Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Can't log on using O365 account. 'That Microsoft account doesn't exist. Enter a different account or get a new one'

February 21, 2018, 9:52 pm
$
0
0

My main issue is:

I am the administrator of my Office 365 and trying to log onto Windows 10 on my Surface with the 365 account produces an error "That Microsoft account doesn't exist. Enter a different account or get a new one .. " I get the error when I go to Accounts in Windows Settings, click on 'Sign in with a Microsoft Account instead'.

I am logged on to that PC as a local administrator and have my office 365 details in the School or Work account fields of Office, and 'Email & app account' and 'Access work or school fields' under Accounts in Windows Settings.

Thoughts?

While I'm here, and as a secondary point, I could not log onto MSDN with my office365 account either. Same error saying the account doesn't exist. On the tab next to the MSDN one though I am logged in to my O365 account. Does this mean that MSDN is on 'live' and I have to use a 'live' account to log in?

Am I missing something fundamental here?

Thanks

Search

Azure AD Connect not Syncing

August 28, 2018, 6:14 am
$
0
0

Hi,

I have Azure AD connect set up for Syncing to my Azure Active Directory. For some reason, it stopped working and I can't figure out why. If I look at the Synchronization Service Manager, I can see that AD Sync is running a few times a day and all of the statues say success. If I look at them individually for both AD side and Azure side, they show rows being updated in the Export Statistics. However, when I go to my Azure Portal all of my old users are there and none of my group are showing up.

Does anyone know why this might be happening or where I can look to see where an issue might be? My biggest problem is that I don't actually have any errors showing up in the sync manager to start looking at.

Thanks,

Chris

Who will be announced as the next Azure Guru? Read more about August 2018 competition!!

September 2, 2018, 8:50 am
$
0
0


What is TechNet Guru Competition?

Each month the TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published in Microsoft Wiki Ninjas blog, a tweet from the Wiki Ninjas Twitter account, links will be published at Microsoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in September 2018 and must be in English. However, the original blog or forum content can be from before September 2018.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

  1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
  2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
  3. (Optional but recommended) Add a link to your article at the TechNetWiki group on Facebook. The group is very active and people love to help, you can get feedback and even direct improvements in the article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

PS: Above top banner came from Paul Long.

Thanks in advance!
Ninja [Kamlesh KumarTechNet Wiki Council


Thanks,
Kamlesh Kumar

If my reply is helpful please mark as Answeror vote as Helpful.

My blog | Twitter | LinkedIn

This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


Upgrading Azure AD Connect, enterprise admin error

August 23, 2018, 12:06 pm
$
0
0

Hello,

I'm trying to upgrade to Azure AD Connect 1.1.880.0 from 1.1.819.0 .  When inputting my enterprise admin credentials, it authenticates, but doesn't recognize that the account is a part of the enterprise admins group, error being "The provided user is not a member of the Enterprise Admins group"

I've tried adding 3 different users to the Enterprise Admin Group but the AD Connect upgrade won't recognize them as being enterprise admins.  Anyone have any ideas?

OWA via Azure App proxy - SPN - Multiple connectors possible?

August 28, 2018, 1:38 am
$
0
0
Exchange 2016, Hybrid joined, however not ready to migrate mailbox for several months at least.

Prior to then I will be migrating off RSA SecurId to MFA for my 2FA solution and was hoping therefore to publish OWA using Azure Application Proxy with AAD authentication and MFA.

Central to publishing OWA and getting KCD working appears to be setting the SPN for the internal OWA on the computer account hosting the AAP connector, e.g. setspn -s http/owa.domain.local ConnectorComputer

But of course we cant have two identical SPN ... right? ... so I'm therefore limited to one connector for this Enterprise app, e.g. I can't:
setspn -s http/owa.domain.local ConnectorComputer1
setspn -s http/owa.domain.local ConnectorComputer2

Am I right?

How do people build resilience in to publishing this way or is there a better way to do this? 

The only solution I can think off is to publish two Enterprise apps, a primary and a backup.

Hope above makes sense?

Thanks,

Aengus


Delegate permissions in Azure AD

August 29, 2018, 3:10 am
$
0
0

Hello,

we will sync a forest with Azure AD Sync to use password hash synchronization.

One root Domain with two Sub Domains.

We'd like to delegate permission to AD objects:

Administrator 1 -> delegated permissions to objects in Azure AD from sub Domain 1

Administrator 2 -> delegated permissions to objects in Azure AD from sub Domain 2

Is this possible?

What licenses do we Need. I read about Azure AD Basic for all objects and Azure AD Premium for the Administrators?

Thank you

Thomas


Username stuck as .onmicrosoft.com - primary email is OK

August 29, 2018, 8:11 am
$
0
0

I have a Windows 2012 domain using Azure AD Connect to sync my users to Azure AD (where we have Exchange Online). 


