Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

IDX20803: Unable to obtain configuration from: '[PII

May 24, 2018, 12:22 am
$
0
0

I followed a tutorial here and working fine when running in local: 

https://docs.microsoft.com/en-us/azure/active-directory/develop/GuidedSetups/active-directory-aspnetwebapp-v1#configure-your-webconfig-and-register-an-application

When I transfer it in our server, I encountered this error. 

IDX20803: Unable to obtain configuration from: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.


What configuration did I miss? Thanks in advance. 

Search

Why is Azure AD Custom Domain verification failing?

September 20, 2018, 4:30 am
$
0
0

Hello,

I'm trying to test Azure AD with multiple domains and am having issues verifying one of the 3 domains I'm trying to use.

Over 24 hours ago I started trying to verify my domain.  The TXT and MX records are set and have propagated to the internet (Verified independently with DNS resolvers).  Two other domains I own, one at the same domain registrar (Godaddy.com) successfully verified within minutes, but these domains are fairly new and unlikely to have been used with any Microsoft-related services in the past

Can someone please assist me with finding out why this domain cannot be verified?  The experience others have had lead me to believe that somehow my domain was once verified for a Microsoft service.

Would it be possible to please open a support case to verify whether it's a technical failure or that the domain was already claimed for another service?  I am on a free trial so do not have full support and cannot directly open a ticket

thanks,

James.

Get-MsolUser -UserPrincipalName asif@mydomain.com | Select *

September 20, 2018, 7:33 am
$
0
0

Get-MsolUser -UserPrincipalName asif@mydomain.com | Select *

This gives lots of attributes and properties but not SamAccountName. Why? is there a way to replicate the SamAccountName here from AD? otherwise I need to do another query in AD based on UPN to pull SamAccountName. There are 25 thousand users takes 2 days to pull samAccountName using UPN

Add policy to service principal

September 7, 2018, 5:45 am
$
0
0
How to generate "Add policy to service principal" event in Azure AD portal?

Admin or Developer access issue

September 20, 2018, 10:43 am
$
0
0

I can't register a new application in Azure Active Directory.

Learn more: https://go.microsoft.com/fwlink/?linkid=843472. More details: Insufficient privileges to complete the operation..

How do I register my new application to my Azure Active Directory ?

Thanks,
Lorenzo

Configuring Azure Active Directory to provision users to SCIM enabled web app using oAuth 2.0 client credentials grant type to get an access token (oauth bearer token) from web application's oauth authorization server's token endpoint.

September 20, 2018, 11:56 am
$
0
0

I'm looking through this documentation https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups for configuring a non gallery application to automatically provision users from Azure AD to the non gallery app and I don't see anything about how to get OAuth access tokens (OAuth bearer token) from an OAuth authorization server's  token endpoint that the non gallery application uses.

Step 7 of "To connect an application that supports SCIM:" states :

  1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional Secret Token field. If this field is left blank, then Azure AD included an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD -issued token.

which seems to imply you can use a static OAuth bearer token that never expires (which doesn't seem any more secure than having a shared secret between the application and Azure AD) or configure the app to use Azure AD as the identity provider (which I take to mean configure the application to go to Azure AD to validate/verify the OAuth access token).

Questions: 

  1. Does Azure AD support using client credential grant type to request a OAuth access token from the non gallery application's OAuth authorization server?
  2. Where can I find more documentation on configuring applications to "use Azure AD as an identity provider" (i.e to validate / verify the Azure AD OAuth bearer token issued)?

Azure Connect changes?

September 20, 2018, 1:47 pm
$
0
0

Hello,

Could anyone tell if I could change settings in Azure AD Connect?

For example if wanting to change from Password Synchronization to Federation (on premise ADFS).

Could I just re-run the AD Connect installer and make this change?

Thanks,

romatlo32

Invitation redemption failed -- AADB2B_0001 : We canot create a self-service Azure AD account for you because the directory is federated. Tenant's admin must create an account for you.

