Dear Team,

We have Azure Premium AD and Planning to configure soon ADC as well. We have SharePoint portal which will get authenticated with Azure AD. We do have couple of Web based on-premise applications running in-house. We want to provide SSO for all the other Web based on-premise applications. Example. SharePoint is already authenticated by Azure AD and SharePoint will host links for other on-premise Web based applications, Once user Authenticated to SharePoint successfully and if they click on the links of the Web based on-premises applications than it should not prompt for the credentials instead it should log them on if they have access to Application. Thanks.

Regards,

Innick

trying to configure we get an error:

[ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.

Can anyone shed any light on what we can do to resolve please?

Kind regards,

Matt

Matt Peek

Hi Experts

I established ADFS between My demo Active Directory Service and Azure AD and its working fine. Same time I noticed few things and would like to know facts about those.

1. I understand that ADFS is configured for that scenario where we don't ant to replicate users and their credentials BUT here in AZURE AD, I can see my users in Azure AD side as well. Is this expected behavior? If so whats the difference between syncing and ADFS?

2. If I create Users in my local AD, its taking approx. 1 hour to login. Is this expected time? Can we enable instant login to Federated applications like O365 and other in-house applications?

Thanks in Advance.

I'm on a Win10 workstation that's joined to AzureAD like this. How can I grant file permissions to an AzureAD user?

When I try to use the File Properties > Security > Edit > Add dialog I can't find/select any users on the AzureAD domain, including the currently logged in user. Entering `AzureAD\FirstLast` and clicking Check Names gives this (where AzureAD\JohnSmith happens to be the currently logged-in user):

There's no option to use AzureAD as the location for the Search either. 

In general this sort of thing seems to be a problem with AzureAD-joined accounts: windows appears to not know about them, e.g. when adding them to SQL Server. Or perhaps I just don't know the right way to refer to these users? 

thanks for any help!

Rory

Also posted on SuperUser

We have on-premises Sharepoint secured by ADFS and our on-premises AD connected to Azure AD (we are moving our corporate mail from on premises Exchange to Office 365 mail). We've developed an Angular / ADAL app to display users' Office 365 mail, when they sign in to Sharepoing (via ADFS). We are successful in pulling down mail data from Office 365 but the sign on process is not completely SSO or secure.

Re: SSO

When users first sign in to Sharepoint/ADFS, the app redirect to an app authorization/sign in page at login.microsoftonline.com. Since the user has already signed into ADFS which is connected to Azure AD. I should think we would be able to bypass this. How?

Re: Security

If user A then signs out and user B signs in, the app displays user A's mail. Yikes!

Our app is based on this: https://github.com/OfficeDev/O365-Angular-GettingStarted

Seems like we missing something here. Any help is much appreciated!

Cheers,

Bill

I am trying to install the MS Azure AD Connect on a fresh windows 2012 R2 server fully updated with Netframework 3.5 & 4.5 installed. Also powershell is installed. Domain Controller. 

The log files shows:

