hi,

i am trying to update the AADC from 1.1.443 to 1.1.819 and when trying to configure the AADC it is throwing this error; can someone please help me figure out the issue. 

Hi y'all, Is it ok to use the free account for Azure active directory in support of my MPN membership in the partner dashboard?

Or am I doing this wrong?

Mark Henley

Henley's Formulas

ntspec@hotmail.com

Hi all ,

End goal : to be able to see our on premise domain accounts in VSTS .

To do this , i was told i have to use azure active directory and first thing was to run adconnect utility in on-prem domain controller machine . when I run adconnect utility, it asks me for azure account login /password . even after entering the correct password login fails.

can some one me with this issue pls?

thanks

We're seeing this on all PC's joined during the OOBE setting up Windows 10. You set up the machine, login with the domain/AAD account, set up the PIN, setup Office 365, login about a gazillion times with the same credentials.

When you go to the Accounts - Sync Settings you can't turn it on. We'd like to be able to have users sync settings with their AAD account. But even if you add an MSA account, sync settings is disabled. So you can't get any settings already set up and have to go through a tedious manual process for every box. Plus all their apps need setup because no sync.

Is there something that needs to be turned on to allow this, or at least allow MSA settings to sync? We're trying to move all the way to Windows 10, but a lot of this doesn't seem finished yet...

Oh, and on the logins issue--there is a lot of work to do here. You put in the credentials over and over and over and over. It seems like there should be a master login (AAD) and then feed those credentials for everything in that user session. Then if they add an MSA, just use that popup to pick which to use (but not log in over and over).

Office apps, Office web, Intune, local Win32 apps, Windows Store (for business), etc. At least use the biometrics or PIN rather than full on login. Even logging into one app goes like this

Windows: LOGIN
Me: emailaddress...tab...
WINDOWS: STOP! Microsoft Account or Work/School Account?
ME: work...
WINDOWS: STOP! let me clear what you already typed and make you retype username and password.
ME: ugh...username...password
OFFICE: STOP! do you accept the agreement?
ME: yes...
OFFICE: you need to ACTIVATE, close and reopen
Me: okay....closing and reopening, oops! I picked Word mobile instead of...
WORD MOBILE: STOP! You need to login to edit files
Me: okay....username....
WORD MOBILE: STOP! Microsoft Account or Work/School?

By now Skype for Business has started up, sitting there with a taunting 'I dare you' to log in. Oh and OneDrive for Business needs you to go login to the web and sync, and the store would like you to log in, and by the way so would all the apps because you can't sync settings....

God help me if I have two factor authentication turned on, just makes it worse.

ME: ugh I quit. I'll go make a sandwich and do this later.

It's comical how many times I put in the exact same credentials on a new corporate box (or consumer one). Users get truly confused by this, so we always remote in on their first use to walk them through all the logging in.

Curt Kessler - FLC

Philosophical question here as we have just started the road to Azure as IDP.

I work for an event organisation and we have (some) onprem AD's and a massive number of external users. Some thousands of them are direct contractors for larger events, some hundreds of them are working as team extensions, again some ten thousands to a couple hundred thousands are external stakeholders that might do business with us at some point. Today we have a bunch of externals administered in our AD as "fake employees" as they needed access to company resources.

We would want to give them a single Company Identity to work with a single account across the IT landscape. Book example of AAD so far.

We already have an AADC syncing our company.com onprem AD into Azure.

I've been weighing in some options on how to best approach all these externals and I'd love to hear some input to these. Technically these are all doable (I believe), I'd like to hear your experience or "best practices" with these, if you will.

0) Treat everyone internal: same AD (different OU's), same AAD, same Displayname

- Externals grouped in a different OU in the same AD domain

- Sync all employees + the external companies as needed to the AAD

- John.Doe@company.com and the external Jane.Doe@company.com has virtually no difference, but in the onprem 

This is basically the concept we want to get away from, but there might be good reasons to keep it.

1) Same AAD, same domain, different Displaynames.

- Put everyone in the company.com AD + sync'ed AAD,

- make the company name part of the display name like "Jane Doe (OTHERCOMPANY)".

This way all employees would know that she is an external, but all 3rd parties to the company would just see a company.com email (at first).

2) Same AAD, different domains

- Put everyone in the company.com AD + sync'd AAD, plus add custom domains and cloud-born identities to the AAD

- We're going to have "John.Doe@company.com" and "Jane.Doe@affiliatecompany.com" in the same AAD

Advantage: same AAD simplicity

Disadvantage: everyone knows that Jane is not an employee of Company, someone needs to admin the externals along with the core employees (admin segregation needs to be planned well)

3) Different AADs, different domains

- Put only employees in the AD

- Put all externals into an "company-ext" AAD and invite them to the company AAD as guests as needed 

- Jane.Doe@company-ext.com will still look like an external address

Advantage: different AD allows for proper segregation of admin tasks

Disadvantage: introduces federation complexity (will everything work properly?)