September 20, 2018, 2:32 pm
$
0
0

Hi

One of our customers is getting this when trying to redeem their Azure Active Directory B2B invite. I'm not sure what to advise the customer so they can speak to their IT team and troubleshoot? Are they running a special federation server if so will it ever work? Is there a setting they can enable?


Search

Azure AD DS - LDAP Configuration

September 13, 2018, 1:19 pm
$
0
0

Hello,

I need to configure Azure AD DS and LDAP, but I alredy have configured AD Connect. I found docs that I just need to run PS script in order to enable NTLM and Kerberos for password hash, but I couldn't find what need to be entered for parameter AD CONNECTOR NAME and AZURE AD CONNECTOR NAME? Is that Server name / Tenant name or something other?

P.S.

With cloud only users, everything works fine.

Regards,

MCSA, MCSE, MCT, IAMCT Country Leader

AAD DS - The managed domain is experiencing a network error

September 13, 2018, 11:31 pm
$
0
0

Hi,

This is a bit of an emergency... 

I have an azure tenant that is having issues with Azure AD Domain Services.

As it is suggested, the DNS server were configured in the Vnet as custom DNS.

However, recently there was a complaint that Internet was not accessible from the Azure hosted VM.

I removed the custom DNS servers from the Vnet and switched to "Default (Azure Provided)" and Internet was accessible.  However, I could not log on to the VM using my user@customdomain.com account; only with the local Admin account.

Looking at the Azure AD Domain Services Health, there are 2 Monitor messages:

Message 1:

Backup: Last backed up on Sat, 08 Sep 2018 18:51:57 GMT

Message 2: 

Synchronization with Azure AD: Synchronized on Thu, 13 Sep 2018 05:59:39 GMT.

And 3 Alerts

Alert 1:

Name: The managed domain is experiencing a network error

Severity: Critical 

ID: AADDS104

Raised: 9/13/2018, 10:44:19 AM

Last Detected: 9/13/2018, 5:02:03 PM

Issue: Microsoft is unable to reach the domain controllers for this managed domain. This may happen if a network security group (NSG) configured on your virtual network blocks access to the managed domain. Another possible reason is if there is a user defined route that blocks incoming traffic from the internet.

Resolution:  Refer to the following article to resolve this issue Troubleshooting Alerts - Network Error

Alert 2:

Name: The managed domain has not been backed up for a long time

Severity: Warning

ID: AADDS501

Raised: 9/14/2018, 4:51:57 AM

Last Detected: 9/14/2018, 3:36:16 PM

Issue: The managed domain was last backed up on 9/8/2018 6:51:57 PM.

Resolution: Refer to the following article to resolve this issue Active Directory Domain Services article

Alert 3:

Name: The managed domain is suspended

Severity: Critical

ID: AADDS504

Raised: 9/13/2018, 5:06:11 PM

Last Detected: 9/14/2018, 3:36:16 PM

Issue: The managed domain is suspended due to an invalid configuration. The service has been unable to manage, patch, or update the domain controllers for your managed domain for a long time.

Resolution: Refer to the following article to resolve this issue Active Directory Domain Services article

After doing some research, I was able to ascertain that all 3 ports required for AD Synchronisation (443, 3389, 5986) are defined in the incoming rules of the NSG.

From the Monitor message, the synchronisation was done but the backup was not done for less than a week (if you compare the 2 dates between the backup and the sync).

Apparently, according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-suspension, if the issue is not resolved, the managed domain is at risk of being deleted in less than 15 days.

Of course we would like to avoid this but it seems that the only way we can get this resolved is by having the domain controllers backed up.  BUT HOW CAN WE DO THIS!!!?? This is an Azure AD DSmanaged domain.

