Hi, I have added a external active directory (Office 365 admin acct) into my current subscription. Now I want to remove but it says removal will delete the external active directory, will this affect the Office 365 account? IF yes, any other ways to remove?
Thanks!
↧
Removing external active directory (office 365) from my current subscription
↧
Unable to create the Connector from file
I'm trying to do some testing (both the server and the tenant are strictly for testing purposes), and I'm trying to make sure the AADConnect export and import of connectors works properly so I can make backups. I can export the connector to the XML
file without and issue, but when I then delete it and try to reimport the XML I get an error
Not sure what Im doing wrong - help would be appreciated
↧
↧
Azure AD App with delegated permission authentication error !!
We have two Azure AD Apps, one for authenticating users in a webapp let's call it AdApp1. that app has a delegate permission to another AD App let's call it AdApp2 which secures a back end API. both Apps are multiple tenant, AdApp2 manifest key [knownClientApplications] configured to include AdApp1 client ID.
AdApp1,AdApp2 mainfest key [oauth2AllowImplicitFlow] was set to true. both Apps are in a B2B tenant [AD directory]
The Issue is when a user authenticates in webapp using AdApp1, we get the following error.Is there any other configurations we are missing?
Error:
AADSTS65005: The application needs access to a service that your organization has not subscribed to. Please contact your Administrator to review the configuration of your service subscriptions.
↧
How to upgrade Azure AD Connect
Good Day,
When new versions of Azure AD Connect are released like the one this month (Feb 2016) how does one upgrade from the older version to the new? I understand the new version will be self updating, but what about for the previous version?
Steve J.
I tried running the new install (AzureADConnect.msi) and it looked promising like it was updating files. It completed and then this popped up:
↧
AzureADConnect upgrade fails with: Index was outside the bounds of the array
Trying to upgrade my AADC to the newest version. The file runs and files are extracted and everyrhing seems good. Then the GUI launch and stops with the following error:
IndexOutofRangeException
Index was outside the bounds of the array.
The log shows the following errors:
↧
↧
Microsoft Azure Active Directory and MS Access 2016
I am using Azure SQL Server 2012. For the front end we are using MS Access 2016. Can I also use MS Azure active directory in this scenario? I am wondering if I can connect since I am using ODBC drivers from MS Access 2016 to connect to the Azure SQL Server.
In the documentation on Azure active directory I found this:
- Azure Active Directory authentication only supports the .NET Framework Data Provider for SqlServer (at least version .NET Framework 4.6). Therefore Management Studio (available with SQL Server 2016) and data-tier applications (DAC and .bacpac) can connect, butsqlcmd.exe cannot connect because sqlcmd uses the ODBC provider.
The notation discusses only to connecting to Azure active directory via .net and not ODBC.
Thanks,
Dave
↧
Synchronization Service Manager of Azure AD Connect is blank
I have DirSync running in production and I have installed Azure AD Connect in Staging Mode.
- Import on the AD Management Agent
- Import on the Azure AD Management Agent
- Full Sync on the AD Management Agent
- Full Sync on the Azure AD Management Agent
Is this a good sign or bad?
How do I make sure below were completed?
Is there a way to manually trigger below tasks?
Please help ASAP!!!
↧
How do I change the Azure target for Azure Directory Sync?
Can someone help me change the Azure target that my onprem domain is synchronizing with?
I change my Azure tenant and now the AD sync is trying to sync with an old tenant.
When I run Azure AD Connect (1.1.105.0) I can change many thing but not the except the tenant.
Alternatively point me to a procedure for uninstall so I can start again.
CarolChi
↧
Azure AD and OWIN: IIS throws Access denied for authenticated user while accessing child application
posting question here
Already spent so much time on this. Please any help will be appreciated
↧
↧
AADSTS50020: User account 'arvindkpal@hotmail.com' from identity provider 'live.com' does not exist in tenant
Hi ,
I want to login using the live account id without adding the user in the active directory. I am getting this error AADSTS50020: User account 'arvindkpal@hotmail.com' from identity provider 'live.com' does not exist in tenant .
Does i need to add this user into my active directory or is there any way to configure it?
↧
AADConnect (GA) Sync-Generic-Failure The object located by DN is a phantom
Hi folks,
I have a single user that is failing to sync to AAD (where there is currently an in-cloud account) using the GA release of AADConnect (Express settings). The error is Sync-Generic-Failure, and the stack trace reports that "The object located by DN is a phantom".
All other in-cloud users have synced and are now "Synced with Active Directory".
I have run a metaverse search for the user and it does not come up in the results. The account definitely does exist in the on-prem AD, and I have even made some minor changes to it - the user is logged in and working fine with on-prem services.
Does anyone know how I can resolve this issue?
Thanks,
Aidan.
↧
User failing to sync with AADSync
Hi,
I have a user who is consistently failing to sync using AADSync. The errors reported by AADSync are:
sync-generic-failure
The object located by DN is a phantom.
The user account is present and correct in the source Active Directory and it does not appear to have duplicate proxyaddresses or UPN's which might restrict syncing. Additionally it does not appear in the output from IDFix.
Short of re-creating the account from scratch, is there any other way to get it syncing?
Many thanks in advance.
↧
Can a company owned device be joined to both company AD and non-company AAD (i.e. without AAD Connect)?
Hi
I read that Windows 10 devices can be AD joined and AAD joined at the same time.
We have a corporate AD that supports company wide services only. For a specific division we want to implement EMS services through a "non-company" AAD that is not to be connected to the on-premise AD with AAD Connect (yet).
Is this a supported usage scenario?
Kind regards,
Wim.
