Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Health service connectivity

August 16, 2018, 12:44 pm
$
0
0

Just installed ADconnect and the Health service isn't working.  HTTP proxies are defined and we have connectivity - the PS command to test connectivity gets past that part.  It errors out during "Step 2 - blob data upload":

PS C:\Windows\system32> Test-AzureADConnectHealthConnectivity -Role Sync -ShowResult 
Test-AzureADConnectHealthConnectivity's execution in details are as follows:
Starting Test-AzureADConnectHealthConnectivity ...

Connectivity Test Step 1 of 3: Testing dependent service endpoints begins ...
AAD CDN connectivity is skipped.
Connecting to endpoint https://login.microsoftonline.com
Endpoint validation for https://login.microsoftonline.com is Successful.
Connecting to endpoint https://login.windows.net
Endpoint validation for https://login.windows.net is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/clientregistrationmanager.svc is Successful.
Connecting to endpoint https://policykeyservice.dc.ad.msft.net/policymanager.svc
Endpoint validation for https://policykeyservice.dc.ad.msft.net/policymanager.svc is Successful.
Connectivity Test Step 1 of 3 - Testing dependent service endpoints completed successfully.

Connectivity Test Step 2 of 3 - Blob data upload procedure begins ...
Unhandled exception occurred: System.Security.Cryptography.CryptographicException: The parameter is incorrect.

   at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.LoadIdentityInfo()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.TestInsightServiceDataUploadProced
ure()
   at Microsoft.Identity.Health.Common.Clients.PowerShell.ConfigurationModule.TestAzureADConnectHealthConnectivity.ProcessRecord()

Anybody ever seen that before?

Search

Error installing AAD PowerShell module

August 17, 2018, 12:24 pm
$
0
0

I have a Windows 7 64bit workstation and I am trying to install AAD PowerShell module. 

I have a PowerShell window opened with elevated privileges and I ran the following command: Install-Module -Name AzureAD

I get the following errors. Help!

WARNING: Unable to download from URI 'https://oneget.org/nuget-2.8.5.208.package.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/nugetv2.feed.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/psl.feed.swidtag' to ''.
PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 
'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21
+ ...     $null = PackageManagement\Install-PackageProvider -Name $script:N ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception
    + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider
 
PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name 'NuGet'. Try 'Get-PackageProvider -ListAvailable' to 
see if the provider exists on the system.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21
+ ...     $null = PackageManagement\Import-PackageProvider -Name $script:Nu ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (NuGet:String) [Import-PackageProvider], Exception
    + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProvider
 
WARNING: Unable to download from URI 'https://oneget.org/nuget-2.8.5.208.package.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/nugetv2.feed.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/psl.feed.swidtag' to ''.
PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try 'Get-PackageProvider -ListAvailable'.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30
+ ... tProvider = PackageManagement\Get-PackageProvider -Name $script:NuGet ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-PackageProvider], Exception
    + FullyQualifiedErrorId : UnknownProviderFromActivatedList,Microsoft.PowerShell.PackageManagement.Cmdlets.GetPackageProvider
 
Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' or newer version of NuGet provider is installed.
At line:1 char:1
+ Install-Module -Name AzureAD
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Install-Module], InvalidOperationException
    + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module

AD Authentication with Windows/Service App

August 13, 2018, 6:31 pm
$
0
0

Hi,

I am developing a .NET Windows Application and I am trying to integrate Active Directory using ADAL library. We don't want to use storage/container key. I ran into the following two issues. I registered the app as Native App in Azure Active Directory

1. I keep getting the error AADSTS65001: The user or administrator has not consented to use the application with ID 'a87d3d9f-<g class="gr_ gr_447 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling" data-gr-id="447" id="447">cbdc</g>-465d-aa8d-d506ebec064b' named 'Test1'.

 a. I am a global administrator for my AD I granted the permission(global consent) for this app but that didn't <g class="gr_ gr_914 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" data-gr-id="914" id="914">help</g>

<g class="gr_ gr_914 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" data-gr-id="914" id="914"> b</g>. I also manually consented that also didn't' help.

c.  Set the oauth2AllowImplicitFlow to true in the manifest for test1 app

Here  is the code

string authority = string.Format(CultureInfo.InvariantCulture, AuthEndpoint, TenantId);var authContext = new AuthenticationContext(authority);var userCredential = new UserPasswordCredential("user@domain.com", "password");// Acquire an access token from Azure AD. var result = authContext.AcquireTokenAsync(ResourceId, ClientId, userCredential).Result;


2. Above is trying to connect with an explicit windows username and password and our ultimate goal is to use the logged-in user and I have been told(google) it should be possible if I am using Active directory but I am getting the following error.

{"password_required_for_managed_user: Password is required for managed user"}

Here is the code.

string authority = string.Format(CultureInfo.InvariantCulture, AuthEndpoint, TenantId);var authContext = new AuthenticationContext(authority);var userCredential = new UserCredential();// Acquire an access token from Azure AD. var result = authContext.AcquireTokenAsync(ResourceId, ClientId, userCredential).Result;

Could you guys help us to resolve?