The same above-mentioned article says the following about a managed domain that is in a "suspended" state:

The "Suspended" state

A managed domain is put in the Suspended state for the following reasons:

  • One or more critical alerts haven't been resolved in 15 days. Critical alerts can be caused by a misconfiguration that blocks access to resources that are needed by Azure AD DS.
  • There's a billing issue with your Azure subscription or your Azure subscription has expired.

Managed domains are suspended when Microsoft is unable to manage, monitor, patch, or back up the domain on an ongoing basis.

What to expect

  • Domain controllers for your managed domain are de-provisioned and aren't reachable within the virtual network.
  • Secure LDAP access to the managed domain over the internet (if it's enabled) stops working.
  • You notice failures in authenticating to the managed domain, logging on to domain-joined virtual machines, or connecting over LDAP/LDAPS.
  • Backups for your managed domain are no longer taken.
  • Synchronization with Azure AD stops.

After you resolve the alert, your managed domain goes into the "Suspended" state. Then you need to contact support. Support might restore your managed domain, but only if a backup that is less than 30 days old exists.

The managed domain only stays in a suspended state for 15 days. To recover your managed domain, Microsoft recommends that you resolve critical alerts immediately.

We have a 'Basic' support plan and there were absolutely no change made in Azure portal.  So in order for us to have this investigated by Azure support, we have to buy a Support Plan? For something that we didn't break?

Thank you all for your help,

Karim.


Can't Add/Update User Credentials - Spotify - SSO

September 16, 2018, 6:35 pm
$
0
0
On initial set up of SSO for a user for the Spotify app, the option to add credentials (i.e., toggling to 'yes') isn't possible. If I save the user for the app and then try to update credentials, fields to add information are not shown. Any ideas on why this is happening?

Azure AD Connect installation - System.Security.SecurityException: Requested registry access is not allowed

September 21, 2018, 2:28 am
$
0
0

Hello,

I had to reinstall Azure AD Connect after server formatting and I get the following error, using Custom settings:

[ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Requested registry access is not allowed.
   at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
   at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
   at Microsoft.Identity.Health.Common.FileUploader.GetHealthAgentInstallPath()
   at Microsoft.Identity.Health.Common.FileUploader..ctor(UploadSourcePolicy agent, Action`1 logLine)
   at Microsoft.Online.Deployment.Types.Utility.AutoUpgradeEligibilityProvider..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.Activator.CreateInstance(Type type)
   at Microsoft.Online.Deployment.Framework.ProviderRegistry.CreateInstance[TProvider]()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteAutoUpgradeCheck()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize(Object obj)
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Requested registry access is not allowed.
   at System.ThrowHelper.ThrowSecurityException(ExceptionResource resource)
   at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
   at Microsoft.Identity.Health.Common.FileUploader.GetHealthAgentInstallPath()
   at Microsoft.Identity.Health.Common.FileUploader..ctor(UploadSourcePolicy agent, Action`1 logLine)
   at Microsoft.Online.Deployment.Types.Utility.AutoUpgradeEligibilityProvider..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.Activator.CreateInstance(Type type)
   at Microsoft.Online.Deployment.Framework.ProviderRegistry.CreateInstance[TProvider]()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteAutoUpgradeCheck()
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize(Object obj)
   at System.Threading.Tasks.Task.Execute()<---

Do you have any idea about the origin of the problem?

Thank you.

Bertrand

Azure Information Protection - New Reporting Dashboard (preview)

September 21, 2018, 3:18 am
$
0
0

Dear Microsoft,

I have noticed in our Azure Information Protection (AIP) tenant that we have preview access to the new reporting and dashboard. I have configured the reports to use Log Analytics (OMS dashboard) but each time I access the report I get a message saying that log analytics needs configuring.

Can anyone point me at the preview documentation or have any suggestions.

Kind Regards

Luke.


Azure AD Join (circle of dots) crashes after reboot

September 21, 2018, 4:15 am
$
0
0

Hey,

We tried to use Azure Ad join with some of our laptops.
Everything goes fine with connecting, and the laptop registers in azure.