↧
↧
Inviting a user with B2B collaboration invite failed when there is a mail contact with the same email address?
We faced a problem when trying to invite new users to tenant when there are already mail contacts in Exchange with the same SMTP address existing.
Steps to reproduce:
1. Create a mail contact. PS: New-MailContact -Name "Jani Holopainen" -ExternalEmailAddress "jani.holopainen@xxxxx.com"
2. Create a csv file for the invite, e.g.
Email,DisplayName,InviteAppID,InviteReplyUrl,InviteAppResources,InviteGroupResources,InviteContactUsUrl
jani.holopainen@xxxxx.com,Jani Holopainen,00000003-0000-0ff1-ce00-000000000000,https://xxxxx.sharepoint.com/,,9c35112e-5c3e-462f-be87-e631ddaa28a6,https://www.xxxxx.com/
3. Go to Azure AD/Add Users/Users in partner companies and insert csv file above
4. Invite failes with error: "Directory invite operation failed"
Download Errors show:
DisplayName,Email,InviteAppID,InviteAppResources,InviteGroupResources,InviteReplyUrl,InviteContactUsUrl,ErrorStatusMessage
Jani Holopainen,jani.holopainen@xxxxx.com,00000003-0000-0ff1-ce00-000000000000,,9c35112e-5c3e-462f-be87-e631ddaa28a6,https://xxxxxx.sharepoint.com,https://www.xxxxx.com/,Directory invite operation failed
5. Delete mail contact created in step 1
6. Do step 3
7. Invitation succeeds, status = Email delivered to the email server
8. Now I can also create the Mail Contact with PS in step 1
We can Share sites to external users while there is Mail Contact with same email address. Why doesn't B2B user invites work with the same way? Do we need to first remove all Mail Contacts with duplicate email addresses before inviting users? Is there a workaround for this? Or is this something that is going to get fixed in the B2B release version?
↧
Azure B2C AD - Native application
I'm using the sample code at https://github.com/AzureADQuickStarts/B2C-NativeClient-DotNet and I have a problem getting a valid token...
The user dialog displays for sign in and I enter my password and click ok.
I always get an error of "authentication_ui_failed" with the message
The browser based authentication dialog failed to complete. Reason: The protocol is not known and no pluggable protocols have been entered that match.
You are not supporting this stuff very well - there is no clear indication where problems should be reported, questions go unanswered for months and there is no clear guidelines on the roadmap/timelines
Paul
↧
What if I shut down on premise Domain controller after I have deployed Replica DCs on Azure?
Hi,
I have a cross premise connectivity from on premise to azure by VPN gateway.
I have 2 DCs on premise, and have deployed replica Domain Controllers on Azure which sync both ways. There are domain joined machines at both on premise site and Azure.
One of the Machine at on premise site is a Network Printer.
Now we are in the process of moving all machine to Azure, so my question is:
1) Is it safe to shut down the On premise Domain Controllers as there are 2 DCs on Azure. Will they still work fine?
2) After on premise DC are shut down, I have a printer on premise which will be connected to Azure DCs via the VPN. Is it a good scenario for my business? How much latency/bottleneck can VPN produce?
Thank You.
Bhavya Singhal
↧
Existing O365 users - New AD DS local server
Hello,
I currently trying to configure an Windows 2012 Standard Server running AD DS, freshky provisionned.
We already have an O365 tenant runing with users for one year now.
I want to know how I can fill my local AD DS with the existing O365 users.
I have succefully installed Azure AD Connect on the server and synchronized it.
Do you have an advice on how to do that ?
Thanks,
Alain
↧
↧
OAuth2Permission with type:Admin doesn't work
i register application in Azure Active Directory, and set Manifest OAuth2Permission with type:Admin.
i expected that it disable user consent, and admin consent will be appear after admin login.
But, when i access login url with no "prompt=admin_consent", i didn't see only user consent.
does anyone ever seen that work fine ?
↧
Embed Login Window In WinForms App
Hello,
I have a legacy WinForms app that I would like to integrate with Azure AD. I can get it all working, but I was wondering if anyone know of a way to be able to embed the web page that pops up for the user to enter their credentials into Azure AD somehow into my application so that the Azure AD login page appears inside of my WinForms form and not as a popup?
I'm using this sample as my template: https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/
Thanks.
↧
Azure Active Directory Domain Service - how to join to AAD DS domain?
I've followed instructions at https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-getting-started-vnet/ to set up AAD DS. AAD DS domain name is MyAADDomainName.onmicrosoft.com
I've created new AAD user account (to generate new password hash) and added this new account to the 'AAD DC Administrators' group. I can logon using this new user account and password tohttp://myapps.microsoft.com. So far so good.
User name inherits default AAD suffix and looks like: NewAADDSAdminUser@MyDefaultDomainName.onmicrosoft.com
Note that domain name in the user's name and AAD DS domain name do not match each other an this is probably where things go wrong. There is no option available to create new user withMyAADDomainName.onmicrosoft.com suffix.
Now I want to join my newly created W2k12R2 VM to the domain. The VM gets DNSs correctly and can resolve AAD Domain name (MyAADDomainName.onmicrosoft.com). But the next step fails when I provide user account with a privilege to join a computer to the domain.
I've tried both names but keep getting error (see below). What I'm doing wrong?
NewAADDSAdminUser@MyDefaultDomainName.onmicrosoft.com
and
NewAADDSAdminUser@MyAADDomainName.onmicrosoft.com
---------------------------
Computer Name/Domain Changes
---------------------------
The following error occurred attempting to join the domain "Azcontoso.onmicrosoft.com":
The user name or password is incorrect.
---------------------------
OK
---------------------------
↧