Or any combination of the above? I've seen 0) and 1) working, I've yet to experience 2 and 3.

Hello, 

We are experiencing that "Azure AD Connect Health Sync Insights Service" is frequently stopping. Please find the below event and suggest.

-----------------------

Log Name:      Application
Source:        Application Error
Date:          10/19/2017 8:03:19 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      XXXXXXX
Description:
Faulting application name: Microsoft.Identity.AadConnect.Health.AadSync.Host.exe, version: 3.0.68.0, time stamp: 0x5965450e
Faulting module name: ntdll.dll, version: 6.3.9600.18696, time stamp: 0x59153753
Exception code: 0xc0000374
Fault offset: 0x00000000000f1c00
Faulting process id: 0x624
Faulting application start time: 0x01d348d2403fcb09
Faulting application path: C:\Program Files\Microsoft Azure AD Connect Health Sync Agent\Insights\Microsoft.Identity.AadConnect.Health.AadSync.Host.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 7eb31450-b4c5-11e7-80cb-005056ba3ca2
Faulting package full name: 
Faulting package-relative application ID: 

------------------------------------------------

Thanks,

Penki

Team,

In my project(.NET Core2.0) implementing the Azure Active directory Authorization using web api. While receive the request before that i need to verify the clientID and Client Secret. Mean while i implemented the [Authorize] attribute in Controller. 

Please help out.

I'm new to AAD and getting my head around the set up.  I have a couple of basic (probably!) questions:

What's the difference between the 2 ways of creating an App? – Via Azure AD Connect and Enterprise Applications?

Do I need to set up separate Apps for Dev/UAT/Prod or can I use replay addresses to allow the different environments to access the same App?

cheers

Hi,

This is a bit of an emergency... 

I have an azure tenant that is having issues with Azure AD Domain Services.

As it is suggested, the DNS server were configured in the Vnet as custom DNS.

However, recently there was a complaint that Internet was not accessible from the Azure hosted VM.

I removed the custom DNS servers from the Vnet and switched to "Default (Azure Provided)" and Internet was accessible.  However, I could not log on to the VM using my user@customdomain.com account; only with the local Admin account.

Looking at the Azure AD Domain Services Health, there are 2 Monitor messages:

Message 1:

Backup: Last backed up on Sat, 08 Sep 2018 18:51:57 GMT

Message 2: 

Synchronization with Azure AD: Synchronized on Thu, 13 Sep 2018 05:59:39 GMT.

And 3 Alerts

Alert 1:

Name: The managed domain is experiencing a network error

Severity: Critical 

ID: AADDS104

Raised: 9/13/2018, 10:44:19 AM

Last Detected: 9/13/2018, 5:02:03 PM

Issue: Microsoft is unable to reach the domain controllers for this managed domain. This may happen if a network security group (NSG) configured on your virtual network blocks access to the managed domain. Another possible reason is if there is a user defined route that blocks incoming traffic from the internet.

Resolution:  Refer to the following article to resolve this issue Troubleshooting Alerts - Network Error

Alert 2:

Name: The managed domain has not been backed up for a long time

Severity: Warning

ID: AADDS501

Raised: 9/14/2018, 4:51:57 AM

Last Detected: 9/14/2018, 3:36:16 PM

Issue: The managed domain was last backed up on 9/8/2018 6:51:57 PM.

Resolution: Refer to the following article to resolve this issue Active Directory Domain Services article

Alert 3:

Name: The managed domain is suspended

Severity: Critical

ID: AADDS504

Raised: 9/13/2018, 5:06:11 PM

Last Detected: 9/14/2018, 3:36:16 PM

Issue: The managed domain is suspended due to an invalid configuration. The service has been unable to manage, patch, or update the domain controllers for your managed domain for a long time.

Resolution: Refer to the following article to resolve this issue Active Directory Domain Services article

After doing some research, I was able to ascertain that all 3 ports required for AD Synchronisation (443, 3389, 5986) are defined in the incoming rules of the NSG.

From the Monitor message, the synchronisation was done but the backup was not done for less than a week (if you compare the 2 dates between the backup and the sync).

Apparently, according to https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-suspension, if the issue is not resolved, the managed domain is at risk of being deleted in less than 15 days.

Of course we would like to avoid this but it seems that the only way we can get this resolved is by having the domain controllers backed up.  BUT HOW CAN WE DO THIS!!!?? This is an Azure AD DSmanaged domain.

