Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Domain Join Device Registration Task error

February 22, 2016, 8:05 pm
$
0
0

I configured the our Azure AD (premium) for device registration for domain joined computers per this article:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-devices-group-policy/

I have the latest AD connect, Azure configured for "All" for device registration and have set the GPO, which curiously RSOP on my local machine shows:

"Computer>Admin templates>Windows Components>Device Registration" versus the policy that is set at "Computer>Admin Templates>Windows Components>Workplace Join".  

However my Windows 10 1511 device shows the following error when the Workplace Join schedule task executes:

Task Scheduler successfully completed task "\Microsoft\Windows\Workplace Join\Automatic-Device-Join" , instance "{5ac8bea7-238b-43b9-9b07-08ea8198a5db}" , action "%SystemRoot%\System32\dsregcmd.exe" with return code 2147942401.

Anyone have any idea where else to look to troubleshoot?

Thanks!

Search

AAD: Last sync: 3597 hours ago

March 21, 2016, 11:13 am
$
0
0

Hello all,

  • Windows Server 2012 R2 Essentials VM
  • Running in Azure

Last fall, I setup this VM and configured AD-AAD syncing using Essentials' Dashboard integration. I could see local user accounts in AAD.

The project was delayed for several months and now that it has resumed, I see that the directory integration status in Azure is: LAST SYNC 3597 hours ago.

Our custom domain is still present in Azure and marked as Verified. On the Essentials dashboard, I see that the integration is Enabled and I can see my client's Domain name and Subscriptions. However, if I attempt to add a Microsoft Online Account to an AD user, the custom domain is not available, only the onmicrosoft.com domain is available.

Nathan

Can't add custom application

March 21, 2016, 3:30 am
$
0
0

Hi,

I'm trying to set up a custom application to enable SSO via SAML 2.0.

active directory => applications => add => add an application from the gallery => custom

But the screen I see is different than the one in the documentation.

"Add an unlisted application your organization is using" shows up which redirects me to the documentation after clicking on it.

No textbox to enter the name and go to the next step.

please advice,

Accessing existing app information

March 21, 2016, 3:53 am
$
0
0

I've looked around the preview site of the new Microsoft Azure portal, but I don't see how I can access our app information, shown on the current portal screenshot below.  Any advice please?


Integrate with Microsoft Azure Active Directory not working on server 2012 R2 Essentials

January 29, 2016, 11:01 pm
$
0
0
I am trying to use the Integrate with Microsoft Azure Active Directory wizard in Essentials to link to Azure. I have an account and am running the Essentials Dashboard as an administrator. I can use my user name and password to log into the web version of Azure but end up with a message saying they are incorrect when trying to connect with the wizard. Does anyone have an idea what the problem is here?

AAD Connect required accounts

March 21, 2016, 1:39 pm
$
0
0

Hello,

I’m in the process of starting the install of Azure Active Directory Connect to sync our on-premises AD user accounts to Office 365.  I have read over the documentation and looks like I will be doing a custom install since I want to install it on a drive other than C:.  From what I understand is that the Express install normally creates three accounts.  Once account is created in AAD that starts with Sync_ServerName_xxxxxxxx and the other two accounts are created in our on- premises AD.  The two that are created on our local AD have one that starts with MSOL_xxxxxxx and the other one that starts with ADD_xxxxxx.  Is this correct so far?  From what I understand is that the MSOL_xxxxxxx account is used to read and write to  our local AD during the synchronization and that the ADD_xxxxxx account is used to run the Azure AD Connect sync service in the background on the server.  Do I have that understood correctly?

So my question is if I install it using the custom install method my understanding is that the custom install will still create the account in AAD (Sync_ServerName_xxxxxxx)  and it will also create the AAD_xxxxxx account on my local AD.  So the only account I need to create manually before I run the install is the MSOL_xxxxxx account?  Is this correct?

Thanks,
Brent

Installing Azure AD Connect Error 77 creating synchronization service account

March 17, 2016, 1:29 pm
$
0
0

I'm am trying to reinstall AAD Connect because we are having sync issues.  I uninstalled AAD Connect and on reinstall I am getting:

GetServiceAccount: Unable to create synchronization service account. An error occurred. Error Code: 77

For the AAD user I created a cloud-only global admin which I have tested login via the web portal.  The on-prem AD account is an enterprise admin.  We have a Hybird Exchange deployment.  We have a standard SQL instance we are using on the same server (I deleted the ADSync DB before reinstall). This is our test environment so we can do anything we want.

