Hi y'all, Is it ok to use the free account for Azure active directory in support of my MPN membership in the partner dashboard?

Or am I doing this wrong?

Mark Henley

Henley's Formulas

ntspec@hotmail.com

hi

I get a something went wrong error when trying to join any windows 10 Enterprise machines to AAD.

The error message doesn't tell me a lot (something went wrong). I can't attache a screenshot, as I have to verify my account.

In Azure, I have under Devices: Users may join devices to azure ad -> All

Users may Register their devices with azure ad -> All is selected but greyed out

In Intune, admin-mdm - mdm device Management authority -> set to Microsoft intune.

Has anyone any ideas?

Thanks

Noel

Hi all ,

End goal : to be able to see our on premise domain accounts in VSTS .

To do this , i was told i have to use azure active directory and first thing was to run adconnect utility in on-prem domain controller machine . when I run adconnect utility, it asks me for azure account login /password . even after entering the correct password login fails.

can some one me with this issue pls?

thanks

Just as there is Microsoft Technical Specification available for Microsoft Active Directory Domain Services,

Why is same not available for Azure AD,

How and where this detail be found for Azure AD which clearly explains the details about all Classes / Objecttype and Attributes supported by Azure AD with details of there functioning again as it explained for Active-Directory

BR,
/HS

An Extremist

       Hi!

We are planning to start using Azure Active Directory B2C to handle login to our customer-facing web applications. However, last week we noticed that Microsoft has introduced a banner to inform users about cookies on many of Microsoft's web pages, and that this banner is also present on the Azure AD B2C login page which will be fronted to our users. Unfortunately the banner mentions "ads" (which is a quite sensitive subject to the organization I am working for), and there is a link to Microsofts privacy policy which may be confusing to our end users which do not have a connection with Microsoft directly.

Does somebody know if the AD B2C login page was affected by mistake or on purpose, and if there is any mechanism to prevent the banner from being shown?

           Regards,

           Mats

I have a simple C#/MVC 5 Azure app with a redirect sign-on and I am trying to simply get the Azure Active Directory Groups to which my authenticated User belongs.

I am having a devil of a time navigating all the various conflicting tutorials and MSDN content relating to:  AAD Groups, Claims, Graph API, Azure Portal App Registration, etc...

All I want to do is loop through a User's Groups that they are a member of.

Does anyone have a clean, simple explanation of how to do only this (without all kinds of extra Role/Claims stuff)?

Does my Azure App have to be converted into a Registered Azure Application in the portal in order to be able to do this?

It seems inordinately hard to figure out...

This call:
https://graph.windows.net/myorganization/groups/{object_id}/$links/members?api-version

produces an Access Token missing or malformed.

Then somewhere people say I need to send a token from somewhere else...

Hello,

I need to configure Azure AD DS and LDAP, but I alredy have configured AD Connect. I found docs that I just need to run PS script in order to enable NTLM and Kerberos for password hash, but I couldn't find what need to be entered for parameter AD CONNECTOR NAME and AZURE AD CONNECTOR NAME? Is that Server name / Tenant name or something other?

P.S.

With cloud only users, everything works fine.

Regards,

MCSA, MCSE, MCT, IAMCT Country Leader

When I try to install  AAD Connect I get the following error log.