The same above-mentioned article says the following about a managed domain that is in a "suspended" state:

The "Suspended" state

A managed domain is put in the Suspended state for the following reasons:

• One or more critical alerts haven't been resolved in 15 days. Critical alerts can be caused by a misconfiguration that blocks access to resources that are needed by Azure AD DS.
  • For example, the alert AADDS104: Network Error has been unresolved for more than 15 days in the managed domain.
• There's a billing issue with your Azure subscription or your Azure subscription has expired.

Managed domains are suspended when Microsoft is unable to manage, monitor, patch, or back up the domain on an ongoing basis.

What to expect

• Domain controllers for your managed domain are de-provisioned and aren't reachable within the virtual network.
• Secure LDAP access to the managed domain over the internet (if it's enabled) stops working.
• You notice failures in authenticating to the managed domain, logging on to domain-joined virtual machines, or connecting over LDAP/LDAPS.
• Backups for your managed domain are no longer taken.
• Synchronization with Azure AD stops.

After you resolve the alert, your managed domain goes into the "Suspended" state. Then you need to contact support. Support might restore your managed domain, but only if a backup that is less than 30 days old exists.

The managed domain only stays in a suspended state for 15 days. To recover your managed domain, Microsoft recommends that you resolve critical alerts immediately.

We have a 'Basic' support plan and there were absolutely no change made in Azure portal.  So in order for us to have this investigated by Azure support, we have to buy a Support Plan? For something that we didn't break?

Thank you all for your help,

Karim.

Hi folks,
   I'm getting errors on the initial install of AZ AD Connect to link our internal domain with our Office 365 domain in order to use Exchange Online Archiving.  I can't run the Exchange Hyrid Wizard until this step is finished. 
   I've tried this on two Windows 2012R2 domain controller with the same results.  It seems to fail on the Express SQL installation near the end of the Wizard.
   What am I missing.  I have broken the URL links in the log in order to post in this forum.

