Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

I am Unable add VM with Domain

$
0
0

Hi Team,

I created VM on Azure Portal and created Azure domain services .

Now I tried to bring VM into domain ,but I am getting below error.

Kindly do the needful.

"The Reference account is currently Locked out and may not be logged on to".


Ravikumar Porappan


Commandline to export users with rights

$
0
0

Hi all,

I am looking for commandline to export CloudOnly users from AAD, with the rights they have. At the moment im using this command to export all CloudOnly users: 

get-msoluser -all | Where-Object {$_.ImmutableId -like "$null"} |export-csv -Path c:\temp\filename.csv -NoTypeInformation

Can anyone help me out with this? What command do I need to add to export these users with rights?
Thanks in advance!

Regards,

Kerim Tupkovic

Call to Micosoft OAuth2 not working as expected.

$
0
0

I have an internal corporate web app that needs to access corporate SharePoint Online. I want to call OAuth2 to take the user through the authentication process so the web app can retrieve an access_token and then call the Microsoft Graph API. I am using Django 1.11/Python 2.7.

I have registered the app in the corporate Azure Portal, but when I call the /authorize endpoint the user sees what appears to be the wrong login page. I expect the user to see a page that shows the app's name and permissions, but all the user sees is a basic sign-on page. Moreover, when the user enters his corporate email address he sees an error that says “There was an issue looking up your account”. The user has been added to the register app's "Users and Groups".

As far as I can tell, everything is configured correctly.

I have Googled this like mad, but not found any help.

UPDATE: When called from a proper server, the call to /authorize is working correctly on IE11, but failing as described above on the latest Firefox and the latest (Windows) Chrome. When called from a local server (i.e.,http://127.0.0.1) the call to /authorize fails as described above on all browsers.

UPDATE 2: It turns out the call to /authorize from a server is NOT working correctly on IE11. After Grant Permission is selected, I am getting an "invalid parameters" error.

Any suggestions would be greatly appreciated.

Thanks.



azure cloud

$
0
0

I would like to know i in can force all my azure domain joined user to have the same desktop background and login screen?

also can i setup azure, when a user logs-in, company used application installs in the background (goolge chrome,firefox ,adobe)

and last can i setup azure to create desktop icons shortcuts for users that loggin with their azure AD account (Office 365)

All devices in Azure Active Directory

$
0
0

Hello,

I've gone into Azure Active Directory >  All devices and all our workstations are in there, is this normal?

Most say "Hybrid Azure AD joined" but some say "Azure AD registered" these ones have started to get logon prompts.  No one knows why.

Thanks

How do I authenticate against Azure AD?

$
0
0

The training videos I'm watching are old and do not match the current Azure Portal.

I believe these are the endpoints that I require in order to make RESTful calls for authentication against O365

https://login.microsoftonline.com/common/oauth2/v2.0/authorize
https://login.microsoftonline.com/common/oauth2/v2.0/token

In the examples of I've seen, the tenant ID gets inserted into the URLs above, but I don't see any mention of doing such a thing on the Microsoft site.


I'm still new to REST and am not fully acquainted with some of the shorthand I've seen.

Could someone provide a sample call that shows what values are to be provided.    I'd also be ok with training videos with that are more current, or documentation that shows exactly what parameters are required when making calls to AAD. 

The samples I've seen cause confusion because they're old and do not match what shows up on the App Registration page, or have different endpoints altogether.


Germán Hayles




How to access Source Property on Azure AD user profile?

$
0
0

Azure AD has Source property. The Graph API return user profile which does not has Source.

How can I access this property in code?

Convert-Msoltostandard or SET-MSOLDomainAuthentication? (Moving From ADFS to Pass through Authentication)

$
0
0

Hello,

 ADFS servers in my current workplace was configured outside of ADconnect but we are now trying to move to PTA. i have read the procedure from the link below

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication-faq

It explains that i have to convert the domain from federated to managed but did not specify the exactly command. 

has anyone migrated recently to please share which command they ran on ADFS server to change from federated to managed?


Powershell Script to list ALL users from Azure AD for Office 365

$
0
0

Hi

Can someone please send me a powershell script to list ALL users from Azure AD for Office 365 with all the properties.

Any pointers greatly appreciated.

