I am trying to enable secure LDAP in azure domain services.
I have used self signed certificate as well as the one signed by trusted authorities.
I am getting following error after 15 minutes every time
"{\"Code\":\"InternalServerError\",\"Message\":\"Exception of type 'Microsoft.Azure.Event.Common.EventServiceException' was thrown.\"}"
Hi everyone,
we will sync our users to the cloud. They have already a routeable UPN.
But they also have several email addresses. One of them is an address which is used only locally by a Quest/DELL programm for coexistance.
IDfix showed them all as error. But we need them until all applications from Lotus Domino are moved. Will the AD Sync NOT work at all or just not sync these addresses up to Azure AD?
We are going for hybrid until the Domino system will "die".
Best regards
Stephan
<h3>Regards Stephan</h3>
Hello all.
I'm trying AAD and want to add my domain name. I wrote my domain and added DNS records. But Azure cant't verify my domain name.
I replaced origin domain resistrator service to Azure DNS Zone and added records.
I check DNS records with Dig and found needed records.
But I have error on verification domain name in AAD.
Level of Subscription - Free trial.
Record is added to DNS more then a week ago but Azure refuses to verify it. You can see details below for both actual DNS entry and requirements. I verified there is no fat fingering and it's not obviously issue with TTL either.
PS C:\Windows\system32> resolve-dnsname -Type TXT shamrocksolutionsllc.com
Name Type TTL Section Strings
---- ---- --- ------- -------
shamrocksolutionsllc.com TXT 3599 Answer {google-site-verification=RNAs1pW04xP8x-T
8aET310cxi9TsEU5QWIru5jtIVH8}
shamrocksolutionsllc.com TXT 3599 Answer {google-site-verification=u8xUaW-sT6acLdm
LL-dU0LvIKLwNnnPoyJ4SR15uwAM}
shamrocksolutionsllc.com TXT 3599 Answer {v=spf1 include:_spf.google.com ~all}
shamrocksolutionsllc.com TXT 3599 Answer {MS=ms81362839}Hi,
I have just received an e-mail that the AD management in the old portal (manage.windowsazure.com) will be retired on 30th November 2017.
But it is not possible (I haven't found yet the wat to do it) in the new portal (portal.azure,com) to add external user to AD (users with Microsoft account or from other AD) as it was possible in the old portal. See attached pictures.
Hi there,
Our web-app always show timeout error when trying to connect via ldaps. The web-app public IP was added to the NSG rule allow 636.
When I allow All on port 636 the access is succesful.
Why is this?
Thanks
Automation
Hello,
I am integrating azure ad authentication in my application to authenticate the user and also search for the users in <g class="gr_ gr_113 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="113" id="113">ad</g> using Microsoft Graph. But I am unable to get the access back from the azure ad. The main I am facing is that when I am running the application in my organization's network then I am not redirected to the Microsoft's login page. But when I run the application outside my organization's network I am redirected to the Microsoft login page. Do I need to use another URL to redirect to Microsoft login page? below is the Authority URL I am using to connect to.
<g class="gr_ gr_1507 gr-alert gr_gramm gr_inline_cards gr_run_anim Style multiReplace" data-gr-id="1507" id="1507">Authority :</g> "https://login.microsoftonline.com/common/v2.0"
Thank you in advance!
Regards,
Soni
Azure AD Connect 1-Aug-2018 Release Fails to Upgrade & provides "AD Error 906: Index out of range error". I needed to run this update in order to fix the CPU utilization issue associated with KB4338814 “2018-07 Cumulative Update for Windows Server”. Now I can't sync my AD... I can't upload pictures here, either.
The Upgrade Azure Active Directory Connect gives error: "An error occurred while upgrading from Azure Active Directory Sync. Unable to upgrade the Synchronization Service. Please see the event log for additional details."
The event log has "Event 906, AzureActiveDirectorySyncEngine. Index was outside the bounds of the array."
Hello all,
(I know this has been discussed before and would like to check if there is any updates)
Is there a way to fully block the access to the Azure portal at https://portal.microsoft.com to all the users' accounts in the Office 365 subscriptions?
