I am trying to delete a custom domain but i keep getting error :'errorCode':'ObjectPendingTakeover'. Please asssit
↧
Deleting Custom Domain
↧
How to Change the Organization Name
How do I change the Organization name in the Invitation Email sent when a user is added to the Azure Active Directory.
↧
↧
Azure Information Protection - error acquiring token
When I am trying to deploy Azure Information Protection on migration servers with the help of O365 Global admin..I got below error. Can anyone please help on this.
↧
Find if Azure AD guest invitation accepted via PowerShell
I manage a lot of invited guests in my Azure AD and have automated most of it with PowerShell. One bit eludes me so maybe someone can help. When I have issued an invitation I can tell whether it's been accepted by using the Azure Portal and drilling
into the user's profile; if the Source is Invited user and the Resend Invitation button is available, they have not accepted (1st screen cap); if they have accepted thenSource is External Azure Active Directory and no Resend Invitation button.
Is there a way to get that information via Azure PowerShell? I have pored through the properties available from Get-AzureADUser and similar cmdlets and can't seem to find it. Other properties (like the user's thumbnail picture) can be retrieved so I feel like it may be there somewhere. Or perhaps there is another way to find this out via script. Any help appreciated.
↧
Error AADSTS50001 with SharePoint add-in non-root site collection
I created a SharePoint hosted add-in and deployed it to my SharePoint online site, https://tenant.sharepoint.com. The add-in requests write permissions so I can submit my add-in to the Office Store. However, I actually require full permissions to overwrite/modify site pages on the host web.
To get around this limitation:
- I register an Azure AD App in the tenant to have 'Have full control of all site collections', and set the sign-on URL to the URL of the SharePoint add-in (e.g. https://tenant-64ec29b11f9aec.sharepoint.com).
- In my SharePoint add-in, I initialize an authentication context with this app and use adal to acquire a token to the host web .
This works great for the root site collection (i.e. https://tenant.sharepoint.com).
However,
- when I create another site collection in my tenant (e.g. https://tenant.sharepoint.com/sites/site1)
- deploy my add-in the the site collection
- register an app in Azure AD setting sign on URL to the URL of the add-in (e.g. https://tenant-75ec29d11f9aec.sharepoint.com/sites/site1),
the adal call to acquire a token fails:
ADAL error occurred: AADSTS50001: The application named https://tenant.sharepoint.com/sites/site1 was not found in the tenant named tenant.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
I've tried registering this new site collection in Azure as its own app. I've played around with the endpoints for adal. Nothing seems to work. It's possible it's some combination of that. I'm not sure why these site collections even need to be treated differently? Are they considered a separate domain or tenant?
Any help, would be greatly appreciated.
Thanks.
↧
↧
JavaScriptSPA Sample Application for Azure Active Directory Authentication
I am following the QuickStart https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-javascript step by step and receive the following error:
Sorry, but we’re having trouble signing you in.
AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: 'aab2b3d8-c875-4161-9d03-c31b38caa3ed'.
How do I trouble shoot this?
↧
Password Writeback licensing
Hello everybody
i'm setting up an environment where my local AD will be synced with Azure AD, in order to authenticate Exhange on line users .
Those users will be licensed with 365 Business Premium
Most of them are office workers, who will always change their password from their computers
Some of them will be remote users, with no direct access to local active directory.
I'm tryin to understand if they will be able to change their password from the webmail , with no administrator help.
And to understand if they will need an extra license for this functionality (password writeback if i got it right)
Can you please help me to understand this?
thanks guys!
↧
Reply URL Dynamic
I am Integrating One Drive with one of My App but that App will be hosted on many URLs and even different domains so is there a way I can design my app so that it works without depending on the reply URL that I have configured. As in my case reply URLs
will be different and numerous.
↧
Azure AD connect doesn't work.
When I try to log into the azure AD connect setup program with my global admin login it comes up with the error code "unable to validate credentials due to an unexpected error. Restart Azure AD connect with the interactiveauth option to further diagnose this issue." I'm running windows server 2008r2 standard.
Any help would be greatly appreciated!
Thanks,
Joseph
↧
↧
Win10 Device Not Syncing to AAD
Hi All,
Hopefully someone can help, I have only found one other situation like mine on other sites, and it was not resolved.
I am deploying M365B and joining workgroup workstations to AAD.
One Workstation (upgraded to WIn10 1809) will not sync with intune. Errors are:
in AAD Operations Event Logs:
Log Name: Microsoft-Windows-AAD/Operational
Source: Microsoft-Windows-AAD
Date: 16/11/2018 1:14:58 p.m.
