I Have the below license :

Azure information protection premium P2. After creating the AIP on the azure portal the default labels was just protection templates.

Nothing more. Why it appears by this way. Is something missed?

I'm having trouble getting an access token for a test user who I've enabled Azure MFA and Conditional Access. When I try to use the curl call below, I'm issued a response with a claims attribute. After reading all the documentation I could find on how to use the claims attribute, I can't find any concrete examples on how to structure a new request for the user to perform MFA to then be able to get an access token.

I was wondering if anyone's seen something similar or if they know the structure of the subsequent request to be able to get to prompt the user for MFA.

Thanks!

Curl Request:
curl -vk -X POST -d '
resource=https://graph.windows.net&client_id=${clientId}&client_secret=${clientSecret}&scope=openid&grant_type=password&username=${mfaUser}&password=${mfaPassword}
'
https://login.microsoftonline.com/common/oauth2/token

Response:
{
    "error": "interaction_required","error_description": "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000002-0000-0000-c000-000000000000'.\r\nTrace ID: 7e56a4f2-0a6d-4666-a322-25c96e961b00\r\nCorrelation ID: c7b1d42f-e796-4547-9704-4d971e71d4e2\r\nTimestamp: 2018-11-20 15:05:16Z","error_codes": [50076],"timestamp": "2018-11-20 15:05:16Z","trace_id": "7e56a4f2-0a6d-4666-a322-25c96e961b00","correlation_id": "c7b1d42f-e796-4547-9704-4d971e71d4e2","claims": "{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"${GUID}\"]}}}","suberror": "basic_action"
}

Over a period of several months I have noticed many daily failed authentications coming from MIISERVER.EXE, which is associated with Azure AD Connect.

The strange part is that the user and domain that it is showing is:

User: a

Domain: t

We obviously do not have our domain named "T" nor do we have any accounts named "A".

Has anyone ever seen something like this?

I'm looking for the best way to deploy Azure AD self service password reset as an add-on to an otherwise all on premise deployment. Here is my current setup:

1) Onsite AD domain is xxx.org
2) Onsite ADFS is being used for all SSO
3) Azure AD main is xxx.edu
4) xxx.org has been added as a custom domain name
5) Users are synching from onsite to Azure
6) Self service password reset is working
7) Password synch back is working

Now here's the problem. Self service password reset works ..... but users have to use name@xxx.org (matches the onsite AD). They cannot use name@xxx.edu. To further complicate things their email addresses are technically name@students.xxx.edu. Now I can give them instructions to use a domain that they've never explicitly used, but that's cumbersome.

Is there a way to make this work with the current email address as the login? Barring that is there a way to link the authenticated user using my onsite ADFS to their linked account in Azure SSPR? Is there a better answer?

Thanks,
Mike

I'm trying to pull data from DevOps from Datafactory, but I've been getting errors. So far I've not been able to find much help in working around this. (also I've tried using PowerBI desktop with the same error.)

invalid_resource: AADSTS50001: The application named https://analytics.dev.azure.com was not found in the tenant named <our org's tenant guid>. This can happen if the application has not been installed by the administrator of the tenant consented to by any user in the tenant.

I've taken a few guesses with an app registration that has permissions on Azure DevOps and our Azure AD, but no luck.

Any guides or hints on how to do this?

Thanks

I am trying to login to my account. I am also trying to add my email to my iPhone, which is where the issue first began. When I try to add the account through Exchange, I get an error message stating "AADSTS50020: User account 'mark@mypieceofutah.com' from identity provider 'live.com' does not exist in tenant 'Apple Inc.' and cannot access the application 'f8d98a96-0999-43f5-8af3-69971c7bb423' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account." 

I tried logging in on my iMac, but I receive a similar message: "AADSTS50020: User account 'mark@mypieceofutah.com' from identity provider 'live.com' does not exist in tenant 'Calendly' and cannot access the application 'c2f89f53-3971-4e09-8656-18eed74aee10' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account." 

I am lost. This is for a personal account, and I have no idea what an Azure Active Directory is. 

We cannot install Azure AD Connect on our active directory server.

