I've joined a laptop to Azure AD using an admin account.

Now I want to add a user from same Azure AD to the same laptop, but not as a local admin.

Problem is that the user account user@mydomain.com is both an Azure AD account (synced from my on prem AD) AND a Microsoft Account.

The add user dialog in Windows 10 give me no way of defining which sort of account I want to use. I am pretty sure that if I just type inuser@mydomain.ch it is using the MSA because the password is the MSA password, not the Azure one.

Not sure is this is the correct forum. I will crosspost to the Azure forums

---

CarolChi

Hola!

During a recent consulting session with a PFE, it was suggested that we configure password sync in addition to our ADFS configuration.  That is - if ADFS fails, users can still log on with the synced password.

It makes a lot of sense to me and I am preparing to implement.

However, a question later came to me as I reviewed my original documentation for why we didn't choose password sync.  With ADFS I'm able to configure a lockout policy on the ADFS proxy - preventing external attacks to lock out on-premise users.

As I write this I suddenly realise that nothing has changed - you can still do a DoS attack on an Azure account - either ADFS locks it or it would be locked by password sync (i.e. my on-premise account is safe)

But I'm still curious - when a user tries to authenticate to an Azure account that is both federated and password synced, which lockout counter is used?

I was able to add one device, now the rest seem to be failing.  These are three new computers with Windows 10 Pro Edition. But no matter what I try I can't seem to be able to "Join Azure AD" on the other 2 computers.

I have enabled users to join their devices to Azure AD.

Both computers are up to date. (Checked 3 times to be sure.)

Like I said, no matter what I can't seem to be able to join the other 2 users.

Is there anything that can be done ??

The error code that I get is: 80004005

I have created Native app on my azure and integrate it with ADAL js for my SharePoint hosted app. Whenever I deployed my app I have to manually enter new app url. For SharePoint hosted app every time the app deployed the url will be changed.

To resolved this issue a have put my public site page in between hosted app and native app and put the url of that page in ADAL and native app. 

But this is not the exact solution that I am looking for. 

How can we resolve this issue when integrating Azure Native App and SharePoint hosted app

We tried to do an inplace upgrade, received the message, Unsupported DirSync changes, e.g. removed attributes and using a custom extension DLL.  So now are going to do a clean install on another server in Staging mode.

How do we "verify the old DirSync and new Azure AD Connect configuration". what are the steps to "Verify the old DirSync configuration"?

---

Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010, MCSA Office 365

I am making a lot of requests against azure ad / microsoft graph, and every now and then a /manager or /photo request returns 403 instead of a 404, but as far as I can tell we have the correct permissions in the jwt, and everything should be working OK?

I believe this could just be the behavior of the beta API, but I hope it is something I'm doing wrong so I can fix it :)

Here is the log I get back, the access token here is expired, but when I test immediately after the 403 comes back, the request responds instead with a 404. This is from a web application running node.js 5.x using request-promise to issue the requests.