Currently what we can do is only to block access to the Azure Active Directory Management page with the Azure portal.
Though the other remaining resources within the Azure page are not accessible by the users or even require them to run free trial etc, I think the idea to access the Azure portal with the users accounts are not quite right.
I was advised by the Support that
Azure is part of every Office 365 subscription -- it is the place where we store your users, licenses and information. Azure Premium version gives more options to work with it.
Do we need Azure Premium edition to disable the login access to Azure Portal
Thank you in advance.
Daryl
I am using
AzureGraphAuthenticationProvider graphAuth = new AzureGraphAuthenticationProvider(); graphAuth.tenantId = tenantId;
graphAuth.applicationID = applicationID;
graphAuth.applicationKey = applicationKey;
GraphServiceClient graphClient = new GraphServiceClient(graphAuth); //sets graph client using previously obtained token
//graphClient.HttpProvider.OverallTimeout = 0;
var users = await graphClient.Users.Request().GetAsync();
string title = "";
int count = 0;
while (users != null)
{
var usersList = users.CurrentPage.ToList();
count = count + usersList.Count();
//users = null;
users = await users.NextPageRequest.GetAsync();
} But I have had no luck in listing the users, I can pull my own info but no one elses.
Though if I use
User user = await graphClient.Users[currentUser].Request().GetAsync();
I have no problem pulling that specific user's info.
is it possible it is timing out? If so how can I adjust it?
Any thoughts?
Solution:
try
{
while (users != null)
{
var usersList = users.CurrentPage.ToList();
count = count + usersList.Count();
users = await users.NextPageRequest.GetAsync();
}
}
catch
{
//
}
Need to provide custom AAD permissions to a group of users
Permissions: Manage AAD Devices (Create and delete Devices, and read and update all properties in Azure Active Directory)
Property: microsoft.aad.directory/Device/AllActions/AllProperties
Source: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
Anyone got lucky and managed to create a custom rule in Azure AD?
Running the Register-AzureADPasswordProtectionProxy cmdlet returned no errors, but my Agents were reporting no registered proxy service found.
Enabling the Trace log and re-running Register-AzureADPasswordProtectionProxy returns the following error:
ProxyCertificatesPopulator: Microsoft.DeviceRegistration.JOSE.JoseException: The certificate validator indicated that the signingCertificate is not trusted
at Microsoft.DeviceRegistration.JOSE.JWSHelper.ValidationWorker2(String JWS, X509Certificate2 expectedSigningCert, ICertificateValidator certValidator, X509Certificate2& signingCert, Byte[]& payload)
at Microsoft.DeviceRegistration.JOSE.JWSHelper.ValidateSignature(String JWS, ICertificateValidator certValidator, String& payload) at ServiceCommon.Converters.ProxyCertAndChainConverter.Convert(ProxyCertAndChainSerialized proxyCertAndChainSerialized) at
ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.UpdateCurrentPublicDataIfNecessaryWorker(FileContentAndPath1
latestContent, Boolean fromBackup) at ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.UpdateCurrentPublicDataIfNecessary(FileContentAndPath1
latestContent, Boolean fromBackup) at ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.PopulateDirectoryFiles()
at ServiceCommon.ServiceInfrastructure.DataPopulatorServiceComponent3.HandlePopulateDirectory(Object state, Boolean timedOut)
Proxy and AD servers are 2012 R2 with latest updates, including the Universal C update. AD is using DFSR replication.
Hi,
Source and target forests have both been migrated to Office 365. Both forests are using the same UPN Suffix. Only 100 users are being migrated but still need to keep the WAAD Sync running for the other users in the source domain.
Need the correct produce to migrate using ADMT, has im not sure how to switch the Offcie 365.
Hello,
I want to do a pilot for AAD Connect. The AAD Tenant already exists. As part of pilot I want to sync only a handful of pilot users. I don't want to sync groups or any other objects.