[06:08:59.010] [  1] [INFO ] 
[06:08:59.025] [  1] [INFO ] ================================================================================
[06:08:59.025] [  1] [INFO ] Application starting
[06:08:59.025] [  1] [INFO ] ================================================================================
[06:08:59.040] [  1] [INFO ] Application Version: 1.0.0.0-1434562712
[06:09:00.190] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[06:09:00.205] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[06:09:00.220] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[06:09:00.265] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.265] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: no registered products found.
[06:09:00.265] [  1] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[06:09:00.265] [  1] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals is not installed.
[06:09:00.265] [  1] [INFO ] Performing direct lookup of upgrade codes for: Windows Azure Active Directory Module for Windows PowerShell
[06:09:00.265] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.265] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[06:09:00.265] [  1] [INFO ] Determining installation action for Windows Azure Active Directory Module for Windows PowerShell (bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c)
[06:09:00.280] [  1] [INFO ] Product Windows Azure Active Directory Module for Windows PowerShell is not installed.
[06:09:00.280] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[06:09:00.280] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.280] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[06:09:00.280] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[06:09:00.280] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[06:09:00.280] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[06:09:00.280] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[06:09:00.280] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.280] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[06:09:00.280] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[06:09:00.280] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[06:09:00.280] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[06:09:00.280] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[06:09:00.280] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.280] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[06:09:00.280] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[06:09:00.280] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[06:09:00.295] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[06:09:00.414] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[06:09:00.414] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine Health Agent
[06:09:00.414] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.414] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[06:09:00.414] [  1] [INFO ] Determining installation action for Azure AD Sync Engine Health Agent (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[06:09:00.414] [  1] [INFO ] Product Azure AD Sync Engine Health Agent is not installed.
[06:09:00.414] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[06:09:00.414] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.414] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: no registered products found.
[06:09:00.414] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[06:09:00.414] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities is not installed.
[06:09:00.414] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[06:09:00.414] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.414] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: no registered products found.
[06:09:00.414] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[06:09:00.414] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB is not installed.
[06:09:00.414] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[06:09:00.414] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.414] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: no registered products found.
[06:09:00.414] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[06:09:00.414] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client is not installed.
[06:09:00.414] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Azure AD Connector
[06:09:00.414] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.414] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[06:09:00.414] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Azure AD Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[06:09:00.414] [  1] [INFO ] Product Microsoft Azure AD Connect Azure AD Connector is not installed.
[06:09:00.414] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[06:09:00.519] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[06:09:00.519] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[06:09:00.519] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[06:09:00.519] [  1] [VERB ] Getting list of installed packages by upgrade code
[06:09:00.519] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {930fb0de-3e7d-4450-a4e1-40cde9358027}.
[06:09:00.533] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.0.8641.0, ProductCode=930fb0de-3e7d-4450-a4e1-40cde9358027, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[06:09:00.533] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[06:09:00.533] [  1] [INFO ] Product Azure Active Directory Connect (version 1.0.8641.0) is installed.
[06:09:00.533] [  1] [INFO ] Checking for DirSync conditions.
[06:09:00.533] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[06:09:00.533] [  1] [INFO ] Sync engine is not present. Performing clean install.
[06:09:09.314] [  1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[06:09:09.509] [  1] [INFO ] App Properties/Metrics:
[06:09:09.509] [  1] [INFO ]    Runtime.Start=2015-08-05T06:08:59+04:00
[06:09:09.509] [  1] [INFO ]    Application.Version=1.0.0.0-1434562712
[06:09:09.509] [  1] [INFO ]    Application.IsDebugBuild=False
[06:09:09.509] [  1] [INFO ]    Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
[06:09:09.509] [  1] [INFO ]    Environment.OperatingSystem.Platform=Win32NT
[06:09:09.509] [  1] [INFO ]    Environment.OperatingSystem.ServicePack=
[06:09:09.509] [  1] [INFO ]    Environment.OperatingSystem.ProductType=Server
[06:09:09.509] [  1] [INFO ]    Environment.OperatingSystem.Sku=7
[06:09:09.509] [  1] [INFO ]    Environment.OperatingSystem.Language=0409
[06:09:09.509] [  1] [INFO ]    Environment.OperatingSystem.IsDomainJoined=True
[06:09:09.509] [  1] [INFO ]    Runtime.SyncEngine.NewInstall=False
[06:09:09.509] [  1] [INFO ]    Runtime.WizardPageFlow=NewScenario
[06:09:09.509] [  1] [INFO ]    Runtime.EncodedPageNavigationBytes=AQkA