{"name": "StatusCodeError","statusCode": 403,"message": "[Request Client] Error in get https://graph.microsoft.com/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager!","error": {"error": {"code": "Authorization_RequestDenied","message": "Insufficient privileges to complete the operation.","innerError": {"request-id": "acb87931-f1ba-4d8c-8c2b-6622737be836","date": "2016-06-15T22:55:20"
      }
    }
  },"options": {"uri": "https://graph.microsoft.com/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager","method": "GET","headers": {"Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYmM2YjhkZDItZTc0Yy00OTZkLTg1MWQtMDIzOTMxZmIyZDIxLyIsImlhdCI6MTQ2NjAzMDk5NywibmJmIjoxNDY2MDMwOTk3LCJleHAiOjE0NjYwMzQ4OTcsImFjciI6IjEiLCJhbXIiOlsicHdkIl0sImFwcGlkIjoiNTg4NDlmYWUtNDVhNC00YmRjLWE4NmEtNDM5NjMzZjBiZTEzIiwiYXBwaWRhY3IiOiIxIiwiZmFtaWx5X25hbWUiOiJHZWxkb2YiLCJnaXZlbl9uYW1lIjoiQm9iIiwiaXBhZGRyIjoiOTguMjMyLjcuOTAiLCJuYW1lIjoiQm9iIEdlbGRvZiIsIm9pZCI6ImNkMTc3MWJjLTA4ODUtNDNjOS05OWZiLWI5ZTc1MTZlNTRlOSIsIm9ucHJlbV9zaWQiOiJTLTEtNS0yMS00NjU2MTM4LTQ0MTkwNTI4My0yNjAzODY4NzItMTEwNCIsInB1aWQiOiIxMDAzN0ZGRTk0N0YxNTc1Iiwic2NwIjoiQ29udGFjdHMuUmVhZFdyaXRlIE1haWwuUmVhZCBvZmZsaW5lX2FjY2VzcyBVc2VyLlJlYWQgVXNlci5SZWFkQmFzaWMuQWxsIFVzZXIuUmVhZFdyaXRlIiwic3ViIjoiaW83Y3EwdlFkRlBhR3pTdU1NVGdpbGk0OE96SWs4Qm1qcXZqSmptVWRjSSIsInRpZCI6ImJjNmI4ZGQyLWU3NGMtNDk2ZC04NTFkLTAyMzkzMWZiMmQyMSIsInVuaXF1ZV9uYW1lIjoiYm9iZ0BIeXBlckZpc2hEZXYwMS5vbm1pY3Jvc29mdC5jb20iLCJ1cG4iOiJib2JnQEh5cGVyRmlzaERldjAxLm9ubWljcm9zb2Z0LmNvbSIsInZlciI6IjEuMCJ9.gMnRxai4PQRR8Bo7QMLD6lvW65CGaJ-LmyRI_kA7XC2Toz5EecaTlCGUJYR-_XF9N5iYNo594OUGzCF7xTf1z58YR4EzxtfsfdzfD9RNPx_L9bTx8FGUC4L2Z-RSquTXQ9sywt2nycb0WdpsYARv01oZJrGGU4w4b9rYHqTZOmr6e_6g11OvhjXKgwg8UGnvq-_ee93Vt50ZX5NH0TFgho8CyxzH0DSyCckCgNrAYy1CSEJadd6kUE2I-PR8GbdX4-4v8eLq00UOAGXopC7uKxQQNI0UYr6ZRQEDBb9rjESKNnFJXrmmemW6M8gRfGKHVgcdXY-BZrfozmv5QvDPTA"
    },"json": true,"simple": true,"resolveWithFullResponse": false
  },"response": {"statusCode": 403,"body": {"$ref": "$[\"error\"]"
    },"headers": {"cache-control": "private","transfer-encoding": "chunked","content-type": "application/json","server": "Microsoft-IIS/8.5","request-id": "acb87931-f1ba-4d8c-8c2b-6622737be836","client-request-id": "acb87931-f1ba-4d8c-8c2b-6622737be836","x-ms-ags-diagnostic": "{\"ServerInfo\":{\"DataCenter\":\"West US\",\"Slice\":\"SliceB\",\"ScaleUnit\":\"000\",\"Host\":\"AGSFE_IN_4\",\"ADSiteName\":\"WST\"}}","duration": "101.1805","x-powered-by": "ASP.NET","date": "Wed, 15 Jun 2016 22:55:19 GMT","connection": "close"
    },"request": {"uri": {"protocol": "https:","slashes": true,"auth": null,"host": "graph.microsoft.com","port": 443,"hostname": "graph.microsoft.com","hash": null,"search": null,"query": null,"pathname": "/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager","path": "/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager","href": "https://graph.microsoft.com/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager"
      },"method": "get","headers": {"Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYmM2YjhkZDItZTc0Yy00OTZkLTg1MWQtMDIzOTMxZmIyZDIxLyIsImlhdCI6MTQ2NjAzMDk5NywibmJmIjoxNDY2MDMwOTk3LCJleHAiOjE0NjYwMzQ4OTcsImFjciI6IjEiLCJhbXIiOlsicHdkIl0sImFwcGlkIjoiNTg4NDlmYWUtNDVhNC00YmRjLWE4NmEtNDM5NjMzZjBiZTEzIiwiYXBwaWRhY3IiOiIxIiwiZmFtaWx5X25hbWUiOiJHZWxkb2YiLCJnaXZlbl9uYW1lIjoiQm9iIiwiaXBhZGRyIjoiOTguMjMyLjcuOTAiLCJuYW1lIjoiQm9iIEdlbGRvZiIsIm9pZCI6ImNkMTc3MWJjLTA4ODUtNDNjOS05OWZiLWI5ZTc1MTZlNTRlOSIsIm9ucHJlbV9zaWQiOiJTLTEtNS0yMS00NjU2MTM4LTQ0MTkwNTI4My0yNjAzODY4NzItMTEwNCIsInB1aWQiOiIxMDAzN0ZGRTk0N0YxNTc1Iiwic2NwIjoiQ29udGFjdHMuUmVhZFdyaXRlIE1haWwuUmVhZCBvZmZsaW5lX2FjY2VzcyBVc2VyLlJlYWQgVXNlci5SZWFkQmFzaWMuQWxsIFVzZXIuUmVhZFdyaXRlIiwic3ViIjoiaW83Y3EwdlFkRlBhR3pTdU1NVGdpbGk0OE96SWs4Qm1qcXZqSmptVWRjSSIsInRpZCI6ImJjNmI4ZGQyLWU3NGMtNDk2ZC04NTFkLTAyMzkzMWZiMmQyMSIsInVuaXF1ZV9uYW1lIjoiYm9iZ0BIeXBlckZpc2hEZXYwMS5vbm1pY3Jvc29mdC5jb20iLCJ1cG4iOiJib2JnQEh5cGVyRmlzaERldjAxLm9ubWljcm9zb2Z0LmNvbSIsInZlciI6IjEuMCJ9.gMnRxai4PQRR8Bo7QMLD6lvW65CGaJ-LmyRI_kA7XC2Toz5EecaTlCGUJYR-_XF9N5iYNo594OUGzCF7xTf1z58YR4EzxtfsfdzfD9RNPx_L9bTx8FGUC4L2Z-RSquTXQ9sywt2nycb0WdpsYARv01oZJrGGU4w4b9rYHqTZOmr6e_6g11OvhjXKgwg8UGnvq-_ee93Vt50ZX5NH0TFgho8CyxzH0DSyCckCgNrAYy1CSEJadd6kUE2I-PR8GbdX4-4v8eLq00UOAGXopC7uKxQQNI0UYr6ZRQEDBb9rjESKNnFJXrmmemW6M8gRfGKHVgcdXY-BZrfozmv5QvDPTA","accept": "application/json","content-length": 0
      }
    }
  },"level": "warn","timestamp": "2016-06-15T22:55:21.465Z"
}

