Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Getting insufficient privileges error for New-AzureADUserAppRoleAssignment

September 1, 2018, 9:08 am
$
0
0

I am using inbuilt <g class="gr_ gr_11 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="11" id="11">powershell</g> console on https://portal.azure.com and getting below error. My login account is "External Azure Active Directory" and Member with "Global administrator" directory role.

New-AzureADUserAppRoleAssignment : Error occurred while executing NewUserAppRoleAssignment
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADUserAppRoleAssignment -ObjectId e5eaa3e9-611e-473d-a874-4c ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [New-AzureADUserAppRoleAssignment], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.NewUserAppRoleAssignment


Search

Azure AD Connect with SQL Database Guideline

September 2, 2018, 9:24 pm
$
0
0

I have Azure AD Connect server which is pointing to backend SQL for storing the database. My question - Is it recommended to use a SQL instance which is already having other databases or to use a new SQL instance always? Article is saying 

 It is not supported to share a SQL instance with FIM/MIM Sync, DirSync, or Azure AD Sync.

are they suggesting not to share a SQL instance with other sync services or they are saying always use a new SQL instance.

In my case-  I am using SQL instance where other DBs are also present and i didn't find any issues but need to know the recommended solution.

ExtendedProtectionTokenCheck , Same certificate on ADFS server & WAP ?

September 5, 2018, 3:17 am
$
0
0

Hi

So in the article 'Best practices for securing Active Directory Federation Services' it is said that:

'Extended protection for authentication is a feature that mitigates against man in the middle (MITM) attacks and is enabled by default with AD FS.'

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#extended-protection-for-authentication

Now in this technet blog, it states regarding ssl certificates on adfs & wap servers:

By using the exact same certificate this allows the following features to be enabled:
  • ExtendedProtectionTokenCheck to be enabled on AD FS.  It is enabled by default.

https://blogs.technet.microsoft.com/rmilne/2017/05/10/how-to-install-ad-fs-2016-for-office-365-part-2/

The first article didn't mention anything about the certificate should be the same for this feature to be enabled.

Should i understand from the above that if the certificate is not the same the feature will not actually protect but just merely be shown as enabled without actual effect? or am i missing something here?

Thank you.




Azure AD Connect syncing devices

August 30, 2018, 11:00 pm
$
0
0

Hi

Is Azure AD Connect supposed to sync also devices (Win10 laptop's) to Azure AD or do I need to manually join these devices to AAD?

Error installing AAD PowerShell module

August 17, 2018, 12:24 pm
$
0
0

I have a Windows 7 64bit workstation and I am trying to install AAD PowerShell module. 

I have a PowerShell window opened with elevated privileges and I ran the following command: Install-Module -Name AzureAD

I get the following errors. Help!

WARNING: Unable to download from URI 'https://oneget.org/nuget-2.8.5.208.package.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/nugetv2.feed.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/psl.feed.swidtag' to ''.
PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 
'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21
+ ...     $null = PackageManagement\Install-PackageProvider -Name $script:N ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception
    + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider
 
PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name 'NuGet'. Try 'Get-PackageProvider -ListAvailable' to 
see if the provider exists on the system.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21
+ ...     $null = PackageManagement\Import-PackageProvider -Name $script:Nu ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (NuGet:String) [Import-PackageProvider], Exception
    + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProvider
 
WARNING: Unable to download from URI 'https://oneget.org/nuget-2.8.5.208.package.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/nugetv2.feed.swidtag' to ''.
WARNING: Unable to download from URI 'https://oneget.org/psl.feed.swidtag' to ''.
PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try 'Get-PackageProvider -ListAvailable'.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30
+ ... tProvider = PackageManagement\Get-PackageProvider -Name $script:NuGet ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-PackageProvider], Exception
    + FullyQualifiedErrorId : UnknownProviderFromActivatedList,Microsoft.PowerShell.PackageManagement.Cmdlets.GetPackageProvider
 
Install-Module : NuGet provider is required to interact with NuGet-based repositories. Please ensure that '2.8.5.201' or newer version of NuGet provider is installed.
At line:1 char:1
+ Install-Module -Name AzureAD
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Install-Module], InvalidOperationException
    + FullyQualifiedErrorId : CouldNotInstallNuGetProvider,Install-Module

Unable to get Azure AD OpenID Authentication Exchange mail feild as a claim

September 5, 2018, 5:24 am
$
0
0
Unable to get Azure AD OpenID Authentication Exchange mail feild as a claim

Our emails are different than UPNs.