[06:09:09.509] [  1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 1.
[06:09:09.509] [  7] [INFO ] Starting Telemetry Send
[06:09:14.324] [  1] [INFO ] Initializing global context for scenario AADSyncPwdSync (f86a0fe7-77d0-49dc-a424-59a1a273df40) 
[06:09:14.371] [  1] [VERB ] Created the following activities for scenario AADSyncPwdSync (f86a0fe7-77d0-49dc-a424-59a1a273df40): 
[06:09:14.373] [  1] [VERB ]    CollectPwdSyncScenarioInformation (590174c3-1f58-4c59-9623-a7b9bd3d7993): InProgress
[06:09:14.373] [  1] [VERB ]    InstallAADSyncEngine (5fb5507c-4408-49c6-abf9-0a3806471871): NotStarted
[06:09:14.373] [  1] [VERB ]    ConfigureSyncEngineForPwdSync (b7144e43-3428-4cc0-957a-443781a38f45): NotStarted
[06:09:14.391] [  1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 2.
[06:09:14.415] [  9] [INFO ] Starting a background thread in Install required components. Background Task Id: 3.
[06:09:14.448] [  9] [INFO ] Starting Sync Engine installation
[06:09:14.457] [  9] [INFO ] Starting Prerequisite installation
[06:09:14.584] [ 18] [VERB ] WorkflowEngine created
[06:09:14.584] [ 18] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
[06:09:14.584] [ 18] [VERB ] Getting list of installed packages by upgrade code
[06:09:14.584] [ 18] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: no registered products found.
[06:09:14.584] [ 18] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
[06:09:14.584] [ 18] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals is not installed.
[06:09:14.584] [ 18] [INFO ] Performing direct lookup of upgrade codes for: Windows Azure Active Directory Module for Windows PowerShell
[06:09:14.584] [ 18] [VERB ] Getting list of installed packages by upgrade code
[06:09:14.584] [ 18] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[06:09:14.584] [ 18] [INFO ] Determining installation action for Windows Azure Active Directory Module for Windows PowerShell (bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c)
[06:09:14.584] [ 18] [INFO ] Product Windows Azure Active Directory Module for Windows PowerShell is not installed.
[06:09:14.584] [ 18] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[06:09:14.584] [ 18] [VERB ] Getting list of installed packages by upgrade code
[06:09:14.584] [ 18] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[06:09:14.584] [ 18] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[06:09:14.584] [ 18] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[06:09:14.584] [ 18] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[06:09:14.599] [ 18] [VERB ] Created task 97f98fc5-58b5-4e5d-97fc-e62c1edd764e with name Install Prerequisites
[06:09:14.614] [ 18] [VERB ] Created task 91b870cb-fedb-43a2-a367-e7fdd0e03125 with name Uninstall Microsoft Online Sign-In Assistant
[06:09:14.614] [ 18] [VERB ] Created task 53ff587b-bbaa-4e03-adf0-18bfa3d06d3f with name Install Microsoft Online Sign-In Assistant
[06:09:14.614] [ 18] [VERB ] Created task e8598c10-c9f7-4cb8-82e8-47fe1330a460 with name Uninstall Microsoft Online PowerShell Module
[06:09:14.614] [ 18] [VERB ] Created task c2f7d2d2-c5a2-4f4f-ae21-13d0b5c9ab6b with name Install Microsoft Online PowerShell Module
[06:09:14.614] [ 18] [VERB ] Created task f5a85a41-85b9-40ca-82f8-d75f95bd96b8 with name Install Visual C++ Redistributable for Visual Studio 2013
[06:09:14.614] [ 18] [VERB ] Executing task Install Prerequisites
[06:09:14.614] [ 18] [VERB ] Waiting for task to complete: Install Prerequisites
[06:09:14.629] [ 19] [VERB ] Executing task Uninstall Microsoft Online Sign-In Assistant
[06:09:14.644] [ 20] [INFO ] Task 'Uninstall Microsoft Online Sign-In Assistant' has finished execution
[06:09:14.644] [ 19] [INFO ] Task 'Uninstall Microsoft Online Sign-In Assistant' finished successfully
[06:09:14.644] [ 19] [VERB ] Executing task Install Microsoft Online Sign-In Assistant
[06:09:16.272] [ 21] [INFO ] Task 'Install Microsoft Online Sign-In Assistant' has finished execution
[06:09:16.272] [ 19] [INFO ] Task 'Install Microsoft Online Sign-In Assistant' finished successfully
[06:09:16.272] [ 19] [VERB ] Executing task Uninstall Microsoft Online PowerShell Module
[06:09:16.272] [  6] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' has finished execution
[06:09:16.272] [ 19] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' finished successfully
[06:09:16.272] [ 19] [VERB ] Executing task Install Microsoft Online PowerShell Module
[06:09:16.780] [ 22] [INFO ] Task 'Install Microsoft Online PowerShell Module' has finished execution
[06:09:16.780] [ 19] [INFO ] Task 'Install Microsoft Online PowerShell Module' finished successfully
[06:09:16.780] [ 19] [VERB ] Executing task Install Visual C++ Redistributable for Visual Studio 2013
[06:09:16.780] [ 23] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' has finished execution
[06:09:16.780] [ 19] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' finished successfully
[06:09:16.780] [ 19] [INFO ] Task 'Install Prerequisites' has finished execution
[06:09:16.780] [ 18] [VERB ] Waited 0:00:02.1653612 for task to complete: Install Prerequisites
[06:09:16.780] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[06:09:16.884] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[06:09:16.884] [  1] [INFO ] Property Username failed validation with error The Windows Azure account name cannot be empty.
[06:09:33.779] [  1] [INFO ] Property Password failed validation with error A Windows Azure password is required.
[06:09:41.266] [  4] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credentials validation.
[06:09:48.165] [  4] [INFO ] AzureTenantPage: Credentials successfully validated for Windows Azure.
[06:09:49.494] [  4] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 3c300858-a6c3-41b8-8285-391e0ba19028.
[06:09:49.494] [  4] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[06:09:49.494] [  4] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[06:09:49.494] [  4] [INFO ] PowershellHelper: lastDirectorySyncTime=12/13/2014 5:24:22 AM
[06:09:50.061] [  4] [INFO ] AzureTenantPage: Successfully retrieved 9 domains from the tenant.
[06:09:50.061] [  4] [ERROR] GetAzureADSecurityToken: Trying to get Azure Security Token.
AzureADConnect.exe Information: 0 : 8/5/2015 2:09:50 AM:  - SecurityProvider: ADAL .NET with assembly version '2.13.0.0', file version '2.13.11219.1810' and informational version '951e1410c937939e0df4e99f872c64d000ff9712' is running...
AzureADConnect.exe Information: 0 : 8/5/2015 2:09:50 AM: e26cfe80-d3e5-4014-82c6-7094b37868c2 - AcquireTokenNonInteractiveHandler: === Token Acquisition started:
Authority: https://login.windows.net/common/
Resource: https://management.core.windows.net/
ClientId: cf6d7e68-f018-4e0a-a7b3-126e053fb88d
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
Authentication Target: User