AAD Version: 1.1.119.0

[12:29:07.577] [  6] [ERROR] GetServiceAccount: Unable to create synchronization service account. An error occurred. Error Code: 77. Error Description: The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support. Tracking ID: 4250a62c-cfc8-4c76-82b4-02df93f5df55 Server Name: . | The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support..
Exception Data (Raw): Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.AzureADServiceAccountException: Unable to create the synchronization service account for Azure Active Directory. ---> Microsoft.Online.Coexistence.ProvisionException: An error occurred. Error Code: 77. Error Description: The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support. Tracking ID: 4250a62c-cfc8-4c76-82b4-02df93f5df55 Server Name: . ---> System.ServiceModel.FaultException`1[Microsoft.Online.Coexistence.Schema.AdminWebServiceFault]: The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support.

Server stack trace: 
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Online.Coexistence.Schema.IProvisioningWebService.GetServiceAccount(String identifier)
   at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
   --- End of inner exception stack trace ---
   at Microsoft.Online.Coexistence.ProvisionHelper.AdminWebServiceFaultHandler(FaultException`1 adminwebFault)
   at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeDependencies.ProvisioningHelperGetServiceAccount(ProvisionHelper provisionHelper, String identifier)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.<>c__DisplayClass13.<GetServiceAccount>b__12()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.ExecuteWithRetry(String actionName, Action action)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetServiceAccount(String identifier)
   at Microsoft.Online.Deployment.Types.Providers.ProvisioningWebServiceProvider.GetServiceAccount(String syncMachineIdentifier)
   --- End of inner exception stack trace ---
   at Microsoft.Online.Deployment.Types.Providers.ProvisioningWebServiceProvider.GetServiceAccount(String syncMachineIdentifier)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.UpdateAADConnectorCredentials(IAzureActiveDirectoryContext aadContext, IAadSyncContext aadSyncContext)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)

Migrating Microsoft accounts to AAD

March 21, 2016, 1:54 pm
$
0
0

From @erigeek via Twitter:

 When upgrading Win8/8.1 O365 users with MS account profiles, how do we *migrate* them to AAD without losing anything?

Thanks

@AzureSupport

Search

Can I transfer All the AD Premium licenses from One Subscription to another?

March 21, 2016, 12:15 pm
$
0
0

Hi All,

I need help regarding this specific scenario. One of the customers was using Azure AD free. They were using two different subscriptions. Mistakenly, the customer bought the Azure AD licenses using the second subscription while the users who need to be affected from the azure ad premium licenses are on the AAD in the first subscription. My Query is:

Can I transfer Azure AD premium Licenses from one subscription to another?

Can I transfer Azure AD premium Licenses from one Azure AD to another?

Can I transfer my subscription from one Account to another. ( I guess third scenario is achievable, but not feasible since all the credits will be washed away while transferring)

Please Help!

Azure AD Join - Bitlocker recovery key

March 21, 2016, 6:49 pm
$
0
0

I am doing some testing with Windows 10 Azure AD join, and had a question about Bitlocker. When you enabled Bitlocker manually, You are presented with an option to store the key in the Cloud (Azure).

I need to be able to do this via script and didn't see an option for manage-bde.exe so was hoping that simply executing the following command would just upload the key for me.  :-)

Sadly however it doesnt appear to do so.  Bitlocker does encrypt the drive, however I can never see a key on the device in Azure.

C:\Windows\system32\manage-bde.exe -on C: -SkiphardwareTest -UsedSpaceOnly

Any ideas?

Thanks!

Azure Active Directory password reset.!!

March 21, 2016, 8:30 pm
$
0
0

Hi All,

User Enabled for password rest is Yes and the user is already registered with the email id and mobile number. However the password reset feature is not working, when the user try to reset the password it shows "Your account has not been enabled for password reset". Kindly let me know, how to set up the password reset for the user in Azure.

Your account has not been enabled for password reset.

Thanks and Regards,

RajaVillageSync

Shared Subscriptions

March 21, 2016, 8:11 am
$
0
0

Hello

Is there a way to setup a shared subscription for other users to utilise in azure?

scenario

I setup a subscription using our organisations credit card.  I sign into azure portal, I can see the subscription.

Another colleague wants to use the same subscription, and not have to create another one.

How do i achieve that?

Thanks 

Subscriptions and user Access

March 21, 2016, 8:06 am
$
0
0

Hello there

Someone in our organisation switched on Azure AD from within out office365 portal without knowing the full implications.

