Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Azure AD Sync is not working anymore - after first restart after setup

August 19, 2018, 6:38 am
$
0
0

Hi there,

we have set up Azure AD Sync with Pass Hash Sync on friday. Due to windows updates we had to restart the server today.

Now it is not syncing anymore because of permission problems:

Password hash synchronization failed for domain: horvath.de. Details: 
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8453 : Replication access was denied. There was an error calling _IDL_DRSGetNCChanges.
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnGetChanges(ReplicationState syncState)
   at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.GetChanges(ReplicationState replicationState)
   at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy)
   at Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud()
   at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
   at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
   at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
.

I found this article:

https://social.technet.microsoft.com/wiki/contents/articles/51110.azure-ad-sync-troubleshooting-error-611-replication-access-was-denied-password-synchronisation-failed.aspx

But it's not clear where it needs those permissions. When installing the azure client we've let Azure AD client to manage the service user for syncing. So the entries were set by the program.

It has these rights on "root" but not on all OUs.



Can anyone please advise? 

<h3>Regards Stephan</h3>

Search

Office 365 Authentication

August 23, 2018, 6:10 am
$
0
0

Hi

I am trying to figure out how users are authenticating in Office 365. In the configuration of the AD Connect tool, only the password hash syncronization option is ticked as shown below.

We do have two ADFS servers, and was hoping to remove these by enabling pass-through authentication.

How would i go about changing from ADFS, if this is what we are using now, to pass-through SSO? If we were using ADFS, wouldnt the ADFS option below be ticked?

Thanks

Shane

ARM Template - Role Assignment

August 23, 2018, 5:10 am
$
0
0

Hi,

I am looking for the template which can assign access to the multiple subscription. In my case, we are CSP and I have access to multiple customer tenants (Directories). Currently if I want to assign reader permission of a user to the all customer's subscription then I have to do it one by one. I want to this task get done by a single script. Do you have such types of script. Thank you Sakaldeep

Sakaldeep Yadav

AD Migration/ redesign

August 23, 2018, 7:25 am
$
0
0

Looking for advice from the community.

I have 3 sites each with a DC and a data center with two domains (so a dc each)

Each site has a domain controller with pdc running from our DC.

I want to simplify this design if I can and run as much from the cloud (azure) as possible and looking for the best approach to do this?

Cuenta Multi Tenant

August 23, 2018, 6:50 am
$
0
0

Buenos dias,

problemas para aceder desde una consola de antivirus a mi cuenta de azure


Two Azure applications with the same external vendor using the same (SAML) authentication?

August 23, 2018, 5:33 am
$
0
0

Hi,

I'm trying to setup two Azure applications for SSO using SAML-based sign-on.

1. is using the sign-on URL, Identifier and Reply URL of:

https://companyname.externaldomain.com

2. is using the sign-on URL, Identifier and Reply URL of:

https://applicationname.companyname.com

The idea of course being that we are moving away from the exposing externaldomain to our staff, we want it to appear more like an internal system.

Both of these have ended up with the same App Federation Metadata URL, I suppose thats natural because its a application (Freshservice) that exists in the Azure applications gallery when setting it up.

The first one works fine and has worked for years, but the knew one gives various error messages when testing the SAML Settings:

AADSTS70001: Application with identifier 'http://applicationname.companyname.com' was not found in the directory <string from the App Federation Metadata URL>

If I change the Idenitifier to HTTP instead of HTTPS (which the resolving errors guide suggests) I instead get this error:

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'http://applicationname.companyname.com'.

Changing the Reply URL to HTTP instead of HTTPS isn't allowed so thats not an option.

Please note that we have a DNS CNAME in place for applicationname.companyname.comto point at the old address: companyname.externaldomain.com.

Any and all suggestions are welcome. Thank you.

Azure AD Authentication -Asp.net Web Application (Not MVC & Not Core)

August 23, 2018, 4:19 am
$
0
0

Hi,

I have a requirement to set Azure AD Authentication to one of my ASP.net web application. I searched a lot in net, got so many links but that all are mentioning the Azure AD authentication to MVC application. i am new in Azure, so please give a reply, is this authentication only possible to MVC application. 

I tried with O Auth, but I am not sure about how to implement in asp.net. I didn't get an example of Normal asp.net Application  .kindly please give an advice for this Question. 

Thanks in Advance.



Need help to configure own domain name in AAD

August 5, 2018, 5:46 am
$
0
0

Hello all.

I'm trying AAD and want to add my domain name. I wrote my domain and added DNS records. But Azure cant't verify my domain name.

I added domain name and Azure cant't find it

I replaced origin domain resistrator service to Azure DNS Zone and added records.

I check DNS records with Dig and found needed records.

But I have error on verification domain name in AAD. 

Level of Subscription - Free trial.


Search

Using a SAML 2.0 Identity Provider (IdP) for Office 365 Single Sign On

August 22, 2018, 5:48 am
$
0
0

I have configured a third party IdP for Office 365 single sign on as explained in here. When I test the connectivity manually, I can sign in and sign out using a federated identity with no issue. But when I try to test the connectivity using "Microsoft Connectivity Analyzer Tool", the test fails saying that IdP's passive authentication endpoint value is either null or empty. However, I am able to sign in manually via web browser successfully. The following is the result I get from the connectivity test.

Can someone please suggest what could be going wrong here?

Dinix195

create a new B2C directory

August 23, 2018, 10:44 am
$
0
0

Hello,

I try to create a create a new B2C directory and it gives me the following error.

