Hi,

I am trying to install an application into my customer's Azure tenant.  So I'm an external user, listed as an Owner in the subscription.  I was able to create a Resource Group and other resources, such as App Services and SQL Severs/Databases, but I can't do the following:

- Create an App Registration

- Validate Custom Domain ownership 

- Access a Key Vault to upload a certficiate

The customer receives their Azure services from another company.  When viewing the subscription in the Azure Portal, there's a message at the top:  "This subscription is managed in the Microsoft Partner Center".  I assume that the customer needs to be given more privileges by this partner, but I'm not sure what to do from here.

Note: the customer has verified that non-admins should have permission to create app registrations (under Azure Active Directory - User Settings, the 'App Registrations' setting is 'Yes' (users can register applications), and the 'Administration Portal' setting is 'No' (Restrict access to Azure AD administration portal).

What is special/different about management via CSP, and how do I get rights to perform the above tasks?

Thanks,

Phil

Configure AAD Sync

"An error occurred executing Configure AAD Sync task: Element 'ma-run-data' was not found. Line 1, position 2."

I get this error when I try to configure AAD connect client on my domain controller.  It was working before but when I tried to configure SSO it began to give me this error.  I tried step back and disable SSO again but it keeps giving me this error and the sync service doesn't work.  It seems to be referring to some log file that has no data.

Any ideas?

Hi,

I connected my Microsoft Account to Azure AD while trying to configure VSTS. I am having a lot of problems every since. For example, I cannot preview or download attachments from outlook.com and I cannot add my email address to Outlook for Windows. Each attempt at these operations result in a generic error message, something along the lines of, "an error has occurred" without any useful details.

Any idea how can I completely disconnect my Microsoft Account from Azure AD please?

I am unable to change company branding or add company branding even when i am the owner.

I have O365 subscription as well.

Hi there,

Is there anyone out here that can help me get the usersettings from the Azure AD portal?

I found out that I can get the group settings through the new v2 PowerShell Module for Azure AD, but the Usersettings seem to be missing in there.

Also tried REST calls, but somehow my cookies / authorisation tokens that I get from logging in to portal.azure.com are not valid for the REST api endpoint that Microsoft seem to be using: https://main.iam.ad.ext.azure.com/api/Directories/Properties

       Hi!

We are planning to start using Azure Active Directory B2C to handle login to our customer-facing web applications. However, last week we noticed that Microsoft has introduced a banner to inform users about cookies on many of Microsoft's web pages, and that this banner is also present on the Azure AD B2C login page which will be fronted to our users. Unfortunately the banner mentions "ads" (which is a quite sensitive subject to the organization I am working for), and there is a link to Microsofts privacy policy which may be confusing to our end users which do not have a connection with Microsoft directly.

Does somebody know if the AD B2C login page was affected by mistake or on purpose, and if there is any mechanism to prevent the banner from being shown?

           Regards,

           Mats

I have seen the other post about using 

Login-AzureRMAccount
Get-AzureRMSubscription

But I am wondering if this requires that I have permissions to the subscription (of any form) to be able to see it listed?

I'm doing an assessment and have some permissions, but may not have permissions to some subscriptions.  The client isn't exactly sure how things are setup, so I'm trying to find out how many subscriptions they have (there may be some they don't remember), and if they're associated with the Azure AD tenant.

In other words, is there a way that I can simply list all Azure subscriptions associated with an Azure AD tenant when I may not have rights to some of those subscriptions?

I am using inbuilt <g class="gr_ gr_11 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="11" id="11">powershell</g> console on https://portal.azure.com and getting below error. My login account is "External Azure Active Directory" and Member with "Global administrator" directory role.