[17:11:04.639] [  1] [INFO ]
[17:11:04.639] [  1] [INFO ] ================================================================================
[17:11:04.639] [  1] [INFO ] Application starting
[17:11:04.639] [  1] [INFO ] ================================================================================
[17:11:04.639] [  1] [INFO ] Start Time (Local): Tue, 11 Sep 2018 17:11:04 GMT
[17:11:04.639] [  1] [INFO ] Start Time (UTC): Wed, 12 Sep 2018 00:11:04 GMT
[17:11:04.639] [  1] [INFO ] Application Version: 1.1.819.0
[17:11:04.639] [  1] [INFO ] Application Build Date: 2018-05-02 16:19:11Z
[17:11:05.764] [  1] [INFO ] Telemetry session identifier: {ba1b49de-ed67-4ceb-869c-3b811762d3df}
[17:11:05.764] [  1] [INFO ] Telemetry device identifier: CEnI82SN9T2/b49MTvDqyjVassIcuUb1rRN4aVe/av8=
[17:11:05.764] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (38ad783d9)
[17:11:05.889] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[17:11:05.889] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[17:11:05.889] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[17:11:05.889] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[17:11:05.889] [  1] [INFO ] Default Proxy [Enabled]: True
[17:11:05.889] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[17:11:05.936] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[17:11:05.936] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[17:11:06.030] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[17:11:06.061] [  1] [INFO ] Loading the persisted settings .
[17:11:06.124] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[17:11:06.170] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[17:11:06.170] [  1] [INFO ] Password Hash Sync supported: 'True'
[17:11:06.217] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[17:11:06.436] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[17:11:06.436] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[17:11:06.452] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[17:11:06.452] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.467] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[17:11:06.483] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
[17:11:06.780] [  1] [INFO ] CheckInstallationState: Packaged version (1.1.819.0), Installed version (1.1.819.0).
[17:11:06.780] [  1] [INFO ] CheckInstallationState: AAD PowerShell is up to date (1.1.819.0 <= 1.1.819.0).
[17:11:06.780] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[17:11:06.780] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[17:11:06.780] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[17:11:06.780] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[17:11:06.780] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[17:11:06.780] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[17:11:06.780] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[17:11:06.780] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[17:11:06.780] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[17:11:06.780] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[17:11:06.780] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:11:06.780] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:11:06.796] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[17:11:06.889] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[17:11:06.889] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[17:11:06.889] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[17:11:06.889] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {89ca7913-f891-4546-8f55-355338677fe6}.
[17:11:06.889] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.4.7001.0, ProductCode=89ca7913-f891-4546-8f55-355338677fe6, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[17:11:06.889] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.4.7001.0) is installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {72b030ed-b1e3-45e5-ba33-a1f5625f2b93}.
[17:11:06.889] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.4.7469.6, ProductCode=72b030ed-b1e3-45e5-ba33-a1f5625f2b93, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[17:11:06.889] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.4.7469.6) is installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {b9274744-8bae-4874-8e59-2610919cd419}.
[17:11:06.889] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.4.7001.0, ProductCode=b9274744-8bae-4874-8e59-2610919cd419, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[17:11:06.889] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.4.7001.0) is installed.
[17:11:06.889] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[17:11:06.889] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.889] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[17:11:06.889] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[17:11:06.889] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[17:11:06.967] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[17:11:06.967] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[17:11:06.967] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[17:11:06.967] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:11:06.967] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {0f4d6650-8a7c-4c9d-8449-2431b8dff372}.
[17:11:06.967] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.819.0, ProductCode=0f4d6650-8a7c-4c9d-8449-2431b8dff372, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[17:11:06.967] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[17:11:06.967] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.819.0) is installed.
[17:11:06.967] [  1] [INFO ] Checking for DirSync conditions.
[17:11:06.967] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[17:11:06.967] [  1] [INFO ] Initial configuration is incomplete.
[17:11:17.470] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180911-171104.log

Hi,

I'm using OpenID Connect with Azure AD. I have an app on apps.dev.microsoft.com and things are working. Now I'm trying to add the verified_primary_email optional claim. Usually "upn" is the user's e-mail address, but sometimes it's not, for customers with various ADFS setups, so I'm trying to get the email attribute.

When I edit the manifest, add an "optionalClaims" property to the body, and save, I get an error message:

The request body contains unexpected characters/content for the specified content type and encoding.

Here's the block I'm trying to add to the manifest:

"optionalClaims": {"idToken": [
        {"name": "given_name","essential": false
        },
        {"name": "family_name","essential": false
        },
        {"name": "verified_primary_email","essential": false
        }
    ]
}

I've also tried simpler variations. For example, this no-op block gives the same error message:

"optionalClaims": {}

This one gives a slightly different error ("One or more property values specified are invalid"):

"optionalClaims": null

Can I get a hint as to how to add optionalClaims to the manifest?

Mike

I have added a 3rd party app from the Application Gallery for the purposes of SAML SSO.  This app is configured and the SSO works properly so I am getting ready to deploy it to my users.  Initially I had set the "User assignment required?" option to yes during testing so only I could see it.  I then assigned the application to myself and was able to see it in my app list and sign in to it from the link in the app list.

I have now set "User assignment required?" to no since this is an application to which all users in my organization should have access.  I don't want to have to assign every user to it.  According to the tooltip for this setting it claims that when the option is set to no as I have done then any user who navigates to the application link will be able to access it.  

This is not the case.  When I look at the my apps list for another user they cannot see it and when I try to go to the app url directly as that user I get the message

Oops, this link isn’t working…
This link to Citra University is invalid. Click the link below to see what applications you have access to. Otherwise, contact your administrator or the person who gave you this link to resolve this issue.