Thanks,

Randy

[12:06:37.848] [  1] [INFO ]
[12:06:37.848] [  1] [INFO ] ================================================================================
[12:06:37.848] [  1] [INFO ] Application starting
[12:06:37.848] [  1] [INFO ] ================================================================================
[12:06:37.862] [  1] [INFO ] Start Time (Local): Sun, 16 Sep 2018 12:06:37 GMT
[12:06:37.862] [  1] [INFO ] Start Time (UTC): Sun, 16 Sep 2018 19:06:37 GMT
[12:06:37.862] [  1] [INFO ] Application Version: 1.1.882.0
[12:06:37.862] [  1] [INFO ] Application Build Date: 2018-08-31 22:50:05Z
[12:06:39.396] [  1] [INFO ] Telemetry session identifier: {8a54ed01-0f2f-4fe2-b730-6b7e9def0686}
[12:06:39.396] [  1] [INFO ] Telemetry device identifier: nT0v+0gRb+v79RhBciAof+B11ZLKuw1InFf7Fq6Rd+4=
[12:06:39.396] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (0eb4240d4)
[12:06:39.583] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[12:06:39.599] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[12:06:39.630] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[12:06:39.630] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[12:06:39.630] [  1] [INFO ] Default Proxy [Enabled]: True
[12:06:39.630] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[12:06:39.693] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[12:06:39.693] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[12:06:39.740] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[12:06:39.740] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[12:06:39.755] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[12:06:39.755] [  1] [INFO ] Password Hash Sync supported: 'True'
[12:06:39.771] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[12:06:39.771] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[12:06:39.786] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[12:06:39.849] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: no registered products found.
[12:06:39.849] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[12:06:39.849] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package is not installed.
[12:06:39.849] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[12:06:39.849] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[12:06:39.849] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[12:06:39.865] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[12:06:39.865] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[12:06:39.865] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[12:06:39.865] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:39.865] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[12:06:39.865] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[12:06:39.865] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[12:06:39.865] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[12:06:40.406] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[12:06:40.406] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[12:06:40.406] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[12:06:40.406] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[12:06:40.406] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[12:06:40.406] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[12:06:40.406] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client is not installed.
[12:06:40.406] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[12:06:40.406] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.406] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[12:06:40.406] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[12:06:40.406] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[12:06:40.625] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[12:06:40.625] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[12:06:40.625] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[12:06:40.625] [  1] [VERB ] Getting list of installed packages by upgrade code
[12:06:40.625] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {786f1270-e605-4b12-80a1-6dde0de09323}.
[12:06:40.625] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.882.0, ProductCode=786f1270-e605-4b12-80a1-6dde0de09323, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[12:06:40.625] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[12:06:40.625] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.882.0) is installed.
[12:06:42.885] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[12:06:42.885] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[12:06:42.885] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[12:06:42.885] [  1] [INFO ] Checking for DirSync conditions.
[12:06:42.885] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[12:06:42.885] [  1] [INFO ] Sync engine is not present. Performing clean install.
[12:08:48.472] [  1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[12:08:48.753] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.GatherEnvironmentData in Page:"Express Settings"
[12:08:48.769] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:148
[12:08:48.800] [  9] [INFO ] Checking if machine version is 6.1.7601 or higher
[12:08:48.800] [  9] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[12:08:48.800] [  9] [INFO ] Password Hash Sync supported: 'True'
[12:08:48.831] [  1] [INFO ] Express Settings install is supported: domain-joined + OS version allowed.
[12:08:50.690] [  1] [INFO ] Express Settings:  Updating page flow for EXPRESS mode install.
[12:08:50.693] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[12:08:50.694] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Save: zero state elements provided, saving an empty persisted state file
[12:08:50.741] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[12:08:50.755] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.StartPrerequisiteInstallation in Page:"Express Settings"
[12:08:50.755] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:700
[12:08:50.822] [  9] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartNewInstallation in Page:"Install required components"
[12:08:50.823] [  9] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:728
[12:08:50.892] [  9] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[12:08:50.909] [  9] [INFO ] Enter ValidateSqlVersion.
[12:08:50.909] [  9] [INFO ] Exit ValidateSqlVersion (localdb).
[12:08:50.911] [  9] [INFO ] Enter ValidateSqlAoaAsyncInstance.
[12:08:50.911] [  9] [INFO ] Exit ValidateSqlAoaAsyncInstance (localdb).
[12:08:50.912] [  9] [INFO ] The ADSync database does not exist and will be created.  serverAdmin=True.
[12:08:50.912] [  9] [INFO ] Attaching to the ADSync database: SQLServerName=DoesNotExist SQLInstanceName= ServiceAccountName=, state=, Collation=, /UseExistingDatabase=False.
[12:08:50.912] [  9] [INFO ] Starting Sync Engine installation
[12:08:50.913] [  9] [INFO ] Starting Prerequisite installation
[12:08:50.914] [  9] [VERB ] WorkflowEngine created
[12:08:50.915] [  9] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[12:08:50.915] [  9] [VERB ] Getting list of installed packages by upgrade code
[12:08:50.915] [  9] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: no registered products found.
[12:08:50.915] [  9] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[12:08:50.915] [  9] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package is not installed.
[12:08:50.925] [  9] [VERB ] Created task 97f98fc5-58b5-4e5d-97fc-e62c1edd764e with name Install Prerequisites
[12:08:50.929] [  9] [VERB ] Created task f5a85a41-85b9-40ca-82f8-d75f95bd96b8 with name Install Visual C++ Redistributable for Visual Studio 2013
[12:08:50.947] [  9] [VERB ] Executing task Install Prerequisites
[12:08:50.949] [  9] [VERB ] Waiting for task to complete: Install Prerequisites
[12:08:50.995] [ 11] [VERB ] Executing task Install Visual C++ Redistributable for Visual Studio 2013
[12:08:54.730] [  7] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' has finished execution
[12:08:54.730] [ 11] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' finished successfully
[12:08:54.730] [ 11] [INFO ] Task 'Install Prerequisites' has finished execution
[12:08:54.777] [  9] [VERB ] Waited 0:00:03.781599 for task to complete: Install Prerequisites
[12:08:54.777] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[12:08:54.857] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[12:08:54.857] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[12:09:00.038] [  1] [INFO ] Property Username failed validation with error Username must be in the format name @domain.com or name @domain.onmicrosoft.com
[12:09:12.537] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[12:09:25.344] [  8] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - admin2 @mclarneyconstruction.com
[12:09:26.592] [  8] [INFO ] DiscoverAzureInstance [Worldwide]: authority=http s://login.windows.net/mclarneyconstruction.com, awsServiceResource=http s://graph.windows.net. Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (NA), Token Endpoint (http s://login.microsoftonline.com/5216486b-71e4-4c81-87a9-3ee3160abf89/oauth2/token).
[12:09:26.623] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6230973Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Clearing Cache :- 0 items to be removed
[12:09:26.623] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6230973Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Successfully Cleared Cache
[12:09:26.623] [  8] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
[12:09:26.654] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6549933Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:26.654] [  8] [INFO ] ADAL: 2018-09-16T19:09:26.6549933Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: No matching token was found in the cache
[12:09:26.913] [  7] [INFO ] ADAL: 2018-09-16T19:09:26.9130605Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: Sending request to userrealm endpoint.
[12:09:27.431] [ 11] [INFO ] ADAL: 2018-09-16T19:09:27.4316214Z: 1ecaa18f-a54e-4e22-b466-80afb04c14ff - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:27.431] [  8] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=5216486b-71e4-4c81-87a9-3ee3160abf89.