I installed and configured AAD Connect in custom mode and provided the pilot group to do object filtering based on group membership (say SyncToAAD group). I followed steps @ https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom
It clearly says " All objects you want to synchronize must be a direct member of the group. Users, groups, contacts, and computers/devices must all be direct members. Nested group membership is not resolved. "
However, once I was done with the configurations it synced a whole bunch of AD Groups from AAD to AD. The were not member of the SyncToAAD group. It did not sync the members but based on email address match it renamed a few group name. This was not a expected behavior for me. How do I stop it? How do I stop synchronization of groups between AD and AAD and vice versa ?
Thanks,
Hello,
In Azure AD you can set the registered Owner and User of a device with Windows Powershell.
What are the main differences between the Owner and the User? Is there any documentation where I can learn more about these differences?
Best Regards,
Niilo
Hi;
I'm building an ASP.Net Core app. It's users are into two separate groups (Vendors & Consumers).
The consumers can login third party providers with minimum user data.
The Vendors however, require an email/password signup with a series of data.
My questions are:
a) Can an app two Azure Login/signup forms with different policies like in my case?
b) If yes, where can I learn how to do it? I checked the docs but nothing?
Thank you in advance!
..Ben
..Ben
If I update my authentication contact information on my Azure AD profile, and then click on "Access Panel Profile" link, it shows that both "Email" and "Alternate Email" have been changed.
How does that make sense?
And does it actually change my primary email address?
Or is this in fact inaccurate and confusing labeling?
I'd like to provide alternate contact information, however, I'm reluctant to use this feature because of the way the values are labeled on the profile page.
I'm the Azure Group Admin.
My primary email for the Azure account is me@mydomain.com (well, you know..)
I added a custom domain to Default Directory = mydomain.com. It shows up on the list as verified.
I created an AD group in Default Directory called DBA.
I added me@mydomain.com to the DBA group.
I assigned DBA group as AD SQL Admin for MyAzureSQLServer (an Azure SQL server).
I did the query for principals via MSSMS and saw DBA group, to verify that it is wired up.
I then try to login to MyAzureSQLServer from MSSMS with Active Directory Password, using me@mydomain.com and with the correct password (which I confirmed two days ago, trying to get into Azure).
THEN
I get the following error:
====================================
TITLE: Connect to Server
------------------------------
Cannot connect to actionmap.database.windows.net.
------------------------------
ADDITIONAL INFORMATION:
One or more errors occurred. (mscorlib)
------------------------------
One or more errors occurred. (mscorlib)
------------------------------
AADSTS50034: To sign into this application the account must be added to the
05907bd6-5198-4caf-a794-f31461d86a8b directory.
Trace ID: e271f101-9292-46ee-b841-873eae340300
Correlation ID: 1ce045a5-e70b-4c61-a83f-1665ea5123f3
Timestamp: 2018-08-07 22:47:15Z (System.Data)
------------------------------
BUTTONS:
OK
------------------------------
=======================================
The directory id in bold above is the Default Directory (confirmed).
Following the explanation in here:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication
where it says
The following members of Azure AD can be provisioned in Azure SQL server or SQL Data Warehouse:
... based on that I thought that the login me@mydomain.com should be able to access MyAzureSQLServer through Active Directory - Password, because the custom domain mydomain.com has been added to Azure AD and verified.
What might I be missing here?
Thanks!
Hello,
I am integrating azure ad authentication in my application to authenticate the user and also search for the users in <g class="gr_ gr_113 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="113" id="113">ad</g> using Microsoft Graph. But I am unable to get the access back from the azure ad. The main I am facing is that when I am running the application in my organization's network then I am not redirected to the Microsoft's login page. But when I run the application outside my organization's network I am redirected to the Microsoft login page. Do I need to use another URL to redirect to Microsoft login page? below is the Authority URL I am using to connect to.
<g class="gr_ gr_1507 gr-alert gr_gramm gr_inline_cards gr_run_anim Style multiReplace" data-gr-id="1507" id="1507">Authority :</g> "https://login.microsoftonline.com/common/v2.0"
Thank you in advance!
Regards,
Soni