Any help would be appreciated, thanks!

We are trying to setup a test Azure AD domain. We already have a production AAD running. After I get the new directory created I go into settings and subscriptions but I am not seeing the edit directory option at the bottom of the window. I am a co-admin of the subscriptions. The account that has co-admin authority is one from our production AAD directory.

Thanks.

Hi all,

We encounter an error during AzureADConnect installation process. It seems to  have a trouble about creating service account. Important information: on this domain controller, we've installed once AzureADConnect succesfully, then uninstall it and finally tried to reinstall it using personnalised mode (we wanted to change userPrincipalName).

A idea to solve that ? Bellow the trace with the error:

[19:27:20.757] [  1] [INFO ]
[19:27:20.757] [  1] [INFO ] ================================================================================
[19:27:20.757] [  1] [INFO ] Application starting
[19:27:20.757] [  1] [INFO ] ================================================================================
[19:27:20.757] [  1] [INFO ] Start Time (Local): Thu, 16 Jun 2016 19:27:20 GMT
[19:27:20.757] [  1] [INFO ] Start Time (UTC): Thu, 16 Jun 2016 17:27:20 GMT
[19:27:20.757] [  1] [INFO ] Application Version: 1.1.189.0
[19:27:20.757] [  1] [INFO ] Application Build Date: 2016-05-25 23:27:31Z
[19:27:20.757] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (8c7d30d)
[19:27:21.007] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[19:27:21.007] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[19:27:21.007] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[19:27:21.007] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[19:27:21.007] [  1] [INFO ] Default Proxy [Enabled]: True
[19:27:21.007] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[19:27:21.038] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[19:27:21.069] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[19:27:21.069] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[19:27:21.085] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[19:27:21.085] [  1] [INFO ] Password Sync supported: 'True'
[19:27:21.085] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[19:27:21.100] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[19:27:21.100] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[19:27:21.100] [  1] [VERB ] Getting list of installed packages by upgrade code
[19:27:20.757] [  1] [INFO ] ..............
[19:27:20.757] [  1] [INFO ] ..............
[19:27:20.757] [  1] [INFO ] ..............
[19:27:20.757] [  1] [INFO ] ..............
[19:27:20.757] [  1] [INFO ] ..............
[19:27:29.185] [  4] [VERB ] Waited 0:00:01.7658114 for task to complete: Install Prerequisites
[19:27:29.185] [  1] [INFO ] Page transition from "Configuration rapide" [ExpressSettingsPageViewModel] to "Connexion à Azure AD" [AzureTenantPageViewModel]
[19:27:29.232] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: Une erreur s'est produite lors de l’exécution de la commande 'Get-ItemProperty'. La propriété IAzureActiveDirectoryContext.AzureADUsername n'existe pas dans le chemin d'accès HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[19:27:29.247] [  1] [INFO ] Property Username failed validation with error Le nom d’utilisateur doit être au format nom@domaine.com ou nom@domaine.onmicrosoft.com
[19:27:40.849] [  1] [INFO ] Property Password failed validation with error Un mot de passe Microsoft Azure est requis.
[19:27:45.188] [  4] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credentials validation.
[19:27:45.220] [  4] [INFO ] DiscoverAzureInstance [Worldwide]: authority=https://login.windows.net/mycompanymytrademark.onmicrosoft.com, awsServiceResource=https://graph.windows.net.
[19:27:45.282] [  4] [INFO ] Authenticate: ADAL authentication is enabled.
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45:  - ProvisioningWebServiceProvider: ADAL .NET with assembly version '2.24.0.0', file version '2.24.30411.1323' and informational version '4482033c813cb2fd31423c80b5027d0b5dfb7a6c' is running...
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45:  - ProvisioningWebServiceProvider: Clearing Cache :- 0 items to be removed
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45:  - ProvisioningWebServiceProvider: Successfully Cleared Cache
[19:27:45.298] [  4] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - AcquireTokenNonInteractiveHandler: === Token Acquisition started:
    Authority: https://login.windows.net/mycompanymytrademark.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
    Authentication Target: User
    