To check and make sure I have the mail property, I connect via PowerShell to Azure AD and run the following command.

    Get-AzureADUser -objectid upn@domain.com | Select-Object Mail

    Mail                
    ----                
    useremail@domain.com

So, in Azure AD I create a new Application Registration. In the app manifest, I enable `"acceptMappedClaims": true,`.

 Then in Visual Studio I create an *ASP.NET Web Application* and select *Work or School Accounts* for authentication, point to my cloud domain and after it's created, update `ClientId` to point to the application registration, etc.

 I then add a mapping policy:

 New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema": [{"Source":"user","ID":"mail","JwtClaimType":"email"}]}}') -DisplayName "CustomClaims" -Type "ClaimsMappingPolicy"

 I then add the policy to the app:

 Add-AzureADServicePrincipalPolicy -Id [Enterprise Application Object Id] -RefObjectId [policy id]

 In `Startup.Auth.cs` I add `Scope` list to include `email`

app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            ClientId = clientId,
            Authority = authority,
            PostLogoutRedirectUri = postLogoutRedirectUri,
            Scope = "openid profile email roles"
        });

Nothing seems to work. I am definitely missing some configuration step here...

How to stand up a backup domain controller in Azure

March 13, 2018, 1:55 pm
$
0
0

I have been asked to build a backup domain controller in an offsite location for the purposes of DR.  I'm wondering if there is a way to do this using Azure.  We currently use it for daily off site backups.

This is a 30 person company with one File/Print/DC server.  I have both local backups and backups to Azure.  But other then the local backup I have no bare metal backup nor do I have AD replication offsite.  Can somebody point me toward the best way to accomplish this?  I know you can do a bare metal backup to Azure it it is very confusing as to how you do it.  I also think I can stand up a VM to use as a replication for AD, but I can't find a way to do it.  Is there someone at Azure that I can arrange a pre-sales call to explain this?


Jim Θ¿Θ¬



Alias, UPN, sAMAccountName

September 5, 2018, 9:08 am
$
0
0

Hello

I see some users have sAMAccountName as their alias in their outlook profiles but others have “firstname.lastname”/UPN as their alias in their outlook profiles.

We used AAD Connect for synchronizing the attributes and chose MS-DS-ConsistencyGuid as Source Anchor.

We want all users have sAMAccountName as their alias.

What could be the reason that this happened and how can I fix it?

When I compare the attributes of the one which has a correct alias and the ne which has a wrong alias, I do not notice any diff regarding this issue. How can I notice where sth wrong is?

Any idea about what might be going on?



Search

AD Connect Server High CPU

September 5, 2018, 9:26 am
$
0
0
We started having high CPU for our AD Connect server, found the article below. Removed KB4054566 and KB4338605 which are the only KB on the server installed from the website and still seeing high cpu caused by the monitoring service.


https://support.microsoft.com/en-us/help/4346822/high-cpu-issue-in-azure-active-directory-connect-health-for-sync


Any other KB to check outside that list



Azure B2C AD password reset wording

August 30, 2018, 7:59 am
$
0
0

Hi we have azure portal with yourselves and have custom B2C AD login, but would like the password reset policy wording (strong) to be displayed to the user

Minimum 8 characters and maximum 64 characters in length 3 of 4 character classes - uppercase, lowercase, number, symbol

is this possible?

Can Excel do ad b2c authentication?

September 3, 2018, 2:56 am
$
0
0
I know and tested Excel doing normal azure AD authentication when accessing odata.
 
But can Excel do AD B2C authentication? 

Azure AD Connect Health Sync Monitor High CPU Usage

June 5, 2018, 4:45 am
$
0
0
Hello.  I have Azure AD Connect installed on my server to sync our on-premise domain with Office 365 and I'm noticing the Azure AD Connect Health Sync Monitoring Service is always running high CPU usage.  The actual process is Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe.  Is there a reason for this or a way to fix it?  Right now, I'm just stopping the Azure AD Connect Health Sync Monitoring Service(AzureADConnectHealthSyncMonitor) and my resources go back to normal.  I'm running Azure AD Connect 1.1.819.0 so it is the latest version.  If I restart the service, things are normal for a few minutes before this process spikes again.  Any help would be appreciated.  Thanks!