New-AzureADUserAppRoleAssignment : Error occurred while executing NewUserAppRoleAssignment
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ New-AzureADUserAppRoleAssignment -ObjectId e5eaa3e9-611e-473d-a874-4c ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [New-AzureADUserAppRoleAssignment], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.NewUserAppRoleAssignment

I am trying to use Azure AD and openid in an AspNet Core website I'm building. The site is part of a larger project which will implement some Azure Functions to handle telemetry gathered from a smartphone while riding a motorcycle, as part of a crash monitoring application. Azure AD, open ID, etc., are new to me, so I'm not sure I'm even using the right terminology here, so bear with me.

What I'd like to do as a first step is to use Easy Auth to register new users on the site. The current VS 2017 (15.8) template implements Azure AD (at least) by default, and I've confirmed that it works: I can log into the site using my Microsoft Windows credentials.

Where I'm having a problem is understanding how that authentication fits into registering, and then authenticating, a user onto my site. In other words, I want the login process to check to see if a user is registered with my site (user info to be stored in a SqlServer database). In all the AspNet websites I've written heretofore, that's been implicitly done, because I've been authenticating users against the site database. Now that I'm authenticating against other sources (e.g., Microsoft, Google, Facebook), I'm unclear how to implement the site-specific stuff.

I've tried inserting site-specific authentication when the OpenID service is configured during startup (from Startup.cs):

          services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    // Instead of using the default validation (validating against a single issuer value, as we do in
                    // line of business apps), we inject our own multitenant validation logic
                    ValidateIssuer = false,

                    // If the app is meant to be accessed by entire organizations, add your issuer validation logic here.
                    //IssuerValidator = (issuer, securityToken, validationParameters) => {
                    //    if (myIssuerValidationLogic(issuer)) return issuer;
                    //}
                };

                options.Events = new OpenIdConnectEvents
                {
                    OnTicketReceived = context =>
                    {
                        // If your authentication logic is based on users then add your logic here
                        return Task.CompletedTask;
                    },

                    OnAuthenticationFailed = context =>
                    {
                        context.Response.Redirect("/Error");
                        context.HandleResponse(); // Suppress the exception
                        return Task.CompletedTask;
                    },

                    OnTokenValidated = context =>
                    {
                        // throwing an exception here when the user is not in the site database
                        // just causes the authentication request to be repeated, endlessly

                    }
                };
            });

When a user is not registered locally, do I just return a redirect to a page that allows them to register?

Related to this, I'd also like to allow some level of anonymous access, directing anonymous users to a page describing the site, how to register, etc. I'm not sure how to do that, either. Is there a way to inject specific claims into the authorization, and then control access to controller actions based on claims?

Sorry about the vague questions here. But, as I mentioned, I'm new to Azure AD, open id, easy auth and, for that matter, AspNet Core 2.0 :)

- Mark

Hello All

I need some advice, am hoping someone can point me in the right direction.

I would like to create a lab in Azure, where I create a domain which will represent my on-premise domain, extend this domain to my AD in Azure, using Azure AD Connect.

Can anyone advise, how to best go about this and if there are any blogs posts, relating to this subject?

Thank you for your help.

Jitesh

Hi folks,
   I'm getting errors on the initial install of AZ AD Connect to link our internal domain with our Office 365 domain in order to use Exchange Online Archiving.  I can't run the Exchange Hyrid Wizard until this step is finished. 
   I've tried this on two Windows 2012R2 domain controller with the same results.  It seems to fail on the Express SQL installation near the end of the Wizard.
   What am I missing.  I have broken the URL links in the log in order to post in this forum.

