Hi I would like some help setting up a Hybrid AAD Join environment.

1. I have got a domain and some domain joined workstations that I want to make Azure AD registered too.

2. I have created a SCP

Now I want to be able to add them to Azure.

I cant see the option under account settings in Windows 10.

Please help.

Thanks

Hi,

I am deploying SSPR within AAD now and   when choose the Authentication methods, there are 2 methods called "Mobile app notification" and "Mobile app code". It requires registration separately.

After i tried enable it with my own phone, when I try to reset password, i don't see anything related to this mobile app authentication, but it required a mobile code when I log in.

I have a colleague has MFA enabled and registered already, but when register SSPR for mobile app notification and code, it gave him a new barcode to scan for registration.

I am wondering what's the difference between MFA and these 2 authentication methods in SSPR? Are they the same? Is the Mobile app authentication method if SSPR recommended?

Thank you.

Hi Microsoft Team,

In my workplace we have personal computers with Outlook 2013 and Outlook 2010. We have setup Azure Active Directory Connect using Password Hash Authentication so we can use our domain passwords to login in our email accounts. The computers with Office 2013 are working fine, we can login via webmail and via Outlook just fine with the domain password, but on the computers with Office 2010 we are only able to login via webmail and not via Outlook because it keeps asking for a password even tough we are inserting the correct one. 

Can you please confirm us if Password Hash Authentication works with Outlook 2010?

Best Regards

David Lourenço

Hi after help with this, googles to death...

Am using the office365 admin as auth that side

Local creds am using a enterprise administrator and putting the fulle domain.local\ in front

Trace logs >>

[08:30:34.961] [ 15] [INFO ] ServiceControllerProvider:DeleteService successful - serviceName:ADSync
[08:30:34.968] [ 15] [INFO ] BuildMsiArguments: Setting Sync Engine MSI parameters for clean installation
[08:30:53.731] [ 15] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Please see the event log for additional details. ---> Microsoft.Azure.ActiveDirectory.Client.Framework.ProcessExecutionFailedException: Error installing msi package 'Synchronization Service.msi'. Full log is available at 'C:\ProgramData\AADConnect\Synchronization Service_Install-20180806-083034.log'.

Extracted error message:
ActionStart(Name=ProcessMachineDcomPermission,,)
MSI (s) (B4:A8) [08:30:47:993]: Executing op: CustomActionSchedule(Action=ProcessMachineDcomPermission,ActionType=1025,Source=BinaryData,Target=ProcessMachineDcomPermission,CustomActionData=ADMINS=ADSyncAdmins OPERATORS=ADSyncOperators BROWSE=ADSyncBrowse PASSWORDSET=ADSyncPasswordSet)
MSI (s) (B4:AC) [08:30:47:998]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI4C81.tmp, Entrypoint: ProcessMachineDcomPermission
CustomAction ProcessMachineDcomPermission returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (B4:A8) [08:30:48:132]: User policy value 'DisableRollback' is 0
MSI (s) (B4:A8) [08:30:48:132]: Machine policy value 'DisableRollback' is 0
Action ended 08:30:48: InstallExecute.
 ---> Microsoft.Azure.ActiveDirectory.Client.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1603.

Details:
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartProcessCore(String fileName, String& processOutput, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile, Boolean hideWindow, Boolean waitForExit, Boolean traceArguments, Int32 exitCodeToIgnore)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String packageOptions, String installationPath, NetworkCredential credential, String installLogFileName, Boolean extractOnly, Boolean quiet, Boolean suppressReboot)
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String packageOptions, String installationPath, NetworkCredential credential, String installLogFileName, Boolean extractOnly, Boolean quiet, Boolean suppressReboot)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallSynchronizationService(String pathToMsiFiles, String msiFileName, String installationPath, String sqlServerName, String sqlInstanceName, Boolean useInstallPathForDBFiles, IDictionary`2 syncServiceGroups, SyncServiceAccount syncServiceAccount, String logFilePath)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description, String logFileName, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[08:31:07.799] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180806-082646.log