Error getting Authorization Code Microsoft Azure

August 24, 2018, 6:12 am
$
0
0

I am trying to generate Authorization Code for Microsoft Azure Application. I am following the below docs

docs.microsoft.com/en-gb/rest/api/azure/#authorization-code-grant-interactive-clients

docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

I got all the all the below details 

App ID : xxxxxxxxxxxxxxxxxxxxxxxx
Authentication Key : xxxxxxxxxxxxxxxxxxx
Tenat ID : xxxxxxxxxxxxxxxxxxx

when I try to get the code with the below URL, I am getting error

login.microsoftonline.com/<TenantID>/oauth2/authorize?client_id=<AppID>&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%3A12345&response_mode=query&resource=https%3A%2F%2FAzureApp.mydomain.com&state=12345

Error

AADSTS90009: Application '<AppID>' is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.


Error installing configuring AAD Connect for Federation services

August 29, 2018, 2:37 pm
$
0
0
Element 'ma-run-data' was not found. Line 1, position 2.
Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Element 'ma-run-data' was not found. Line 1, position 2. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Element 'ma-run-data' was not found. Line 1, position 2.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.CreateEmptyRunProfile(RunProfile runProfile)
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.CreateRunProfile(RunProfile runProfile)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncRunProfileCmdlet.ProcessRecord()

AAD issue have only member user

September 4, 2018, 3:12 am
$
0
0
Hello, I have an account with member rights and no other users in AAD. I was get the account from VLSC when buyed Windows Server license. How can I add administrator in the AAD.
Search

How to compare users in Active Directory with PowerShell

September 5, 2018, 11:51 am
$
0
0

Hello!

I want to compare all properties of say two users in Azure active directory. 

In On-Premise I tried and it worked.

("XXX","YYY") | %{Get-ADUser $_ -Properties *} | Export-Csv "C:\Temp\Result.csv" -Delimiter ";"

Now I do not know how to do the same in Azure (in one line, export, ...)

Connect-MsolService
Get-MsolUser -UserPrincipalName A.B@contoso.com | fl 
Get-MsolUser -UserPrincipalName c.d@contoso.com | fl


AD Authentication with Windows/Service App

August 13, 2018, 6:31 pm
$
0
0

Hi,

I am developing a .NET Windows Application and I am trying to integrate Active Directory using ADAL library. We don't want to use storage/container key. I ran into the following two issues. I registered the app as Native App in Azure Active Directory

1. I keep getting the error AADSTS65001: The user or administrator has not consented to use the application with ID 'a87d3d9f-<g class="gr_ gr_447 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling" data-gr-id="447" id="447">cbdc</g>-465d-aa8d-d506ebec064b' named 'Test1'.

 a. I am a global administrator for my AD I granted the permission(global consent) for this app but that didn't <g class="gr_ gr_914 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" data-gr-id="914" id="914">help</g>

<g class="gr_ gr_914 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style multiReplace" data-gr-id="914" id="914"> b</g>. I also manually consented that also didn't' help.

c.  Set the oauth2AllowImplicitFlow to true in the manifest for test1 app

Here  is the code

string authority = string.Format(CultureInfo.InvariantCulture, AuthEndpoint, TenantId);var authContext = new AuthenticationContext(authority);var userCredential = new UserPasswordCredential("user@domain.com", "password");// Acquire an access token from Azure AD. var result = authContext.AcquireTokenAsync(ResourceId, ClientId, userCredential).Result;


2. Above is trying to connect with an explicit windows username and password and our ultimate goal is to use the logged-in user and I have been told(google) it should be possible if I am using Active directory but I am getting the following error.

{"password_required_for_managed_user: Password is required for managed user"}

Here is the code.

string authority = string.Format(CultureInfo.InvariantCulture, AuthEndpoint, TenantId);var authContext = new AuthenticationContext(authority);var userCredential = new UserCredential();// Acquire an access token from Azure AD. var result = authContext.AcquireTokenAsync(ResourceId, ClientId, userCredential).Result;

Could you guys help us to resolve?

Small company on hosted server with E3 - advice?

September 5, 2018, 1:29 pm
$
0
0

Hi all,

Is there any scenario supported by Microsoft where a single 2016 server could provide RD services for 4-5 users and have their user credentials sync between it and 365?

Client has an E3 subscription (non-profit/charity).

Server is being provided by 3rd party with SPLA licensing.

I'm assuming installing AD services and running it as a domain controller isn't supported with an RDS role, and therefore we can't use Azure AD Connect, but is there a free Azure AD service with an E3 subscription that would allow joining the server to AAD and authenticate RDS users against 365?