Thanks,

Randy

[12:06:37.848] [  1] [INFO ]
[12:06:37.848] [  1] [INFO ] ================================================================================
[12:06:37.848] [  1] [INFO ] Application starting
[12:06:37.848] [  1] [INFO ] ================================================================================
[12:06:37.862] [  1] [INFO ] Start Time (Local): Sun, 16 Sep 2018 12:06:37 GMT
[12:06:37.862] [  1] [INFO ] Start Time (UTC): Sun, 16 Sep 2018 19:06:37 GMT
[12:06:37.862] [  1] [INFO ] Application Version: 1.1.882.0
[12:06:37.862] [  1] [INFO ] Application Build Date: 2018-08-31 22:50:05Z
[12:06:39.396] [  1] [INFO ] Telemetry session identifier: {8a54ed01-0f2f-4fe2-b730-6b7e9def0686}
[12:06:39.396] [  1] [INFO ] Telemetry device identifier: nT0v+0gRb+v79RhBciAof+B11ZLKuw1InFf7Fq6Rd+4=
[12:06:39.396] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (0eb4240d4)
[12:06:39.583] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[12:06:39.599] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[12:06:39.630] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[12:06:39.630] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[12:06:39.630] [  1] [INFO ] Default Proxy [Enabled]: True
[12:06:39.630] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[12:06:39.693] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[12:06:39.693] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[12:06:39.740] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[12:06:39.740] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[12:06:39.755] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[12:06:39.755] [  1] [INFO ] Password Hash Sync supported: 'True'
[12:06:39.771] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[12:06:39.771] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[12:06:39.786] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[12:06:39.849] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: no registered products found.
[12:06:39.849] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[12:06:39.849] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package is not installed.
[12:06:39.849] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[12:06:39.849] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[12:06:39.865] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[12:06:39.865] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[12:06:39.865] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[12:06:39.865] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:39.865] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[12:06:39.865] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[12:06:39.865] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[12:06:39.865] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[12:06:40.406] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[12:06:40.406] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[12:06:40.406] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[12:06:40.406] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[12:06:40.406] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[12:06:40.406] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[12:06:40.406] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[12:06:40.406] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[12:06:40.625] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[12:06:40.625] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[12:06:40.625] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[12:06:40.625] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.625] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {786f1270-e605-4b12-80a1-6dde0de09323}.
[12:06:40.625] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.882.0, ProductCode=786f1270-e605-4b12-80a1-6dde0de09323, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[12:06:40.625] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[12:06:40.625] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.882.0) is installed.
[12:06:42.885] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[12:06:42.885] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[12:06:42.885] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[12:06:42.885] [  1] [INFO ] Checking for DirSync conditions.
[12:06:42.885] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[12:06:42.885] [  1] [INFO ] Sync engine is not present. Performing clean install.
[12:08:48.472] [  1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[12:08:48.753] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.GatherEnvironmentData in Page:"Express Settings"
[12:08:48.769] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:148
[12:08:48.800] [  9] [INFO ] Checking if machine version is 6.1.7601 or higher
[12:08:48.800] [  9] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[12:08:48.800] [  9] [INFO ] Password Hash Sync supported: 'True'
[12:08:48.831] [  1] [INFO ] Express Settings install is supported: domain-joined + OS version allowed.
[12:08:50.690] [  1] [INFO ] Express Settings:  Updating page flow for EXPRESS mode install.
[12:08:50.693] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[12:08:50.694] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Save: zero state elements provided, saving an empty persisted state file
[12:08:50.741] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[12:08:50.755] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.StartPrerequisiteInstallation in Page:"Express Settings"
[12:08:50.755] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:700
[12:08:50.822] [  9] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartNewInstallation in Page:"Install required components"
[12:08:50.823] [  9] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:728
[12:08:50.892] [  9] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[12:08:50.909] [  9] [INFO ] Enter ValidateSqlVersion.
[12:08:50.909] [  9] [INFO ] Exit ValidateSqlVersion (localdb).
[12:08:50.911] [  9] [INFO ] Enter ValidateSqlAoaAsyncInstance.
[12:08:50.911] [  9] [INFO ] Exit ValidateSqlAoaAsyncInstance (localdb).
[12:08:50.912] [  9] [INFO ] The ADSync database does not exist and will be created.  serverAdmin=True.
[12:08:50.912] [  9] [INFO ] Attaching to the ADSync database: SQLServerName=DoesNotExist SQLInstanceName= ServiceAccountName=, state=, Collation=, /UseExistingDatabase=False.
[12:08:50.912] [  9] [INFO ] Starting Sync Engine installation
