresponding elements like "Don't have an account assigned by your work or school? Sign in with Microsoft account" from our login page.

Also towards the page end, Microsoft has inserted links like @2016 Microsoft, Microsoft Logo, Terms of User and Privacy & Cookies. 

We are preparing a customized login page for our enterprise application, is there some way to remove these elements through customization of Azure AD Sign In page?

Thanks & Regards, Deep

Hi,

Is there any CREST or Graph API by which we can add new domain to the existing customer.

(posted the same question in Microsoft Partner Center API , redirected to post the same in AAD . please find link for details)

https://social.msdn.microsoft.com/Forums/en-US/abb284ae-fffe-49c7-9f6a-43327d00ebf4/-csp-any-api-to-add-new-domain-to-the-existing-customer?forum=partnercenterapiRegards,

BG

Hello,

I am in the process of trying to update my dirsync server to AADconnect for our O365 enviroment. The install fails with the following error:

[08:35:35.705] [ 28] [INFO ] Task 'Configure AAD Sync' has finished execution
[08:35:35.707] [ 27] [ERROR] Microsoft.Online.Deployment.PowerShell.PowerShellInvocationException: In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

 ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: A deadlock occurred in SQL Server while trying to acquire an application lock.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.SetSynchronizationRule(SynchronizationRule synchronizationRule)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand[T](String commandName, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.SyncRuleUpgradeEngine.PersistSyncRulesForConnector(Guid connectorIdentifier, IEnumerable`1 desiredSyncRules, String pathToLogFiles, Dictionary`2 precedenceImmutableTagMappings)
   at Microsoft.Online.Deployment.Types.Providers.TemplateEngineProvider.PersistSynchronizationRules(Guid connectorID)
   at Microsoft.Online.Deployment.Types.Configuration.Utility.ConnectorUtility`1.UpdateConnector(IAdSyncConfigExecutionContext`1 executionContext, ConfigurationItem configChange, ConnectorAdapterBase connectorAdapter, IAadSyncContext syncContext, Boolean isNewConnector, Boolean forceUpdateSchema, IAadSyncConfigurationResults& results, List`1 attributeExclusions, ConnectorSpecificPolicy connectorPolicy, Boolean retryOnFailure)
   at Microsoft.Online.Deployment.Types.Configuration.AdConnectorConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext`1 executionContext, IAadSyncConfigurationResults& results)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.ConfigureSyncEngine(TContext context)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.Execute()
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
Exception Data (Raw): Microsoft.Online.Deployment.Framework.Workflow.WorkflowTaskException: The task 'Configure AAD Sync' has failed. ---> Microsoft.Online.Deployment.PowerShell.PowerShellInvocationException: In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

 ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: A deadlock occurred in SQL Server while trying to acquire an application lock.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.SetSynchronizationRule(SynchronizationRule synchronizationRule)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand[T](String commandName, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.SyncRuleUpgradeEngine.PersistSyncRulesForConnector(Guid connectorIdentifier, IEnumerable`1 desiredSyncRules, String pathToLogFiles, Dictionary`2 precedenceImmutableTagMappings)
   at Microsoft.Online.Deployment.Types.Providers.TemplateEngineProvider.PersistSynchronizationRules(Guid connectorID)
   at Microsoft.Online.Deployment.Types.Configuration.Utility.ConnectorUtility`1.UpdateConnector(IAdSyncConfigExecutionContext`1 executionContext, ConfigurationItem configChange, ConnectorAdapterBase connectorAdapter, IAadSyncContext syncContext, Boolean isNewConnector, Boolean forceUpdateSchema, IAadSyncConfigurationResults& results, List`1 attributeExclusions, ConnectorSpecificPolicy connectorPolicy, Boolean retryOnFailure)
   at Microsoft.Online.Deployment.Types.Configuration.AdConnectorConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext`1 executionContext, IAadSyncConfigurationResults& results)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.ConfigureSyncEngine(TContext context)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.Execute()
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
   --- End of inner exception stack trace ---
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTaskGroup.CheckTaskCompletion(Int32 currentTaskIndex)
[08:35:35.710] [ 27] [VERB ] Cleanup: Starting cleanup for task 'Configure AAD Sync'
[08:35:35.710] [ 27] [VERB ] Task 'Configure AAD Sync': No cleanup defined
[08:35:35.712] [ 27] [INFO ] Task 'Deploy AAD Sync' has finished execution
[08:35:35.712] [ 25] [ERROR] Task failed without an exception
[08:35:35.712] [ 25] [VERB ] Cleanup: Starting cleanup for task 'Deploy AAD Sync'
[08:35:35.712] [ 25] [VERB ] Task 'Deploy AAD Sync': No cleanup defined
[08:35:35.712] [ 25] [VERB ] Marking task 'Deploy AAD Health Agent' as Skipped
[08:35:35.712] [ 25] [VERB ] Marking task 'Configure Sync Scheduler' as Skipped
[08:35:35.713] [ 25] [VERB ] Rolling back task Check Installed Components
[08:35:35.714] [ 25] [VERB ] Task 'Check Installed Components': No rollback defined
[08:35:35.714] [ 25] [INFO ] Task 'Single Forest Dir Sync Pwd Sync Root Task' has finished execution
[08:35:35.745] [  7] [ERROR] In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet


Exception Data (Raw): Microsoft.Online.Deployment.PowerShell.PowerShellInvocationException: In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Join (10ca12ea-44dd-40df-a7a4-3d5f3572806a): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Join (aef37990-1786-4e74-9986-a5b88e2d4a2b): AttributeFlowMapping's specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Common from Exchange (01aca7b7-3326-4fda-a218-c6c6a66844e4): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Common from Exchange (d398aa0b-9555-4b9e-a7ab-0161f0ca84cf): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

A deadlock occurred in SQL Server while trying to acquire an application lock.
A deadlock occurred in SQL Server while trying to acquire an application lock.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - User Exchange (7c900188-6efc-49a8-8c1d-9ea7d39216da): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.
In from AD - InetOrgPerson Exchange (296e3e47-4e8f-4a5f-8fec-ad03d8469e87): ScopeCondition specified source attribute 'mailNickname' is not a defined attribute type.,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet

 ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: A deadlock occurred in SQL Server while trying to acquire an application lock.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.SetSynchronizationRule(SynchronizationRule synchronizationRule)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRuleCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.PowerShellAdapter.InvokePowerShellCommand[T](String commandName, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.SyncRuleUpgradeEngine.PersistSyncRulesForConnector(Guid connectorIdentifier, IEnumerable`1 desiredSyncRules, String pathToLogFiles, Dictionary`2 precedenceImmutableTagMappings)
   at Microsoft.Online.Deployment.Types.Providers.TemplateEngineProvider.PersistSynchronizationRules(Guid connectorID)
   at Microsoft.Online.Deployment.Types.Configuration.Utility.ConnectorUtility`1.UpdateConnector(IAdSyncConfigExecutionContext`1 executionContext, ConfigurationItem configChange, ConnectorAdapterBase connectorAdapter, IAadSyncContext syncContext, Boolean isNewConnector, Boolean forceUpdateSchema, IAadSyncConfigurationResults& results, List`1 attributeExclusions, ConnectorSpecificPolicy connectorPolicy, Boolean retryOnFailure)
   at Microsoft.Online.Deployment.Types.Configuration.AdConnectorConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext`1 executionContext, IAadSyncConfigurationResults& results)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.ConfigureSyncEngine(TContext context)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.Execute()
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
[08:35:35.750] [  7] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[08:37:42.606] [  1] [INFO ] Starting a background thread in Configuring. Background Task Id: 6.
[08:37:42.606] [ 28] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[08:37:42.606] [ 28] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[08:37:42.610] [ 28] [INFO ] InstallSyncEngineStage.ExecuteInstall called when Sync Engine is already installed.
[08:37:42.610] [ 28] [INFO ] PerformConfigurationPageViewModel.StartInstallation: Preparing to configure sync engine.
[08:37:42.610] [ 28] [VERB ] GetAdminCredential called with account NP.TEST\admin.guido
[08:37:42.610] [ 28] [VERB ] AdministratorUsername is in NTAccount format.
[08:37:42.610] [ 28] [VERB ] GetAdminCredential returning account NP.TEST\admin.guido
[08:37:42.610] [ 28] [INFO ] Skipping AD MA account creation. Account is present.
[08:37:42.610] [ 28] [INFO ] Creating AD connector
AzureADConnect.exe Error: 0 : Management Agent Error: A management agent with this name already exists..
Exception Data (Raw): System.ApplicationException: Management Agent Error: A management agent with this name already exists..
   at Microsoft.DirectoryServices.MetadirectoryServices.Config.BaseMIISTask.ThrowTerminatingError(Exception e, String errorId, ErrorCategory errorCategory, Object targetobject)
   at Microsoft.DirectoryServices.MetadirectoryServices.Config.ImportMIISServerConfig.ImportMAs(String forestName, String forestId, String maConfigurationPath)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.ImportADDSConnector(ADDSConnectorAdapter addsConnector)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigSyncDirectoriesPageViewModel.CreateConnectorForDirectory(IDirectoryConnection directory)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
[08:37:44.181] [ 28] [ERROR] ConfigureSyncEngineStage: Caught exception while creating the connector for given directory.
[08:37:44.182] [ 28] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[08:38:05.310] [  1] [INFO ] Opened log file at path C:\Users\admin.guido\AppData\Local\AADConnect\trace-20160205-083257.log

When I try to install AADconnect on a new configured server the same error occures.

Can someone explain what the failure is and how to fix this? Dirsync install is going ok.

Kind regards,

Guido van Beek

Noorderpoort

Netherlands

I have a web app (asp mvc) that calls an API (webapi).  Both are hosted as Azure web Apps.  I am using Azure AD for both, and can login/connect to each individually.  However, I'm struggling calling the API from the web.  I have followed the example that Azure AD provides:  https://github.com/Azure-Samples/active-directory-dotnet-graphapi-web.  However, I keep getting the error: "Failed to acquire token silently. Call method AcquireToken"  Unfortunately, this error doesn't help much since it is through no matter what configuration I try.

I have:

  - In configuration of the web app, added Api app, and delegated access.

  - Generated an app key for web project.

I have struggled with what to use for "tenant".  Our Azure AD was created from our Office 365 account, in which we have a custom domain:  accelare.com  From what I've read, this is our tenant name (https://login.microsoftonline.com/accelare.com)
I have also tried with the Guid that is listed in the app's endpoints.  (https://login.microsoftonline.com/[Guid])

private string apiResourceId = "https://[myapi].azurewebsites.net";
private string apiBaseAddress = "https://[myapi].azurewebsites.net";
private const string TenantIdClaimType = "http://schemas.microsoft.com/identity/claims/tenantid";
private static string clientId = "[myclientId];
private static string appKey = "[myAppKey]";
private static string authority = "https://login.microsoftonline.com/accelare.com";

string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(authority, new NaiveSessionCache(userObjectID));
ClientCredential credential = new ClientCredential(clientId, appKey);
result = authContext.AcquireTokenSilent(apiResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, apiBaseAddress + "/api/items");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);

Thanks,

Justin

I created a new active directory on manage.windowsazure.com. Lets say my company's actual domain name is www.mydomain.com. When i created a active directory i used display name mydomain, so it created a domain mydomain.onmicrosft.com. Because of this any new user i create have extension @mydomain.onmicrosoft.com

So i configured my own domain, which went into unverified stage

so i clicked on verify, and i got this message

and finally i clicked on check mark button at the bottom to goto the next screen, and i get this page

Now here is the question

We do not have local active directory to maintain our users. In fact whole point of using Azure AD is to create users in Azure AD for authentication.