I've tried several times, without success. Is there something I'm doing wrong?

https://portal.azure.com/Error/ClientTimeout/?src=PageLoadTimeout

Hmmm...

Sorry, the portal took a long time to load. Click 'Try again' to reload.
Looks like something went wrong
  • Try again
  • Sign out
  • Contact support

Best regards,

Cornel

Azure AD Connect for multi-forest

August 22, 2018, 2:33 pm
$
0
0
Hi May I have recommendation / answer how Azure AD Connect can be setup behind DMZ and what are pre-requisites to perform before setup.

How to merge a domain with a subdomain

August 23, 2018, 11:08 am
$
0
0

I've been trying to fix an issue in the company where I'm working right now.

Before migrating to the Microsoft Office 365 for business services we used to have a domain just for hosting a webpage, i.e. domain.com, we started an on-premises domain controller as domain.com but we encountered the problem where you cant open your own web page inside that domain network so we renamed it to corp.domain.com, but we never connected it to the root domain domain.com because there wasn't a domain controller at the time on that domain.

Now we have the domain.com domain linked to the Microsoft services, including the basic azure active directory. We want to connect the azure active directory with the on-premises active directory.

Azure active directory connect just syncs the accounts on the on-premises to the azure active directory which is fine with the people that only has on-premises accounts but is duplicating the people that has on-premises and azure which is a problem, specially for the email directory.<sub></sub><sup></sup><strike></strike>

Somebody has encountered this problem before? and, What was your solution?

Azure AD Connect - Auto Upgrade problem

August 23, 2018, 11:20 am
$
0
0

Hi All,

Is there someone who can explain / help with one issue which I am facing please?

We had set up Azure AD Connect around year ago. Before that DirSync was in use.

There is a general problem with auto - upgrade on Azure AD Connect. 

We used Set-ADSyncAutoUpgrade Enabled which allow us to change the status from Suspended to Enabled.

for some reason Auto-Upgrade is still not working.

I have noticed that in configuration we are do not using MSOL account. OLD DIR sync account is still in use. Is this could be the issue why we have a problem with auto-upgrade and we cannot to upgrade Azure AD Connect to the newest version ?

Microsoft Azure AD Connect version 1.1.533.0

Waiting for any ideas,

Thanks in advance.

How can I tell which account is the Global Administrator

August 23, 2018, 11:24 am
$
0
0

Hello,

When I log into the Azure Portal or AAD Azure Portal, I see 4 user accounts all of which are user accounts.

How do I make my account the Global administrator account for our domain?

Thanks

Allen

Upgrading Azure AD Connect, enterprise admin error

August 23, 2018, 12:06 pm
$
0
0

Hello,

I'm trying to upgrade to Azure AD Connect 1.1.880.0 from 1.1.819.0 .  When inputting my enterprise admin credentials, it authenticates, but doesn't recognize that the account is a part of the enterprise admins group, error being "The provided user is not a member of the Enterprise Admins group"

I've tried adding 3 different users to the Enterprise Admin Group but the AD Connect upgrade won't recognize them as being enterprise admins.  Anyone have any ideas?

Search

Prevent accidental deletes configuration error

August 21, 2018, 11:11 am
$
0
0

Hello,

When I try to execute Enable-ADSyncExportDeletionThreshold using global admin credentials it gives me authentication error. The password is correct and works fine when I directly login to azure portal. Multi factor authentication is enabled on global admin account, if it makes any difference. 

What might be the reason for this behavior? Is there a way to configure this setting through UI or some alternate commands that I can try?

Error String ==> "Enable-ADSyncExportDeletionThreshold : AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password"

Thanks!


Hybrid AD Joined Machine- AutoEnroll - Missing MDM URL in dsregcmd /status

August 23, 2018, 1:03 pm
$
0
0
What event actually triggers the input of the MDM URL during an AutoEnrollment in to MDM? Have some 1803 machines that are Hybrid Azure Joined, but dont have the MDM URL listed in the dsregcmd /status, although they are in the proper MDM scope group.

Using Azure (requires Anonymous Authentication) removes username from IIS Log of User Traffic?

August 17, 2018, 8:41 am
$
0
0

We recently converted one of our .NET applications from WIF to Azure AD authentication.  Under WIF, the IIS logs contained the username in the traffic so that we could crawl the logs and generate usage analytics.

Under Azure AD, anonymous authentication is needed in order for it to work.  Our IIS logs now show "-" as the user and our analytics engines are not reporting proper data.

Is there a way to re-integrate the use of Azure AD to add the user back to the IIS logs?


ADFS - Device Registration

November 20, 2017, 5:56 am
$
0
0

Hi,

I updated my ADFS farm few months ago.

Now, I want to use device authentication in order to do conditionnal Access.

But I have an error when I launch Initialize-ADDeviceRegistration.


The schema is 87, I have Enterprise Admin rights...

Can you help me please ?

Thanks,


Sync Issues

August 23, 2018, 1:49 pm
$
0
0

Azure AD Sync complains about mail attribute being mismatched although its displaying the same address under both columns. tried using IDFix. It finds no errors

get the following information via email

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [Mail <removed Email Address>;]. Correct or remove the duplicate values in your local directory. Please refer to<removed due to unverified account> for more information on identifying objects with duplicate attribute values.

tried the solution given. as well as solution from Azure twitter support. Still experiencing issues on this single account.

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>