But after rebooting the laptop the device gets stuck in a never ending circle, crashes ( the boot circle of dots)

As far as i'm aware there is still no solution for this?
Or can anyone help?

Edited:

Seems like it happends when changing Workgroup?

AAD join of Win10 leads to crash after boot

March 1, 2018, 7:13 am
$
0
0

After joining Windows 10 devices to Azure AD, the subsequent reboot shows spinning wheel and the loading never ends. The devices are unusable then.

If we turn off ELAM (Early Launch Antimalware) driver in boot menu, the devices will utimately finish booting after some cca 3 hours of waiting, every time.

Steps tried to survive AAD join:

- latest everything. latest Windows (1709) with all updates (as for 28th Feb 2018) installed

- difference in EMS or Intune. Joined via account with Intune licence (EMS E3, but with no policies set) or joined via account with just AAD Premium P2 (so just EMS policies, no Intune) made no difference

- integrity scan. sfc /scannow before and after join (when it booted with disabled ELAM) made no difference

- device name uniquiness. renaming the device to definitely unique computername and restart, before join

But no luck. 

This is happening to us with hyperv guests but also with physical laptops we have tried, both Lenovo and Dell.

What we can try next:

1) we are using custom image of Win10 version 1709 with various software installed and policies set. No antivirus there. We will try step by step new image creation process to see which might have an effect

2) install our image to UEFI instead on BIOS partition. This try came from idea that turning of ELAM partially helps for booting

Any ideas anyone?

Keywords: spinning wheel, aad join, stucked, bricked, problem

Search

Azure connect

September 21, 2018, 6:59 am
$
0
0
[15:55:31.804] [ 29] [INFO ] PerformConfigurationPageViewModel.StartInstallation: Preparing to configure sync engine.
[15:55:31.804] [ 29] [VERB ] SyncDataProvider.EnableDirectorySyncFlag: Connecting to MSOL service.
[15:55:31.804] [ 29] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/klevering.onmicrosoft.com, AdalResource=https://graph.windows.net.
[15:55:31.804] [ 29] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[15:55:31.804] [ 29] [INFO ] ADAL: 2018-09-21T13:55:31.8049648Z: 883aa911-6e52-4b77-a03d-87876236c0aa - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[15:55:31.804] [ 29] [INFO ] ADAL: 2018-09-21T13:55:31.8049648Z: 883aa911-6e52-4b77-a03d-87876236c0aa - LoggerBase.cs: === Token Acquisition started:
    CacheType: null
    Authentication Target: User
    , Authority Host: login.windows.net
[15:55:31.804] [ 29] [INFO ] ADAL: 2018-09-21T13:55:31.8049648Z: 883aa911-6e52-4b77-a03d-87876236c0aa - LoggerBase.cs: An item matching the requested resource was found in the cache
[15:55:31.804] [ 29] [INFO ] ADAL: 2018-09-21T13:55:31.8049648Z: 883aa911-6e52-4b77-a03d-87876236c0aa - LoggerBase.cs: 47,3121221583333 minutes left until token in cache expires
[15:55:31.804] [ 29] [INFO ] ADAL: 2018-09-21T13:55:31.8049648Z: 883aa911-6e52-4b77-a03d-87876236c0aa - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[15:55:31.805] [ 29] [INFO ] ADAL: 2018-09-21T13:55:31.8059683Z: 883aa911-6e52-4b77-a03d-87876236c0aa - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 21-9-2018 14:42:50 +00:00
[15:55:31.805] [ 29] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[15:55:32.130] [ 29] [INFO ] PowershellHelper: DirectorySynchronizationEnabled=True
[15:55:32.130] [ 29] [INFO ] PowershellHelper: DirectorySynchronizationStatus=Enabled
[15:55:32.131] [ 29] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[15:55:32.207] [ 29] [INFO ] Creating new azure service account for sync installation 398330cc589d418d94f35c81d00e8c1f using global tenant admin setict@Klevering.onmicrosoft.com.
[15:55:33.369] [ 29] [ERROR] GetServiceAccount: Unable to create synchronization service account. An error occurred. Error Code: 77. Error Description: The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support. Tracking ID: 75b6272e-f8d3-4210-a384-d25897d8fa1b Server Name: . | The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support..
Exception Data (Raw): Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.AzureADServiceAccountException: Unable to create the synchronization service account for Azure Active Directory. ---> Microsoft.Online.Coexistence.ProvisionException: An error occurred. Error Code: 77. Error Description: The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support. Tracking ID: 75b6272e-f8d3-4210-a384-d25897d8fa1b Server Name: . ---> System.ServiceModel.FaultException`1[Microsoft.Online.Coexistence.Schema.AdminWebServiceFault]: The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support.