[12:08:50.913] [  9] [INFO ] Starting Prerequisite installation
[12:08:50.914] [  9] [VERB ] WorkflowEngine created
[12:08:50.915] [  9] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[12:08:50.915] [  9] [VERB ] Getting list of installed packages by upgrade code
[12:08:50.915] [  9] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: no registered products found.
[12:08:50.915] [  9] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[12:08:50.915] [  9] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package is not installed.
[12:08:50.925] [  9] [VERB ] Created task 97f98fc5-58b5-4e5d-97fc-e62c1edd764e with name Install Prerequisites
[12:08:50.929] [  9] [VERB ] Created task f5a85a41-85b9-40ca-82f8-d75f95bd96b8 with name Install Visual C++ Redistributable for Visual Studio 2013
[12:08:50.947] [  9] [VERB ] Executing task Install Prerequisites
[12:08:50.949] [  9] [VERB ] Waiting for task to complete: Install Prerequisites
[12:08:50.995] [ 11] [VERB ] Executing task Install Visual C++ Redistributable for Visual Studio 2013
[12:08:54.730] [  7] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' has finished execution
[12:08:54.730] [ 11] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' finished successfully
[12:08:54.730] [ 11] [INFO ] Task 'Install Prerequisites' has finished execution
[12:08:54.777] [  9] [VERB ] Waited 0:00:03.781599 for task to complete: Install Prerequisites
[12:08:54.777] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[12:08:54.857] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[12:08:54.857] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[12:09:00.038] [  1] [INFO ] Property Username failed validation with error Username must be in the format name @domain.com or name @domain.onmicrosoft.com
[12:09:12.537] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[12:09:25.344] [  8] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - admin2 @mclarneyconstruction.com
[12:09:26.592] [  8] [INFO ] DiscoverAzureInstance [Worldwide]: authority=http s://login.windows.net/mclarneyconstruction.com, awsServiceResource=http s://graph.windows.net. Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (NA), Token Endpoint (http s://login.microsoftonline.com/5216486b-71e4-4c81-87a9-3ee3160abf89/oauth2/token).
[12:09:26.623] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6230973Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Clearing Cache :- 0 items to be removed
[12:09:26.623] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6230973Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Successfully Cleared Cache
[12:09:26.623] [  8] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
[12:09:26.654] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6549933Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:26.654] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6549933Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: Sending request to userrealm endpoint.
[12:09:27.431] [ 11] [INFO ] ADAL: 2018-09-16T19:09:27.4316214Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:27.431] [  8] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=5216486b-71e4-4c81-87a9-3ee3160abf89.
[12:09:27.447] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4477466Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:27.447] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4477466Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:27.447] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4477466Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: An item matching the requested resource was found in the cache
[12:09:27.462] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4622274Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: 59.998946465 minutes left until token in cache expires
[12:09:27.462] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4622274Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[12:09:27.462] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4622274Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:29.166] [  8] [INFO ] Authenticate: tenantId=(5216486b-71e4-4c81-87a9-3ee3160abf89), IsDirSyncing=False, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=0, AllowedFeatures=None.
[12:09:29.166] [  8] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[12:09:29.181] [  8] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=http s://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=http s://login.windows.net/mclarneyconstruction.com, AdalResource=http s://graph.windows.net.
[12:09:29.181] [  8] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: An item matching the requested resource was found in the cache
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: 59.970046235 minutes left until token in cache expires
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:29.181] [  8] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[12:09:30.173] [  8] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[12:09:30.752] [  8] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 5216486b-71e4-4c81-87a9-3ee3160abf89.  Initial domain (McLarney.onmicrosoft.com).
[12:09:30.752] [  8] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=False
[12:09:30.752] [  8] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Disabled
[12:09:30.752] [  8] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[12:09:30.894] [  8] [INFO ] AzureTenantPage: Successfully retrieved 3 domains from the tenant.
[12:09:30.894] [  8] [INFO ] Calling to get the last dir sync time for the current user
[12:09:31.064] [  8] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[12:09:31.064] [  8] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[12:09:31.064] [  8] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[12:09:31.064] [  8] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[12:09:31.064] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[12:09:31.111] [  1] [INFO ] Property Username failed validation with error Enterprise Administrator credentials are required
[12:09:34.824] [  1] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[12:09:37.306] [  1] [INFO ] Property Password failed validation with error A password is required - unless using a Virtual or Managed Service Account .
[12:09:46.133] [ 12] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - MCI\administrator
[12:09:46.145] [ 12] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user MCI\administrator