I'm in the process of enabling Multi Factor Authentication for all our users. I enabled a couple users first to test the process. One worked fine. The second user however, was having trouble logging in. I can see in his account that his username has changed from fn@<domainname>.com to fn@<domainname>.onmicrosoft.com. But his primary email address is still fn@<domainname>.com. 


When I login to Azure, I cannot change the domain used for the username (it's greyed out). In my on premise AD, his primary email is set to fn@<domainname>.com, and in proxyAddresses there is SMTP:fn@<domainname>.com 

Why did the username domain change? And how can I change it back? 

Group management via AzureAD

August 29, 2018, 12:54 pm
$
0
0

Hi,

I recently synced our active directory security groups into the AAD but i found the followig issues:

1. only groups are synced, the members of the group not synced

2. nested group is not synced as well

I didn't see any where mention that the group members won't be synced, or maybe I missed it.

Can someone help me or give me the documentations that i can find the answer please.

Thank you.

Search

Mapping claims with Azure AD B2C Custom Identity Provider (OpenID Connect)

August 23, 2018, 1:52 am
$
0
0
Although, I've set all the claim mappings well so they match those issued by our Identity Server 3, we don't seem to have those values on Azure AD side. Name and email are claims which can be used as an example. And which is weird, this happens only with Custom Identity Provider (Open ID Connect) while for example Facebook built-in Identity Provider works well and takes those claims received from IdP. Is there anyone who made this work ever?

Additionally, I have also tried to achieve this through custom polices as it was suggested to me as the only possible way how this could be solved. Now, I'm facing with another problem to simply connect AAD B2C to Identity Server 3 by using custom policies. Here is my TechnicalProfile definition from TrustFrameworkExnsion.xml:

<TechnicalProfile Id="IdentityServerProfile"><DisplayName>IdentityServer</DisplayName><Description>Login with your IdentityServer account</Description><Protocol Name="OpenIdConnect"/><OutputTokenFormat>JWT</OutputTokenFormat><Metadata><Item Key="METADATA">https://{identity_server_hostname}/identity/.well-known/openid-configuration</Item><Item Key="ProviderName">https://{identity_server_hostname}/identity</Item><Item Key="client_id">00000000-0000-0000-0000-000000000000</Item><Item Key="IdTokenAudience">00000000-0000-0000-0000-000000000000</Item><Item Key="response_types">code</Item><Item Key="scope">openid profile customScope</Item><Item Key="UsePolicyInRedirectUri">false</Item><Item Key="AccessTokenResponseFormat">json</Item><Item Key="HttpBinding">POST</Item></Metadata><CryptographicKeys><Key Id="client_secret" StorageReferenceId="B2C_1A_IdentityServerAppSecret"/></CryptographicKeys><OutputClaims>      <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="IdentityServer" /><OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" /><OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="tid" /><OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="sub" /></OutputClaims><OutputClaimsTransformations><OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/><OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/><OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/></OutputClaimsTransformations><UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/></TechnicalProfile>

Basically, after authentication on IdentityServer side, I got redirected back to my web page which initialized the sign-in and then I get this error: AADB2C: An exception has occurred. Correlation ID: 6797f691-4adb-4963-ad12-f31add3e1919 Timestamp: 2018-08-23 08:42:54Z

While analyzing the log on AAD B2C for the given correlation ID, I didn't find anything useful which would lead me to the possible solution.

Any help would be much appreciated!

Enforce SSPR registration before allowing login?

August 30, 2018, 7:16 am
$
0
0
Is there a way to force a user to register for SSPR before they can login?

Azure B2C AD password reset wording

August 30, 2018, 7:59 am
$
0
0

Hi we have azure portal with yourselves and have custom B2C AD login, but would like the password reset policy wording (strong) to be displayed to the user

Minimum 8 characters and maximum 64 characters in length 3 of 4 character classes - uppercase, lowercase, number, symbol

is this possible?

SSO and List of Market place Apps

August 30, 2018, 8:45 am
$
0
0

Hi All 

Organisation has an O365 tenant and federated to Azure with on premise AD servers using AD conect.

All users Authenticate using Azure as it first point 

We have an application that does bookings that we have purchased, currently you have to login to application using a username/password specific to the application.

We want this application to use SSO on Azure , my queries 

1. how can i find out if this application is on azure app list 

2. if the app is in the azure list, what are the steps to get this application to SSO on Azure

3. if this application is not on the list

Regards

ian


rename Azure subscription

August 27, 2018, 9:50 am
$
0
0

Is it possible to change the url of azure subscription? if so what is the approach and steps.  

please let me know.

How to delete a complete Azure Active Directory

August 28, 2018, 1:50 am
$
0
0

Hi,

I recently changed my personal MS ID, and when I logged on to the portal.azure.com to check if all was working with my changed account, I accidentally deleted the only Azure AD user from the tenant. Now when I logon to the portal in the upper right corner there is shown that with my old MS ID I am logged on into the directory/tenant with an old name. Can someone help me delete the whole tenant, because I don't need it anymore, and maybe in the future I want to create a new tenant with a different name. Right now I am unable to delete the tenant because I am just a normal user with not enough rights. 