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - <RunAsync>d__0: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - <RunAsync>d__0: No matching token was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - AsyncMethodBuilderCore: Sending user realm discovery request to 'https://login.windows.net/common/UserRealm/john@mycompanymytrademark.onmicrosoft.com?api-version=1.0'
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - AsyncMethodBuilderCore: User with hash 'GsBr6KMw18u0ROPrMsI0BqqweyqiaryEn47Ue5uoHZE=' detected as 'Managed'
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - <RunAsync>d__0: Storing token in the cache...
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - <RunAsync>d__0: An item was stored in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 7c813516-d96f-4345-a745-828f324017e2 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: pnhlmmYrWEMvYIIGZlFVp14jddOUBBt9dAeuTaOOebo=
    Refresh Token Hash: AS2ZewdC36LewrR5J8qWMxii2Ch0odh0xKn5XUydr6Y=
    Expiration Time: 16/06/2016 18:27:44 +00:00
    User Hash: h1f9FfsSFucuJKRMiFqz2jFGCufUwO9RL1RVvMp3BT4=
    
[19:27:45.767] [  4] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=0be814a5-88fa-4cdf-a34b-abc622b4bb76.
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 8836ad14-c944-4274-b32b-c964cb96a577 - AcquireTokenNonInteractiveHandler: === Token Acquisition started:
    Authority: https://login.windows.net/mycompanymytrademark.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User
    
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 8836ad14-c944-4274-b32b-c964cb96a577 - <RunAsync>d__0: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 8836ad14-c944-4274-b32b-c964cb96a577 - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 8836ad14-c944-4274-b32b-c964cb96a577 - <RunAsync>d__0: 59,9828124466667 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 8836ad14-c944-4274-b32b-c964cb96a577 - <RunAsync>d__0: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:45: 8836ad14-c944-4274-b32b-c964cb96a577 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: pnhlmmYrWEMvYIIGZlFVp14jddOUBBt9dAeuTaOOebo=
    Refresh Token Hash: AS2ZewdC36LewrR5J8qWMxii2Ch0odh0xKn5XUydr6Y=
    Expiration Time: 16/06/2016 18:27:44 +00:00
    User Hash: h1f9FfsSFucuJKRMiFqz2jFGCufUwO9RL1RVvMp3BT4=
    
[19:27:46.486] [  4] [INFO ] Authenticate: tenantId=(0be814a5-88fa-4cdf-a34b-abc622b4bb76), IsDirSyncing=True, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=8224, AllowedFeatures=None.
[19:27:46.548] [  4] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/mycompanymytrademark.onmicrosoft.com, AdalResource=https://graph.windows.net.
[19:27:46.548] [  4] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:46: 293f32b6-10d6-4ac1-82d7-e7dffd61e2f4 - AcquireTokenNonInteractiveHandler: === Token Acquisition started:
    Authority: https://login.windows.net/mycompanymytrademark.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User
    
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:46: 293f32b6-10d6-4ac1-82d7-e7dffd61e2f4 - <RunAsync>d__0: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:46: 293f32b6-10d6-4ac1-82d7-e7dffd61e2f4 - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:46: 293f32b6-10d6-4ac1-82d7-e7dffd61e2f4 - <RunAsync>d__0: 59,97005067 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:46: 293f32b6-10d6-4ac1-82d7-e7dffd61e2f4 - <RunAsync>d__0: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:46: 293f32b6-10d6-4ac1-82d7-e7dffd61e2f4 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: pnhlmmYrWEMvYIIGZlFVp14jddOUBBt9dAeuTaOOebo=
    Refresh Token Hash: AS2ZewdC36LewrR5J8qWMxii2Ch0odh0xKn5XUydr6Y=
    Expiration Time: 16/06/2016 18:27:44 +00:00
    User Hash: h1f9FfsSFucuJKRMiFqz2jFGCufUwO9RL1RVvMp3BT4=
    