[12:09:46.148] [ 12] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[12:09:46.193] [ 12] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - MclarneyConstruction.com
[12:09:46.212] [ 12] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if MCI\administrator has AccountEnterpriseAdminsSid privileges in MclarneyConstruction.com
[12:09:46.507] [ 12] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-572195159-122900080-355810188, group sid - S-1-5-21-572195159-122900080-355810188-519
[12:09:46.509] [ 12] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[12:09:46.514] [ 12] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: found membership - user is a member of the group
[12:09:46.539] [ 12] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'MclarneyConstruction.com' was successfully matched.
[12:09:46.556] [ 12] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[12:09:46.560] [ 12] [INFO ] Validating forest with FQDN MclarneyConstruction.com
[12:09:46.628] [ 12] [INFO ] Examining domain MclarneyConstruction.com (:0% complete)
[12:09:46.630] [ 12] [INFO ] ValidateForest: using MCL17-Service.MclarneyConstruction.com to validate domain MclarneyConstruction.com
[12:09:46.631] [ 12] [INFO ] Successfully examined domain MclarneyConstruction.com GUID:fb3f584b-6546-4104-b23d-9b1b786f213a  DN:DC=MclarneyConstruction,DC=com
[12:09:46.652] [ 12] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[12:09:46.696] [ 12] [VERB ] MsolDomainExtensions.ConnectMsolService: Connecting to MSOL service.
[12:09:46.696] [ 12] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=http s://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=http s://login.windows.net/mclarneyconstruction.com, AdalResource=http s://graph.windows.net.
[12:09:46.696] [ 12] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: An item matching the requested resource was found in the cache
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: 59.6781313383333 minutes left until token in cache expires
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:46.696] [ 12] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[12:09:47.012] [ 12] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[12:09:47.061] [ 12] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize in Page:"Ready to configure"
[12:09:47.062] [ 12] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:5838
[12:09:48.066] [ 12] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: context.WizardMode ExpressInstall.
[12:09:48.073] [ 12] [INFO ] DiscoverAzureEndpoints [AADHealth]: ServiceEndpoint=http s://s1.adhybridhealth.azure.com/, AdalAuthority=http s://login.windows.net/mclarneyconstruction.com, AdalResource=http s://management.core.windows.net/.
[12:09:48.073] [ 12] [WARN ] DetermineAutoUpgradeState: AutoUpgrade entering ENABLED mode for express installation.
[12:09:48.073] [ 12] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: autoUpgradeState set to Enabled.
[12:09:48.075] [ 12] [INFO ] SetAutoUpgradeViaAdhealthRegistrykey: Updated SOFTWARE\Microsoft\ADHealthAgent\Sync\UpdateCheckEnabled registry value to 1
[12:09:48.076] [ 12] [INFO ] Restarting Monitoring Agent service.
[12:09:48.100] [ 12] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service AzureADConnectHealthSyncMonitor was not found
[12:09:48.100] [ 12] [WARN ] Monitoring Agent service is not installed, so the service cannot be restarted.
[12:10:03.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[12:10:03.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[12:10:03.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[12:10:03.545] [  1] [INFO ] PersistAzureAffinity: setting Azure affinity to value 0.  Original value: <not configured>.
[12:10:03.545] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteADSyncConfiguration in Page:"Configuring"
[12:10:03.547] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:10517
[12:10:03.549] [ 12] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[12:10:03.550] [ 12] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[12:10:03.554] [ 12] [INFO ] Starting Sync Engine installation
[12:10:15.061] [ 12] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[12:10:15.150] [ 12] [INFO ] ServiceControllerProvider:CreateService - serviceName:ADSync, username:MCI\AAD_771ee7f2756b, assemblyPath:C:\Program Files\Microsoft Azure Active Directory Connect\ADSyncBootstrap.exe
[12:10:33.602] [ 12] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[12:10:33.603] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Stopped
[12:10:33.603] [ 12] [VERB ] ServiceControllerProvider:  Starting service and waiting for completion.
[12:10:35.412] [ 12] [INFO ] ServiceControllerProvider: StartService status: Running
[12:10:53.398] [ 12] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[12:10:53.398] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Running
[12:10:53.398] [ 12] [VERB ] ServiceControllerProvider:  stopping service and waiting for completion.
[12:10:53.648] [ 12] [INFO ] ServiceControllerProvider: StopService status: Stopped
[12:10:53.648] [ 12] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[12:10:53.648] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Stopped
[12:10:53.648] [ 12] [VERB ] ServiceControllerProvider:  Starting service and waiting for completion.
[12:10:53.938] [ 12] [INFO ] ServiceControllerProvider: StartService status: Running
[12:10:54.748] [ 12] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[12:10:54.749] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Running
[12:10:54.749] [ 12] [VERB ] ServiceControllerProvider:  stopping service and waiting for completion.
[12:10:54.998] [ 12] [INFO ] ServiceControllerProvider: StopService status: Stopped
[12:10:54.998] [ 12] [INFO ] ServiceControllerProvider:DeleteService - serviceName:ADSync
[12:11:04.987] [ 12] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[12:11:04.987] [ 12] [INFO ] ServiceControllerProvider:DeleteService successful - serviceName:ADSync
[12:11:04.990] [ 12] [INFO ] BuildMsiArguments: Setting Sync Engine MSI parameters for clean installation
[12:11:13.360] [ 12] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Please see the event log for additional details. ---> Microsoft.Azure.ActiveDirectory.Client.Framework.ProcessExecutionFailedException: Error installing msi package 'Synchronization Service.msi'. Full log is available at 'C:\ProgramData\AADConnect\Synchronization Service_Install-20180916-121104.log'.

