Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Azure AD Connect installation issue

July 27, 2016, 9:05 am
$
0
0

I am getting the following error during installation, right after entering my Azure AD Credentils.  I am using the express installation and have installed all the pre requisites.

Unable to retrieve the Azure Active Directory configuration.  Could not load file or assembly 'file:///C:\Program Files\Microsoft Azure Active Directory Connect\SetupFiles\AADPowerShell\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll' or one of its dependencies.  The system cannot find the file specified.

I checked the path and the path or file doesn't exist. 


Search

AZURE AD B2C SETTINGS - Multiple Subdomains

January 20, 2016, 12:56 pm
$
0
0

We're implementing an Azure AD B2C integrated web application, and are trying to share the same application between our different development environments. We have different environments like develop.ourapp.com, preview.ourapp.com, release.ourapp.com, my-personal-feature-branch.ourapp.com, etc.  

We're using Azure Active Directory for our main company web applications and this is possible, but our new app is an external customer facing site that we do not want to tie into our company AD.

Is there any way to accomplish this in AD B2C?  If not, is this a planned feature, or will we have to copy the AD configuration for each environment? 

This makes feature branching and demonstrations difficult as we spin up a new CI environment for each branch a developer creates, and security must be disabled in order to make this happen right now.

Thanks!

-Jason

AAD and Group Policies

July 27, 2016, 10:24 pm
$
0
0

     We want to move a lab environment to AAD from our on-prem data center. We would like to utilize the tenant for testing before rolling into production so we'll need to have sub-OU's and group polices controlling access in addition to security groups.

From my reading so far these features are not available at this time, does anyone have any information to the contrary? Or an alternative identity manager option?

Thanks for helping, it's hard to chase down the absolute newest information with the constant change.

Phil

Adding Federated Domains

July 27, 2016, 9:25 am
$
0
0

Hello,

I am trying to get some information as to what affect adding a new federated domain will do to my existing ADFS user experience. I currently have one federated domain (example.com), and need to add several sub-domains (abc.example.com, def.example.com) to prepare our Yammer network for integration with our Office 365 network. I'm afraid that if I add more federated domains, ADFS SSO users will be prompted to select the domain/realm before being signed on to their application.

This is the command I was instructed to use within Azure AD Powershell to add the sub-domains, but would like to know more before I do so:

New-MSOLFederatedDomain -DomainName:abc.example.com

Thanks, Patrick

Azure AD - AD DS Health - DC not detected as back online

July 28, 2016, 5:09 am
$
0
0

While a DC restarted, I got notification about replication down for this DC (which is fine)

However, after the server has restarted, no notification have been received to say the issue has been solved and on the Azure portal, the replication is still shown in error while this is clearly not the case, the DC is 100% back online

MVP Office 365 http://blog.hametbenoit.info

adding windows ten gives error 80004005

May 4, 2016, 6:30 am
$
0
0

Guys,

When trying to add a w10 pro to my azure ad, i get an error 80004005 that is telling me something went wrong, i need to contact the admin and check my credentials.

So i emailed myself(i am the admin), but myself doesn'tt know what is going wrong.

error can be seen here:

http://pho.to/A8Tdp

anyone who can help me with this?

thanks.


sync-generic-failure with Azure AD Connect (The object located by DN is a phantom)

July 28, 2016, 5:09 pm
$
0
0

Hi,

Using Azure AD Connect to sync our AD users to our O365 Tenant.

When running the Synchronization Service Manager and perform a Delta Sync from the on-prem AD, the synchronisation statistics provide one user (out of about 120) with this error "sync-generic-failure".

If i click into this and click on Stack Trace, this is what i get:

 object located by DN is a phantom. CS = 'mahdomain.com - AAD', Object Info 

Pipeline Object [156999dc-blah-blah-blah-2cf48f4f958e]: type=user, DN=CN={61314E54746B6B6A7blahblah637746C5837673D3D}, NSID=b891884f-blah-blah-blah-101c9083, MA Name = mahdomain.com - AAD, modt=Add
Add accountEnabled[Boolean]: True (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add commonName[String]: Neville Bartos (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add dnsDomainName[String]: mahdomain.com (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add lastPasswordChangeTimestamp[String]: 20150130100747.0Z (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add netBiosName[String]: COMPANY (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add onPremisesSamAccountName[String]: neville.bartos (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add onPremiseSecurityIdentifier[Binary]: System.Byte[] (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add dn[String]: CN={61314E54746B6B6A7blahblah637746C5837673D3D} (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add sourceAnchor[String]: a1NTblahblah67tlX7g== (Add), Sync Rule: Out to AAD - User Join, 67ace6df-blah-blah-blah-6c29ae5f4ef5
Add countryCode[Integer]: 0 (Add), Sync Rule: Out to AAD - User ExchangeOnline, 4d3279ee-blah-blah-blah-5f6e2cbe5b85
Add displayName[String]: Neville Bartos (Add), Sync Rule: Out to AAD - User ExchangeOnline, 4d3279ee-blah-blah-blah-5f6e2cbe5b85
Add givenName[String]: Neville (Add), Sync Rule: Out to AAD - User ExchangeOnline, 4d3279ee-blah-blah-blah-5f6e2cbe5b85
Add surname[String]: Bartos (Add), Sync Rule: Out to AAD - User ExchangeOnline, 4d3279ee-blah-blah-blah-5f6e2cbe5b85
Add userPrincipalName[String]: neville.bartos@mahdomain.com (Add), Sync Rule: Out to AAD - User ExchangeOnline, 4d3279ee-blah-blah-blah-5f6e2cbe5b85
Removed/emptied properties: 
END: Object


