Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Azure ADFS multi-tenant configuration per tenant.

March 18, 2016, 5:17 am
$
0
0

Hello, 

I would like to develop single sign on for my application and make it available for many organizations which already have their own ADs and their own users in their ADs.

I would like to make my application multi-tenant but I miss some configuration options. For example:

1. Adding a custom application to my client's AD  from [Add an application from a gallery]>[Custom] seems to be broken. There there is only the link to the documentation. 

2. Would it be possible for the organizations to customize it the application after adding it to their AD? I mean are they able to change the tile logo and the name of the application for their users?

3. I guess there would be an option to configure multiple single-tenant applications one for each of my customers that would point to the same sign-on url and redirect url, but I would like to avoid this option because in this case I would need a separate client ID and secret for each organization.

Kind Regards,

Nikos

Search

Group policy in Azure AD Domain Services

February 12, 2016, 10:02 am
$
0
0

Hello,

Throughout the Azure AD Domain Services documentation, it mentions that you can configure group policy for users and computers. Can you tell me where I can access the settings of that group policy for my domain? I cannot find it anywhere. 

FYI, the goal I am trying to accomplish is setup a domain without an on-premise domain controller. The services I need are ID management (username/password), and settings management (group policy). 

Thanks, 

Trent

Configure AAD Sync

March 18, 2016, 2:58 am
$
0
0

When configuring Azure and AD Integration using Azure AD Connect I get the following error'

An error occurred executing Configure AAD Sync task: user_realm_discovery_failed: User realm discovery failed.

Thank you in advance

AD Connector needs reconfiguring after Federation

March 18, 2016, 8:04 am
$
0
0

We initially set up a server with active directory connector running on it to synchronise our domain with Office 365, this was set just to use the custom settings with password replication.

We then decided to federate our domain. We have now done this but obviously we need to reconfigure ADC so that it recognises that we have federated.

Should I just uninstall ADC and then reinstall it selecting and configuring the federation options or is there another way to do this?

Azure Active Directory Domain Services: Portal Created Accounts sync different than GraphAPI Created Ones

February 7, 2016, 5:08 am
$
0
0

Hi @All

We created a nice looking registration Page to allow specific users to create an account in our Azure AD which has DS enabled. The registration Page is an trusted "App" in the AAD and creates users by using the Azure Graph Libraries as described here http://justazure.com/azure-active-directory-part-5-graph-api/.

When it comes to account creation, everything works fine, expect one neat detail. Accounts created via the Azure Management Portal own the attribute "userName" which gets populated to the AAD DS, where as accounts created via the Graph API don't have such an attribute.

See the POST request to the Azure Management Portal when creating a new user, not sure if this only UI, but probably this is additional information which is user for defining the username in DS.

Compared with users create by the Graph API, the attributes synced to the AAD DS are significantly different.

Max Muster was create by using the Portal (like one one above) whereMichael Schnyder was created by the Graph API.

What i found is different

- CN
- distinguishedName
- name
- sAMAccountName

Question: How can the Graph API be called to that the AAD DS behaves the same as for users create in the Management Portal?

BTW: This editor is a too small. buggy just a shame for such a modern and forward looking company. Please update / migrate asap... How do you appreciate customer feedback when this channel is almost unusable?

Does Azure AD have the ability to connect to a separate data store for user identification?

March 18, 2016, 11:24 am
$
0
0

From what I have read, you can sync your internal Windows Active Directory to the Azure AD.  Then you have the ability to use SSO with those AD accounts to on-premises custom applications that are registered with Azure AD.  However, we have a custom application with forms authentication to a back-end SQL database which contain all our user information an usernames/passwords.

We would also what those users within that custom application to have SSO for a third party tool.  However, the third party tool will need to connect to our Identity Provider (which we don't have yet) using SAML 2.0 as the protocol.  Is there a way to use Azure AD as the Identity Provider so that the third party will connect to Azure AD and then Azure AD will validate the users with our custom application via our SQL database or would we have to import all those users within Azure AD? Would this even make sense?

Password Sync

March 18, 2016, 3:30 am
$
0
0

Good day,

I have been using Azure Active Directory Sync for quite some time now to integrate my on premises AD with Azure AD for Office 365.

I recently included a new OU as we added users to Office 365 whom, previously, were not allocated Office 365 licenses.