Extracted error message:
ActionStart(Name=ConfigDB,Description=Configuring SQL database,)
MSI (s) (7C:B4) [12:11:08:868]: Executing op: CustomActionSchedule(Action=ConfigDB,ActionType=9217,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (7C:58) [12:11:08:869]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI5339.tmp, Entrypoint: ConfigDB
1: 0 2: TraceProgress (ConfigDB: Obtaining CustomActionData properties.): at line 2244
 
1: 0 2: TraceProgress (ConfigDB: Parsing properties.): at line 2253
 
1: 0 2: TraceProgress (ConfigDB: Service account password is present.  Will impersonate to verify SQL acces
MSI (s) (7C!F4) [12:11:09:231]: Product: Microsoft Azure AD Connect synchronization services -- Error 25009.The Microsoft Azure AD Connect synchronization services setup wizard cannot configure the specified database. A long error message will be split and shown as several pop-ups. Click OK to continue. <hr=0x8023044a>

MSI (s) (7C!F4) [12:11:09:232]: Product: Microsoft Azure AD Connect synchronization services -- Error 25009.The Microsoft Azure AD Connect synchronization services setup wizard cannot configure the specified database. Error:
Stack: ERR_: MMS(3060): ..\sql.cpp(293): 0x80004005ERR_: MMS(3060): ..\sql.cpp(496): OriginalError=0x80004005 OLEDB Provider error(s):
Description  = 'Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.'
Failure Code = 0x80004005
Minor Number = 18452
BAIL: MMS(3060): configdb.cpp(248): 0x8023044a (unable to get error text)
ERR_: MMS(3060): configdb.cpp(484): srv=(localdb),inst=.\ADSync,dm=MCI,u=AAD_771ee7f2756b,su=MCI\administrator,bi=false,cmp=MCL17 <hr=0x8023044a>