1. So how do i verify mydomain.com without having local active directory?
2. How do i create user where username does not end with @onmicrosoft.com?
3. Can i add any user where username = "user@somedomain.com" without having to verify somedomain.com

Where do i find the Azure AD tenant name? Pretty basic question I know, but everyone seems to assume that the answer to this question is in no need of explaining. I am guessing it is the same as the default domain name of the active directory (xxxx.onmicrosoft.com e.g.).

The following explanation of an AD tenant I found on the internet really worries me. I have only the vaguest idea of what is being discussed.

Tenants and Subscriptions

AAD tenants are cloud-based directory service instances and are only indirectly related to Azure subscriptions through identities. That is identities can belong to an AAD tenant and identities can be co-administrator(s) of Azure subscription. There is no direct relationship between the Azure subscription and the AAD tenant except the fact that they might share user identities. An example of an AAD tenant may becontoso.onmicrosoft.com. An identity in this AAD tenant the same as a user’s OrgID.

Azure subscriptions are different than AAD tenants. Azure subscriptions have co-administrator(s) whose permissions are not related to permissions in an AAD tenant. An Azure subscription can include a number of Azure services and are managed using the Azure Portal. An AAD tenant can be one of those services managed using the Azure Portal.

Our company has an Azure AD as well as a domain.  I'm trying to create a simple Hello, World web app to do some testing.  Using VS 2013 I create a ASP.NET MVC project, then click on Change Authentication.  I select Organization Accounts because I want people in our Azure AD domain and ONLY people in our Azure AD domain to be able to access the site.  I enter the name of our domain, pick Cloud - Single Organization and Single Sign On and I get the following error:

User credential verification failed.

Error: Authorization Failed.  The logged in user doesn't have Global Admin rights.

Which is correct, I don't.  I'm the developer, not the network administrator, I don't have access to muck with the Active Directory nor should I.  I'm just the guy who makes the programs for our users to use, those users are defined in the AD by someone else.

I won't be getting Global Admin AD rights, so if that's required, this little experiment is at an end.

Can I get a little clarification on this?  Is this access required or have I done something wrong.

I am using 'Convergence' branch for ADALiOS authentication in my swift project. Firstly whenever I am using pod for this branch it is not able to recoginse any of  ADAL classes. So I copied all the files and added them manually into my project. WHich then had some issues with also but then Is solved it because after whole lot of studies I got to know that there is some issue with my provisioning profile only. Which I solved later on. 

 Now back to the question again. Inside support file I have added plist where all authority, client id, redirect uri etc info is saved. In addition of this I have added an entitlement file also with following content

$(AppIdentifierPrefix)com.microsoft.adalcache

Following is the code which I am writing to get access token before making any service call. As soon as my app starts, before making first web service call it asks for credentials and then inside my output log I am getting following error

ADALiOS [2015-12-17 09:50:08 - 1EC5EEC5-1205-4256-AC15-6051743A49A4] ERROR: Error raised: 11. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode: -25243 Details: ADAL Keychain "__51-[ADKeychainTokenCacheStore addOrUpdateItem:error:]_block_invoke" operation failed with error code -25243.. ErrorCode: 11.

This clearly indicates that adal is not able to store my token cache inside my keychain. Because of above error it is not able to get new access token using refresh token hence, login page is opening before each service call. Although there I don't need to enter my credentials but yes the screen comes up again and again.