The accounts have synced but their passwords are disjoined. Why would this happen?

Thanks for the assistance. 

Azure AD Connect throws "unexpected error"

November 9, 2015, 9:14 am
$
0
0

We're trying to sync to Azure AD using Azure AD Connect, and have installed the connector on Windows Server 2012 R2. We followed all the steps in the instructions (verified our domain, etc.), but:

The connector dies at the first step under Express Settings at "Connect to Azure AD"

When try to sign on with our "username@domain.onmicrosoft.com" credentials, or with a separate "global-admin-user@ourdomain.com" we get a nebulous error: "Unable to validate credentials. An unexpected error has occurred."

Is there any way to debug this further? It's completely preventing us from adopting Azure.

Unexpected error in Azure AD Connect

Search

The subscription is disabled

March 19, 2016, 1:44 am
$
0
0

i get one error

Failed to start the virtual machine 'Congxxx'. The subscription '1936c7e0-1a05-4633-9f18-980e370exxxx' is disabled and therefore marked as read only. You cannot perform any write actions on this subscription until it is re-enabled.

i am using trial azure

how to fix it


Add SAML supported web application on Azure for SSO

March 17, 2016, 5:09 am
$
0
0
Add SAML supported web application on Azure for SSO

How to create a User (Work Account) with specified Directory Role in Azure Active Directory Graph Api

March 14, 2016, 3:42 pm
$
0
0

I'm trying to find out a way to create a User (Work Account) with specified Directory Role in Azure Active Directory Graph Api using one Ad Graph API call.

I can make 2 separate calls (1 to create the user and 1 to assign the Directory Role) but is it possible to include the role in the POST user payload and assign the role in the same call?

Aram Koukia | Blog: koukia.ca | Twitter: @aramkoukia

No ADSync scheduled task created

March 20, 2016, 9:16 am
$
0
0

I installed Azure AD Sync and chose in the wizard not to sync on completion because I wanted to filter by OU.

I sync from the GUI it looks fine, but no scheduled task has been created.

I have upgraded to 1.1.119.0

How best to create a scheduled task?


Get-ADSyncScheduler


AllowedSyncCycleInterval            : 00:30:00
CurrentlyEffectiveSyncCycleInterval : 00:30:00
CustomizedSyncCycleInterval         :
NextSyncCyclePolicyType             : Delta
NextSyncCycleStartTimeInUTC         : 20/03/2016 16:43:
PurgeRunHistoryInterval             : 7.00:00:00
SyncCycleEnabled                    : True
MaintenanceEnabled                  : True
StagingModeEnabled                  : False

CarolChi


Customized Company Branding for Azure Active Directory

February 8, 2016, 2:48 pm
$
0
0

We are using Azure Active Directory Basic edition to manage user authentication to our Enterprise application. For Company branding, we have customized the Sign In Page Illustration and Banner Logo, these elements are getting updated on the Sign In Page.

The issue that we are facing currently is how to remove the Microsoft logo and other corresponding elements like "Don't have an account assigned by your work or school? Sign in with Microsoft account" from our login page.

Also towards the page end, Microsoft has inserted links like @2016 Microsoft, Microsoft Logo, Terms of User and Privacy & Cookies. 

We are preparing a customized login page for our enterprise application, is there some way to remove these elements through customization of Azure AD Sign In page?

Thanks & Regards, Deep

Dashboard Single Sign-On URL not working

March 14, 2016, 2:51 pm
$
0
0

Hi 

I just created a new custom app. I configured the SSO settings and assigned users.

Then i switched to the app's dashboard, tried copying the Single Sign-On URL and pasting it in another tab, and received this error:

Oops, this link isn’t working…
This link to MyAPP is invalid. Click the link below to see what applications you have access to. Otherwise, contact your administrator or the person who gave you this link to resolve this issue. 

Clicking on the link at the Azure portal seems to work, but i want a direct url.

What am i doing wrong?

Thanks


Sync with OpenLDAP

March 20, 2016, 2:56 pm
$
0
0

Hi

I would like to sync openldap users to be able to use office 365. Can i use AADSync? do i need ADFS for this?

Thanks

Search

AAD C# client request returns "Your browser is currently set to block Javascript error!"