We get the following output trace log after attempting:

[18:41:04.142] [  1] [INFO ] 
[18:41:04.143] [  1] [INFO ] ================================================================================
[18:41:04.143] [  1] [INFO ] Application starting
[18:41:04.143] [  1] [INFO ] ================================================================================
[18:41:04.143] [  1] [INFO ] Start Time (Local): Thu, 29 Mar 2018 18:41:04 GMT
[18:41:04.143] [  1] [INFO ] Start Time (UTC): Thu, 29 Mar 2018 18:41:04 GMT
[18:41:04.145] [  1] [INFO ] Application Version: 1.1.750.0
[18:41:04.145] [  1] [INFO ] Application Build Date: 2018-03-09 00:28:44Z
[18:41:05.202] [  1] [INFO ] Telemetry session identifier: {b920365a-daaa-4e73-97fd-0bdd83a68881}
[18:41:05.202] [  1] [INFO ] Telemetry device identifier: cII9UnXQcRmhpW+FwMgB+rwHwVqlgkZlDlsFIGtElPY=
[18:41:05.202] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (10ae8f27c)
[18:41:05.263] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[18:41:05.264] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[18:41:05.264] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[18:41:05.264] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[18:41:05.264] [  1] [INFO ] Default Proxy [Enabled]: True
[18:41:05.264] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[18:41:05.293] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[18:41:05.293] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[18:41:05.343] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[18:41:05.350] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[18:41:05.372] [  1] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
[18:41:05.372] [  1] [INFO ] Password Hash Sync supported: 'True'
[18:41:05.391] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 8
[18:41:05.499] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[18:41:05.506] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[18:41:05.510] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[18:41:05.512] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.516] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[18:41:05.518] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
[18:41:05.812] [  1] [INFO ] CheckInstallationState: Packaged version (1.1.750.0), Installed version (0.0.0).
[18:41:05.812] [  1] [INFO ] CheckInstallationState: AAD PowerShell will be extracted (1.1.750.0 > 0.0.0).
[18:41:05.817] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[18:41:05.817] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.819] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[18:41:05.819] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[18:41:05.821] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[18:41:05.821] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[18:41:05.821] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[18:41:05.821] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.821] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[18:41:05.822] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[18:41:05.822] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[18:41:05.826] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[18:41:05.826] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[18:41:05.826] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[18:41:05.827] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.827] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[18:41:05.827] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[18:41:05.827] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[18:41:05.830] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[18:41:05.939] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[18:41:05.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[18:41:05.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[18:41:05.939] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[18:41:05.939] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[18:41:05.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[18:41:05.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[18:41:05.939] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[18:41:05.939] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[18:41:05.940] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[18:41:05.940] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.940] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[18:41:05.940] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[18:41:05.940] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[18:41:05.940] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[18:41:05.940] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.940] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {9d573e71-1077-4c7e-b4db-4e22a5d2b48b}.
[18:41:05.940] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.0.2100.60, ProductCode=9d573e71-1077-4c7e-b4db-4e22a5d2b48b, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[18:41:05.940] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[18:41:05.940] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.0.2100.60) is installed.
[18:41:05.940] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[18:41:05.940] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.940] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {6c026a91-640f-4a23-8b68-05d589cc6f18}.
[18:41:05.940] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.1.3000.0, ProductCode=6c026a91-640f-4a23-8b68-05d589cc6f18, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[18:41:05.940] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[18:41:05.940] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.1.3000.0) is installed.
[18:41:05.940] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[18:41:05.940] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.941] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {4d2c56ff-7f36-4b49-a97a-24f0522d41d7}.
[18:41:05.941] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.3.6540.0, ProductCode=4d2c56ff-7f36-4b49-a97a-24f0522d41d7, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[18:41:05.941] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[18:41:05.941] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.3.6540.0) is installed.