So I got this ans and I solved it using below one

I was also unable to run on device with either "Keychain Sharing Entitlements" turned on, OR the following code (as recommended above, replacing bundle with my apps bundle ID):
[[ADAuthenticationSettings sharedInstance] setSharedCacheKeychainGroup:@"<your.bundle.id.here>"];

The only thing that worked was to set the keychain group to "nil" (my code in Swift):
ADAuthenticationSettings.sharedInstance().sharedCacheKeychainGroup = nil

After all this struggle as soon as my token expires ADAL classes are not able to get new access token from refresh token.  

Following error if what I am getting in my logs

ADALiOS [2016-01-13 17:03:28 - EFB5A99A-A21E-48B9-8468-26116DBCDAED] ERROR: Error raised: 7. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode: invalid_request Details: AADSTS50091: Passed query string length exceeds supported limit. encodedRequest="rQIIAVWTOcv1CBmG-b73Q3AGBhcGrMRCRIQcsi922deTnJM9aQ7Z9-RkPUlqf8GUlna2ooXgL7AappzSSgbEv-A72GjzFNdV3Txcn32OXMALCDyn7AL95g2-gL_9JRpHSUZEMADh7wdFEQyIIpQCQIrKqJTCICpDpp989qPf__Ev__75H_4q_a781Y-7v337r39--PD1xw_ffvzcoNelhO2hyfp_fPwZ21ZZv9B96szZ9D_qq7e3-rV89fbTIfqeXaYsn7K5XL53f3r7MpqaKLoMfVcl0zAP-XJJhu7vb18Oed5WffaIkiSb518Mz6yv0m_evvh__s3bD_5rvv706btPH3_94bsf_vmL7FCmyLtXRqXUidguAUwdoUu-DFuGrjW965Y8y33YJpWMyzW_XlmFulw6sGdTDjis_uBI9OpeAJnmjhN1ySGQzBUU86LOS6912wED1SWDXAw1Df_Oj5nJogjfPG3unvJhg8DwLQ9bbYieSS3GwiP0cWmXudSdVp4xaKd1E5Pq0Dh1rxFajSFDpvMYLON2e5KmLQT2uerlwmaBsImp5SzbA9Q92-ZfXAw4r6ZTCkQm9Gz3B81ak6uN3JMceNxex1VLyaMAnPIFKSzz2nBLS1QAAl9VcuvcDgsWNQ4ku4mdlWDPMLlVmSIgLUfavpL3sTdVSDjgjCbDeL4OtlqnGOeDZQ5PmvyoYJP3tBUqV_kQQlpMovFOBU-tue1tJDN3CXgUdkPm6YlR5_ygWP2u8RU9tEfV-cmVofk5FvlKCEdtSgnYu1mTurNQGO5CWiIj-lJxBtC6gOB0U0DwkhRdRbwa3ZS_zkPHTTW0rAfMDOWp9a1Y1iFOYbWEYsNZcTqLt8-zyzFFY6VgAtSF1QgGBMIRGBetRCrQoLBI53WU1EQGFcd7K_hueKA786DjF3mbqmyoYHUBGJQFnVlZn6iYAYWYYwicjvYM5D4TtpQ9e_TumfKr6I1ZGeCFlUyqePGbP1shomHH3atuY3VDKx2GUGBq-_exr2lLyQE5d-9KbUuNxE6iuUAWb8K6CRMS2CFTTh6G-RaWXJHuDJ5nkO8L46cpcfZQaBrmrVFyB4Fvjq8sTnZdR7zKNghjcwaBI19LFyACpYOpsJkMTHlBV7B5Trv84pVQJ5KiyNDTRm0pJC0BbEwO8o6rjD-47anDyq7dpVWFpXLcvBCeOZmq-wqQ0nL1C9_gih3RVKljWl_C--EmceJhVckppPHy_iX6HE1CAEql8_yKZxw-6OM4BWIn5Z-vDtnvg8FuzYj7XMOBr66sC5O71lNmSImIkfkuiZLQJtA6NwqRSyHYnZSfilF9JjlLBOoDBO8GvqDE3YYB9b6has3RZwHC8gCDzXbUJSYeq0UyQh4d5a3HsVIRsxF9pCRzDnKoyje9tAzp5opJzxQY7PaWnz2FLswylCPlo6XXMeLfK8nwTlIepHz36WYLhhDdvC1eofoRijPkMo0_xPUExL1lUAZPeWx6DhaHQLiBYPjAOa9OUg2zayllBZ74Eoh5a_vInlEMyWUl7HAFcD7KE75tRiQXLDz5zyQ1gaOqLbqZ2Im_74axty7fh3wbF0QhUKLZEmdEbfHVeDhOqnXWdgAkbHe9Nqvpk_R4eGTROiFwjLjTeAPdtYkGKCGop2rPxBdTWDVBJ8Hstw0YaUzd6g4N5LNSRFx6VVWUyrkxKcqr1Dn5g9Vd4taUUZiDSzzBHQv27d4VdFTLpWBKaqIz49DvQUsB6-20ASEkhZJiiuadk8l9YoTKVfwxM9JVj1LM3kLeSqFzzLrAonFoXi3PSVLocLDkPWSwUgUZEPWXnpN6MMMFqFD0qs0T-sDYkQxHFqETVj2j1kN7fsLckQRWg9pzyj76QWPGVLXnp9W014azebsvLHJYAbXvKVPdqegJrit8KjHG6fYj1HuBTR6EqHYKg3B4uS2uF8gDoJpHgTouoY-0cbeZ69A43SRDHsGpk4nX2laRrVUbeFNVieeTMQZaqlYSRoCpDCi2T4Oqtpqb85zWkCCo0zK7G7l7XaUHAMP-DOnEGmcejs5Wezyl95gagLlPI5mrt-gW319G02pL7rHXV2K6IdJJ5RmUeMZMHZQ-U79ubr1ElNgLwFVbqmy6Z3UIxxO0DFkHuNdxgQ14QgVT5lcYWVvpE8Pka4WoNa9Y0eCekmeaeBhsDiMd6nOP4PfojNelEQRWJhEsE9KHiav74udyQv8H0"