then tail end of sync service install logs >>

MSI (s) (B4:A8) [08:30:51:027]: Executing op: ComponentUnregister(ComponentId={63684FF4-FD87-45CF-9E44-9C57675FEB6E},ProductKey={C8AD3784-5841-4E99-97A8-603F2EEE3427},BinaryType=1,)
MSI (s) (B4:A8) [08:30:51:028]: Executing op: ComponentUnregister(ComponentId={124FA056-EC1E-48CA-BC66-468D72C8449F},ProductKey={C8AD3784-5841-4E99-97A8-603F2EEE3427},BinaryType=1,)
MSI (s) (B4:A8) [08:30:51:029]: Executing op: ComponentUnregister(ComponentId={1681AE41-ADA8-4B70-BC11-98A5A4EDD046},ProductKey={C8AD3784-5841-4E99-97A8-603F2EEE3427},BinaryType=1,)
MSI (s) (B4:A8) [08:30:51:030]: Executing op: ComponentUnregister(ComponentId={A64FDC9B-3E02-4D59-8C59-3A1F95FF4315},ProductKey={C8AD3784-5841-4E99-97A8-603F2EEE3427},BinaryType=1,)
MSI (s) (B4:A8) [08:30:51:031]: Executing op: ComponentUnregister(ComponentId={9AE4D8E0-D3F6-47A8-8FAE-38496FE32FF5},ProductKey={C8AD3784-5841-4E99-97A8-603F2EEE3427},BinaryType=1,)
MSI (s) (B4:A8) [08:30:51:033]: Executing op: ComponentUnregister(ComponentId={186E945D-79D5-460C-BF9E-32C958C49705},ProductKey={C8AD3784-5841-4E99-97A8-603F2EEE3427},BinaryType=1,)
MSI (s) (B4:A8) [08:30:51:034]: Executing op: ActionStart(Name=ValidateDebugPrivilege,,)
MSI (s) (B4:A8) [08:30:51:034]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
MSI (s) (B4:A8) [08:30:51:034]: Error in rollback skipped.    Return: 5
MSI (s) (B4:A8) [08:30:51:034]: Entering MsiProvideAssembly. AssemblyName: Microsoft.MetadirectoryServices.Host,version="1.1.0.0",culture="neutral",publicKeyToken="31BF3856AD364E35",processorArchitecture="AMD64", AppContext: , InstallMode: -4
MSI (s) (B4:A8) [08:30:51:034]: Pathbuf: 0, pcchPathBuf: 0
MSI (s) (B4:A8) [08:30:51:034]: MsiProvideAssembly is returning: 1607
MSI (s) (B4:A8) [08:30:51:048]: Note: 1: 2318 2:  
MSI (s) (B4:A8) [08:30:51:049]: No System Restore sequence number for this installation.
MSI (s) (B4:A8) [08:30:51:050]: Unlocking Server
MSI (s) (B4:A8) [08:30:51:138]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
Action ended 08:30:51: INSTALL. Return value 3.
MSI (s) (B4:A8) [08:30:51:141]: Note: 1: 1708
MSI (s) (B4:A8) [08:30:51:141]: Product: Microsoft Azure AD Connect synchronization services -- Installation operation failed.

MSI (s) (B4:A8) [08:30:51:142]: Windows Installer installed the product. Product Name: Microsoft Azure AD Connect synchronization services. Product Version: 1.1.880.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