[19:27:46.548] [  4] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[19:27:46.548] [  4] [INFO ] ConnectMsolService: connecting using an AccessToken.
AzureADConnect.exe Information: 0 : 16/06/2016 17:27:46:  - ConnectMsolService: ADAL .NET with assembly version '2.23.0.0', file version '2.23.30226.1847' and informational version '0b5f258db72d0632d3693d262acbf77b634e9136' is running...
[19:27:47.157] [  4] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[19:27:47.486] [  4] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 0be814a5-88fa-4cdf-a34b-abc622b4bb76.
[19:27:47.501] [  4] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[19:27:47.501] [  4] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[19:27:47.501] [  4] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[19:27:47.626] [  4] [INFO ] AzureTenantPage: Successfully retrieved 4 domains from the tenant.
[19:27:47.642] [  4] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[19:27:47.642] [  4] [INFO ] Page transition from "Connexion à Azure AD" [AzureTenantPageViewModel] to "Connexion à AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[19:27:47.642] [  4] [INFO ] Property Username failed validation with error Le format du nom d’utilisateur est incorrect. Indiquez le nom d’utilisateur au format DOMAINE\nomutilisateur.
[19:27:56.328] [  1] [INFO ] Property Password failed validation with error Un mot de passe est requis.
[19:28:12.076] [ 17] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials.
[19:28:12.092] [ 17] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user mycompany\synchroAzureAD
[19:28:12.141] [ 17] [INFO ] Start GetEnterpiseAdminSid using rootdomain mycompany.fr
[19:28:12.147] [ 17] [INFO ] EnterpiseAdminSid=S-1-5-21-3683242585-2508763648-3345710530-519
[19:28:12.170] [ 17] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'mycompany.fr' was successfully matched.
[19:28:12.174] [ 17] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[19:28:12.175] [ 17] [INFO ] Validating forest with FQDN mycompany.fr
[19:28:12.199] [ 17] [INFO ] Examining domain mycompany.fr (:0% complete)
[19:28:12.200] [ 17] [INFO ] ValidateForest: using mycontroller.mycompany.fr to validate domain mycompany.fr
[19:28:12.201] [ 17] [INFO ] Successfully examined domain mycompany.fr GUID:323fa9a2-b7d1-4698-8940-2e56c16bf31f  DN:DC=mycompany,DC=fr
[19:28:12.212] [ 17] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[19:28:12.278] [ 17] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/mycompanymytrademark.onmicrosoft.com, AdalResource=https://graph.windows.net.
[19:28:12.278] [ 17] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:12: ad26f93c-cb75-44ce-a77e-cf0e513f106c - AcquireTokenNonInteractiveHandler: === Token Acquisition started:
    Authority: https://login.windows.net/mycompanymytrademark.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User
    
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:12: ad26f93c-cb75-44ce-a77e-cf0e513f106c - <RunAsync>d__0: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:12: ad26f93c-cb75-44ce-a77e-cf0e513f106c - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:12: ad26f93c-cb75-44ce-a77e-cf0e513f106c - <RunAsync>d__0: 59,5412194183333 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:12: ad26f93c-cb75-44ce-a77e-cf0e513f106c - <RunAsync>d__0: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:12: ad26f93c-cb75-44ce-a77e-cf0e513f106c - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: pnhlmmYrWEMvYIIGZlFVp14jddOUBBt9dAeuTaOOebo=
    Refresh Token Hash: AS2ZewdC36LewrR5J8qWMxii2Ch0odh0xKn5XUydr6Y=
    Expiration Time: 16/06/2016 18:27:44 +00:00
    User Hash: h1f9FfsSFucuJKRMiFqz2jFGCufUwO9RL1RVvMp3BT4=
    
[19:28:12.278] [ 17] [VERB ] MsolDomainExtensions.GetAllConfiguredDomains: Connecting to MSOL service.
[19:28:12.278] [ 17] [INFO ] ConnectMsolService: connecting using an AccessToken.
[19:28:12.606] [ 17] [INFO ] Page transition from "Connexion à AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configurer" [PerformConfigurationPageViewModel]
[19:28:12.607] [ 17] [INFO ] Starting a background thread in Prêt pour la configuration. Background Task Id: 4.
[19:28:13.611] [ 15] [INFO ] DiscoverAzureEndpoints [AADHealth]: ServiceEndpoint=https://s1.adhybridhealth.azure.com, AdalAuthority=https://login.windows.net/mycompanymytrademark.onmicrosoft.com, AdalResource=https://management.core.windows.net/.
[19:28:13.667] [  1] [INFO ] Exchange schema is not detected for forest mycompany.fr , so no exchange option displayed.
[19:28:16.171] [  1] [INFO ] Starting a background thread in Configuration. Background Task Id: 5.
[19:28:16.172] [ 18] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[19:28:16.173] [ 18] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[19:28:16.175] [ 18] [INFO ] Starting Sync Engine installation
[19:28:45.856] [ 18] [INFO ] InstallSyncEngineStage: Sync Engine was successfully installed.
[19:28:45.857] [ 18] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[19:28:45.863] [ 18] [INFO ] PerformConfigurationPageViewModel.StartInstallation: Preparing to configure sync engine.
[19:28:45.873] [ 18] [VERB ] GetAdminCredential called with account mycompany.FR\synchroAzureAD
[19:28:45.873] [ 18] [VERB ] AdministratorUsername is in NTAccount format.
[19:28:45.873] [ 18] [VERB ] GetAdminCredential returning account mycompany.FR\synchroAzureAD
[19:28:45.873] [ 18] [INFO ] Creating AD MA account for mycompany.fr.
[19:28:45.942] [ 18] [VERB ] CreateSynchronizationAccount(System.Net.NetworkCredential, d6879487b29d420591dfcf23fc3aa95f, mycompanymytrademark.onmicrosoft.com)
[19:28:45.944] [ 18] [INFO ] Synchronization account will have account name mycompany.FR\MSOL_d6879487b29d
[19:28:46.012] [ 18] [INFO ] Synchronization account was created successfully.
[19:28:46.014] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting DsReplicationGetChanges permission on all domains for password hash synchronization.
[19:28:46.059] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting DsReplicationGetChangesAll permission on all domains for password hash synchronization.
[19:28:46.075] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting DsResetPassword permission on all domains for password writeback.
[19:28:46.090] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting attribute permissions (lockoutTime, pwdLastSet) on all domains for password writeback.
[19:28:46.174] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting read/write permissions for all attributes of 'contact' object type for Hybrid Exchange.
[19:28:46.192] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting read/write permissions for all attributes of 'group' object type for Hybrid Exchange.
[19:28:46.209] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting read/write permissions for all attributes of 'inetorgperson' object type for Hybrid Exchange.
[19:28:46.226] [ 18] [INFO ] GrantAllActiveDirectoryPermissions: Granting read/write permissions for all attributes of 'user' object type for Hybrid Exchange.
[19:28:46.243] [ 18] [INFO ] AD MA account mycompany.FR\MSOL_d6879487b29d created.
[19:28:46.243] [ 18] [INFO ] Creating AD connector
AzureADConnect.exe Information: 0 : Management Agent Created: C:\Program Files\Microsoft Azure Active Directory Connect\SetupFiles\MA-ADDSTemplate.xml.
[19:28:46.990] [ 18] [INFO ] SyncDataProvider: Calling refresh schema on connector mycompany.fr
[19:28:47.177] [ 18] [INFO ] SyncDataProvider: Successfully refreshed schema on connector mycompany.fr
AzureADConnect.exe Information: 0 : One or more domains were added to the mycompany.fr Connector.
AzureADConnect.exe Information: 0 : One or more domains were removed from the mycompany.fr Connector.
AzureADConnect.exe Information: 0 : Configured Connector mycompany.fr for forest mycompany.fr.
AzureADConnect.exe Information: 0 : Connector mycompany.fr was updated successfully.
[19:28:48.390] [ 18] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/mycompanymytrademark.onmicrosoft.com, AdalResource=https://graph.windows.net.
[19:28:48.390] [ 18] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:48: d181b488-3e9d-40db-876b-d72d966de9d9 - AcquireTokenNonInteractiveHandler: === Token Acquisition started:
    Authority: https://login.windows.net/mycompanymytrademark.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User
    