MSI (s) (7C!F4) [12:11:09:232]: Product: Microsoft Azure AD Connect synchronization services -- Error 25009.The Microsoft Azure AD Connect synchronization services setup wizard cannot configure the specified database. -SERVICE,ver=,db=ADSync <hr=0x8023044a>

CustomAction ConfigDB returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
09/16/2018 12:11:09.335 [6012]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393

09/16/2018 12:11:09.335 [6012]: Detailed info about C:\Windows\assembly\tmp\AVIQALBE\Microsoft.MetadirectoryServices.Host.dll

09/16/2018 12:11:09.335 [6012]:  File attributes: 00000080

09/16/2018 12:11:09.490 [6012]:  Restart Manager Info: 1 entries

09/16/2018 12:11:09.491 [6012]:   App[0]: (6012) Windows Installer (msiserver), type = 3

09/16/2018 12:11:09.491 [6012]:  Security info:

09/16/2018 12:11:09.491 [6012]:   Owner: S-1-5-18

09/16/2018 12:11:09.491 [6012]:   Group: S-1-5-18

09/16/2018 12:11:09.491 [6012]:   DACL information: 4 entries:

09/16/2018 12:11:09.491 [6012]:   ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

09/16/2018 12:11:09.491 [6012]:   ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

09/16/2018 12:11:09.491 [6012]:   ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

09/16/2018 12:11:09.491 [6012]:   ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

MSI (s) (7C:B4) [12:11:09:497]: Note: 1: 2265 2:  3: -2147287035
MSI (s) (7C:B4) [12:11:09:497]: User policy value 'DisableRollback' is 0
MSI (s) (7C:B4) [12:11:09:497]: Machine policy value 'DisableRollback' is 0
Action ended 12:11:09: InstallExecute.
 ---> Microsoft.Azure.ActiveDirectory.Client.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1603.

Details:
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartProcessCore(String fileName, String& processOutput, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile, Boolean hideWindow, Boolean waitForExit, Boolean traceArguments, Int32 exitCodeToIgnore)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String packageOptions, String installationPath, NetworkCredential credential, String installLogFileName, Boolean extractOnly, Boolean quiet, Boolean suppressReboot)
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String packageOptions, String installationPath, NetworkCredential credential, String installLogFileName, Boolean extractOnly, Boolean quiet, Boolean suppressReboot)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallSynchronizationService(String pathToMsiFiles, String msiFileName, String installationPath, String sqlServerName, String sqlInstanceName, Boolean useInstallPathForDBFiles, IDictionary`2 syncServiceGroups, SyncServiceAccount syncServiceAccount, String logFilePath)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description, String logFileName, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[12:11:48.600] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180916-120637.log

What kind of the licnese is required to be able to manage enterprise applications in azure? Currently we only have office365 license. Will it cover this feature? Please advise. Thank you very much!

Hi,

This is a bit of an emergency... 

I have an azure tenant that is having issues with Azure AD Domain Services.

As it is suggested, the DNS server were configured in the Vnet as custom DNS.

However, recently there was a complaint that Internet was not accessible from the Azure hosted VM.

I removed the custom DNS servers from the Vnet and switched to "Default (Azure Provided)" and Internet was accessible.  However, I could not log on to the VM using my user@customdomain.com account; only with the local Admin account.

Looking at the Azure AD Domain Services Health, there are 2 Monitor messages:

Message 1:

Backup: Last backed up on Sat, 08 Sep 2018 18:51:57 GMT

Message 2: 

Synchronization with Azure AD: Synchronized on Thu, 13 Sep 2018 05:59:39 GMT.