AzureADConnect.exe Information: 0 : 8/5/2015 2:09:50 AM: e26cfe80-d3e5-4014-82c6-7094b37868c2 - <RunAsync>d__0: No matching token was found in the cache
AzureADConnect.exe Information: 0 : 8/5/2015 2:09:50 AM: e26cfe80-d3e5-4014-82c6-7094b37868c2 - AsyncMethodBuilderCore: Sending user realm discovery request to 'https://login.windows.net/common/UserRealm/rajeshvijayandxb@domain.onmicrosoft.com?api-version=1.0'
AzureADConnect.exe Information: 0 : 8/5/2015 2:09:50 AM: e26cfe80-d3e5-4014-82c6-7094b37868c2 - AsyncMethodBuilderCore: User with hash 'hFqUY18zUoYmO0ZANntND7LdS58Y1nl28r8CzypqlPc=' detected as 'Managed'
AzureADConnect.exe Information: 0 : 8/5/2015 2:09:51 AM: e26cfe80-d3e5-4014-82c6-7094b37868c2 - <RunAsync>d__0: An item was stored in the cache
AzureADConnect.exe Information: 0 : 8/5/2015 2:09:51 AM: e26cfe80-d3e5-4014-82c6-7094b37868c2 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
Access Token Hash: WDx3fdPpgcMxjxpc+KWs8WUtkcH2y15l+0HBynJyV8A=
Refresh Token Hash: WPg5eYD4wMHDY2XUDUQpmc54iE3YfchoRz7tQnI+Ubw=
Expiration Time: 8/5/2015 3:09:51 AM +00:00
User Hash: W11dr1xr0CXQRx8N7D+Yi9OoerapHBFloL0WF6cUv30=