MSI (s) (B4:A8) [08:30:51:174]: Deferring clean up of packages/files, if any exist
MSI (s) (B4:A8) [08:30:51:174]: MainEngineThread is returning 1603
MSI (s) (B4:B8) [08:30:51:179]: RESTART MANAGER: Session closed.
MSI (s) (B4:B8) [08:30:51:179]: No System Restore sequence number for this installation.
=== Logging stopped: 06/08/2018  08:30:51 ===
MSI (s) (B4:B8) [08:30:51:183]: User policy value 'DisableRollback' is 0
MSI (s) (B4:B8) [08:30:51:183]: Machine policy value 'DisableRollback' is 0
MSI (s) (B4:B8) [08:30:51:183]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (B4:B8) [08:30:51:184]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (B4:B8) [08:30:51:184]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (B4:B8) [08:30:51:186]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (s) (B4:B8) [08:30:51:186]: Restoring environment variables
MSI (s) (B4:B8) [08:30:51:188]: Destroying RemoteAPI object.
MSI (s) (B4:0C) [08:30:51:188]: Custom Action Manager thread ending.
MSI (c) (A0:78) [08:30:51:194]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied.  Counter after decrement: -1
MSI (c) (A0:78) [08:30:51:194]: MainEngineThread is returning 1603
=== Verbose logging stopped: 06/08/2018  08:30:51 ===

Any ideas pls

Simon Wilks Technical Manager Microsoft Certified Technology Specialist Emerald IT Managed Solutions Ltd Tel: 0845 467 1314 Fax: 0845 467 1316 Email: simon.wilks@emeralditms.co.uk Office 18 - Pure Offices - Plato Close - Tachbrook Park - Leamington Spa - Warwickshire - CV34 6WE www.emeralditms.co.uk • Servers & PC'S • IT Cabling • Networking • Support & Maintenance • Document Management • Wifi solutions • Websites

Hi all, 

I get an error when upgrading the latest AAD Connector, "Input string was not in a correct format".

The error occours after the AAD Connector connects to Azure AD and when the upgrade process are updating the on-premise rules.

The logfile indicate that logins to the webservices "AADSTS*****" are failing, but the password for sync account have been reset before upgrade process were started and the sync  account can login without problems.

I need to get this working again, anyone?

HI 

1. Hi there. I am unable to find my student names when making a group
   
    richard.hainsworth
    Please let me know how to fix this
   
    
    Azure Support
    Hello. Can you please provide some additional information regarding this? Are you adding students to a Azure Active Directory?  ^RS
   
   2h 7 seconds ago
    richard.hainsworth
    Yes I am trying to
   
    
    richard.hainsworth
    my school email is richard.hainsworth@syd.catholic.edu.au
   
    
    Azure Support
    So just to confirm, when you are adding students to an Active Directory, these students are not showing up? Can you please elaborate on the issue? ^RS
   
   2h
   all my students have @sydstu.catholic.edu.au
   
    richard.hainsworth
    Yes no of my students who have all created a O365 account are not visable
   
    
    richard.hainsworth
    try and find this student  sienna.anderson@sydstu.catholic.edu.au
   
    
    Azure Support
    
   Got it. Just to confirm, were the following steps done to add the users? https://aka.ms/5cSglLcb  ^RS
   
   2h 8 seconds ago
   
   I don;t have a global admin
   
    richard.hainsworth
    That is way above my pay grade but seems a bit dumb to think someone so high up in the organisation needs to add in a bunch of students from a school they have never heard of
   
    
    Azure Support
    Not a problem. Lets get you in touch with an engineer who can better assist. Can you please post this here: http://aka.ms/azadMSDNforumq  and send us the link? We will ensure the team is made aware. Thank you for your continued patience.  ^RS

   
   

Hello,

I am following steps mentioned in following document to configure PowerBI to import Azure AD Logs as a data source for reporting.

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-power-bi-content-pack

It prompts me for credentials, I provided global admin credentials that were authenticated correctly over OAUTH, however at the end of it I get following error:

Failed to update data source credentials: The credentials provided for the AADData source are invalid.

Any comments on what might be going wrong? 

Thanks!

Hi,

In on-premise AD I can very easily disable a users account. I have looked through the Azure AD Users section, and just cannot find a 'disable' users checkbox/button/anything? How do you do it from the Azure Portal?

thank you,

SK

Hi,

How are password policies kept in sync between Azure AD and on-premise AD? Are they kept in sync even?