The alternative is to run the server in workgroup mode with RDS and manage 2 sets of credentials.

Thanks,

David

Azure Active Directory Connect: Unable to install the Synchronization Service. Error 25001.

October 9, 2017, 8:03 am
$
0
0

Attempting to install Azure Active Directory Connect.  We are using a separate SQL server, SQL Server 2016 instance and a Managed Services Account for the setup.

We have fond and unblocked all related ports.  When using setup we are specifying the port for the instance.

Have gone through a number of other articles, including Component Services and Registry adjustments, as well as a full uninstall, deletion of folders and registry entries included.

We keep getting back to this error:

Unable to install the Synchronization Service. Please see the event log for additional details.

Log:

MSI (s) (6C:F0) [09:55:58:191]: Skipping action: GetGroupNamesFromDB (condition is false)
MSI (s) (6C:F0) [09:55:58:191]: Skipping action: DetectServiceAccount (condition is false)
MSI (s) (6C:F0) [09:55:58:191]: Doing action: ValidateAccount
Action ended 9:55:58: SetMSSQLSERVERServiceEmpty. Return value 1.
MSI (s) (6C:08) [09:55:58:191]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI7136.tmp, Entrypoint: ValidateAccount
MSI (s) (6C!7C) [09:55:58:207]: PROPERTY CHANGE: Adding UpdatedSourcesDialog property. Its value is '1'.
Action start 9:55:58: ValidateAccount.
MSI (s) (6C!7C) [09:55:58:207]: Product: Microsoft Azure AD Connect synchronization services -- Error 25001.The Microsoft Azure AD Connect synchronization services setup wizard cannot validate the information for <g class="gr_ gr_562 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" data-gr-id="562" id="562">service</g> account, password, or domain or local computer. Verify the entered information is correct, and then try again.

CustomAction ValidateAccount returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 9:55:58: ValidateAccount. Return value 3.
Action ended 9:55:58: INSTALL. Return value 3.
MSI (s) (6C:F0) [09:55:58:207]: Note: 1: 1708 
MSI (s) (6C:F0) [09:55:58:207]: Product: Microsoft Azure AD Connect synchronization services -- Installation operation failed.

MSI (s) (6C:F0) [09:55:58:207]: Windows Installer installed the product. Product Name: Microsoft Azure AD Connect synchronization services. Product Version: 1.1.614.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

Azure AD Sync wont install or run - Logs attached

September 5, 2018, 2:00 pm
$
0
0

We originally had Azure AD Connect working just fine, just a couple weeks ago things were humming along just fine. Over the last week things have gotten progressively worse starting with the service refusing to start due to login issues. After uninstalling and reinstalling the system worked again for a couple days, then it failed again. Reinstalling again gave us another 24 hours. Now we have no capability to sync and the service won't install or run.

Also tried manually uninstalling and reinstalling but found the same result. It even appears that SQL 2012 is being skipped by the installer.

Server 2016 running in a virtual environment. Server is a domain controller. Installing user is a domain administrator.