[06:09:51.719] [  4] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[06:09:51.734] [  4] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[06:09:51.734] [  4] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[06:10:02.956] [  1] [INFO ] Property Password failed validation with error A password is required.
[06:10:07.949] [  4] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials.
[06:10:08.199] [  4] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user domain\administrator
[06:10:08.504] [  4] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[06:10:08.516] [  4] [INFO ] Validating forest with FQDN domain.local
[06:10:08.758] [  4] [INFO ] Examining domain domain.local (:0% complete)
[06:10:08.764] [  4] [INFO ] ValidateForest: using PGCAD01.domain.local to validate domain domain.local
[06:10:08.767] [  4] [INFO ] Successfully examined domain domain.local GUID:a3e36a60-d9b9-4e44-a443-c6455a17e0c4  DN:DC=domain,DC=local
[06:10:08.902] [  4] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[06:10:08.906] [  4] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[06:10:08.908] [  4] [INFO ] Starting a background thread in Ready to configure. Background Task Id: 4.
[06:10:18.411] [  1] [INFO ] Updating state of activity CollectPwdSyncScenarioInformation from InProgress to FinishedSuccessfully
[06:10:18.411] [  1] [VERB ] Persisted activities are as follows:
[06:10:18.411] [  1] [VERB ]    CollectPwdSyncScenarioInformation (590174c3-1f58-4c59-9623-a7b9bd3d7993): FinishedSuccessfully
[06:10:18.411] [  1] [VERB ]    InstallAADSyncEngine (5fb5507c-4408-49c6-abf9-0a3806471871): NotStarted
[06:10:18.411] [  1] [VERB ]    ConfigureSyncEngineForPwdSync (b7144e43-3428-4cc0-957a-443781a38f45): NotStarted
[06:10:18.412] [  1] [INFO ] Starting a background thread in Configuring. Background Task Id: 5.
[06:10:18.417] [  6] [INFO ] PerformConfigurationPageViewModel.StartInstallation: Preparing to install sync engine (WizardMode=Install).
[06:10:18.431] [  6] [INFO ] Starting Sync Engine installation
[06:10:18.434] [  6] [INFO ] Updating state of activity InstallAADSyncEngine from NotStarted to InProgress
[06:10:18.434] [  6] [VERB ] Persisted activities are as follows:
[06:10:18.434] [  6] [VERB ]    CollectPwdSyncScenarioInformation (590174c3-1f58-4c59-9623-a7b9bd3d7993): FinishedSuccessfully
[06:10:18.434] [  6] [VERB ]    InstallAADSyncEngine (5fb5507c-4408-49c6-abf9-0a3806471871): InProgress
[06:10:18.434] [  6] [VERB ]    ConfigureSyncEngineForPwdSync (b7144e43-3428-4cc0-957a-443781a38f45): NotStarted
[06:10:45.160] [ 20] [INFO ] Starting Telemetry Send
[06:10:45.180] [  6] [INFO ] Updating state of activity InstallAADSyncEngine from InProgress to Failed
[06:10:45.180] [  6] [VERB ] Persisted activities are as follows:
[06:10:45.180] [  6] [VERB ]    CollectPwdSyncScenarioInformation (590174c3-1f58-4c59-9623-a7b9bd3d7993): FinishedSuccessfully
[06:10:45.180] [  6] [VERB ]    InstallAADSyncEngine (5fb5507c-4408-49c6-abf9-0a3806471871): Failed
[06:10:45.180] [  6] [VERB ]    ConfigureSyncEngineForPwdSync (b7144e43-3428-4cc0-957a-443781a38f45): NotStarted
[06:10:45.186] [  6] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Please see the event log for additional details. ---> Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1603.