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.Online.Coexistence.Schema.IProvisioningWebService.GetServiceAccount(String identifier)
   at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
   --- End of inner exception stack trace ---
   at Microsoft.Online.Coexistence.ProvisionHelper.AdminWebServiceFaultHandler(FaultException`1 adminwebFault)
   at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeDependencies.ProvisioningHelperGetServiceAccount(ProvisionHelper provisionHelper, String identifier)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.<>c__DisplayClass25_0.<GetServiceAccount>b__0()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.ExecuteWithRetry(String actionName, Action action)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetServiceAccount(String identifier)
   at Microsoft.Online.Deployment.Types.Providers.ProvisioningWebServiceProvider.GetServiceAccount(String servicePrefix, String syncMachineIdentifier)
   --- End of inner exception stack trace ---
   at Microsoft.Online.Deployment.Types.Providers.ProvisioningWebServiceProvider.GetServiceAccount(String servicePrefix, String syncMachineIdentifier)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.UpdateAADConnectorCredentials(IAzureActiveDirectoryContext aadContext, IAadSyncContext aadSyncContext)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
[15:55:33.369] [ 29] [ERROR] ConfigureSyncEngineStage: Caught exception while creating azure service account.
[15:55:33.369] [ 29] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[15:55:44.315] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180921-153416.log

IDX20803: Unable to obtain configuration from: '[PII

May 24, 2018, 12:22 am
$
0
0

I followed a tutorial here and working fine when running in local: 

https://docs.microsoft.com/en-us/azure/active-directory/develop/GuidedSetups/active-directory-aspnetwebapp-v1#configure-your-webconfig-and-register-an-application

When I transfer it in our server, I encountered this error. 

IDX20803: Unable to obtain configuration from: '[PII is hidden by default. Set the 'ShowPII' flag in IdentityModelEventSource.cs to true to reveal it.]'.


What configuration did I miss? Thanks in advance. 

Unable to login with the new password after resetting the old password

September 19, 2018, 7:13 am
$
0
0


Though it is showing that the password is successfully changed, it is not allowing me to login with the new password and it is still accepting old password only. Can someone help me on this

  

Thanks

Use 3rd Party SAML 2.0 IdP as identity provider to authenticate users logging into Azure Portal

September 21, 2018, 12:10 pm
$
0
0

Hello,

Is it possible to authenticate users who are accessing their Tenants Azure Portal against a 3rd part SAML 2.0 IdP.  This can be SP initiated or IdP initiated.  Either or would work.  If this is possible, could someone point me in the right direction for documentation for configuring this.

I have found the following which seems to be along the lines of what I'm trying to accomplish, but I am not sure if this is applicable to the actual Azure Management Portal.  

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp 

Thanks!


Sync two Forests with Azure AD Connect that have the same name

September 12, 2018, 2:33 am
$
0
0

Hello,

we are planning to sync two different AD forests to O365 with one Azure AD Connect Server.

The Forests have same:

Forest A: corp.local

Forest B: corp.local

Will this be a problem? Is there a workarround for this enviroment?

Thanks.

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>