   at ObjectNamespace.GetCSObject(IEntryModification modification)
   at ManagedSyncRulesEngine.PersistGraphObjects(ManagedSyncRulesEngine* , IObjectLinkGraph graph, CCsObject* sourceCsObject, IEntryModification mvEntry, IList`1 allCsEntries)
   at ManagedSyncRulesEngine.PersistGraphToDatabase(ManagedSyncRulesEngine* , IObjectLinkGraph graph, CCsObject* csObject)
   at ManagedSyncRulesEngine.Synchronize(ManagedSyncRulesEngine* , CCsObject* sourceCsObject, CMvObject* mvObject, SynchronizationOperation operation, Char** error)


InnerException=>
none



 Native call stack:  

I haven't tried importing into Azure AD, as i want to fix this error first.

Any ideas, suggestions would be much appreciated as I am unable to find a solution. Thanks

Custom Global Admin Role (aka Company Admin)

July 28, 2016, 2:11 pm
$
0
0

Hi all,

Can I create a custom global admin(aka company admin) role with limited permissions and assign it to a user(s) in Azure AD?

Regards,

Kenny

Search

On boarding need to click two time the azure consent page.

July 29, 2016, 12:52 am
$
0
0

We are using azure AD and Auth0 for out application While Onboarding new tenant sometimes we need to click two times the azure consent page.



OneNote missing from "Application Permissions" (native application)

July 29, 2016, 2:10 am
$
0
0

Hi,

We have a native app registered on Azure which has permissions set (for OneDrive) and has been released.  We wish to add additional permissions to this application in order to access OneNote for class notebooks (this isn't available yet via the graph).

However when I try to do this I don't see OneNote in the list?  I have seen OneNote previously when I created test apps for investigation purposes.  However even if I create a new app OneNote isn't shown.

How can I add permissions for OneNote?

Thanks for the help

Microsoft Azure Active Directory Sync

July 28, 2016, 7:34 am
$
0
0

Upgraded to the new version for our Office 365 sync with our local AD.

Very disappointed in this version, there is no way to manually sync with the GUI, WHY?

I used to be able to manually sync in about a minute, now I have to launch the PowerShell pull out notes on how to force a sync, type commands in.  VERY MUCH A HASSLE.

Please add the manual Sync option back into the GUI, this new GUI is pretty much a joke, all I can do is change option, it does not show status, or any meaningful information.  Why would you pull all of that out?  

Not every admin enjoys having to use the PowerShell, I like a nice GUI interface that allows you to quickly and easily manage your services.  This has now become a pain in rump.

Thanks for the "Upgrade" Microsoft, you have ruined yet another valuable tool.

Cheers,
Curt Winter
Certified Microsoft Professional
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied. If you found my post helpful, please mark it as the answer.

Sync generic failure

July 29, 2016, 3:39 am
$
0
0

Hello,

When I run the synchronization cycle in Azure AD Connect, I get the sync-generic-failure error during the delta/full synchronization cycle.

From my understanding, it might be because of some corrupted data in the connector space but I want to know the exact reason for this. What is the meaning of this particular error ?

If anyone could help me with this, i would really appreciate that.

Thank you

MFA Verification fails + There was a problem processing your request

July 28, 2016, 11:06 am
$
0
0

we recently enabled Conditional MFA and some of the users complained as failure complete the MFA registration process. When they select the authentication method ( Text or Call ) and then click "contact me". It throws up an error as

"There was a problem processing your request" with Error Code 0

How Do I Install the Powershell ActiveDirectory module on an Azure Server

July 28, 2016, 10:42 am
$
0
0

I'm still quite new to Azure, so please bear with me.

We have a test server in Azure that is running SQL Server among other things.  The goal is to migrate a number of functions from our data center based server(s) to Azure.  One of the functions that is performed regularly is the import of AD and Exchange data into various databases via PowerShell scripts.