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:48: d181b488-3e9d-40db-876b-d72d966de9d9 - <RunAsync>d__0: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:48: d181b488-3e9d-40db-876b-d72d966de9d9 - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:48: d181b488-3e9d-40db-876b-d72d966de9d9 - <RunAsync>d__0: 58,9393525533333 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:48: d181b488-3e9d-40db-876b-d72d966de9d9 - <RunAsync>d__0: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 16/06/2016 17:28:48: d181b488-3e9d-40db-876b-d72d966de9d9 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: pnhlmmYrWEMvYIIGZlFVp14jddOUBBt9dAeuTaOOebo=
    Refresh Token Hash: AS2ZewdC36LewrR5J8qWMxii2Ch0odh0xKn5XUydr6Y=
    Expiration Time: 16/06/2016 18:27:44 +00:00
    User Hash: h1f9FfsSFucuJKRMiFqz2jFGCufUwO9RL1RVvMp3BT4=
    
[19:28:48.390] [ 18] [VERB ] SyncDataProvider.EnableDirectorySyncFlag: Connecting to MSOL service.
[19:28:48.390] [ 18] [INFO ] ConnectMsolService: connecting using an AccessToken.
[19:28:48.727] [ 18] [INFO ] PowershellHelper: DirectorySynchronizationEnabled=True
[19:28:48.727] [ 18] [INFO ] PowershellHelper: DirectorySynchronizationStatus=Enabled
[19:28:48.727] [ 18] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[19:28:48.727] [ 18] [INFO ] Initializing Azure AD connector
[19:28:50.862] [ 18] [INFO ] Creating new azure service account for sync installation d6879487b29d420591dfcf23fc3aa95f using global tenant admin john@mycompanymytrademark.onmicrosoft.com.
[19:28:52.047] [ 18] [ERROR] GetServiceAccount: Unable to create synchronization service account. An error occurred. Error Code: 77. Error Description: La cause de l'erreur n'est pas clairement identifiée. L'opération sera relancée lors de la prochaine synchronisation. Si le problème persiste, contactez le support technique. Tracking ID: 6c9c99f1-bebe-4e83-ae59-5551265855a8 Server Name: . | La cause de l'erreur n'est pas clairement identifiée. L'opération sera relancée lors de la prochaine synchronisation. Si le problème persiste, contactez le support technique..
Exception Data (Raw): Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.AzureADServiceAccountException: Impossible de créer le compte de service de synchronisation pour Azure Active Directory. ---> Microsoft.Online.Coexistence.ProvisionException: An error occurred. Error Code: 77. Error Description: La cause de l'erreur n'est pas clairement identifiée. L'opération sera relancée lors de la prochaine synchronisation. Si le problème persiste, contactez le support technique. Tracking ID: 6c9c99f1-bebe-4e83-ae59-5551265855a8 Server Name: . ---> System.ServiceModel.FaultException`1[Microsoft.Online.Coexistence.Schema.AdminWebServiceFault]: La cause de l'erreur n'est pas clairement identifiée. L'opération sera relancée lors de la prochaine synchronisation. Si le problème persiste, contactez le support technique.