Which seems to suggest that user assignment is still required even though I have disabled the option.

Why is this happening when I have disabled the user assignment requirement?

Hi,

We have 3 regions (Dubai, Qatar & India) with minimum of 200 users on each region configured with local AD. Now we are planning to migrate to Azure where we need to have a VM with active directory role in Azure and all the users configured in local AD has to be synchronized azure VM AD. Each regions will be configured with site to site VPN with Azure VM.

My requirement is that the users on each region has to login with local active directory and the local AD on each region will synchronize with Azure VM AD. The reason is that in case of internet is down at the site, the users will login with local AD. 

Can you please advise how can we achieve this.

Thanks.

Hi All,

We have some strange behavior.

When we re-image a device (laptop eg desktop) we have the problem that the doamin join is not processed well in AAD.

The problem we then have is that Office365 products say that the device is not trusted.

When we delete the device in AAD and do a new domain join al is fine again.

We have on prem AD servers and we sync to AAD.

Why is AD not updating AAD with the right details?

regards

Hi, 

I'm developing web sites on Azure for years, and I use Azure Active Directory for authentication.

I register my web apps in Azure Active Directory - App Registrations.

I've never met any issue to configure my "reply urls", using HTTP protocol.

But, today, this is not possible anymore, and I wonder why.

As soon as I declare a reply url with HTTP protocol,  I cannot save, and get a validation error from azure portal:

BadRequest: The URI scheme in property  is invalid or unsupported.

This would work only if the reply url is set to HTTPS protocol.

And I really require HTTP protocol for my web sites.

Regards,

Thomas

hi,

i am trying to update the AADC from 1.1.443 to 1.1.819 and when trying to configure the AADC it is throwing this error; can someone please help me figure out the issue. 

We have errors with duplicate UPN's.

We have user XXX@YYY.com and somewhere user XXX1947@yyy.com. But there seems no place to delete the wrong one. Everything is fine in ActiveDirectory.

Is there a way to delete these?

All suggestions are welcome.

I'm new to AAD and getting my head around the set up.  I have a couple of basic (probably!) questions:

What's the difference between the 2 ways of creating an App? – Via Azure AD Connect and Enterprise Applications?

Do I need to set up separate Apps for Dev/UAT/Prod or can I use replay addresses to allow the different environments to access the same App?

cheers

Hi folks,

What would be the best way to block sign in of office 365   user which is SSO enabled by AAD  sync. 

If we block sign in from office 365 admin portal it gets enabled in next sync cycle by on prem AD. 

Is this the only way to disable account first from on prem AD and then block sign in office 365. ?

Thanks

Atul

I am trying to detect a login for a user from a browser that is new to them. 

It could be a new PC, a new browser, etc.  I'm doing this to attempt to notify them of a possible security problem. You know, someone else logging in on a computer they don't recognize.

My plan was to add a guid to a cookie and, at login, retrieve that cookie and see if that user has logged in with that cookie present before.  I am not storing any auth information, just a unique device id.

Here's my set up:

Now processing the login...

And here are the screenshots from Chrome.

Here, I am logged in and the cookie is there:

I log out and the same cookie value is still there, so far so good.

But I put a break point in my code so I could see the state of the browser after returning from B2C and redirecting back to m y site.  And the cookie is gone, which causes my site to think it's a login from a new device.

I can see that the domains are different, and I understand cookies are particular to a domain, but I don't know where it went.

Is there any chance that this is related to localhost ?  I'm pretty sure I'll be using cookies for other things and I don't understand what's happening.

Thanks in advance.

#noobalert

Relevant stuff:

• Asp.Net Core 2.1
• Chrome
• Windows 10
• Azure B2C

We are currently having some issues and are not able to find a resolution not sure what is causing the problem. Here is the scenario.

Created Azure AD security groups with assigned memberships (Security Is Enabled) Added members and owner.

Placed those AZAD groups into SharePoint online groups for access to site that were existing (XXX_Owner_group).  Those groups had user population and On Prem AD groups. 

Users who are members of the Azure AD group are not able to log onto SharePoint site getting permission denied.  Other users in the owner_group are fine.

Using Azure AD free version

Users have office e3 license

Replicated 4 hours

Any help would be great

Thanks

JF

Hello,

we are planning to sync two different AD forests to O365 with one Azure AD Connect Server.

The Forests have same:

Forest A: corp.local

Forest B: corp.local

Will this be a problem? Is there a workarround for this enviroment?

Thanks.