Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

App Registrations: AADSTS65005

August 3, 2018, 5:43 pm
$
0
0

Background:

We have created a SaaS web application build with NodeJS on Heroku platform. Using Salesforce and Hubspot API's any users of those CRMs can OAuth into our application and pull certain data from their accounts. We have gotten a request to integrate our solution with Microsoft Dynamics 365 CRM which let me to the problem I am having at the moment ...

Research:

I have attempted to search Slack and found the following article with suggestions, but still ran into the same symptom described below. (https://stackoverflow.com/questions/40673545/can-users-from-an-unmanaged-azure-ad-directory-sign-into-an-azure-ad-multi-tena)

Symptom:

I am attempting to follow the GitHub sample:

https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/blob/dev/sample/website-sample.js

I've registered my application under Azure Active Directory as a Web App / API with the Required Permissions set to Dynamics CRM Online. I have created my secret key and have filled in the various parameters in the sample above, however when I run my NodeJS application I am presented with the following error:

Request Id: 6ccd83dd-4864-4384-a69d-c2be05701600 
Correlation Id: a31d119b-ddc0-459e-979d-ed2b28b56118 
Timestamp: 2018-08-03T19:50:40Z 
Message: AADSTS65005: Using application '<Tenent>' is currently not supported for your organization <Tenent>.com because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of sell-on.com before the application Sell-On can be provisioned. 

Questions

  1. First question is given the background described above ... am I on the right path to allow any users of different Microsoft Dynamic CRM's to OAuth and grant us access to pull data on their behalf?

If I am on the right path then my questions are:

  1. Even though I created our Azure Portal account, I am listed with a User Type of Member ... shouldn't I be an Admin?
  2. How do I become an Admin so that I can claim ownership.
  3. Based on the error above is this just the tip of the iceberg of issues I am bound to face or is it to hard to tell?

Thank you for taking the time to read this and I hope to get some helpful feedback.


Search

I would like to Authenticate using Outlook REST API (version 2.0)

August 14, 2018, 12:59 pm
$
0
0

Are these the endpoints I must use to perform authentication?
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
https://login.microsoftonline.com/common/oauth2/v2.0/token

Can you point me to documentation or provide sample code that would allow me to Authenticate properly?

Unfortunately, one of the links on a Microsoft site keeps taking me to Microsoft Graph when I actually have a need to use Outlook as a source.  I am trying to retrieve MAPI information from a calendar event.

Germán Hayles

How do I authenticate against Azure AD?

August 14, 2018, 1:46 pm
$
0
0

The training videos I'm watching are old and do not match the current Azure Portal.

I believe these are the endpoints that I require in order to make RESTful calls for authentication against O365

https://login.microsoftonline.com/common/oauth2/v2.0/authorize
https://login.microsoftonline.com/common/oauth2/v2.0/token

In the examples of I've seen, the tenant ID gets inserted into the URLs above, but I don't see any mention of doing such a thing on the Microsoft site.


I'm still new to REST and am not fully acquainted with some of the shorthand I've seen.

Could someone provide a sample call that shows what values are to be provided.    I'd also be ok with training videos with that are more current, or documentation that shows exactly what parameters are required when making calls to AAD. 

The samples I've seen cause confusion because they're old and do not match what shows up on the App Registration page, or have different endpoints altogether.

Germán Hayles




AD Connect Group WriteBack Option

August 14, 2018, 1:53 pm

Power BI is not listed in the App Registrations section of Azure Active Directory.

August 14, 2018, 2:16 pm
$
0
0

I am tying to register an app following instructions in "Register an Azure AD app to embed Power BI content".OnstepI do not see App created inApp registrations. I checked personal and work school accounts. app is not there. When I add app from Azure account, I do not see Power BI Service listed in the App Registrations section of Azure Active Directory. Please let me know how to solve that problem. Best regards. Roman.

Can we have a custom Azure SSPR URL?

August 13, 2018, 9:19 pm
$
0
0

Hi,

Can we have custom Azure SSPR URLs, e.g. https://passwordregister.company.com and https://passwordreset.company.com

And can we upload an already purchased SSL certificate for these URLs?

Thank you,

SK

How to manually disable an AAD user account?

August 14, 2018, 4:42 pm
$
0
0

Hi,

In on-premise AD I can very easily disable a users account. I have looked through the Azure AD Users section, and just cannot find a 'disable' users checkbox/button/anything? How do you do it from the Azure Portal?

thank you,

SK

How to disable an AAD user account via AADConnect?

August 14, 2018, 4:44 pm
$
0
0

Hi,

If I disable a user in on-prem AD, and have AADConnect configured to sync these identities to Azure AD, what happens with the users account in AAD? Does it automatically get disabled in AAD, based on the 'useraccountcontrol' or 'accountexpiry' settings in on-prem AD?

thank you,

SK


Search

Device Authentication while off premises

August 14, 2018, 11:05 pm
$
0
0

Good Day,

Our issue is that when users are off the corporate network (ie Travelling Abroad) and they forget their password they are currently out of luck and the only way to get them back into their laptop would be for them to return to one of our sites to sign in.

Ive setup AAD with password write back and users are able to change their own passwords via office.com but again, they still have to return to the LAN to authenticate against a domain controller to access their machine with their changed password.

Im trying to find out if devices can be sync'd with AAD so that if a user is off the LAN then all they would need is internet access and they could authenticate against AAD to gain access to their laptop with a changed password.

Ive attempted an EMS Fast Track with Microsoft but this only lead to the consultant saying that we are too far along in the integration for FastTrack to be any use, and im not getting any clear suggestions as to whether the above can be implemented or not.

Any advice is highly appreciated.

AADConnect writeback and password complexity

August 14, 2018, 9:21 pm
$
0
0

Hi,

How are password policies kept in sync between Azure AD and on-premise AD? Are they kept in sync even?