[12:09:27.447] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4477466Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:27.447] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4477466Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:27.447] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4477466Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: An item matching the requested resource was found in the cache
[12:09:27.462] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4622274Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: 59.998946465 minutes left until token in cache expires
[12:09:27.462] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4622274Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[12:09:27.462] [  8] [INFO ] ADAL: 2018-09-16T19:09:27.4622274Z: f066b351-3ad9-4eb9-ab55-66022694dbe5 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:29.166] [  8] [INFO ] Authenticate: tenantId=(5216486b-71e4-4c81-87a9-3ee3160abf89), IsDirSyncing=False, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=0, AllowedFeatures=None.
[12:09:29.166] [  8] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[12:09:29.181] [  8] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=http s://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=http s://login.windows.net/mclarneyconstruction.com, AdalResource=http s://graph.windows.net.
[12:09:29.181] [  8] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: An item matching the requested resource was found in the cache
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: 59.970046235 minutes left until token in cache expires
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[12:09:29.181] [  8] [INFO ] ADAL: 2018-09-16T19:09:29.1817604Z: 46a11814-6acd-434a-a0ba-512c1fef5d66 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:29.181] [  8] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[12:09:30.173] [  8] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[12:09:30.752] [  8] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 5216486b-71e4-4c81-87a9-3ee3160abf89.  Initial domain (McLarney.onmicrosoft.com).
[12:09:30.752] [  8] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=False
[12:09:30.752] [  8] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Disabled
[12:09:30.752] [  8] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[12:09:30.894] [  8] [INFO ] AzureTenantPage: Successfully retrieved 3 domains from the tenant.
[12:09:30.894] [  8] [INFO ] Calling to get the last dir sync time for the current user
[12:09:31.064] [  8] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[12:09:31.064] [  8] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[12:09:31.064] [  8] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[12:09:31.064] [  8] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[12:09:31.064] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[12:09:31.111] [  1] [INFO ] Property Username failed validation with error Enterprise Administrator credentials are required
[12:09:34.824] [  1] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[12:09:37.306] [  1] [INFO ] Property Password failed validation with error A password is required - unless using a Virtual or Managed Service Account .
[12:09:46.133] [ 12] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - MCI\administrator
[12:09:46.145] [ 12] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user MCI\administrator
[12:09:46.148] [ 12] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[12:09:46.193] [ 12] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - MclarneyConstruction.com
[12:09:46.212] [ 12] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if MCI\administrator has AccountEnterpriseAdminsSid privileges in MclarneyConstruction.com
[12:09:46.507] [ 12] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-572195159-122900080-355810188, group sid - S-1-5-21-572195159-122900080-355810188-519
[12:09:46.509] [ 12] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[12:09:46.514] [ 12] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: found membership - user is a member of the group
[12:09:46.539] [ 12] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'MclarneyConstruction.com' was successfully matched.
[12:09:46.556] [ 12] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[12:09:46.560] [ 12] [INFO ] Validating forest with FQDN MclarneyConstruction.com
[12:09:46.628] [ 12] [INFO ] Examining domain MclarneyConstruction.com (:0% complete)
[12:09:46.630] [ 12] [INFO ] ValidateForest: using MCL17-Service.MclarneyConstruction.com to validate domain MclarneyConstruction.com
[12:09:46.631] [ 12] [INFO ] Successfully examined domain MclarneyConstruction.com GUID:fb3f584b-6546-4104-b23d-9b1b786f213a  DN:DC=MclarneyConstruction,DC=com
[12:09:46.652] [ 12] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[12:09:46.696] [ 12] [VERB ] MsolDomainExtensions.ConnectMsolService: Connecting to MSOL service.
[12:09:46.696] [ 12] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=http s://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=http s://login.windows.net/mclarneyconstruction.com, AdalResource=http s://graph.windows.net.
[12:09:46.696] [ 12] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: An item matching the requested resource was found in the cache
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: 59.6781313383333 minutes left until token in cache expires
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[12:09:46.696] [ 12] [INFO ] ADAL: 2018-09-16T19:09:46.6966542Z: 658ca0e7-20a0-425b-b0f0-fc57fc609d56 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 9/16/2018 8:09:27 PM +00:00
[12:09:46.696] [ 12] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[12:09:47.012] [ 12] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[12:09:47.061] [ 12] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize in Page:"Ready to configure"
[12:09:47.062] [ 12] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:5838
[12:09:48.066] [ 12] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: context.WizardMode ExpressInstall.
[12:09:48.073] [ 12] [INFO ] DiscoverAzureEndpoints [AADHealth]: ServiceEndpoint=http s://s1.adhybridhealth.azure.com/, AdalAuthority=http s://login.windows.net/mclarneyconstruction.com, AdalResource=http s://management.core.windows.net/.
[12:09:48.073] [ 12] [WARN ] DetermineAutoUpgradeState: AutoUpgrade entering ENABLED mode for express installation.
[12:09:48.073] [ 12] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: autoUpgradeState set to Enabled.
[12:09:48.075] [ 12] [INFO ] SetAutoUpgradeViaAdhealthRegistrykey: Updated SOFTWARE\Microsoft\ADHealthAgent\Sync\UpdateCheckEnabled registry value to 1
[12:09:48.076] [ 12] [INFO ] Restarting Monitoring Agent service.
[12:09:48.100] [ 12] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service AzureADConnectHealthSyncMonitor was not found
[12:09:48.100] [ 12] [WARN ] Monitoring Agent service is not installed, so the service cannot be restarted.
[12:10:03.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[12:10:03.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[12:10:03.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[12:10:03.545] [  1] [INFO ] PersistAzureAffinity: setting Azure affinity to value 0.  Original value: <not configured>.
[12:10:03.545] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteADSyncConfiguration in Page:"Configuring"
[12:10:03.547] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:10517
[12:10:03.549] [ 12] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[12:10:03.550] [ 12] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[12:10:03.554] [ 12] [INFO ] Starting Sync Engine installation
[12:10:15.061] [ 12] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[12:10:15.150] [ 12] [INFO ] ServiceControllerProvider:CreateService - serviceName:ADSync, username:MCI\AAD_771ee7f2756b, assemblyPath:C:\Program Files\Microsoft Azure Active Directory Connect\ADSyncBootstrap.exe
[12:10:33.602] [ 12] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[12:10:33.603] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Stopped
[12:10:33.603] [ 12] [VERB ] ServiceControllerProvider:  Starting service and waiting for completion.
[12:10:35.412] [ 12] [INFO ] ServiceControllerProvider: StartService status: Running
[12:10:53.398] [ 12] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[12:10:53.398] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Running
[12:10:53.398] [ 12] [VERB ] ServiceControllerProvider:  stopping service and waiting for completion.
[12:10:53.648] [ 12] [INFO ] ServiceControllerProvider: StopService status: Stopped
[12:10:53.648] [ 12] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[12:10:53.648] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Stopped
[12:10:53.648] [ 12] [VERB ] ServiceControllerProvider:  Starting service and waiting for completion.
[12:10:53.938] [ 12] [INFO ] ServiceControllerProvider: StartService status: Running
[12:10:54.748] [ 12] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[12:10:54.749] [ 12] [VERB ] ServiceControllerProvider:  Initial service status: Running
[12:10:54.749] [ 12] [VERB ] ServiceControllerProvider:  stopping service and waiting for completion.
[12:10:54.998] [ 12] [INFO ] ServiceControllerProvider: StopService status: Stopped
[12:10:54.998] [ 12] [INFO ] ServiceControllerProvider:DeleteService - serviceName:ADSync
[12:11:04.987] [ 12] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[12:11:04.987] [ 12] [INFO ] ServiceControllerProvider:DeleteService successful - serviceName:ADSync
[12:11:04.990] [ 12] [INFO ] BuildMsiArguments: Setting Sync Engine MSI parameters for clean installation
[12:11:13.360] [ 12] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Please see the event log for additional details. ---> Microsoft.Azure.ActiveDirectory.Client.Framework.ProcessExecutionFailedException: Error installing msi package 'Synchronization Service.msi'. Full log is available at 'C:\ProgramData\AADConnect\Synchronization Service_Install-20180916-121104.log'.