Details: 
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartProcessCore(String fileName, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile, Boolean hideWindow, Boolean waitForExit)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartBackgroundProcessAndWaitForExit(String fileName, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String parametersString, String installationPath, NetworkCredential credential, String installLogFileName, Boolean quiet, Boolean suppressReboot)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackageQuietSuppressReboot(String msiPackageDirectory, String msiPackageFileName, String parametersString, String installationPath, NetworkCredential credential, String installLogFileName)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.<>c__DisplayClass12.<InstallSynchronizationService>b__11()
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore()
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   at Microsoft.Online.Deployment.OneADWizard.Providers.EngineSetupProvider.SetupSyncEngine(String setupFilesPath, String installationPath, String sqlServerName, String sqlInstanceName, String serviceAccountName, String serviceAccountDomain, String serviceAccountPassword, String groupAdmins, String groupBrowse, String groupOperators, String groupPasswordSet, ProgressChangedEventHandler progressChanged, NetworkCredential& serviceAccountCredential, SecurityIdentifier& serviceAccountSid)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[06:10:53.677] [  1] [INFO ] Opened log file at path C:\Users\administrator.domain\AppData\Local\AADConnect\trace-20150805-060858.log
---------------------------------------------------------------------------------------------------------------------------------------------------------

Hello,

In our environment we use one ADFS 2.0 server to handle most of our requests (hosted in a datacenter), and an ADFS 3.0 (hosted in Azure) to handle other access requests.

The issue we are experiencing is when a user logs in to Dynamics CRM (2.0) and then attempts to log in to one of the services provided by 3.0.

Visibly the page refreshes, doesn't proceed with login, doesn't produce an error. In fiddler we can see the error: 

"ADFS doesn't have P3P policy, please contact your site's admin for more details."

Any suggestions?

Thanks for your assistance.

I am in the process of creating a Meteor application in which users will sign on using Azure Active Directory. This web app is also hosted on Azure Web App Services. My problem lies in the fact that upon clicking the sign in button, a popup window comes up with the sign in page, I enter my credentials, and then instead of being redirected to my webapp, I am left with this blank popup window that doesn't provide any errors.

This works fine locally, but when uploading to Azure Web App I cannot seem to get it to work. Not sure if this is a problem with Web App services or Active Directory. I do not think it is code since I am just using a very basic test application with a static page to login.

This image is the webapp (Welcome to Meteor!) with the popup after clicking sign in with my credentials. The white screen doesn't do anything and my account will not login.

i.imgur.com/f1gTOO5.png

Hi there,

 I'm hoping someone can help me. we have our mail almost totally in Office365, we have the domain configured for directory sync and all runs happily. I am keen to get domain services running so that we can get a DC in the cloud. as part of our Gold Partner subscription, we have credits for Azure. I have created a server in Azure and it's tied to our Gold partner agreement. when I then go to the office365 portal and then Azure AD and try to setup domain services, it picks up the DNS domain happily, but the "connect domain services to this virtual network" dropdown doesn't contain anything. how do I marry up our virtual network created on Azure with our domain?

best Regards

Pete Gibson

Question from @spuuky_ via Twitter:

Hi AAD community,

Trying to update to MFA 7 from PhoneFactor v3.x. When I load the new program, none of the configuration is present. It looks like phonefactor.pfdata is being renamed to phonefactor.pfdata.invalid and ignored.

Any insight would be appreciated.

Thanks,

@AzureSupport

Hi,

Having a couple of problems with certain users not synchronizing to AAD. We're using the GA version of AAD Sync and have 4 forests (3 account forests and one resource forest) syncing up to AAD. For the most part it is working well. There are, however, numerous errors occurring on certain accounts. The error type is "sync-generic-failure", and the stack trace shows fairly generic details (see below).



The users show up in a metaverse search and they even show the expected connectors (1 for the account forest, 1 for the resource forest, 1 for AAD). However the AAD connector properties shows no attributes. 

Has anyone else run across this? There's a lot of other info I could provide.

Thanks

Does anyone know if it's possible to reset a users security questions once set.  We have 'self-service password reset' active and I want to make sure they can be reset if someone is stupid enough to forget an answer/answers to any questions.  I've tried removing a user from the security group that activates self-service, but they don't get prompted when added back into the group.