Azure AD Connect Health Sync Monitor High CPU Usage

June 5, 2018, 4:45 am
$
0
0
Hello.  I have Azure AD Connect installed on my server to sync our on-premise domain with Office 365 and I'm noticing the Azure AD Connect Health Sync Monitoring Service is always running high CPU usage.  The actual process is Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe.  Is there a reason for this or a way to fix it?  Right now, I'm just stopping the Azure AD Connect Health Sync Monitoring Service(AzureADConnectHealthSyncMonitor) and my resources go back to normal.  I'm running Azure AD Connect 1.1.819.0 so it is the latest version.  If I restart the service, things are normal for a few minutes before this process spikes again.  Any help would be appreciated.  Thanks!

AD B2C Error: An error occurred while sending the web api request

August 15, 2018, 12:52 am
$
0
0

Hi everybody,

I have implemented the following example hosting the web app and web api on two Azure Web Apps

https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi

I get the following error when from the UI I click on the to-do list.
Inner Exception 1:
HttpRequestException: An error occurred while sending the request.
Inner Exception 2:
WebException: The underlying connection was closed: An unexpected error occurred on a send.
Inner Exception 3:
IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Inner Exception 4:
SocketException: An existing connection was forcibly closed by the remote host


I have tried the request with Postman and it works.
Request details:
{Method: GET, RequestUri: 'https://taskservice-..../api/tasks/', Version: 1.1, Content: <null>, Headers:
{
Authorization: Bearer eyJ0eXAiOiJK.......

Any idea?
Thanks in advance

How do I register a Function App?

August 16, 2018, 10:18 am
$
0
0

ABSTRACT
The Workflow that I'm writing will read the extended properties of a Calendar event.  This extended property contains custom data from our on-premises database.

THE WORKFLOW
1. User modifies a calendar event in Outlook (OWA)
2. Function App checks for the existence of custom data using the Outlook Extended Properties REST API reference (version 2.0)
3. If that custom data exists then we update our on-premises database with the new information.

PRE-REQUISITES:
- I must use the Outlook Extended Properties REST API endpoints to retrieve this information.
- In order to use the Outlook Endpoint I must provide an Access Token
- In order to get an access token I must register an Application within AAD

QUESTION:
How do I create and register this application (the azure function)?
Do I select "Web", "Native Application", or "Web API"?

I'm not sure about this "Redirect URL".   A user will be making a change from the Outlook web application.  I have no other web pages to which I'll send the user.








 

Germán Hayles



I am Unable add VM with Domain

August 16, 2018, 6:30 am
$
0
0

Hi Team,

I created VM on Azure Portal and created Azure domain services .

Now I tried to bring VM into domain ,but I am getting below error.

Kindly do the needful.

"The Reference account is currently Locked out and may not be logged on to".

Ravikumar Porappan

Azure AD Domain Services LDAP connection

August 15, 2018, 6:00 am
$
0
0
I disable secure LDAP over internet option but Can I use Private internal IP’s within the VNET to access port 636 on the Virtual Machines with IP addresses 10.0.0.4 and 10.0.0.5 within the same vnet
Search

can we automate the user for provisioning enterprise applications

August 14, 2018, 5:31 am
$
0
0

Hello 

Is there any workaround for the user to provision SaaS enterprise applications automatically in azure?

Please help!

Unlock accounts in Azure Active Directory Domain Services

May 22, 2018, 9:06 am
$
0
0

I've just set up Azure Active Directory Domain Services and noticed that accounts get locked out after 5 failed attempts even though the default domain group policy lockout threshold is set to 0.  I'm also not able to unlock user accounts when logged in as a member of the AAD DC Administrators group.

Is there a way to modify the lockout threshold and to unlock accounts?

Two way sync between Azure AD and On-premise AD

November 20, 2016, 3:22 am
$
0
0
Is it possible to synchronization attributes like Display name, Mobile number, Department and password from Azure AD (cloud) to On-premise AD and vice-versa.

Mandal Amit

Making a group

August 15, 2018, 3:17 pm
$
0
0

HI 

  1. Hi there. I am unable to find my student names when making a group

     richard.hainsworth
     Please let me know how to fix this

     
     Azure Support
     Hello. Can you please provide some additional information regarding this? Are you adding students to a Azure Active Directory?  ^RS

    2h 7 seconds ago
     richard.hainsworth
     Yes I am trying to

     
     richard.hainsworth
     my school email is richard.XXXX@XXXX.edu.au

     
     Azure Support
     So just to confirm, when you are adding students to an Active Directory, these students are not showing up? Can you please elaborate on the issue? ^RS

    2h
    all my students have @XXXX.XXXX.edu.au
     richard.hainsworth
     Yes no of my students who have all created a O365 account are not visable

     
     richard.hainsworth
     try and find this student  sienna.XXXX@XXXX.edu.au

     
     Azure Support
     
    Got it. Just to confirm, were the following steps done to add the users? https://aka.ms/5cSglLcb  ^RS

    2h 8 seconds ago

    I don;t have a global admin

     richard.hainsworth
     That is way above my pay grade but seems a bit dumb to think someone so high up in the organisation needs to add in a bunch of students from a school they have never heard of

     
     Azure Support
     Not a problem. Lets get you in touch with an engineer who can better assist. Can you please post this here: http://aka.ms/azadMSDNforumq  and send us the link? We will ensure the team is made aware. Thank you for your continued patience.  ^RS



How do I setup a OIDC with Azure AD

August 15, 2018, 5:06 pm
$
0
0
I tried to setup a Azure AD and have openID connect client to connect to it, but I do not get all the details from the azure page.