Extracted error message:
ActionStart(Name=ConfigDB,Description=Configuring SQL database,)
MSI (s) (7C:B4) [12:11:08:868]: Executing op: CustomActionSchedule(Action=ConfigDB,ActionType=9217,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (7C:58) [12:11:08:869]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI5339.tmp, Entrypoint: ConfigDB
1: 0 2: TraceProgress (ConfigDB: Obtaining CustomActionData properties.): at line 2244
 
1: 0 2: TraceProgress (ConfigDB: Parsing properties.): at line 2253
 
1: 0 2: TraceProgress (ConfigDB: Service account password is present.  Will impersonate to verify SQL acces
MSI (s) (7C!F4) [12:11:09:231]: Product: Microsoft Azure AD Connect synchronization services -- Error 25009.The Microsoft Azure AD Connect synchronization services setup wizard cannot configure the specified database. A long error message will be split and shown as several pop-ups. Click OK to continue. <hr=0x8023044a>

MSI (s) (7C!F4) [12:11:09:232]: Product: Microsoft Azure AD Connect synchronization services -- Error 25009.The Microsoft Azure AD Connect synchronization services setup wizard cannot configure the specified database. Error:
Stack: ERR_: MMS(3060): ..\sql.cpp(293): 0x80004005ERR_: MMS(3060): ..\sql.cpp(496): OriginalError=0x80004005 OLEDB Provider error(s):
Description  = 'Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.'
Failure Code = 0x80004005
Minor Number = 18452
BAIL: MMS(3060): configdb.cpp(248): 0x8023044a (unable to get error text)
ERR_: MMS(3060): configdb.cpp(484): srv=(localdb),inst=.\ADSync,dm=MCI,u=AAD_771ee7f2756b,su=MCI\administrator,bi=false,cmp=MCL17 <hr=0x8023044a>