Event ID: 1025
Task Category: AadCloudAPPlugin Operation
Level: Error
Keywords: Operational,Error
User: SYSTEM
Computer: Unsunc-PC
Description:
Http request status: 400. Method: GET Endpoint Uri: https://login.microsoftonline.com/f8f16c82-c622-4dfe-b74b-d647c881de70/sidtoname Correlation ID: F6444025-025B-49D8-8512-2A66C0535241
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AAD" Guid="{4de9bc9c-b27a-43c9-8994-0915f1a5e24f}" />
<EventID>1025</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000012</Keywords>
<TimeCreated SystemTime="2018-11-16T00:14:58.335897000Z" />
<EventRecordID>225</EventRecordID>
<Correlation ActivityID="{201e746e-7d2b-0002-a774-1e202b7dd401}" />
<Execution ProcessID="652" ThreadID="10208" />
<Channel>Microsoft-Windows-AAD/Operational</Channel>
<Computer>Umesh-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="value">400</Data>
<Data Name="Method">GET</Data>
<Data Name="EndpointUri">https://login.microsoftonline.com/f8f16c82-c622-4dfe-b74b-d647c881de70/sidtoname</Data>
<Data Name="CorrelationID">F6444025-025B-49D8-8512-2A66C0535241</Data>
</EventData>
</Event>
AND
Log Name: Microsoft-Windows-AAD/OperationalSource: Microsoft-Windows-AAD
Date: 16/11/2018 1:14:58 p.m.
Event ID: 1104
Task Category: AadCloudAPPlugin Operation
Level: Error
Keywords: Operational,Error
User: SYSTEM
Computer: Unsunc-PC
Description:
AAD Cloud AP plugin call Lookup name name from SID returned error: 0xC000023C
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-AAD" Guid="{4de9bc9c-b27a-43c9-8994-0915f1a5e24f}" />
<EventID>1104</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>101</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000012</Keywords>
<TimeCreated SystemTime="2018-11-16T00:14:58.336858800Z" />
<EventRecordID>226</EventRecordID>
<Correlation ActivityID="{201e746e-7d2b-0002-a774-1e202b7dd401}" />
<Execution ProcessID="652" ThreadID="10208" />
<Channel>Microsoft-Windows-AAD/Operational</Channel>
<Computer>Umesh-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="API">Lookup name name from SID</Data>
<Data Name="Result">3221226044</Data>
</EventData>
</Event>
Can anyone help please?
Many thanks,
Ryan
↧
Error installing Azure AD Connect v 1.2.67.0 on Windows 2008 R2 DC
Im having problem in configure stage of Azure AD Connecet 1.2.67.0 on Windows 2008R2
Unable to retrieve the Azure Active Directory configuration. Field not found: 'Microsoft.Azure.ActiveDirectory.Client.Framework.MicrosoftOnlineInstance.AzureOneBox'
Juan Barles - SECT IT Global Services
↧
Problem integrating Azure B2C with Xamarin Forms
I'm following along this tutorial for integrating AzureB2C with Xamarin Forms: https://azure.microsoft.com/en-us/resources/samples/active-directory-b2c-xamarin-native/
I have followed all steps in the tutorial but when I press the Sign In button while debugging on my android device I get a black screen and the debug breaks, stating the error has occurred outside the scope of Visual Studio.
My B2C tenant is working with an ASP.Net app so I know the problem is with Xamarin or the tutorial stated above. Has anyone experienced this before or know of another method or tutorial of getting B2C to work with Xamarin Forms?
I have followed all steps in the tutorial but when I press the Sign In button while debugging on my android device I get a black screen and the debug breaks, stating the error has occurred outside the scope of Visual Studio.
My B2C tenant is working with an ASP.Net app so I know the problem is with Xamarin or the tutorial stated above. Has anyone experienced this before or know of another method or tutorial of getting B2C to work with Xamarin Forms?
↧
Azure AD B2C custom policies: precondition on two claim values
Hi,
I am trying to create a precondition for a user journey step based upon a verified email and otherMails. I have checked that both claims have the correct value (they compare correctly against a hard code value in the policy), but it doesn't seem to be possible to compare the values of two claims in a precondition. It appears you can only verify a claim against a constant value. Is there a way to compare two claim values in a policy? Or are there alternative approaches for failing a login when the verified email does not match the first element of otherMails?
↧
↧
SSL Certificate for Firewall and Filtering
Hopefully I am getting this in the right forum. I contacted the Intune folks, who said that this can't be done in Intune.
So my question is... how do I deploy a certificate for SSL inspection? We use Smoothwall currently as our filter, and of course everything https will not load until we get the certificate installed. If I am going to manage the laptops with Intune for Education, and the Set Up School PCs app, I would think there would be a way to grab that certificate during the initial setup. Apparently there is not. We are trying to get the devices down to the point that they are as easy to manage as the Chromebooks.
We aren't about to try to touch every machine. Is it possible to deploy it in a way similar to Group Policy? Would it be possible to push it out with a powershell script?
Looking for any suggestions on how to make things easy.
Thanks!
↧
Install AD Power Shell: The Given Key was not present in the dictionary during AAD Connect installation
I get almost to the end, but can't get past this error. Microsoft support just sends me links that don't pertain to this issue.
