Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

How to create new Customized administrator with Azure AD subscription without affecting old Subscription

June 21, 2016, 2:17 am
$
0
0

My company works in education domain - InPods india pvt. ltd, we have integrated login mechanism of our application through office login, it means when we do offiice login through our website in that case user need to enter other credentials to into InPods.

For this we have to create new app with permission of Office Exchange and Office sharepoint by Global Administrator and due to which we requires to enter the global administrator credentials in InPods database.

As long as application usage we would have to enter the user credentials of Global Administrator, to avoid this can we able to create new customized Administrator with Azure subscription, office Sharepoint and office exchange permissions?

In between my main global administrator should not be affected.

Search

Asigned users missing in the result from graph API

May 30, 2016, 4:41 am
$
0
0

Hello

I am working with Azure Active Directory now. I have assigned several users using the GUI (manage.windowsazure.com) and use graph API ("graph.windows.net/myorganization…{app_id}/appRoleAssignedTo?api-version=1.5") ) to verified assigned users. However, the result I got from the graph API is not correct.

To be more specific, 3 users were assigned using the GUI, but only 2 users were shown in the result from graph API,

No Problem, we created a forum on your behalf. Please add as many details as possible so our
engineers can better assist: https://aka.ms/fc1169868

Thanks

@AzureSupport



Azure Active Directory Connect with 2 domains

June 21, 2016, 3:24 am
$
0
0

Hi all,

We have a client that have a configuration not very typical. They are using 2 domains Active Directory (one in local and one in an outsourcing company with VDI)

They would like to use Office365 with both domains and synchronize using AAD Connect. Here are my questions:

Is it possible to synchronize 2 different domains (not linked at all) with Azure Active Directory and Office365.

If yes, what are the requirements?

Thanks a lot for any help

Unable to Connect to Work or School

June 21, 2016, 8:38 am
$
0
0

After joining a new Surface Pro 4 with Windows 10 to Azure AD, we cannot enable MDM. We get the following error:

"We couldn't find your work or school. Check your internet connection, provide some additional info and try again".

we are on a wifi network and have internet connectivity. We are able to access the Azure App Portal site with this account and it shows the device (but it is listed twice).

How can we troubleshoot this?

Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010, MCSA Office 365


Constructed attributes and AD Connect

February 25, 2016, 12:26 pm
$
0
0
Any chance to get constructed (and other read-only types of) attributes recognized by the AD connector?

Graph API 1.6 returning Resource not found for the segment 'me'

October 12, 2015, 7:53 pm
$
0
0

Previously the Graph API worked for returning the list of groups for the active connection via the me method. However this is now returning the following error : 

{"odata.error":{"code":"Request_ResourceNotFound","message":{"lang":"en","value":"Resource not found for the segment 'me'."}}}

REST API URLS:

https://graph.windows.net/me?api-version=1.6 

(this one was working)

https://graph.windows.net/<tenantid>/me/memberOf?api-version=1.6 

Azure Active Directory B2C released to General Availability

June 21, 2016, 1:32 am
$
0
0

Hello there, love the product and have it up and running in a test environment.

Are you able to tell me when Azure Active Directory B2C will be released to General Availability? even if is just a rough estimate? thanks

Azure sign in policy

June 21, 2016, 2:37 am
$
0
0

Hi,

Is it possible to create azure sign in policy for application through power shell script?

If yes then can you please direct me to relevant resource.

Tx

Search

Azure AD Application Proxy not Displaying Original Web Page

June 21, 2016, 12:53 am
$
0
0

Hi,

I've installed and managed to connect the Intranet Web Page from external. However, it is not displaying the web page correctly. Logos and pictures are not displaying, menu bar is missing, and sub-link is not working.

Original Web Page

Azure AD Proxy directed Web Page:

Regards

GET https://graph.microsoft.com/beta/myorganization/users/:id/manager returning 403 sometimes, not always?

June 15, 2016, 4:27 pm
$
0
0

I am making a lot of requests against azure ad / microsoft graph, and every now and then a /manager or /photo request returns 403 instead of a 404, but as far as I can tell we have the correct permissions in the jwt, and everything should be working OK?

I believe this could just be the behavior of the beta API, but I hope it is something I'm doing wrong so I can fix it :)

Here is the log I get back, the access token here is expired, but when I test immediately after the 403 comes back, the request responds instead with a 404. This is from a web application running node.js 5.x using request-promise to issue the requests.