In AD, we might have 'password complexity enabled', 'password history enabled for last 5 passwords', etc.

What happens if I reset my Azure AD password to for example 'August2018', and this does not match my on-premise AD password complexity...will the AADConnect password write-back fail? Assuming of course my Azure AD password policies are not complex (in this scenario example).

Thanks,

SK

Auto registration for Azure SSPR possible?

August 14, 2018, 8:21 pm
$
0
0

Hi,

Assuming we'd like to use the 'email my alternative email' and/or 'text my mobile phone' option during a SSPR reset operations - do end user have to do anything to register for Azure SSPR if AADConnect is already syncing their alt email addresses and mobile phone numbers to Azure?

thank you,

SK

AADC user/contact matching issues

August 9, 2018, 12:27 am
$
0
0

Hello,

We have gone from an on-prem Exchange to EOL but we still have on-prem Exchange for management of user objects but everything mail related is done in EOL

Now we're having issues that for some reason our "Azure AD Connect" has matched a user object (which isn't even enabled for Exchange) and a contact object and decided they are one and the same. Which means the contact isn't working in O365!

So, how do I break the matching? I've removed the "mail" attribute from the user object as well as all smtp/proxyaddress and made sure there is nothing in common between the two and done a full import/sync in AADC yet the matching is still there and then it writes back some X500 addresses back as proxyaddresses!

Is there any way to manually break the matching? Because they really have nothing in common!!

Can Azure work for my Business in place of on premise DC/AD?

August 13, 2018, 3:10 am
$
0
0

Good Morning,

I'm hoping someone can offer me some clear advice regarding the following scenario and requirements. Any help would be much appreciated!

Scenario:

We currently have about 25-30 users in our organisation which is a recent start-up business. Many users have a desktop and laptop, all have Windows 10 Professional installed. Office 365 is use to host our email and all users login to their machines using their Office 365 accounts (not local accounts). All users work from one office location, though many will often be on the road or working from home.

We do not have a domain currently in place or any servers in our organisation and all the machines are in a work group. If we can avoid it we would prefer not to have any on premise servers, DC's etc.. We don't do anything over complicated and use cloud based services for shared storage, through we do run some manual backups to a Windows Desktop PC.


Requirements

  • It would good if any solution can provide some form of authentication at login and control access to shared resources at some level and be managed centrally
  • We would like more control over client machines, ideally something offering similar functionality to that of group policy, even if this is lighter which can be managed from a central point (password resets, blocking access etc)
  • If this above is not possible without at least a hosted DC of some formwe would consider getting one

Could someone please me me in the right direction of what Azure service we would need to be able to provide the above functionality? Please let me know what further information you may require.

Kind regards

Trevor


AD B2C Error: An error occurred while sending the web api request

August 15, 2018, 12:52 am
$
0
0

Hi everybody,

I have implemented the following example hosting the web app and web api on two Azure Web Apps

https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi

I get the following error when from the UI I click on the to-do list.
Inner Exception 1:
HttpRequestException: An error occurred while sending the request.
Inner Exception 2:
WebException: The underlying connection was closed: An unexpected error occurred on a send.
Inner Exception 3:
IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Inner Exception 4:
SocketException: An existing connection was forcibly closed by the remote host


I have tried the request with Postman and it works.
Request details:
{Method: GET, RequestUri: 'https://taskservice-..../api/tasks/', Version: 1.1, Content: <null>, Headers:
{
Authorization: Bearer eyJ0eXAiOiJK.......

Any idea?
Thanks in advance

Configure Single Sign-On Tab is not available

August 15, 2018, 3:19 am
$
0
0

Hi Team,

I am configuring a SSO for an application in azure AD and but i couldnt see the SSO Tab for that specific application.

I guess it will be available if i use Non-Gallery application, but that would require AAD Premium. So is it possible to get SSO tab without AAD premium?

Thanks and Regards,

Deepika


Search

Azure login with certificates - account lockout

August 13, 2018, 4:05 am
$
0
0

Hi,

We are currently <g class="gr_ gr_56 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace" data-gr-id="56" id="56">login</g> to our Azure environments using privates keys. If I want to implement lockout policy, do I need to change the authentication to password? or how do I implement lockout policy with keys?

Thanks,

Lilia

All devices in Azure Active Directory

August 15, 2018, 4:03 am
$
0
0

Hello,

I've gone into Azure Active Directory >  All devices and all our workstations are in there, is this normal?

Most say "Hybrid Azure AD joined" but some say "Azure AD registered" these ones have started to get logon prompts.  No one knows why.

Thanks

Domain Joined device is not synced to Azure after enabling device writeback

July 18, 2018, 1:52 am
$
0
0

Hi!

I've just enabled device writeback feature on Azure AD Connect, but devices which joining to On-Premise domain are now not replicated to Azure AD.

I checked Sync Service Manager and it only shows "Projections: 1" and "Connectors with Flow Updates: 1" with a new device. No "Adds" or whatsoever. Containers are checked and it worked before...

Does anyone know what could go wrong?

Convert-Msoltostandard or SET-MSOLDomainAuthentication? (Moving From ADFS to Pass through Authentication)

February 16, 2018, 9:22 pm
$
0
0

Hello,

 ADFS servers in my current workplace was configured outside of ADconnect but we are now trying to move to PTA. i have read the procedure from the link below

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication-faq

It explains that i have to convert the domain from federated to managed but did not specify the exactly command. 

has anyone migrated recently to please share which command they ran on ADFS server to change from federated to managed?

Groups have no members

August 2, 2018, 8:32 am
$
0
0
None of my groups on my Azure AD console have members.  I have recently had to reinstall Azure AD Connect so maybe I'm missing something.
Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>