[18:41:05.941] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[18:41:05.941] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.941] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[18:41:05.941] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[18:41:05.941] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[18:41:05.942] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[18:41:05.959] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[18:41:05.960] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[18:41:05.960] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[18:41:05.960] [  1] [VERB ] Getting list of installed packages by upgrade code
[18:41:05.960] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {c45cf4da-7955-4074-b8ae-f0e6f3037056}.
[18:41:05.960] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.750.0, ProductCode=c45cf4da-7955-4074-b8ae-f0e6f3037056, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[18:41:05.960] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[18:41:05.960] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.750.0) is installed.
[18:41:05.960] [  1] [INFO ] Checking for DirSync conditions.
[18:41:05.960] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[18:41:05.960] [  1] [INFO ] Sync engine is not present. Performing clean install.
[18:41:12.886] [  1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[18:41:12.922] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.GatherEnvironmentData in Page:"Express Settings"
[18:41:12.923] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:313
[18:41:12.930] [ 19] [INFO ] Checking if machine version is 6.1.7601 or higher
[18:41:12.930] [ 19] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
[18:41:12.930] [ 19] [INFO ] Password Hash Sync supported: 'True'
[18:41:12.958] [  1] [INFO ] Express Settings install is supported: domain-joined + OS version allowed.
[18:41:21.387] [  1] [INFO ] Express Settings:  Updating page flow for EXPRESS mode install.
[18:41:21.388] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[18:41:21.390] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Save: zero state elements provided, saving an empty persisted state file
[18:41:21.411] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[18:41:21.485] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.StartPrerequisiteInstallation in Page:"Express Settings"
[18:41:21.485] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:1838
[18:41:21.545] [ 19] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartNewInstallation in Page:"Install required components"
[18:41:21.545] [ 19] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:1867
[18:41:21.567] [ 17] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[18:41:21.570] [ 17] [INFO ] Enter ValidateSqlVersion.
[18:41:21.570] [ 17] [INFO ] Exit ValidateSqlVersion (localdb).
[18:41:21.572] [ 17] [INFO ] Enter ValidateSqlAoaAsyncInstance.
[18:41:21.572] [ 17] [INFO ] Exit ValidateSqlAoaAsyncInstance (localdb).
[18:41:21.573] [ 17] [INFO ] The ADSync database does not exist and will be created.  serverAdmin=True.
[18:41:21.573] [ 17] [INFO ] Attaching to the ADSync database: SQLServerName=DoesNotExist SQLInstanceName= ServiceAccountName=, state=, Collation=, /UseExistingDatabase=False.
[18:41:21.573] [ 17] [INFO ] Starting Sync Engine installation
[18:41:21.574] [ 17] [INFO ] Starting Prerequisite installation
[18:41:21.575] [ 17] [VERB ] WorkflowEngine created
[18:41:21.578] [ 17] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
[18:41:21.578] [ 17] [VERB ] Getting list of installed packages by upgrade code
[18:41:21.578] [ 17] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
[18:41:21.578] [ 17] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
[18:41:21.590] [ 17] [INFO ] CheckInstallationState: Packaged version (1.1.750.0), Installed version (0.0.0).
[18:41:21.590] [ 17] [INFO ] CheckInstallationState: AAD PowerShell will be extracted (1.1.750.0 > 0.0.0).
[18:41:21.590] [ 17] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[18:41:21.590] [ 17] [VERB ] Getting list of installed packages by upgrade code
[18:41:21.590] [ 17] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[18:41:21.590] [ 17] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[18:41:21.590] [ 17] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[18:41:21.590] [ 17] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[18:41:21.596] [ 17] [VERB ] Created task 97f98fc5-58b5-4e5d-97fc-e62c1edd764e with name Install Prerequisites
[18:41:21.601] [ 17] [VERB ] Created task e8598c10-c9f7-4cb8-82e8-47fe1330a460 with name Uninstall Microsoft Online PowerShell Module
[18:41:21.601] [ 17] [VERB ] Created task c2f7d2d2-c5a2-4f4f-ae21-13d0b5c9ab6b with name Install Microsoft Online PowerShell Module
[18:41:21.602] [ 17] [VERB ] Created task f5a85a41-85b9-40ca-82f8-d75f95bd96b8 with name Install Visual C++ Redistributable for Visual Studio 2013
[18:41:21.605] [ 17] [VERB ] Executing task Install Prerequisites
[18:41:21.606] [ 17] [VERB ] Waiting for task to complete: Install Prerequisites
[18:41:21.614] [ 14] [VERB ] Executing task Uninstall Microsoft Online PowerShell Module
[18:41:21.617] [ 12] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' has finished execution
[18:41:21.618] [ 14] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' finished successfully
[18:41:21.618] [ 14] [VERB ] Executing task Install Microsoft Online PowerShell Module
[18:41:22.063] [ 11] [INFO ] Task 'Install Microsoft Online PowerShell Module' has finished execution
[18:41:22.063] [ 14] [INFO ] Task 'Install Microsoft Online PowerShell Module' finished successfully
[18:41:22.063] [ 14] [VERB ] Executing task Install Visual C++ Redistributable for Visual Studio 2013
[18:41:22.064] [  8] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' has finished execution
[18:41:22.064] [ 14] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' finished successfully
[18:41:22.064] [ 14] [INFO ] Task 'Install Prerequisites' has finished execution