{"name": "StatusCodeError","statusCode": 403,"message": "[Request Client] Error in get https://graph.microsoft.com/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager!","error": {"error": {"code": "Authorization_RequestDenied","message": "Insufficient privileges to complete the operation.","innerError": {"request-id": "acb87931-f1ba-4d8c-8c2b-6622737be836","date": "2016-06-15T22:55:20"
      }
    }
  },"options": {"uri": "https://graph.microsoft.com/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager","method": "GET","headers": {"Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYmM2YjhkZDItZTc0Yy00OTZkLTg1MWQtMDIzOTMxZmIyZDIxLyIsImlhdCI6MTQ2NjAzMDk5NywibmJmIjoxNDY2MDMwOTk3LCJleHAiOjE0NjYwMzQ4OTcsImFjciI6IjEiLCJhbXIiOlsicHdkIl0sImFwcGlkIjoiNTg4NDlmYWUtNDVhNC00YmRjLWE4NmEtNDM5NjMzZjBiZTEzIiwiYXBwaWRhY3IiOiIxIiwiZmFtaWx5X25hbWUiOiJHZWxkb2YiLCJnaXZlbl9uYW1lIjoiQm9iIiwiaXBhZGRyIjoiOTguMjMyLjcuOTAiLCJuYW1lIjoiQm9iIEdlbGRvZiIsIm9pZCI6ImNkMTc3MWJjLTA4ODUtNDNjOS05OWZiLWI5ZTc1MTZlNTRlOSIsIm9ucHJlbV9zaWQiOiJTLTEtNS0yMS00NjU2MTM4LTQ0MTkwNTI4My0yNjAzODY4NzItMTEwNCIsInB1aWQiOiIxMDAzN0ZGRTk0N0YxNTc1Iiwic2NwIjoiQ29udGFjdHMuUmVhZFdyaXRlIE1haWwuUmVhZCBvZmZsaW5lX2FjY2VzcyBVc2VyLlJlYWQgVXNlci5SZWFkQmFzaWMuQWxsIFVzZXIuUmVhZFdyaXRlIiwic3ViIjoiaW83Y3EwdlFkRlBhR3pTdU1NVGdpbGk0OE96SWs4Qm1qcXZqSmptVWRjSSIsInRpZCI6ImJjNmI4ZGQyLWU3NGMtNDk2ZC04NTFkLTAyMzkzMWZiMmQyMSIsInVuaXF1ZV9uYW1lIjoiYm9iZ0BIeXBlckZpc2hEZXYwMS5vbm1pY3Jvc29mdC5jb20iLCJ1cG4iOiJib2JnQEh5cGVyRmlzaERldjAxLm9ubWljcm9zb2Z0LmNvbSIsInZlciI6IjEuMCJ9.gMnRxai4PQRR8Bo7QMLD6lvW65CGaJ-LmyRI_kA7XC2Toz5EecaTlCGUJYR-_XF9N5iYNo594OUGzCF7xTf1z58YR4EzxtfsfdzfD9RNPx_L9bTx8FGUC4L2Z-RSquTXQ9sywt2nycb0WdpsYARv01oZJrGGU4w4b9rYHqTZOmr6e_6g11OvhjXKgwg8UGnvq-_ee93Vt50ZX5NH0TFgho8CyxzH0DSyCckCgNrAYy1CSEJadd6kUE2I-PR8GbdX4-4v8eLq00UOAGXopC7uKxQQNI0UYr6ZRQEDBb9rjESKNnFJXrmmemW6M8gRfGKHVgcdXY-BZrfozmv5QvDPTA"
    },"json": true,"simple": true,"resolveWithFullResponse": false
  },"response": {"statusCode": 403,"body": {"$ref": "$[\"error\"]"
    },"headers": {"cache-control": "private","transfer-encoding": "chunked","content-type": "application/json","server": "Microsoft-IIS/8.5","request-id": "acb87931-f1ba-4d8c-8c2b-6622737be836","client-request-id": "acb87931-f1ba-4d8c-8c2b-6622737be836","x-ms-ags-diagnostic": "{\"ServerInfo\":{\"DataCenter\":\"West US\",\"Slice\":\"SliceB\",\"ScaleUnit\":\"000\",\"Host\":\"AGSFE_IN_4\",\"ADSiteName\":\"WST\"}}","duration": "101.1805","x-powered-by": "ASP.NET","date": "Wed, 15 Jun 2016 22:55:19 GMT","connection": "close"
    },"request": {"uri": {"protocol": "https:","slashes": true,"auth": null,"host": "graph.microsoft.com","port": 443,"hostname": "graph.microsoft.com","hash": null,"search": null,"query": null,"pathname": "/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager","path": "/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager","href": "https://graph.microsoft.com/beta/myorganization/users/288033a1-78ff-40fb-92fe-18734d7c63a2/manager"
      },"method": "get","headers": {"Authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYmM2YjhkZDItZTc0Yy00OTZkLTg1MWQtMDIzOTMxZmIyZDIxLyIsImlhdCI6MTQ2NjAzMDk5NywibmJmIjoxNDY2MDMwOTk3LCJleHAiOjE0NjYwMzQ4OTcsImFjciI6IjEiLCJhbXIiOlsicHdkIl0sImFwcGlkIjoiNTg4NDlmYWUtNDVhNC00YmRjLWE4NmEtNDM5NjMzZjBiZTEzIiwiYXBwaWRhY3IiOiIxIiwiZmFtaWx5X25hbWUiOiJHZWxkb2YiLCJnaXZlbl9uYW1lIjoiQm9iIiwiaXBhZGRyIjoiOTguMjMyLjcuOTAiLCJuYW1lIjoiQm9iIEdlbGRvZiIsIm9pZCI6ImNkMTc3MWJjLTA4ODUtNDNjOS05OWZiLWI5ZTc1MTZlNTRlOSIsIm9ucHJlbV9zaWQiOiJTLTEtNS0yMS00NjU2MTM4LTQ0MTkwNTI4My0yNjAzODY4NzItMTEwNCIsInB1aWQiOiIxMDAzN0ZGRTk0N0YxNTc1Iiwic2NwIjoiQ29udGFjdHMuUmVhZFdyaXRlIE1haWwuUmVhZCBvZmZsaW5lX2FjY2VzcyBVc2VyLlJlYWQgVXNlci5SZWFkQmFzaWMuQWxsIFVzZXIuUmVhZFdyaXRlIiwic3ViIjoiaW83Y3EwdlFkRlBhR3pTdU1NVGdpbGk0OE96SWs4Qm1qcXZqSmptVWRjSSIsInRpZCI6ImJjNmI4ZGQyLWU3NGMtNDk2ZC04NTFkLTAyMzkzMWZiMmQyMSIsInVuaXF1ZV9uYW1lIjoiYm9iZ0BIeXBlckZpc2hEZXYwMS5vbm1pY3Jvc29mdC5jb20iLCJ1cG4iOiJib2JnQEh5cGVyRmlzaERldjAxLm9ubWljcm9zb2Z0LmNvbSIsInZlciI6IjEuMCJ9.gMnRxai4PQRR8Bo7QMLD6lvW65CGaJ-LmyRI_kA7XC2Toz5EecaTlCGUJYR-_XF9N5iYNo594OUGzCF7xTf1z58YR4EzxtfsfdzfD9RNPx_L9bTx8FGUC4L2Z-RSquTXQ9sywt2nycb0WdpsYARv01oZJrGGU4w4b9rYHqTZOmr6e_6g11OvhjXKgwg8UGnvq-_ee93Vt50ZX5NH0TFgho8CyxzH0DSyCckCgNrAYy1CSEJadd6kUE2I-PR8GbdX4-4v8eLq00UOAGXopC7uKxQQNI0UYr6ZRQEDBb9rjESKNnFJXrmmemW6M8gRfGKHVgcdXY-BZrfozmv5QvDPTA","accept": "application/json","content-length": 0
      }
    }
  },"level": "warn","timestamp": "2016-06-15T22:55:21.465Z"
}