I've just checked and all 50,000 accounts in our AD seem to be able to now sign into portal.azure into our organisations azure portal.

We really don't want them to be able to do that, and need to limit the users who can login.

How do i know retrospectively do that, and what user account permissions do I need to accomplish this?

I'm currently admin, but certain actions are not allowed and keep saying I need to be global admin.

How do i become global admin if I need to be?

Thanks in advance

Matt

Azure AD Connect on Stand Alone Server

March 21, 2016, 11:55 pm
$
0
0

Hello Azure,

I am having problems installing Azure AD Connect on a stand alone server. I keep reading that you can synchronize your Azure AD credentials on a stand alone server that is not a member of a domain. But I cannot configure Azure AD to do so. When I go through the custom setup, I get to the connect to Directories option and it does not populate the domain that is currently configured (and working for Win10 workstations that are joined). There is of course no Domain Controller on the network, as this is a stand alone server not connected to any domain. I cannot for the life of me find any documentation on doing this for a stand alone server, however I see marketing puke all over the place saying you can do this. On MS Websites, and here on the Azure support forums from MS Support Techs.

Can anyone point me towards instructions on how I can Syncronize Authentication for this server with Azure AD without also turning this server into a DC?

http://i.imgur.com/nPsDdaT.png 

Configure AAD Sync

March 18, 2016, 2:58 am
$
0
0

When configuring Azure and AD Integration using Azure AD Connect I get the following error'

An error occurred executing Configure AAD Sync task: user_realm_discovery_failed: User realm discovery failed.

Thank you in advance

Search

Support for Identity and Access Tools on Visual Studio 2015 for working with Access Control Service 2.0

March 22, 2016, 3:17 am
$
0
0

Hi,

The Identity and Access Tools are not available for Visual Studio 2015. Can you please point me to any other methods available to work with Access Control Service 2.0 for VS2015? All the examples/How To's I came across used VS2010/2012.

Regards,

Harsh

Errors when inviting users with Azure B2B collaboration preview

March 18, 2016, 1:51 am
$
0
0

We are using Azure AD B2B collaboration to invite external users to our O365 tenant. For the most of the users it is working nicely. Now we have faced two problems:

1. Invite redeem page does not work for partners that have federated users to their own O365 with PingFederate. The B2B invite email is sent but when the user clicks Accept it shows this error: 

We are not able to create this work or school account because <domain here> is a domain that is federated with your on-premises AD. Please contact your admin to ensure you are properly configure in your on-premises AD and you can re-attempt to accept this invitation. Error Message: AADB2B_0001: User Domain Is Federated.

2. For some email domains the invitation is not send and B2B is not creating user object at all. There is no error in B2B invite status report. The email domain for these users seems to be a normal globally well known organizational non consumer domain. 

If I try to login with this account to any cloud services the login page redirects me to page that gives error <domain here> isn't in our system.



Questions:

1. What does the Error Message: AADB2B_0001: User Domain Is Federated mean and how to fix or workaround it?

2. What does error domains are not in your system mean? Is this error related to B2B or is it some domain that MS have blocked from Azure?


The given key was not present in the dictionary. Please check the service.

March 22, 2016, 6:27 am
$
0
0

I am trying to provision our Custom App with Azure AD.  The URL get hit but we get the error - The given key was not present in the dictionary. Please check the service.

The below is what I am able see.  After we get the response we get the error "The given key...." error, should I be sending something else in the response?

Also I noticed the number ofter /Users/ keeps changing on every request.  Is this how it should be?

Request

GET /pmlapi/scim/Users/442a0182-4684-42de-a95c-cf77d3b7fa9e

Headers
Adscimversion    e2874dc6-7be8-4310-851b-4901ab3147a0
Authorization    Bearer R294W35GCXKU

Response
{
    "totalResults": 0,
    "itemsPerPage": 10,
    "startIndex": 1,
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "resources": []
}





Multiple Ad Connect

March 22, 2016, 7:30 am
$
0
0
Is it possible to setup 'AD connect' sessions from one AD domain to multiple Office 365 subcriptions ?

Any API to get license-based prices?

March 22, 2016, 7:34 am
$
0
0

Hi guys,

Not sure I am posting this question to the correct forum.

There is a possibility to get Azure prices using CREST API (https://msdn.microsoft.com/en-us/library/partnercenter/mt427347.aspx). 

Could someone please tell me is there any API allowing to get license-based prices (Office 365, Enterprise Mobility Suite, Microsoft Dynamics CRM)?

Thanks!

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>