Regards

Sekhar

Azure initial setup questions

$
0
0

Our goal is to remove our current DR private cloud infrastructure and setup a replacement on Azure.  We will just have an Exchange VM, Files Server VM, and AntiEmailSpam VM. 

I plan on following this page to get it setup: https://social.technet.microsoft.com/wiki/contents/articles/51353.azure-step-by-step-guide-extending-ad-ds-to-azure-using-site-to-site-vpn-or-express-route.aspx using vpn and virtual machines.

However, I’ve been reading about azure ad, azure ad connect, and azure ad domain services. I am a little confused on it.  Do these technologies basically sync your on prem AD to Azure ad but on a separate domain?  Say my onprem is called abc.com, I assume the azure ad will be called efg.com? I saw that azure ad domain services syncs the onprem sids to azure ad but the domains will be different?  Also, it said that domain services is cheaper, $110/month <25k ad objects.  If I spin up a vm and run a domain controller, it should be cheaper than that per month, like $50/60. 

Will having these Azure technologies benefit me if I am simply want to establish a DR environment in Azure?  (I know about less maintenance, no patching, high availably parts).

Thanks

Azure AD with CoreHR Integration

$
0
0

Hi Team,

Has anybody integrated Azure AD with Core HR third party systmes for SSO?

AD Authentication with Windows/Service App

$
0
0

Hi,

I am developing a .NET Windows Application and I am trying to integrate Active Directory using ADAL library. We don't want to use storage/container key. I ran into the following two issues. I registered the app as Native App in Azure Active Directory

1. I keep getting the error AADSTS65001: The user or administrator has not consented to use the application with ID 'a87d3d9f-<g class="gr_ gr_447 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling" data-gr-id="447" id="447">cbdc</g>-465d-aa8d-d506ebec064b' named 'Test1'.

 a. I am a global administrator for my AD I granted the permission(global consent) for this app but that didn't <g class="gr_ gr_914 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" data-gr-id="914" id="914">help</g>

<g class="gr_ gr_914 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" data-gr-id="914" id="914"> b</g>. I also manually consented that also didn't' help.

c.  Set the oauth2AllowImplicitFlow to true in the manifest for test1 app

Here  is the code

string authority = string.Format(CultureInfo.InvariantCulture, AuthEndpoint, TenantId);var authContext = new AuthenticationContext(authority);var userCredential = new UserPasswordCredential("user@domain.com", "password");// Acquire an access token from Azure AD. var result = authContext.AcquireTokenAsync(ResourceId, ClientId, userCredential).Result;


2. Above is trying to connect with an explicit windows username and password and our ultimate goal is to use the logged-in user and I have been told(google) it should be possible if I am using Active directory but I am getting the following error.

{"password_required_for_managed_user: Password is required for managed user"}

Here is the code.

string authority = string.Format(CultureInfo.InvariantCulture, AuthEndpoint, TenantId);var authContext = new AuthenticationContext(authority);var userCredential = new UserCredential();// Acquire an access token from Azure AD. var result = authContext.AcquireTokenAsync(ResourceId, ClientId, userCredential).Result;

Could you guys help us to resolve?

How do I register a Function App?

$
0
0

ABSTRACT
The Workflow that I'm writing will read the extended properties of a Calendar event.  This extended property contains custom data from our on-premises database.

THE WORKFLOW
1. User modifies a calendar event in Outlook (OWA)
2. Function App checks for the existence of custom data using the Outlook Extended Properties REST API reference (version 2.0)
3. If that custom data exists then we update our on-premises database with the new information.

PRE-REQUISITES:
- I must use the Outlook Extended Properties REST API endpoints to retrieve this information.
- In order to use the Outlook Endpoint I must provide an Access Token
- In order to get an access token I must register an Application within AAD

QUESTION:
How do I create and register this application?
Do I select "Web", "Native Application", or "Web API"?

I'm not sure about this "Redirect URL".   A user will be making a change from the Outlook web application.  I have no other web pages to which I'll send the user.








 

Germán Hayles


Need help to configure own domain name in AAD

$
0
0

Hello all.

I'm trying AAD and want to add my domain name. I wrote my domain and added DNS records. But Azure cant't verify my domain name.

I added domain name and Azure cant't find it

I replaced origin domain resistrator service to Azure DNS Zone and added records.

I check DNS records with Dig and found needed records.

But I have error on verification domain name in AAD. 

Level of Subscription - Free trial.