Kind regards.


Azure AD Graph API failing with "Insufficient privileges to complete the operation" while assigning applications

August 30, 2018, 4:57 am
$
0
0
Hi,

I am using Azure AD Graph API to manage Azure applications.

When trying to assign an application's appRole to a user using API https://graph.windows.net/<TenantID>/servicePrincipals/<ServicePrincipalID>/appRoleAssignments?api-version=1.6, it fails with 403 and response is as below. Even though the API fails, the app role gets assigned to user.

{
    "odata.error": {
        "code": "Authorization_RequestDenied",
        "message": {
            "lang": "en",
            "value": "Insufficient privileges to complete the operation."
        }
    }
}

The same API works fine with Azure AD Graph Explorer.
The DELETE operation to remove appRoleAssignments works fine without any issues.

Does it need any specific privileges to assign appRole?

Any help on this is appreciated.

Thanks,
Ishwar

Search

Could not retrieve Azure application's logo using Azure AD Graph API

August 30, 2018, 5:14 am
$
0
0
Hi,

I need help in retrieving Azure application's logo using Azure AD Graph API.

I have tried to retrive application's details from the following URLs both didn't have logo information.

https://graph.windows.net/<TenantID>/applications?api-version=1.6 and 
https://graph.windows.net/<TenantID>/servicePrincipals?$filter=appId eq '<Application's appId>'&api-version=1.6

As per the documentation: https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#application-entity, the response should havemainLogo attribute. But this attribute is never included in the response. I have tried with external client ans also with Azure AD Graph explorer but this attribute is not included in the response.

However, the response includes logoUrl attribute which is not in the documentation. This attribute has logo URL only when the application has custom logo configured. Otherwise, it is always null.

Any suggestions on how to retrieve the application's logo that is seen in Azure portal?

Thanks,
Ishwar

Problem with self-service password reset due to "organization's password reset configuration"

August 31, 2018, 9:27 am
$
0
0
Hello Experts, Please see screenshot error attached. We are a small college and just purchased the Azure Active Directory Premium P1 subscription and I am testing the self-service password reset feature. We would like to pre-populate students and staff mobile phone number so they can use self-service password reset right away, without first having to register. I am using my test account and went to passwordreset.microsoftonline.com, enterned my user ID, it asked to verify my phone number, which is great. I then received a text message with the code, but when I tried to supply a new password, I received an error "we cannot reset your password at this time because of a problem with your organization's password reset configuration". We have on-premise integration write-back enabled, and students are able to change their password from office.com for example, and they can register their accounts as well. Any idea what am I missing? 

MS Azure AD Connect - fails to validate credentials

August 21, 2018, 3:34 am
$
0
0

Hi 

I am setting up a new 2016 server and attempting to use Azure AD Connect to simplify the sign in process for users. When following the wizard I was strongly recommended to use the CUSTOM option because i don't have a routable domain.

I can successfully log into the web portal with the same credentials but get the message Unable to Validate Credentials. An unexpected error has occurred.

I am not currently using a proxy so haven't altered machine.config but it did test correctly when I attempted to verify the proxy using PowerShell as described.

Any suggestions?

Thanks in advance

Sync Issues

August 23, 2018, 1:49 pm
$
0
0

Azure AD Sync complains about mail attribute being mismatched although its displaying the same address under both columns. tried using IDFix. It finds no errors

get the following information via email

Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [Mail <removed Email Address>;]. Correct or remove the duplicate values in your local directory. Please refer to<removed due to unverified account> for more information on identifying objects with duplicate attribute values.

tried the solution given. as well as solution from Azure twitter support. Still experiencing issues on this single account.

Configuring Azure AD federation with a third party IdP for Office365 SSO

September 3, 2018, 12:33 am
$
0
0

 Hi,

I am working on configuring Asure AD identity federation with a third party STS solution for Office 365 sign-in using WS* protocols. I tested the configuration by trying to sign in to Office 365 portal using a federated identity's username and password. It works all fine. But I when I test the federation connectivity using Microsoft Connectivity Analyzer, (which is a compulsory requirement in my case), I am redirected to my IdP login page and when I log in, the home page of the Office 365 account is also displayed. But the test continues to run for 10 minutes and the following test case fails.

Test Case :

Retrieving an identity token from the Passive authentication federation endpoint of your identity provider

Result: There was an error retrieving a token from your identity provider.

Additional Details: The token could not be found in the response body : (here the entire HTML body of the office 365 home page is displayed)

All the other tests are passed. 

I would be much thankful if anyone can suggest what is gone wrong here.

Thanks. 

Dinix195


Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>