MSI (s) (7C!F4) [12:11:09:232]: Product: Microsoft Azure AD Connect synchronization services -- Error 25009.The Microsoft Azure AD Connect synchronization services setup wizard cannot configure the specified database. -SERVICE,ver=,db=ADSync <hr=0x8023044a>

CustomAction ConfigDB returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
09/16/2018 12:11:09.335 [6012]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 393

09/16/2018 12:11:09.335 [6012]: Detailed info about C:\Windows\assembly\tmp\AVIQALBE\Microsoft.MetadirectoryServices.Host.dll

09/16/2018 12:11:09.335 [6012]:  File attributes: 00000080

09/16/2018 12:11:09.490 [6012]:  Restart Manager Info: 1 entries

09/16/2018 12:11:09.491 [6012]:   App[0]: (6012) Windows Installer (msiserver), type = 3

09/16/2018 12:11:09.491 [6012]:  Security info:

09/16/2018 12:11:09.491 [6012]:   Owner: S-1-5-18

09/16/2018 12:11:09.491 [6012]:   Group: S-1-5-18

09/16/2018 12:11:09.491 [6012]:   DACL information: 4 entries:

09/16/2018 12:11:09.491 [6012]:   ACE[0]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-18

09/16/2018 12:11:09.491 [6012]:   ACE[1]: Type = 0x00, Flags = 010, Mask = 001f01ff, SID = S-1-5-32-544

09/16/2018 12:11:09.491 [6012]:   ACE[2]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-5-32-545

09/16/2018 12:11:09.491 [6012]:   ACE[3]: Type = 0x00, Flags = 010, Mask = 001200a9, SID = S-1-15-2-1

MSI (s) (7C:B4) [12:11:09:497]: Note: 1: 2265 2:  3: -2147287035
MSI (s) (7C:B4) [12:11:09:497]: User policy value 'DisableRollback' is 0
MSI (s) (7C:B4) [12:11:09:497]: Machine policy value 'DisableRollback' is 0
Action ended 12:11:09: InstallExecute.
 ---> Microsoft.Azure.ActiveDirectory.Client.Framework.ProcessExecutionFailedException: Exception: Execution failed with errorCode: 1603.

Details:
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ProcessAdapter.StartProcessCore(String fileName, String& processOutput, String arguments, String workingDirectory, NetworkCredential credential, Boolean loadUserProfile, Boolean hideWindow, Boolean waitForExit, Boolean traceArguments, Int32 exitCodeToIgnore)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String packageOptions, String installationPath, NetworkCredential credential, String installLogFileName, Boolean extractOnly, Boolean quiet, Boolean suppressReboot)
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.MsiExecAdapter.InstallMsiPackage(String msiPackageDirectory, String msiPackageFileName, String packageOptions, String installationPath, NetworkCredential credential, String installLogFileName, Boolean extractOnly, Boolean quiet, Boolean suppressReboot)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallSynchronizationService(String pathToMsiFiles, String msiFileName, String installationPath, String sqlServerName, String sqlInstanceName, Boolean useInstallPathForDBFiles, IDictionary`2 syncServiceGroups, SyncServiceAccount syncServiceAccount, String logFilePath)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description, String logFileName, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[12:11:48.600] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180916-120637.log

Hello All

I need some advice, am hoping someone can point me in the right direction.

I would like to create a lab in Azure, where I create a domain which will represent my on-premise domain, extend this domain to my AD in Azure, using Azure AD Connect.

Can anyone advise, how to best go about this and if there are any blogs posts, relating to this subject?

Thank you for your help.

Jitesh

i have an azureAD join machine, i configured MFA for all my users but lately i see i dont get the mfa prompt. i check the sign in logs and i see this information "MFA requirement satisfied by claims in the token", from what i understand MFA is been done for me. which leads to my question

1. does SSO overrides the MFA challenge, because if i am unable to get an mfa prompt with a device that belongs to me that defeats the whole process of MFA which requires a challenge from a personal device.

i Await your prompt response .

I'm looking through this documentation https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups for configuring a non gallery application to automatically provision users from Azure AD to the non gallery app and I don't see anything about how to get OAuth access tokens (OAuth bearer token) from an OAuth authorization server's  token endpoint that the non gallery application uses.