↧
Authentication using Azure AD
We are having 5-6 Xamarin Mobile Apps using Azure AD IDP. I want to use a custom login page rather than a pop up identity login window. So this is a first requirement. I do not want the login to show either in a web view or a device browser as well, to maintain a seamless user experience i.e. work through app custom page only. (If custom login is not possible I may explore this scenario). So is the custom login page, possible?.
Note: The Azure AD version used is V1.
This mobile application after login calls Azure AD and gets the bearer tokens generated. This bearer token will be used to make calls to the web api.
Further there is a web app, made in Angular JS, which calls it’s Web API as well. This web app and api will be called after user login to mobile app. Now rather than logging in and validating this web app and web api, I want to use the existing bearer token generated to validate the user.
So basically the requirement is how to authenticate user using Azure AD. So once the bearer token is generated, use the same token for subsequent login of say a web api to another web api (say a WCF rest service), or a web app + a web api call, after user
login to mobile app.
So having just one login point, and subsequent accesses to web apps or web api’s be achieved through SSO.
So use a authenticator (like Microsoft Authenticator), to authenticate the app and then subsequently authenticate other web apps or web api by achieving an SSO functionality.
I was looking into Azure AD V2, and using OAuth 2.0 on-behalf-of flow. This does solve the web api to web api through Azure AD.
Any help or guidance on how to achieve web app and web api, SSO authentication, from Xamarin web view login.
Thanks In Advance!!!..
↧
Getting error when trying to secure aspnet core web api with B2C bearer authentication: Unable to retrieve document from: 'https://.b2clogin.com//v2.0/.well-known/openid-configuration'.
Hi folks,
I'm trying to secure my aspnet core web api server by making it authenticate against Azure B2C using user-provided JWT bearer tokens. I've followed some sample code found on official microsoft github pages, but can't seem to get it working.
In my B2C policy, I've got it set to use the default issuer URL format: https://<domain>/<tenant id>/v2.0/
In my web application, I've got that same URL specified as the Authority in the JWT options.
When I submit an HTTP request to my server, the identity server code fails as it tries to reach out to B2C to fetch the openid-configuration. It fails with the following error ...
HttpRequestException: Response status code does not indicate success: 404 (Not Found). System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() IOException: IDX20804: Unable to retrieve document from: 'https://innovativelitfoundry.b2clogin.com/0f55bfb6-6af5-4293-8963-29ae099183cc/v2.0/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel) InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://innovativelitfoundry.b2clogin.com/0f55bfb6-6af5-4293-8963-29ae099183cc/v2.0/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)
Indeed, that URL will not work because it does not appear to be including the policy name, from the used token, in the query string. So, that URL does indeed not work.
I'm unsure how to make the code provide that policy name in the query string, though? Or should it be doing that automatically?
Here is the code, in my aspnet core web api application, where I configure the authentication settings ...
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true;
services
.AddAuthentication(ConfigureAuthentication)
.AddJwtBearer(ConfigureJwt);
services
.AddCors();
services
.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services
.AddSingleton(Configuration);
}
private void ConfigureAuthentication(AuthenticationOptions options)
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}
private void ConfigureJwt(JwtBearerOptions options)
{
var tenant = Configuration["AzureAd:TenantId"];
options.Audience = Configuration["AzureAd:ApplicationId"];
options.Authority = $"https://innovativelitfoundry.b2clogin.com/{tenant}/v2.0/";
}Does anybody perhaps know what I may be doing incorrectly here? Thanks!
↧
↧
azure b2c forget password through middleware
Hi ,
I am unable to find resource to use azure b2c authentication for password reset without redirecting to microsoft authentiacation UI. Can anyone help me with a solution through which i can implement
this in middleware.
PS : I have to implement this in middleware using azure functions.
Thanks
↧
Unable to connect Azure AD during upgrade to version 1.2.67.0
Hi -
well MS support alerted and "solution" was trad.
luckily we had already ongoing project to move sync to an another machine - so guys "moved" configuration to another harware andanother Windows version....
...hunch is that Win2008 (std at least) might get you somewhere you really don´t want to go.
highly recommended to put that staging server waiting next to prod one.
/jc - Have a nive weekend
EOF
hi - were getting error after "upgrade part" of the upgrading AADConnect to version 1.2.67.0 - so the latest and gratest .msi package is used ..
Have you heard any errors when connecting to Azure ??
or any ideas where this might come...?
Br,
/jc - jc@clavert.fi
Error message received in phase "Connect to Azure AD"
-->
Unable to retrieve the Azure Active Directory configuration. Field not Found:
"Microsoft.Azure.ActiveDirectory.Client.Framework.MicrosoftOnlineInstance.AzureOneBox"
↧
Azure AD Device Registration
How does Azure AD Device Registration works ? as what are the pre-reqs for it to work
What all devices can be registered in Azure AD ?
what are the required pre-reqs , what are the privileges required for this
What are the possible ways a non admin user can register a specific device type in Azure AD
What are the possible ways an admin user can register a specific device type in Azure AD
An Extremist
↧