February 25, 2016, 5:01 am
$
0
0

I have been using AAD just fine in a web app and in a web api app, but I had the need to combine these two recently.  Everything is fine from the browser, but I tried to reuse my native client application and am stumped.

AuthenticationContext ac = newAuthenticationContext(authority);
AuthenticationResult ar = ac.AcquireToken(resource, clientID, redirectUri, PromptBehavior.Always);
^ Login screen pops up.  Everything looks great and I see the access token, but...

HttpResponseMessage response = httpClient.GetAsync("https://localhost:44313/api/hello").Result;
if (response.IsSuccessStatusCode)
{
    result = response.Content.ReadAsStringAsync().Result;

    ^^ this returns an html error page that says "We can't sign you in.Your browser is currently set to block JavaScript. You need to allow JavaScript to use this service."

I saw the sticky post on something VERY similar with AAD and Azure PowerShell, so I tried adding the 3 suggested websites to the Trust list in IE, but that didn't help.  It's VERY easy to reproduce.  Just create an MVC project, add a web controller and configure a native client app in the portal.


How & Where to set the App Publisher website?

March 20, 2016, 10:21 pm
$
0
0

When customers grants the access to my AD, below details are shown. However in "App Publisher website" it says localhost, i want to change it to my company's name, where will i have to rename it?

Also i noticed it gets changed in different request to one of the reply URLs of the application AD.

Thanks

Azure AD standalone - What do we do with printers?

March 21, 2016, 7:16 am
$
0
0

This is more of a brainstorming question as I have limited experience with print servers.

We're moving away from local AD and testing out Azure AD standalone with Office 365 and EMS.

Now, I know I can deploy scripts to map up these printers, but I'd like a better/fancier solution where we maybe deploy software that automatically recognizes where you are based on your IP, and gives you the printers close to you. Several offices in several countries, and deploying a script seems somewhat cluttered to me.

Does anyone have good experience with software? I looked at printerlogic but not sure if it's something that should be explored further.

Azure AD connect cannot contact domain

March 21, 2016, 8:24 am
$
0
0

From Jon Wooten @JonKnowhow900 via Twitter

We've been using the new Azure AD connect tool that just got released. That has been working fine with our on prem AD domain. However, we have another forest that we connect to over VPN tunnel and AD Trust. I can reach that domain from our AD connect tool, with all ports open to their AD. When I go to add their domain in the tool, it says "This domain cannot be contacted or does not exist". (and yes, I'm putting in the FQDN of their domain). I know I can reach it over the network, and I can do things like add their users to a folder share from that same server. But this tool cannot contact that domain. What gives?

 

Thanks,

@AzureSupport

AAD AD Connect join MDM enrollment

March 21, 2016, 8:36 am
$
0
0
We have setup Azure AD + Domain Join + Windows 10 as per article below
https://blogs.technet.microsoft.com/ad/2016/02/17/azure-ad-domain-join-windows-10/

We follow article below to configure SCP and ADFS and we have Windows 10 build 10586.164
https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-devices-group-policy/

When running get-msoldevice -all we see

Enabled                       : True
ObjectId                      : e23c0c16-2b6f-4c4c-b951-2c7c0d74c2d1
DeviceId                      : 547ab533-f24c-4ec2-90ba-d86655b19e34
DisplayName                   : DESKTOP10
DeviceObjectVersion           : 2
DeviceOsType                  : Windows
DeviceOsVersion               : Windows 10
DeviceTrustType               : Domain Joined
DeviceTrustLevel              : Managed
DevicePhysicalIds             : {}
ApproximateLastLogonTimestamp : 21-3-2016 12:51:00
AlternativeSecurityIds        : {X509:<SHA1-TP-PUBKEY>49482A1D1D1CC11611E96FEECB83597A4EC801C0PK8Dw0UM/yD1iRExAqJQhpbD4
                                CYTAXGxo6QvdHBSrck=}
DirSyncEnabled                :
LastDirSyncTime               :
RegisteredOwners              :
GraphDeviceObject             : Microsoft.Azure.ActiveDirectory.GraphClient.Device


In Azure AD we enabled automatic Intune/MDM registration/enrollment as per article below
https://blogs.technet.microsoft.com/ad/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/

We waited 3+ hours but the device does not show up in Intune.

Is this scenario possible?
Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>