Trace ID: 8df08fb0-44eb-4d69-bccd-47cc0f8077d3

Correlation ID: efb5a99a-a21e-48b9-8468-26116dbcdaed

Timestamp: 2016-01-13 17:03:27Z. ErrorCode: 7.

Hi guys, I'm a little confused regarding Azure AD, SSO and Office365.

I already have an Azure AD and are looking to move to Office365. To get a true single sign on do I need to implement ADFS?

I've also read about Azure AD premium - does that provide SSO?

Hello,

 I have an Office 365 subscription for several thousand users. Only a few hundred require the AD premium features, is it possible to select AD premium licences for some users and not others?

If so, when I enable AD Connect password write-back for some users, what happens when non AD premium users change their Azure passwords or try using SSPR?

Thanks

I am attempting to use Azure AD Connect to configure Federation with AD FS but the process fails when attempting to automatically configure the service account.  The error is as follows:

An error occured [sic] executing Configure Service Account task: Connecting to remote machine <domain controller> using PowerShell failed with access denied. Please try enabling WinRM on the machine and try again.

WinRM is enabled on the server and I can successfully invoke remote WinRM commands from both elevated and non-elevated PowerShell instances manually. All servers are running Windows Server 2012 R2, fulfill the documented prerequisites including .NET and PowerShell requirements, firewall is disabled, and the user executing Azure AD Connect as well as the credentials supplied within the wizard belong to an Enterprise and Domain Admin.