That's where I get stuck.  I am unable to find or load the ActiveDirectoy module in Powershell on Azure.  Can someone please tell me where I can find the file(s) to download it as well as any other "gotchas" I need to be aware of in getting it started?

TIA,

John


AAD Connect Metaverse Empty Records

July 29, 2016, 6:23 am
$
0
0

Hey all. I have an issue where I perform a metaverse search and the displayName, cn, etc. are all empty for 3 records. The <objectGUID> has a value. How can I trace the metaverse objectGUID to the actual object?

This situation arose because I have 2 AAD Connect machines (one in staging mode, but actively syncing) and the metaverse counts are different by the 3 objects that have these empty values. Server1 has 5971 objects but Server2 has 5968 objects. I would expect them to be the same.

Thanks.

Search

Azure AD App problems

February 8, 2016, 9:57 am
$
0
0

I'm trying to convert what was a fairly simple Office 365 SharePoint Add in project to an Azure AD and am having lots of authentication issues. I've built the new app using the standard MVC template with organisational accounts and it loads and runs fine, until I do any sort of post, at which I get:-

Additional information: A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier' or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider' was not present on the provided ClaimsIdentity.

Following several articles online I've tried setting AntiForgeryConfig.UniqueClaimTypeIdentifier to different types and even added the above to our ADFS server. I'm finding that if I tamper with that part of the app then most browsers start failing on 400 - request too long errors. Oddly, the Edge browser works.

Any ideas as I think I've missed something obvious?

 

AD Connect Health ADFS False "Health service data is not up to date" error.

July 29, 2016, 12:49 pm
$
0
0

I have an Azure ticket open on this, but as it's gone with a lack of traction on it (took a while to even get an understanding) was hoping someone from the product group might more readily be able to see this.

Long story short - we are leveraging Azure AD Connect Health to provide insight into our ADFS environment.  Back in February we had an issue that caused us to have to rebuild one of our ADFS proxy servers (ADFS 2012 R2 internally with WAP in DMZ). When rebuilding the server we re-used the hostname and IP address associated with the system.  Since then, there has been what seems to be a 'false' alert for the proxy server, indicating 'Health service data is not up to date'.  Have already re-installed the Azure AD Health agent, and we have 3 other WAP servers that are communicating without issue.  Have also ran the agent self test PowerShell commands without issue, have sifted through agent logs, etc, and all is good.  And just as importantly, the WAP is functionally working in production.

The problem I believe, though, is that there must be something on the Azure side of things that is not recognizing data from the new client, almost as if when a client is installed a key exchange happens, and this is not properly updated on the Azure side.  I say this because if you look in our tenant, despite this error message, the health data is in fact being sent to Azure.  You can see from the provided screenshot what is going on...

As you can see, the server throwing this 'error' is providing up to date data, Azure is even recognizing as such.  So it would seem something on the Azure side is not properly processing this data once it is received.

This is a bit of an issue in that we pay for Azure AD Premium so that we can leverage Azure AD Connect Health, which we cannot properly use until this problem is resolved.

Any insight from others that have experienced a similar error, or a response from the product group would be appreciated.

*it appears I cannot insert the image into this post until my account is verified by Microsoft*

User.Identity.Name adds "live.com#" to AAD users

July 29, 2016, 5:45 pm
$
0
0

I've got an API protected by AAD. I manually give users access by adding their Microsoft accounts to the relevant tenant as a user, and I use User.Identity.Name to save identifiers for owners rows on the database. This works great for my own accounts, but when adding an external MS account like me@outlook.com, User.Identity.Name returns "live.com#me@outlook.com" which looks pretty ugly in the GUI. I could strip it off of course, but I'd like to know why this is happening, and whether all external MS accounts will be displayed using the same system (so I can strip off left of first #, or something like that).

TIA

Dennis

 

Azure Application Proxy - SSTP VPN SSL Offload

July 29, 2016, 8:44 pm
$
0
0

Hi, All,

Has anyone tried to use Azure Application Proxy as an SSL Offload mechanism for Windows SSTP VPN server? I know RAAS supports SSL Offloading at a load balancer (like this example) but was curious if anyone has tried doing this using Azure Application Proxy.

I'll be setting up a lab to give this a shot the following days but I thought I should reach out to the community, first, to see if anyone has had any experience with this scenario.

Thanks,

Fable

Azure Active Directory connect error during wizard

July 28, 2015, 4:46 am
$
0
0

I ran through the Azure AD connect wizard, however received an error at the very end, my only course of action was to close the wizard. Now if I open the Azure AD connect app, I receive a message that an error has occurred on the root page, preventing Azure connect from continuing.

I am prompted to contact Microsoft forum site.  I do have a log of the failure if this helps

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>