Hello ,
i have created in office 365 a user x@contoso.com (different password in local AD )
the user is already exit in our Local AD this user x@contoso.com (has different password in office 365 )
if i install Adconnect with ADFS plan ,the domain will be converted to the federate domain .
what will be happen to this user after synchronization ?
and what be happened for other users not synchronized from AD to office 365 ?
Regards
Hi,
Was wondering, if it is actually possible to retrieve a "Subject" value that identifies user principle in Azure AD using AD Graph API? This value can be retrieved through SAML and JWT tokens by authenticating individually. (refer to property called sub: https://azure.microsoft.com/en-us/documentation/articles/active-directory-token-and-claims/)
I wanted to get the identifier using an api call to AD Graph API (https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/users-operations Get a user operation) and have it in an SAML format, is this possible?
Help would be appreciated.
Hello! While trying to specify a Redirect URL with query parameters in the Apps Registration Portal the error below is seen.
Your URL can't contain a query string or invalid special characters.
However, the documentation on Redirect URI limitations doesn't seem to mention anything about the query parameters. What gives?
From Andrea Turli @turlinux via Twitter
@AzureSupport following bit.ly/1RikATP I get `Error: We don't have a valid access token. Please run "azure login" again`, ideas? Trying azure login from azue cli for os x
https://twitter.com/turlinux/status/704627455156490241
Thanks,
@AzureSupport
Thiene Schmidt
hello ,
how to show the list of User Azure Ad attributes using MSOL ?
regards,
(a) Is it possible to create a custom directory role in Azure AD that can be assigned to users ?
(b) The Microsoft Graph API documentation - https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/directoryrole specifies it is possible to Update and Delete a Directory Role. Unfortunately the documentation Page does not load. Can someone from Microsoft fix it ? Does anyone know the REST Endpoints used to perform this operation ?
I have a script to create a batch of 100 users in Azure AD using the new AzureADPreview (2.0.0.7). What I can not seem to find or figure out is how to create the password profile that is required. So my question is, in PowerShell how do I properly build the PasswordProfile object to use for New-AzureADUser?
Thanks for the help!
Hello ,
i heard that there is a tool to simulate the conflict Synchronization between onpremise Ad and Azure Ad .
Actually we are preparing to use Adconnect for Sycnhronization .
could you please let me know the name of this tool please .
Regards
Hi,
I receive the following error message when trying to execute Disable-ADSyncExportDeletionThreshold:
Disable-ADSyncExportDeletionThreshold : Could not load typeIvan de Sousa
Hi All,
I am trying to integrate the MIM SSPR with the Azure MFA. I created a new MFA service providers and downloaded the SDK file to get the LICENSE_KEY, GROUP_KEY, CERT_PASSWORD.
I performed all the steps given in the below link
https://docs.microsoft.com/en-us/microsoft-identity-manager/deploy-use/working-with-self-service-password-reset
But still during the OTP gate OTP is not sent and I am getting the following error in the event logs Azure MFA: Authentication Failed. Call Status='', ErrorID='0'. Any idea on this error?
Hi,
I am using the AAD Graph Client Library to query the users from AAD as follows:
ActiveDirectoryClient activeDirectoryClient = null;
... get token for application ...
IPagedCollection<IUser> usersPage = activeDirectoryClient.Users.ExecuteAsync().Result;
for the next page i am using the usersPage.GetNextPageAsync() call.
These calls (ExecuteAsync and GetNextPageAsync) give me 100 users per page (by default). I would like to make this a configurable number.
How can i achieve this using Graph Client Library in C#?
Thanks and Regards,
Kapil
Hey,
I have a customer which has Azure AD joined Windows 10 devices. They asked me if it's possible to force their end users to change their current password to Office 365 and Windows 10 devices.
We temporarily modified the time settings of their policy for password renewal to be 5d and 14d. This worked out and all the users successfully managed to change their current passwords to new ones. The users are now fine with the Office 365 and the services but they cannot use the same password for logging in the Windows 10 devices.
I always thought that the Office 365 password should be the same one used in Azure AD, isn't it the Azure AD which is actually behind the whole O365 authentication system?
Have I got it totally wrong or is there something malfunctioning here?
I'm trying to add authentication using Azure AD B2C to a web
forms app. Unfortunately, every tutorial I've found is for MVC, except for this web forms tutorial: http://www.cloudidentity.com/blog/2014/07/24/protecting-an-asp-net-webforms-app-with-openid-connect-and-azure-ad/. Using
that tutorial, I've added this code to my startup.auth.cs:
publicpartialclassStartup{// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301883publicvoidConfigureAuth(IAppBuilder app){ app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(newCookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication(newOpenIdConnectAuthenticationOptions{ClientId="my-client-id",Authority="https://login.microsoftonline.com/my-tenant"});}}
And that is working fine. However, I need to have sign up functionality as well as just sign-in, but I can't figure out how to do it, since everything I've
found is for MVC, and I'm not sure how to convert that to what I need. I've tried adding code such as this:
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(_SignUpPolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(_ProfilePolicyId));
app.UseOpenIdConnectAuthentication(CreateOptionsFromPolicy(_SignInPolicyId));And that creates three more buttons on the login page, but clicking on them just gives a 404 error and no extra information, so I don't know how to make
that work, either, or even if I'm headed in the right direction. I've never worked with B2C before, so if anyone has any suggestions/has done this sort of thing for web forms, I'd really appreciate some tips or sample code.
I'm trying to connect a native application to an Active Directory setup within the Azure Government Portal. It's complaining about a client_secret. I created a working portion of this setup within the standard Azure Portal, but used a Native Application instead of a Web Application. Reading online, the way to get around this is either to acquire tokens from my web application (I have a native app, not a web app), or create a new application within the portal to be a Native Application. This would more closely match my setup within the standard portal. However, I don't see how to setup an application for my Active Directory with the type of "Native Application".
How do I setup a Native Application for my Active Directory within the Azure Government Portal?
Hello!
We are developing a windows service application, it uses Microsoft Graph in order to do some operations into a domain: CRUD users, Calendar, Mail, OneDrive.
But we need to do this in daemon mode, by using a certificate, like this example: https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential
We try to do this using portal.azure.com, creating a certificate and modifying Manifesto (inserting appropiate keys into "keyCredentials").
But after obtain an Access Token, when doing the request to operation (for example, send a mail) the response obtained was " Access is denied. Check credentials and try again."
We don't have an Azure subscription, only an Office365 for developer subscription. The final product must work using an Office365 Education license.
Any suggestions?
We saved your work."
I cannot do anything on the page other than press a 'reload' button, which takes me back to the same place.
I can still use the old azure site (manage.windowsazure.com) with the same work login credentials. I have tried multiple browsers and multiple PCs.
PS. This Forum input page forces me to select a specific Azure forum, and annoyingly, a general Auzre website category is not an option.
Folks,
Does anyone know a way in which we can add Microsoft Accounts into Azure Active Directory via PowerShell or C#?
This feature is available in the portal however we need to be able to programmatically complete this task.
Thanks,
Lyon Till
Hello ,
i have created in office 365 a user x@contoso.com (different password in local AD )
the user is already exit in our Local AD this user x@contoso.com (has different password in office 365 )
if i install Adconnect with ADFS plan ,the domain will be converted to the federate domain .
what will be happen to this user after synchronization ?
and what be happened for other users not synchronized from AD to office 365 ?
Regards