Step 7 of "To connect an application that supports SCIM:" states :

1. If the SCIM endpoint requires an OAuth bearer token from an issuer other than Azure AD, then copy the required OAuth bearer token into the optional Secret Token field. If this field is left blank, then Azure AD included an OAuth bearer token issued from Azure AD with each request. Apps that use Azure AD as an identity provider can validate this Azure AD -issued token.

which seems to imply you can use a static OAuth bearer token that never expires (which doesn't seem any more secure than having a shared secret between the application and Azure AD) or configure the app to use Azure AD as the identity provider (which I take to mean configure the application to go to Azure AD to validate/verify the OAuth access token).

Questions: 

1. Does Azure AD support using client credential grant type to request a OAuth access token from the non gallery application's OAuth authorization server?
2. Where can I find more documentation on configuring applications to "use Azure AD as an identity provider" (i.e to validate / verify the Azure AD OAuth bearer token issued)?

Hi guys,

I've installed AD Connect and everything is working fine, however I need to rename the AD DS Connector account that AD Connect creates (MSOL_xxxxx).

Is this possible to do, and if so, what is the process? Can I just rename it or do I need to make changes to AD Connect?

We have been using the Graph API to fetch the data for trending documents with the following query  - https://graph.microsoft.com/v1.0/me/insights/trending.

To fetch the data of each documents author and modified date we use the following query - https://graph.microsoft.com/v1.0/me/insights/trending/{ID}/resource. The second query has started to throw an 500 error code with the message "An internal server error occurred. The operation failed". Earlier it was working fine for both Beta and v1.0. How do we fix this? 

Colleagues, good afternoon. I try to connect a configuration server for VmWare VM migration, I get an error

Message: AADSTS50020: User account 'user@hotmail.com' from identity provider 'live.com' does not exist in tenant 'tenant.ua' and cannot access the application 'dfef17e7-edd2-4e44-****-************* in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

User Global admin. How to solve this issue?

--

When authenticating with ASP.NET Core 2.0 with OpenID Connect, the Identity cookie doesn't seem to be set when returning back from IdP which results in redirect loop. This same process works with iOS 11.

1. Visit site, access some protected resource
2. Set nonce, dedirect to IdP
3. Authenticate at IdP
4. Return back with POST request
5. Validate id_token, set identity cookie with samesite=lax policy
6. Redirect to the protected resource
7. Check for identity cookie - missing, return to step 2

I tested the same flow on PC (Edge, Firefox, Chrome) everything works fine. Any idea why Safari treats this case different?

This is probably going to affect quite a lot of users accessing Microsoft's own services as well - once again, this site works just fine on Chrome or Edge.
--
By Jan Hajek see: https://bugs.webkit.org/show_bug.cgi?id=188165

       Hi!

We are planning to start using Azure Active Directory B2C to handle login to our customer-facing web applications. However, last week we noticed that Microsoft has introduced a banner to inform users about cookies on many of Microsoft's web pages, and that this banner is also present on the Azure AD B2C login page which will be fronted to our users. Unfortunately the banner mentions "ads" (which is a quite sensitive subject to the organization I am working for), and there is a link to Microsofts privacy policy which may be confusing to our end users which do not have a connection with Microsoft directly.

Does somebody know if the AD B2C login page was affected by mistake or on purpose, and if there is any mechanism to prevent the banner from being shown?

           Regards,

           Mats

I have developed 2 web applications. I have used Azure Active Directory v2.0 for user identity. These two applications are hosted as separate web apps in Azure. using Application Gateway, I am redirecting the specific request to web apps.

If User is requesting for any of the web apps, then first it is redirected to azure tenant endpoint for authentication.

After successful login, it will be redirected to the main web app and I have followed this below code in <g class="gr_ gr_18 gr-alert gr_gramm gr_hide gr_inline_cards gr_run_anim Grammar only-ins multiReplace replaceWithoutSep replaceWithoutSep" data-gr-id="18" id="18">OnAuthorizationCodeReceived</g> method.

TokenCache userTokenCache = new MSALSessionCache(signedInUserID, notification.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase).GetMsalCacheInstance(); ConfidentialClientApplication cca = new ConfidentialClientApplication(ApplicationId, Authority, RedirectUri, new ClientCredential(ApplicationKey), userTokenCache, null);

Now When User is navigating from one web app to the other web app. I am using below code to get token from the cache.

TokenCache userTokenCache = new MSALSessionCache(signedInUserID, new HttpContextWrapper(HttpContext.Current)).GetMsalCacheInstance(); ConfidentialClientApplication cca = new ConfidentialClientApplication(Startup.ApplicationId, Startup.Authority, Startup.RedirectUri, new ClientCredential(Startup.ApplicationKey), userTokenCache, null);

var user = cca.Users.FirstOrDefault();

When I am implementing this code and try to get token in the second web app.then it will give me null in the user variable and it throws an error.

What Should I Do?

Note: If some user logged in one web apps, then it does not require to log in another web app. Sessions and cookies are shared between all web apps.