Thanks

Simon

Is there a list with all the types of alerts that would be emailed if the setting to do so is enabled? Also, what address do the alerts come from?

Thanks.

Hi all,

I'm attempting to configure Azure AD Connect with ADFS.

Scenarios so far:

One ADFS Server (urb-adfs) with an SSL certificate installed in the Personal store for the federation name 'fs.mywebsite.co.uk'

One WAP Server (urb-wap)

One Azure AD Connect server

The wizard proceeds fine, however when attempting the WAP part, an error appears "An error occurred when attempting to establish a trust relationship with the federation service. Error: Service unavailable".

The firewall is turned off on all servers as well. All servers are Server 2012 R2.

Kind regards,

Tom

From Limping Ninja @Alimpingninja via Twitter

"I deleted an Azure AD Directory and it won't let me recreate with the domain name I deleted, instantly or 2 hours later. Why?"

"Sure, this is the same domain that I just deleted; don't believe someone took it in short time."

Thanks,

@AzureSupport

Via Twitter

@AzureSupport Any guides for Microsoft ADAL absolute beginners on how to use Dynamics CRM Web API? The guides online are a bit over my head. 

Happy to help. Have you referenced this documentation?:aka.ms/d1269331 Feel free to Direct Message. ^JN

Hi, thanks for the link! Yes I did read that carefully but I'm afraid it's still over my head. Basically, I am a web designer (new to web development) and want to have my company's website make a GET request to access a JSON file of data from our CRM so that I can create a membership directory on our website that people can search through with up to date info. I know Dynamics CRM 2016 added the Web API, so I just need to set up authorization so that it is secure (I only want it to be able to respond to GET requests and of only certain types of data). Is there any resource you have that can show me how to do that? From what I understand I just have to register an app and then configure it the right way, but it is getting confusing and I don't want to do anything that could cause a security issue for our organization. 

Thanks,
@AzureSupport

How can an employee be authorized to use the unified graph API, and also be authorized to do CRUD operations in the B2C Directory?

One solution works this way, but I'm not sure it's supported:

1.      Employee A logs into Employees.ABC_Company.com

a.      This will happened via the “unified graph api” in Azure AD as part of the ABC_Company directory.

b.      We will have access to the users groups, and from these groups we will provide access to the pages associated with those groups via the user’s menu.

2.      After login, Employee A selects “Admin B2C” from their menu.

a.      “Admin B2C” was available because the user was in the group “B2CAdmins”

3.      The“Admin B2C” page appears and allows CRUD operations

a.      User selects “view all users”

b.      The ASP.NET app controller calls the B2C graph API using the Application ID’s ID and secret identity to get all the users as well as other CRUD operations.

We read the following link:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/

Is the scenario above supported with B2C preview? If not, what is working scenario for interactive management where employee's need to be authenticated in one directory (employee), and yet be able to do CRUD in the B2C directory?

thanks

Rob

• We have an externally facing website, to which we would like to add a link to a SharePoint Online site, but we want to pass through the login page, so the Sharepoint site seamlessly loads.

Is that possible?

I tried hijackingSharePointOnlineCredentialsRequest/response to redirect, but that does not work.

Is there any sample code for cookies or response redirect headers that would allow this?

Hello, 

I have just set up Azure AD Connect. It is filtered to a specific group in our on prem AD,with password sync enabled. 

I have successfully migrated 3 users and all able to log in. On the fourth user, he synced correctly, but was never able to authenticate to Azure AD. I assume it is because he is using a simple password, all lowercase and two numbers. * 

This was causing him to not get email or any services through O365.

I disabled the Azure AD Connect Sync, inside of the Azure Portal, and then uninstalled the client from our server. 

Re-installed the Azure AD Connect, removed user from group, and enabled staging. 

Now the user is being synced from Azure AD not our on prem. If the synced happened, this user would be removed from O365 as a deleted user, and his account would have to be restored. 

Any thoughts on how I can disable that specific user from being synced?  

Is there any password restrictions to use Azure AD? 

Alex Smith