Any help would be appreciated, thanks!

Azure AD Connect: Disabling users in AD does not change "accountEnabled" to false in metaverse object properties

July 14, 2016, 11:29 am
$
0
0

We are using Office 365 and Azure AD Connect 1.1.180.0. We've observed that when we disable some users in local AD and do a sync (full or delta), the metaverse object property "accountEnabled" remains set to true, and the Office 365 sign-in status remains set to "allowed". However, when we change other properties for these same user accounts (such as phone number, for example), the update is processed and synced to Azure AD/Office 365 as expected.

This is not affecting all user accounts; it is happening consistently with new user accounts and also accounts that were created in the last few months. Older user accounts seem to be unaffected, that is, if we disable them and run a sync, the "accountEnabled" property is set to false and their sign-in status in Office 365 gets set to blocked.

Any ideas about how to troubleshoot this?

AD Connect - Username and UPN Suffix do not match SMTP address in O365

July 14, 2016, 2:13 pm
$
0
0

The username in AD is firstname.lastname, and the UPN suffix is domain.local. Mailboxes in O365 (and on-prem Exchange SMTP address) are firstinitiallastname@domain.com. Mailboxes were created with a failed cutover migration, and now I'm migrating the data using MigrationWiz.

I've fixed the UPN suffix before, my issue is with the username bit. Can AD Connect match using another attribute for the local account? If so, how? Even if I fix the UPN Suffix, the UPN itself won't match the email address in O365.

I see there's a way to match the "mail attribute" in Matching across forests -> match using "mail attribute", will that accomplish this sync? I'm just looking for password sync from local AD to Azure AD.