Here is the relevant trace log data:

[17:28:34.547] [  6] [VERB ] Executing task Configure Service Account
[17:28:34.753] [ 43] [ERROR] Connecting to remote machine <domain controller> using PowerShell failed with access denied. Please try enabling WinRM on the machine and try again.
[17:28:34.755] [ 43] [INFO ] Task 'Configure Service Account' has finished execution
[17:28:34.756] [  6] [ERROR] System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote machine <domain controller> using PowerShell failed with access denied. Please try enabling WinRM on the machine and try again. ---> System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server <domain controller> failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
   at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
   at Microsoft.Online.Deployment.PowerShell.Providers.PowerShellProvider.CreateInstance(String hostname, String username, SecureString password)
   --- End of inner exception stack trace ---
   at Microsoft.Online.Deployment.PowerShell.Providers.PowerShellProvider.CreateInstance(String hostname, String username, SecureString password)
   at Microsoft.Online.Deployment.PSModule.Tasks.ADFS.ConfigureServiceAccountTask`1.Execute()
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
Exception Data (Raw): Microsoft.Online.Deployment.Framework.Workflow.WorkflowTaskException: The task 'Configure Service Account' has failed. ---> System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote machine <domain controller> using PowerShell failed with access denied. Please try enabling WinRM on the machine and try again. ---> System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server <domain controller> failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
   at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
   at Microsoft.Online.Deployment.PowerShell.Providers.PowerShellProvider.CreateInstance(String hostname, String username, SecureString password)
   --- End of inner exception stack trace ---
   at Microsoft.Online.Deployment.PowerShell.Providers.PowerShellProvider.CreateInstance(String hostname, String username, SecureString password)
   at Microsoft.Online.Deployment.PSModule.Tasks.ADFS.ConfigureServiceAccountTask`1.Execute()
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
   --- End of inner exception stack trace ---
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTaskGroup.CheckTaskCompletion(Int32 currentTaskIndex)
[17:28:34.758] [  6] [VERB ] Cleanup: Starting cleanup for task 'Configure Service Account'
[17:28:34.759] [  6] [VERB ] Task 'Configure Service Account': No cleanup defined
[17:28:34.759] [  6] [VERB ] Rolling back task Install Active Directory PowerShell
[17:28:34.760] [  6] [VERB ] Task 'Install Active Directory PowerShell': No rollback defined
[17:28:34.761] [  6] [INFO ] Task 'Create Service Account' has finished execution
[17:28:34.762] [ 48] [ERROR] Task failed without an exception
[17:28:34.763] [ 48] [VERB ] Cleanup: Starting cleanup for task 'Create Service Account'
[17:28:34.764] [ 48] [VERB ] Task 'Create Service Account': No cleanup defined
[17:28:34.765] [ 48] [VERB ] Marking task 'Deploy ADFS Farm' as Skipped
[17:28:34.765] [ 48] [VERB ] Marking task 'Create AAD Trust' as Skipped
[17:28:34.766] [ 48] [VERB ] Marking task 'Deploy Web Application Proxy Farm' as Skipped
[17:28:34.767] [ 48] [VERB ] Marking task 'Configure Sync Scheduler' as Skipped
[17:28:34.768] [ 48] [VERB ] Rolling back task Deploy AAD Health Agent
[17:28:34.769] [ 48] [VERB ] Task 'Deploy AAD Health Agent': RollbackTask(Configure AAD Health Agent)
[17:28:34.769] [ 48] [VERB ] Rolling back task Configure AAD Health Agent
[17:28:34.775] [ 48] [VERB ] Task 'Configure AAD Health Agent': No rollback defined
[17:28:34.776] [ 48] [VERB ] Task 'Deploy AAD Health Agent': RollbackTask(Install AAD Health Agent)
[17:28:34.776] [ 48] [VERB ] Rolling back task Install AAD Health Agent
[17:28:34.777] [ 48] [VERB ] Task 'Install AAD Health Agent': No rollback defined
[17:28:34.778] [ 48] [VERB ] Rolling back task Deploy AAD Sync
[17:28:34.779] [ 48] [VERB ] Task 'Deploy AAD Sync': RollbackTask(Configure AAD Sync)
[17:28:34.780] [ 48] [VERB ] Rolling back task Configure AAD Sync
[17:28:34.781] [ 48] [VERB ] Task 'Configure AAD Sync': No rollback defined
[17:28:34.782] [ 48] [VERB ] Rolling back task Check Installed Components
[17:28:34.783] [ 48] [VERB ] Task 'Check Installed Components': No rollback defined
[17:28:34.784] [ 48] [INFO ] Task 'Single Forest Dir Sync SSO Root Task' has finished execution
[17:28:34.784] [ 66] [ERROR] Connecting to remote machine <domain controller> using PowerShell failed with access denied. Please try enabling WinRM on the machine and try again.
Exception Data (Raw): System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote machine <domain controller> using PowerShell failed with access denied. Please try enabling WinRM on the machine and try again. ---> System.Management.Automation.Remoting.PSRemotingTransportException: Connecting to remote server <domain controller> failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
   at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
   at Microsoft.Online.Deployment.PowerShell.Providers.PowerShellProvider.CreateInstance(String hostname, String username, SecureString password)
   --- End of inner exception stack trace ---
   at Microsoft.Online.Deployment.PowerShell.Providers.PowerShellProvider.CreateInstance(String hostname, String username, SecureString password)
   at Microsoft.Online.Deployment.PSModule.Tasks.ADFS.ConfigureServiceAccountTask`1.Execute()
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
[17:28:34.796] [ 66] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed

When I look at the Resource Explorer on Azure, I can't see any difference in the properties returned from a site that is protected with Azure Active Directory (through the Authentication / Authorization option in Settings) provider.

Is there any way to configure authentication upon deployment with ARM of a web app?

SondreB |  Senior Solutions Architect  |  Deepmind
sondreb.com

Azure Active Directory is still in preview and I am hoping that there is some sample code someone can point me to that can help me solve the following system design.

1. Users read an article and at the end there is a form for them to get a whitepaper.
2. The user fills out the two field form with first name and email address.
3. When the user presses submit, the form post over to a thrid party autoresponder.
4. The thrid party autoresponder sends them a link to the whitepaper, adds them to a list and post transaction to my custom asp.net MVC page.
5. My custom ASP.net MVC page adds all the subscription information to a SQL Server database.
6. ---> Now as a part of that transaction, I need to post the user's info  and a temp password to Azure Active Directory B2C FROM the MVC page.
7. Optionally after Sign up is complete, show temp password and allow them to change the password

Can anyone chime in me know if there is a way from ASP.net MVC to create a Azure Active Direcotry B2C user through an API?

Been searching on only found a command line example, but not MVC

Victor

Hello! 

Azure AD customer @tamilkovan asked a question via Twitter if LDAP has a public URL to access.

"We have an Active Directory hosted in Azure. The App team wants the LDAP URL to access from the internet. Do you think Azure will have a LDAP public URL?

Twitter Conversation: https://twitter.com/tamilkovan/status/697612682589941761

Thank you for looking into the inquiry!

@AzureSupport

I recently signed up for an Azure account.  The reason for this is that I wanted to explore Active Directory in Azure.  To create a new Active Directory, one would normally click on Active Directory in the left navigation window and click create new active directory.

The issue I have is that the Active Directory is not visible in my left navigation window.  Can someone provide some thoughts on this? 

Thank you,
Nick

Hi

I have several customers, who wants to leverage on the same RemoteApp solution.

It is possible for me to add users from other directories to my own directory. They can be given status as user, global admin etc.

However when I want to add them as RemoteApp users, the interface says that it is not possible to resolve the UPN. It is possible for me to ad users with live ID and users residing in my directory.

The goal is to have a single multi tenant solution for users residing in his/hers own subscription. Granting access to resources in my directory by simply let them authenticate with their own UPN.

Do you have any idea when/how it will be possible to grant access across subscriptions to individual users?

Kind regards

Asger