Health service connectivity

$
0
0

Just installed ADconnect and the Health service isn't working.  HTTP proxies are defined and we have connectivity - the PS command to test connectivity gets past that part.  It errors out during "Step 2 - blob data upload":

PS C:\Windows\system32> Test-AzureADConnectHealthConnectivity -Role Sync -ShowResult 
Test-AzureADConnectHealthConnectivity's execution in details are as follows:
Starting Test-AzureADConnectHealthConnectivity ...

Connectivity Test Step 1 of 3: Testing dependent service endpoints begins ...
AAD CDN connectivity is skipped.
Connecting to endpoint https://login.microsoftonline.com
Endpoint validation for https://login.microsoftonline.com is Successful.
Connecting to endpoint https://login.windows.net
Endpoint validation for https://login.windows.net is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/policymanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/policymanager.svc is Successful.
Connectivity Test Step 1 of 3 - Testing dependent service endpoints completed successfully.

Connectivity Test Step 2 of 3 - Blob data upload procedure begins ...
Unhandled exception occurred: System.Security.Cryptography.CryptographicException: The parameter is incorrect.

   at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.LoadIdentityInfo()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.TestInsightServiceDataUploadProced
ure()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.ProcessRecord()

Anybody ever seen that before?


Auto registration for Azure SSPR possible?

$
0
0

Hi,

Assuming we'd like to use the 'email my alternative email' and/or 'text my mobile phone' option during a SSPR reset operations - do end user have to do anything to register for Azure SSPR if AADConnect is already syncing their alt email addresses and mobile phone numbers to Azure?

thank you,

SK

Azure Single Sign On

$
0
0

Hi all

When a user tries to perform a password reset on our website using Azure single sign on, they receive an authentication code via email, even if they do not exist in our Azure active directory.

Does anyone know why this is?

Thanks,

Rob

Azure Issue

$
0
0
Having an issue with the "Users may register their devices with Azure AD" option under Devices>Device Settings being grayed out. This is due to a user being unable to load o365 on her laptop due to this error "We weren't able to register your device and add your account to Windows. Your access to org resources may be limited."

Windows 10 1803 - Join AD via Provisioning Package

$
0
0

Hello!
Right now we are deploying devices with Windows 10 1709, and joining them to Azure Active Directory using Provisioning packages. This works perfect (except for the fact that the Bulk token needs to be refreshed every 30 days).

However, we wish to make the switch to 1803, but the provisioning package failes while joining the AD. All other settings, like the Upgrade to Enterprise etc are configured correctly, but actually joining AD fails.

I've completely recreated the package in ICD 10.0.17134.1 (1803) and still, to no avail.

The message in the Eventlog *(provisioning-diagnostics-provider) is the one below:

ProvXML category 'DeviceAADJoin' failed with '0x80070057' at CSP node 'AADJ/BPRT'. Provisioning failed

This is from AAD Eventlog:

Error: 0xCAA5001C Token broker operation failed.Operation name: AddAccount,
Error: -895352821 (0xcaa2000b), Description: AADSTS50001: Resource 'https://enrollment.manage.microsoft.com/' is disabled.
Trace ID: e89d2d37-1a08-40fd-8655-33217cc60700Correlation ID: 68407247-141e-4ad0-bece-143152bfcbcfTimestamp: 2018-08-17 00:14:11Z
Logged at webaccountprocessor.cpp, line: 532, method: AAD::Core::WebAccountProcessor::ReportOperationError.


This happens on 2 different Azure domains (test and production) with confirmed accounts.


The actual XML of the package uses

<Authority>https://login.microsoftonline.com/common</Authority>

(automatically generated by the ICD). This URL however, 404's?

Azure AD Connect Health Sync Monitor High CPU Usage

$
0
0
Hello.  I have Azure AD Connect installed on my server to sync our on-premise domain with Office 365 and I'm noticing the Azure AD Connect Health Sync Monitoring Service is always running high CPU usage.  The actual process is Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe.  Is there a reason for this or a way to fix it?  Right now, I'm just stopping the Azure AD Connect Health Sync Monitoring Service(AzureADConnectHealthSyncMonitor) and my resources go back to normal.  I'm running Azure AD Connect 1.1.819.0 so it is the latest version.  If I restart the service, things are normal for a few minutes before this process spikes again.  Any help would be appreciated.  Thanks!
Viewing all 16000 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>