Thanks for any help you can provide.

how do i create an alert in o365 security& compliance that includes all users

July 14, 2016, 11:39 am
$
0
0

i am trying to create alerts that includes all users making changes to groups or roles. however, i can only select 1 user at a time to be able to do this. is there a way for me to select all users so that when any user in my tenant makes a change ( that changes a group or a role)

thanks 

Create custom user property in Azure AD

July 14, 2016, 11:06 pm
$
0
0

I'm looking for a way to extend user property in Azure AD. The list of default properties seem not to be enough to me. I have my application storing user profile in on-premises and now I need to synchronize all into Azure AD. I have heard of Azure AD Graph but not sure whether there is any guide on how to extend Azure AD property with Graph.

Your recommendation is always very much appreciated.

Thuan Soldier
A 23-year-old man loving Microsoft technologies and making crazy ideas on business journey.
SharePoint Vietnam | Blog | Twitter

Gallery app SAML integration error (HackerOne)

July 12, 2016, 7:18 am
$
0
0

Hi,

Trying to integrate the HackerOne app from the app gallery into our Azure AD. Followed the instructions here

https://azure.microsoft.com/en-gb/documentation/articles/active-directory-saas-hackerone-tutorial/

But getting an error when attempting to authenticate...

Sorry, but we’re having trouble signing you in.

We received a bad request.

Additional technical information:

Correlation ID: 7e8be4b5-e75f-41d6-9baf-74bd39e707b5
Timestamp: 2016-07-12 14:06:25Z
AADSTS70001: Application with identifier 'hackerone.com' was not found in the directory 5e729370-42c0-400b-856a-8d18bcda2139

The directory ID is correct as far as I can tell and I have successfully integrated several other apps from the gallery.

Thanks.

Search

Local AD users replication and Logon time

July 14, 2016, 5:06 am
$
0
0

Hi Experts

I established ADFS between My demo Active Directory Service and Azure AD and its working fine. Same time I noticed few things and would like to know facts about those.

1. I understand that ADFS is configured for that scenario where we don't ant to replicate users and their credentials BUT here in AZURE AD, I can see my users in Azure AD side as well. Is this expected behavior? If so whats the difference between syncing and ADFS?

2. If I create Users in my local AD, its taking approx. 1 hour to login. Is this expected time? Can we enable instant login to Federated applications like O365 and other in-house applications?

Thanks in Advance.

 


Azure AD Connect - Your credentials are not authorized

May 30, 2016, 7:15 am
$
0
0

Hi all,

I am configuring Azure AD Connect with the aim of setting up an ADFS Farm. The entire wizard went well, and i authenticated using a Global Admin user in the original onmicrosoft.com domain. However when the process actually began the install process, it errored with the following message:

"Unexpected exception thrown. Action: PingProvisioningServiceEndPoint, Exception: An error occurred. Error Code: 6. Error Description: Your credentials are not authorized to access Windows Azure Active Directory.  Please check your Administrator credentials and try again. Tracking ID: f6dc29b8-e9ce-4b7a-95db-81f4359b86c7 "

The password was definatwly entered correctly, and the user is a Global Admin as shown in the Office 365 Portal.

Any help would be appreciated.

Kind regards,

Tom

B2B Invited Guest can't answer invitation

July 14, 2016, 1:28 pm
$
0
0

To a partner company, 10 B2B invites were sent.  I only used the 2 required fields in the csv.  Keeping it real simple.  8 successfully signed up and setup a password for their accounts.

2 could not.  Instead of being taken to an account verification page to start that, they are given just a login page.  It's like they already have an account.  They can't reset the password as the message comes back password resets have been disabled on this account.  They do have a link that says Microsoft will notify the admin for them.  Of course I don't get any trace of anything.  I'm the inviting company.

They do not have any Office 365 or anything like that at their company.  They do not know what the passwords are to sign in with nor remember having used their organizational email for anything with Microsoft.

Could someone offer some insight into what "may" be going on?

Thanks

Error when joining a machine to Azure AD

July 14, 2016, 9:03 pm
$
0
0

I'm having the hardest time joining a machine to Azure AD. It is a newly upgraded machine from Windows 7 Pro. Here's what I have tried (have search on Google with little luck):

•Reset PC after upgrade to Windows 10

•Reimage using Legacy Boot from Secured

Here's the exact error and error code I am receiving: Something went wrong. Confirm you are using the correct sign-in information and that your organization uses this feature. You can try to do this again or contact your system administrator with the error code 8009002d

I have setup a handful of machine in our organization on Azure AD but this one is giving me the biggest trouble. Has anyone else seen this issue before? We do not have any support plans with Azure AD so hence why I am seeking some assistance elsewhere.

Thanks!

Authenticating to Azure AD non-interactively using a username & password

July 14, 2016, 11:24 pm
$
0
0

The latest Microsoft.IdentityModel.Clients.ActiveDirectory.dll (3.120) does not have UserCrendential class which takes username and password, however theAuthenticationContext.AcquireTokenAsync expects UserCredential with username and password

How to proceed? Both AutenticationContext and UserCrendential are part of same dll!

Please help

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>