In AD, we might have 'password complexity enabled', 'password history enabled for last 5 passwords', etc.

What happens if I reset my Azure AD password to for example 'August2018', and this does not match my on-premise AD password complexity...will the AADConnect password write-back fail? Assuming of course my Azure AD password policies are not complex (in this scenario example).

Thanks,

SK

Hi,

Assuming we'd like to use the 'email my alternative email' and/or 'text my mobile phone' option during a SSPR reset operations - do end user have to do anything to register for Azure SSPR if AADConnect is already syncing their alt email addresses and mobile phone numbers to Azure?

thank you,

SK

Hello,

We have gone from an on-prem Exchange to EOL but we still have on-prem Exchange for management of user objects but everything mail related is done in EOL

Now we're having issues that for some reason our "Azure AD Connect" has matched a user object (which isn't even enabled for Exchange) and a contact object and decided they are one and the same. Which means the contact isn't working in O365!

So, how do I break the matching? I've removed the "mail" attribute from the user object as well as all smtp/proxyaddress and made sure there is nothing in common between the two and done a full import/sync in AADC yet the matching is still there and then it writes back some X500 addresses back as proxyaddresses!

Is there any way to manually break the matching? Because they really have nothing in common!!

Hi All,

Im attempting to use msg.exe to send a daily reminder to all users in the domain. Ive created to GPO to enable WinRM and the WinRM service but im still getting Error 1722 when using msg.exe. Firewall for the domain is currently off on all workstations. Oddly enough it works if I use winrs -r first that then msg.exe (ie  -  winrs -r:computername msg * YakYakYak) and the message pops up on the targeted PC. 

PS C:\WINDOWS\system32> msg /server:COMPUTERNAME * Did this work again?
Error 1722 getting session names

PS C:\WINDOWS\system32> winrs -r:COMPUTERNAME msg * Did this work again?
WORKS!!

This is the full PS command im trying to run...

(Get-ADComputer -SearchBase "OU=Test OU,DC=us,DC=local" -Filter *).Name | Foreach-Object {Invok
e-Command -ComputerName $_ {msg * "PLEASE REMEMBER TO TURN OFF YOUR OFFICE LIGHTS"}}

Is there a way to work WINRS into that command?

Hello All,

I have created B2C Signin Policy using B2C default policy( from screen) in development environment. Now I want this policy to  move to different Environment say Quality Environment. How to copy all configuration of B2C Signin policy of Development to Quality environment?

Hi,<o:p></o:p>

 Can anyone confirm that the "https://autologon.microsoftazuread-sso.com" URL is the correct URL?  When i try to browse to it, i get an error every time.  I have confirmed with our NetSec team that we have access to the site but i'm thinking this site is no longer a valid URL.

According to Microsoft documentation, it still exists but would appreciate if someone could confirm it works for them?<o:p></o:p>

Thanks,<o:p></o:p>

J

Hi!

I've just enabled device writeback feature on Azure AD Connect, but devices which joining to On-Premise domain are now not replicated to Azure AD.

I checked Sync Service Manager and it only shows "Projections: 1" and "Connectors with Flow Updates: 1" with a new device. No "Adds" or whatsoever. Containers are checked and it worked before...

Does anyone know what could go wrong?

Good Day,

Our issue is that when users are off the corporate network (ie Travelling Abroad) and they forget their password they are currently out of luck and the only way to get them back into their laptop would be for them to return to one of our sites to sign in.

Ive setup AAD with password write back and users are able to change their own passwords via office.com but again, they still have to return to the LAN to authenticate against a domain controller to access their machine with their changed password.

Im trying to find out if devices can be sync'd with AAD so that if a user is off the LAN then all they would need is internet access and they could authenticate against AAD to gain access to their laptop with a changed password.

Ive attempted an EMS Fast Track with Microsoft but this only lead to the consultant saying that we are too far along in the integration for FastTrack to be any use, and im not getting any clear suggestions as to whether the above can be implemented or not.

Any advice is highly appreciated.