And 3 Alerts

Alert 1:

Name: The managed domain is experiencing a network error

Severity: Critical 

ID: AADDS104

Raised: 9/13/2018, 10:44:19 AM

Last Detected: 9/13/2018, 5:02:03 PM

Issue: Microsoft is unable to reach the domain controllers for this managed domain. This may happen if a network security group (NSG) configured on your virtual network blocks access to the managed domain. Another possible reason is if there is a user defined route that blocks incoming traffic from the internet.

Resolution:  Refer to the following article to resolve this issue Troubleshooting Alerts - Network Error

Alert 2:

Name: The managed domain has not been backed up for a long time

Severity: Warning

ID: AADDS501

Raised: 9/14/2018, 4:51:57 AM

Last Detected: 9/14/2018, 3:36:16 PM

Issue: The managed domain was last backed up on 9/8/2018 6:51:57 PM.

Resolution: Refer to the following article to resolve this issue Active Directory Domain Services article

Alert 3:

Name: The managed domain is suspended

Severity: Critical

ID: AADDS504

Raised: 9/13/2018, 5:06:11 PM

Last Detected: 9/14/2018, 3:36:16 PM

Issue: The managed domain is suspended due to an invalid configuration. The service has been unable to manage, patch, or update the domain controllers for your managed domain for a long time.

Resolution: Refer to the following article to resolve this issue Active Directory Domain Services article

After doing some research, I was able to ascertain that all 3 ports required for AD Synchronisation (443, 3389, 5986) are defined in the incoming rules of the NSG.

From the Monitor message, the synchronisation was done but the backup was not done for less than a week (if you compare the 2 dates between the backup and the sync).

Apparently, according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-suspension, if the issue is not resolved, the managed domain is at risk of being deleted in less than 15 days.

Of course we would like to avoid this but it seems that the only way we can get this resolved is by having the domain controllers backed up.  BUT HOW CAN WE DO THIS!!!?? This is an Azure AD DSmanaged domain.

The same above-mentioned article says the following about a managed domain that is in a "suspended" state:

The "Suspended" state

A managed domain is put in the Suspended state for the following reasons:

• One or more critical alerts haven't been resolved in 15 days. Critical alerts can be caused by a misconfiguration that blocks access to resources that are needed by Azure AD DS.
  • For example, the alert AADDS104: Network Error has been unresolved for more than 15 days in the managed domain.
• There's a billing issue with your Azure subscription or your Azure subscription has expired.

Managed domains are suspended when Microsoft is unable to manage, monitor, patch, or back up the domain on an ongoing basis.

What to expect

• Domain controllers for your managed domain are de-provisioned and aren't reachable within the virtual network.
• Secure LDAP access to the managed domain over the internet (if it's enabled) stops working.
• You notice failures in authenticating to the managed domain, logging on to domain-joined virtual machines, or connecting over LDAP/LDAPS.
• Backups for your managed domain are no longer taken.
• Synchronization with Azure AD stops.

After you resolve the alert, your managed domain goes into the "Suspended" state. Then you need to contact support. Support might restore your managed domain, but only if a backup that is less than 30 days old exists.

The managed domain only stays in a suspended state for 15 days. To recover your managed domain, Microsoft recommends that you resolve critical alerts immediately.

We have a 'Basic' support plan and there were absolutely no change made in Azure portal.  So in order for us to have this investigated by Azure support, we have to buy a Support Plan? For something that we didn't break?

Thank you all for your help,

Karim.

We have exactly the same problem as this person: https://social.msdn.microsoft.com/Forums/azure/en-US/9930dec8-4cc0-445f-9a0e-e2db7c3336b5/duplicate-computers-and-conditional-access-hybrid-azure-ad-join?forum=WindowsAzureAD (but that forum post isn't answered).

Why are all devices duplicates? All devices now have a "registered" entry and a "hybrid" entry.

Some devices say Intune compliant on the "hybrid" device, others on the "registered" device. 

We just want one entry. Can we clean things up? Or merge the devices?

Thanks.