Connect Azure AD with customer's ADFS

August 13, 2018, 6:13 am
$
0
0

Hi all,

we have this project and I was wondering how to do the setup:


1. we have an application (actually, a Remote Desktop Gateway that allows users to have RDP access to different servers, entire infrastructure in Azure)

2. the users allowed to access RDGateway are stored in Active Directory "on-premises" (an AD DS installed on an Azure VM)

3. we have synced (with Azure AD Connect) this AD with Azure AD

4. our customers (that access the services through RDGateway) are asking for SSO (basically, they want to use the users in their domains to have access to the services we offer)


The question is: how do we connect our Azure AD with out customer's ADFS in order to obtain SSO?


Thank you,

Sorin

Linux-Openldap equivalent in Azure

August 13, 2018, 1:35 pm
$
0
0

Hello,

We are using openldap to serve our directory needs for a saas based web application. Is there any openldap equivalent in Azure where I can migrate existing schema and data and point my app to it for Authentication/Authorization purposes?

Environment: AWS Ubuntu EC2, Openldap.

Thanks in Advance

Search

AD Connect Group WriteBack Option

August 14, 2018, 1:53 pm

Need help setting up Hybrid Azure AD Join

August 15, 2018, 12:09 pm
$
0
0

Hi I would like some help setting up a Hybrid AAD Join environment.

1. I have got a domain and some domain joined workstations that I want to make Azure AD registered too.

2. I have created a SCP

Now I want to be able to add them to Azure.

I cant see the option under account settings in Windows 10.

Please help.

Thanks

Azure MFA with onpremise RDS

August 17, 2018, 2:18 am
$
0
0

Hi I have issue with haveing MFA working with our onpremise rds enviroment 2016 server.

I have installed:

Azure MFA server
Azure AD Connect
Configured MFA provider authentication based billing
NPSextension is installed on domain controller
Enabled MFA auth on AD object

Now when I login to RDS login fails and I receive a OTP SMS code for 2FA.

This error is generated on the server where the NPS extension is installed:

###########################################

Network Policy Server denied access to a user.
 
Contact the Network Policy Server administrator for more information.
 
User:
Security ID: mydomain\test1
Account Name: mydomain\test1
Account Domain: mydomain
Fully Qualified Account Name: mydomain.com/Companies/test1
 
Client Machine:
Security ID: NULL SID
Account Name: PC1
Fully Qualified Account Name: -
Called Station Identifier: UserAuthType:PW
Calling Station Identifier: -
 
NAS:
NAS IPv4 Address: -
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Virtual
NAS Port: -
 
RADIUS Client:
Client Friendly Name: RDSGateway
Client IP Address: 192.168.100.12
 
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: RDG_CAP
Authentication Provider: Windows
Authentication Server: LAB-DC1.mydomain.com
Authentication Type: Extension
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 21
Reason: An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

#################################################### 

Device Authentication while off premises

August 14, 2018, 11:05 pm
$
0
0

Good Day,

Our issue is that when users are off the corporate network (ie Travelling Abroad) and they forget their password they are currently out of luck and the only way to get them back into their laptop would be for them to return to one of our sites to sign in.

Ive setup AAD with password write back and users are able to change their own passwords via office.com but again, they still have to return to the LAN to authenticate against a domain controller to access their machine with their changed password.

Im trying to find out if devices can be sync'd with AAD so that if a user is off the LAN then all they would need is internet access and they could authenticate against AAD to gain access to their laptop with a changed password.

Ive attempted an EMS Fast Track with Microsoft but this only lead to the consultant saying that we are too far along in the integration for FastTrack to be any use, and im not getting any clear suggestions as to whether the above can be implemented or not.

Any advice is highly appreciated.

AADC user/contact matching issues

August 9, 2018, 12:27 am
$
0
0

Hello,

We have gone from an on-prem Exchange to EOL but we still have on-prem Exchange for management of user objects but everything mail related is done in EOL

Now we're having issues that for some reason our "Azure AD Connect" has matched a user object (which isn't even enabled for Exchange) and a contact object and decided they are one and the same. Which means the contact isn't working in O365!

So, how do I break the matching? I've removed the "mail" attribute from the user object as well as all smtp/proxyaddress and made sure there is nothing in common between the two and done a full import/sync in AADC yet the matching is still there and then it writes back some X500 addresses back as proxyaddresses!

Is there any way to manually break the matching? Because they really have nothing in common!!

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>