Server stack trace:
   à System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   à System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   à System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   à System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   à System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   à System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   à Microsoft.Online.Coexistence.Schema.IProvisioningWebService.GetServiceAccount(String identifier)
   à Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
   --- Fin de la trace de la pile d'exception interne ---
   à Microsoft.Online.Coexistence.ProvisionHelper.AdminWebServiceFaultHandler(FaultException`1 adminwebFault)
   à Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
   à Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeDependencies.ProvisioningHelperGetServiceAccount(ProvisionHelper provisionHelper, String identifier)
   à Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.<>c__DisplayClass13.<GetServiceAccount>b__12()
   à Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.ExecuteWithRetry(String actionName, Action action)
   à Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetServiceAccount(String identifier)
   à Microsoft.Online.Deployment.Types.Providers.ProvisioningWebServiceProvider.GetServiceAccount(String syncMachineIdentifier)
   --- Fin de la trace de la pile d'exception interne ---
   à Microsoft.Online.Deployment.Types.Providers.ProvisioningWebServiceProvider.GetServiceAccount(String syncMachineIdentifier)
   à Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.UpdateAADConnectorCredentials(IAzureActiveDirectoryContext aadContext, IAadSyncContext aadSyncContext)
   à Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
[19:28:52.049] [ 18] [ERROR] ConfigureSyncEngineStage: Caught exception while creating azure service account.
[19:28:52.049] [ 18] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[19:28:52.071] [ 14] [INFO ] Starting Telemetry Send
[19:29:11.873] [  1] [INFO ] Opened log file at path C:\Users\john\AppData\Local\AADConnect\trace-20160616-192720.log
[20:01:19.469] [  1] [INFO ] Opened log file at path C:\Users\john\AppData\Local\AADConnect\trace-20160616-192720.log

Hi, 

I hope this is the right forum for my question. If not, please let me know.

I have a general question about Azure, SSO, local AD, etc. We want to achieve something and needs some kind of direction. Several searches on the web did provide me a lot of, maybe too much, information which still makes it not clear to me.

We have an Azure environment with lets say 2 separate VMware Windows servers (one per customer). Both customers have their own local Active Directory environment.

Which techniques, azure components, protocol, etc can we use in order to use SSO against the local AD for an application which is running on the VM server? Or is this not possible at all?

Any ideas or suggestions are welcome. Thanks in advance.

hi,

I configured Azure AD for testing a solution and i need to remove it now to create real Directory Service.

when i try to remove it, a warning message appears with the following message 

• Directory has more than one user.
• Directory has one or more Azure subscriptions

i deleted users that was imported from on-premises AD except one user "On-Premises Directory Synchronization Service Account"

i cannot delete it from Azure Portal and cannot find it from Local DC.

how can i delete it????

i will appreciate it if anyone can help me with this issue.

Regards,

I have installed VM for AX7 in my local. I have got Azure as well as Office 365 account as required for AX7 retail. When I am trying to create or associate the external identity to worker system throwing an error for AAD endpoint connection. When I tried to search it more for this error, I came across the link in which it was stated about the role and the subscription for AX in Azure.

Can anyone please guide about the endpoint issue and how I can get this issue resolved.

Regards,

Hi guys,

I would to check if it is possible to run Azure Active Directory Powershell (MSOnline) without installation of 

• Microsoft Online Services Sign-In Assistant
• Azure Active Directory Module for Windows PowerShell (64-bit version)

I'm coming from the point of application deployment where the objective is to reduce additional installation to the server and to package the DLL, PSD1 (if required) of the Azure AD Module and run it like a portable app.

Did anyone manage to do that? 

i found the modules installed in one of my testing machine C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline and i tried to run the module in a new server without any installation of those mentioned above, it gives Type Initialization error. I believe it is caused by lacking of Microsoft Online Service Sign-In Assistant. 

Where are the dlls stored for MS Online Sign-In Assistant so that i can try to copy to the new server and test? 

Thanks in advance!

---

Cheng

I have AAD configured for user provisioning & SSO with Salesforce. I have it configured to provision users in Salesforce & put them in the correct Profile based on group membership. It has been working perfectly until today. Now when I put the user in a group I get an entry that says the user has essentially been skipped. Below are the contents of the log entry.

User'username@domain.com' will be skipped. The User in Azure Active Directory is not
assigned or did not pass the scoping filter. Details: User details: Skip reason
= FilteredOperation, Active = ?, Assigned = ?, Passed scope filter: ?;

I'm not sure what Skip reason = FilteredOperation means. I have tried removing them from the AD group, waiting to sync to occur, add them back, aync again...but no luck.

Thoughts?