[16:53:51.341] [  1] [INFO ]
[16:53:51.341] [  1] [INFO ] ================================================================================
[16:53:51.341] [  1] [INFO ] Application starting
[16:53:51.341] [  1] [INFO ] ================================================================================
[16:53:51.341] [  1] [INFO ] Start Time (Local): Wed, 05 Sep 2018 16:53:51 GMT
[16:53:51.341] [  1] [INFO ] Start Time (UTC): Wed, 05 Sep 2018 20:53:51 GMT
[16:53:51.356] [  1] [INFO ] Application Version: 1.1.880.0
[16:53:51.356] [  1] [INFO ] Application Build Date: 2018-07-20 22:37:14Z
[16:53:53.450] [  1] [INFO ] Telemetry session identifier: {c4b98cfa-ef9c-4d9b-bf3f-6865c64b53f9}
[16:53:53.450] [  1] [INFO ] Telemetry device identifier: os1qvPdGZhQumkjaRgIoH0TtrpCCAagQgbrn0FMQ/Fc=
[16:53:53.450] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (3f67a493d)
[16:53:53.513] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[16:53:53.513] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[16:53:53.513] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[16:53:53.513] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[16:53:53.513] [  1] [INFO ] Default Proxy [Enabled]: True
[16:53:53.513] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[16:53:53.544] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[16:53:53.544] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[16:53:53.591] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[16:53:53.591] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[16:53:53.622] [  1] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
[16:53:53.622] [  1] [INFO ] Password Hash Sync supported: 'True'
[16:53:53.638] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[16:53:53.638] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[16:53:53.638] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[16:53:53.653] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:53.653] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[16:53:53.653] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[16:53:53.653] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[16:53:53.653] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[16:53:53.653] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[16:53:53.653] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:53.653] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[16:53:53.653] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[16:53:53.653] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {7fc37298-c8d4-4d4c-9d9a-dbbdc8011c68}.
[16:53:53.653] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.819.0, ProductCode=7fc37298-c8d4-4d4c-9d9a-dbbdc8011c68, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[16:53:53.669] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[16:53:53.669] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[16:53:53.669] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[16:53:53.669] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:53.669] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {7fc37298-c8d4-4d4c-9d9a-dbbdc8011c68}.
[16:53:53.669] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[16:53:53.669] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[16:53:53.669] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.819.0, ProductCode=7fc37298-c8d4-4d4c-9d9a-dbbdc8011c68, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[16:53:53.669] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[16:53:54.028] [  1] [VERB ] Check product code installed: {4e67cad2-d71b-4f06-a7ae-bb49c566bb93}
[16:53:54.028] [  1] [INFO ] GetProductInfoProperty({4e67cad2-d71b-4f06-a7ae-bb49c566bb93}, VersionString): unknown product
[16:53:54.028] [  1] [INFO ] AzureADSyncEngineComponent: Product Azure AD Sync Engine (version 1.1.819.0) is installed, needs to be upgraded to version 1.1.880.0.
[16:53:54.028] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[16:53:54.028] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.028] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[16:53:54.028] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[16:53:54.028] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[16:53:54.028] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[16:53:54.028] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.028] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[16:53:54.028] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[16:53:54.028] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[16:53:54.028] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[16:53:54.028] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.028] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[16:53:54.028] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[16:53:54.028] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[16:53:54.028] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[16:53:54.028] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.028] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: no registered products found.
[16:53:54.028] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[16:53:54.028] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities is not installed.
[16:53:54.028] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[16:53:54.028] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.028] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: no registered products found.
[16:53:54.028] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[16:53:54.028] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB is not installed.
[16:53:54.028] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[16:53:54.028] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.028] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: no registered products found.
[16:53:54.028] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[16:53:54.028] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client is not installed.
[16:53:54.028] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[16:53:54.028] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.028] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[16:53:54.028] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[16:53:54.028] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[16:53:54.028] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[16:53:54.044] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[16:53:54.044] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[16:53:54.044] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[16:53:54.044] [  1] [VERB ] Getting list of installed packages by upgrade code
[16:53:54.044] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {e369ca42-bb0d-4776-84f1-4618da3c3ce1}.
[16:53:54.044] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.880.0, ProductCode=e369ca42-bb0d-4776-84f1-4618da3c3ce1, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[16:53:54.044] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[16:53:54.044] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.880.0) is installed.
[16:53:54.356] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[16:53:54.356] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[16:53:54.372] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[16:53:54.372] [  1] [INFO ] DetectInstalledComponents stage: Sync engine upgrade required.
[16:53:54.372] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Backup: unable to locate the persisted state file for backup.  Path: C:\ProgramData\AADConnect\PersistedState.xml
[16:53:54.403] [  1] [INFO ] CallExportSyncConfig: launching ExportSyncConfig.exe.
[16:53:54.888] [  1] [INFO ] ServiceControllerProvider: verifying ADSync is in state (Running)
[16:53:54.888] [  1] [ERROR] Caught an exception while creating the initial page set on the root page.
Exception Data (Raw): System.InvalidOperationException: Service ADSync was not found on computer '.'. ---> System.ComponentModel.Win32Exception: The specified service does not exist as an installed service
   --- End of inner exception stack trace ---
   at System.ServiceProcess.ServiceController.GenerateNames()
   at System.ServiceProcess.ServiceController.get_ServiceName()
   at System.ServiceProcess.ServiceController.GenerateStatus()
   at System.ServiceProcess.ServiceController.get_Status()
   at Microsoft.Online.Deployment.Framework.Providers.ServiceControllerProvider.IsServiceInState(String serviceName, ServiceControllerStatus desiredStatus)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.DetectInstalledComponents.Execute(String& message, GlobalContext globalWizardContext, Boolean& isPasswordSyncSupported)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.RootPageViewModel.GetInitialPagesCore()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.RootPageViewModel.GetInitialPages()
[16:57:45.833] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180905-165351.log

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>