---

Patrick Hoban
http://patrickhoban.wordpress.com

Hi,

Trying to configure Azure AD connect. At the last hurdle, it fails with the error:

[02:51:06.628] [ 18] [ERROR] There was an error deserializing the object of type Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse. Encountered unexpected character '<'.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: There was an error deserializing the object of type Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse. Encountered unexpected character '<'. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: There was an error deserializing the object of type Microsoft.IdentityModel.Clients.ActiveDirectory.UserRealmDiscoveryResponse. Encountered unexpected character '<'.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.ValidateConfigurationParameters(Connector connector)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.CreateConnector(Connector connector, Boolean validate)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncConnectorCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.ConnectorConfigAdapter.AddConnector(Connector connector)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnectorCore()
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Config.ConnectorAdapterBase.CreateOrUpdateConnector(IEnumerable`1 objectClassInclusions, IEnumerable`1 attributeNameInclusions, ParameterKeyedCollection connectorGlobalParameters, Boolean createRunProfile)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateConnectorWithRetry(ConnectorAdapterBase connectorAdapter, IEnumerable`1 objectClassInclusions, IEnumerable`1 attributeNameInclusions, ParameterKeyedCollection connectorGlobalParameters, Boolean createRunProfile)
   at Microsoft.Online.Deployment.Types.Configuration.Utility.ConnectorUtility`1.UpdateConnector(IAdSyncConfigExecutionContext`1 executionContext, ConfigurationItem configChange, ConnectorAdapterBase connectorAdapter, IAadSyncContext syncContext, Boolean isNewConnector, Boolean forceUpdateSchema, IAadSyncConfigurationResults& results, List`1 attributeExclusions, ConnectorSpecificPolicy connectorPolicy, Boolean retryOnFailure)
   at Microsoft.Online.Deployment.Types.Configuration.AadConnectorConfigurationItem.Execute[TContext](IAdSyncConfigExecutionContext`1 executionContext, IAadSyncConfigurationResults& results)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.ConfigureSyncEngine(TContext context)
   at Microsoft.Online.Deployment.PSModule.Tasks.AADSync.ConfigureAADSyncTask`1.Execute()
   at Microsoft.Online.Deployment.Framework.Workflow.WorkflowTask.ExecuteWrapper()
[02:51:06.635] [ 18] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed

So, I'm on the hunt for "<".

My first thought was an AD Object has the "<", but the following script run against, every type of object I could think of didn't reveal any "<".

Import-Module ActiveDirectory

$object = Get-ADGroup -filter * -Properties * -ResultSetSize 80000

$results =@()
$object | ForEach-Object{
    $object.Name
    $results += $_.psobject.Properties | select BaseObject,Name,Value | Where-Object {$_.Value -like '*<*'}
    }

$results

I then thought it might be one of the XML files in C:\Program Files\Microsoft Azure Active Directory Connect\SynchronizationRuleTemplates, but I have run all the files through an XML validation tool and they are all "well formed".

I can't think of anything else to try, so any help would be appreciated.

Thanks,

W.

Hi there,

Some of our user accounts were set up with a common phone number in the Authentication Contact Info section and I need to change them to the correct phone number on the user's behalf, the fields are grayed out on the Azure AD dashboard presumably due to our hybrid Azure AD configuration with on-prem?

How can this phone number field for the users be updated? This authentication contact into is not visible in ADSI

Thanks!

I have created a customer using a CSP sandbox account and added 2 Microsoft Azure Subscriptions.

However, when I login to Azure portal, I don't see any subscriptions. I found the "You don't have any subscriptions" message.
https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade

BUT when I login as delegated administrator (CSP sandbox account) my subscriptions are visible.

Why is it so? and what I have to do to make my subscriptions visible to the customer account?

---

Rizwan Ahmed. Software Engineer - Microsoft Lync | Exchange | SharePoint | Blackberry Enterprise Server | .NET

Hi,

I can't add my user to an Azure ActiveDirectory because it don't found the Microsoft Account.

Microsoft account exist and also it have a MSDN subscription: it's the account that write that post.

Any help?

Thanks!

Dario

Hello,

I first asked this question on the 365 forums, but they redirected me here:

I'm managing an Office 365 tenant in which the integrated Azure AD has an Employee that is no longer working for us as the Azure Subcription Admin. The old account of this employee has been renamed and now has a different UPN.

The changed named isn't causing any problems, but the registered Azure Subscription Admin entry isn't updated to reflect this change. If we try to re-add this account as 'aditional' Azure Subscription Admin, we get a 'this user already is an admin' message. It also isn't possible to edit the existing entry in any way.

How can we update/change the Azure Subscription admin in this tenant, I wouldn't have a clue.

With kind regards,

Twan

When using Azure AD as the identity provider for our web applications you get redirected to the login.microsoftonline page as part of the login process. This page has limited customization options described in the article "Add company branding to your sign-in and Access Panel pages" by Markus Vilcinskas. (I cannot post links yet).

We would like to fully customize this page. Are there methods to do so? 

Another question is if it's possible at all to create a completely custom login page for users to sign in where styling customization is in the hands of the developer?

From @t_vuorenmaa via Twitter:

"Is it a known issue that users may lose their licens for both O365 E3 and EMS at the same time?? A small amount of our users did this yday. E3 is back with help of our licens script. But EMS licens is still not back, Even though the users are member of the Assigned AD-Group for license assignment in Azure AD."

Thank you,

@AzureSupport