[18:41:22.064] [ 17] [VERB ] Waited 0:00:00.4579993 for task to complete: Install Prerequisites
[18:41:22.066] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[18:41:22.085] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[18:41:22.087] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[18:41:35.996] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[18:41:41.106] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[18:41:45.117] [  9] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - roblucar@nickworksfusion.onmicrosoft.com
[18:41:45.400] [  9] [INFO ] DiscoverAzureInstance [Worldwide]: authority=https://login.windows.net/nickworksfusion.onmicrosoft.com, awsServiceResource=https://graph.windows.net. Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (NA), Token Endpoint (https://login.microsoftonline.com/81d3aaae-b5ca-49ca-b981-6fd8d7797f7e/oauth2/token).
[18:41:45.400] [  9] [INFO ] Authenticate: ADAL authentication is enabled.
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45:  - AuthenticationContext: ADAL .NET with assembly version '2.28.4.987', file version '2.28.40321.0002' and informational version 'ca958f54ae76842308c689314b0f33bfdb97e64b' is running...
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45:  - TokenCache: Clearing Cache :- 0 items to be removed
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45:  - TokenCache: Successfully Cleared Cache
[18:41:45.503] [  9] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.windows.net/nickworksfusion.onmicrosoft.com/
	Resource: https://graph.windows.net
	ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
	Authentication Target: User
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - TokenCache: No matching token was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - <CreateByDiscoveryAsync>d__0: Sending user realm discovery request to 'https://login.windows.net/common/UserRealm/roblucar@nickworksfusion.onmicrosoft.com?api-version=1.0'
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - <PreTokenRequest>d__4: User with hash '2EacF+fliIsiE+iJ5GbVCrNMGcydZmxXqciCTO9jM7w=' detected as 'Managed'
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - TokenCache: Storing token in the cache...
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - TokenCache: An item was stored in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 685a8865-b885-476f-9464-7559d899c32a - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: oQnaQC1DgcT9bvIixKdwcYngOBT0TlEdGy54A11xMVY=
	Refresh Token Hash: ihbxItz3KvTksazNZQofKXGCjzQg5uAwMX32S5UyFqM=
	Expiration Time: 03/29/2018 19:41:44 +00:00
	User Hash: VrbU/4OeUFF4/7FAF24ZDzZUJD/x9wVZQSqn3dFwsZc=
[18:41:45.947] [  9] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=81d3aaae-b5ca-49ca-b981-6fd8d7797f7e.
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 8f9ece62-7e69-4671-81d9-6a85e0f39aad - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.windows.net/nickworksfusion.onmicrosoft.com/
	Resource: https://graph.windows.net
	ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
	Authentication Target: User
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 8f9ece62-7e69-4671-81d9-6a85e0f39aad - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 8f9ece62-7e69-4671-81d9-6a85e0f39aad - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 8f9ece62-7e69-4671-81d9-6a85e0f39aad - TokenCache: 59.9826999683333 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 8f9ece62-7e69-4671-81d9-6a85e0f39aad - TokenCache: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:45: 8f9ece62-7e69-4671-81d9-6a85e0f39aad - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: oQnaQC1DgcT9bvIixKdwcYngOBT0TlEdGy54A11xMVY=
	Refresh Token Hash: ihbxItz3KvTksazNZQofKXGCjzQg5uAwMX32S5UyFqM=
	Expiration Time: 03/29/2018 19:41:44 +00:00
	User Hash: VrbU/4OeUFF4/7FAF24ZDzZUJD/x9wVZQSqn3dFwsZc=
[18:41:46.533] [  9] [INFO ] Authenticate: tenantId=(81d3aaae-b5ca-49ca-b981-6fd8d7797f7e), IsDirSyncing=False, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=0, AllowedFeatures=None.
[18:41:46.534] [  9] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[18:41:46.539] [  9] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/nickworksfusion.onmicrosoft.com, AdalResource=https://graph.windows.net.
[18:41:46.539] [  9] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:46: 1ac10fd7-62ac-4683-8a90-c70114573bf7 - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.windows.net/nickworksfusion.onmicrosoft.com/
	Resource: https://graph.windows.net
	ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
	Authentication Target: User
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:46: 1ac10fd7-62ac-4683-8a90-c70114573bf7 - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:46: 1ac10fd7-62ac-4683-8a90-c70114573bf7 - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:46: 1ac10fd7-62ac-4683-8a90-c70114573bf7 - TokenCache: 59.9731834633333 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:46: 1ac10fd7-62ac-4683-8a90-c70114573bf7 - TokenCache: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:46: 1ac10fd7-62ac-4683-8a90-c70114573bf7 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: oQnaQC1DgcT9bvIixKdwcYngOBT0TlEdGy54A11xMVY=
	Refresh Token Hash: ihbxItz3KvTksazNZQofKXGCjzQg5uAwMX32S5UyFqM=
	Expiration Time: 03/29/2018 19:41:44 +00:00
	User Hash: VrbU/4OeUFF4/7FAF24ZDzZUJD/x9wVZQSqn3dFwsZc=
[18:41:46.541] [  9] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
AzureADConnect.exe Information: 0 : 03/29/2018 18:41:46:  - AuthenticationContext: ADAL .NET with assembly version '2.28.1.741', file version '2.28.30726.1426' and informational version '98c53b8a9386f556c4187786cece386358b1c8e7' is running...
[18:41:47.936] [  9] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[18:41:48.547] [  9] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 81d3aaae-b5ca-49ca-b981-6fd8d7797f7e.  Initial domain (nickworksfusion.onmicrosoft.com).
[18:41:48.549] [  9] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=False
[18:41:48.550] [  9] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Disabled
[18:41:48.552] [  9] [INFO ] PowershellHelper: lastDirectorySyncTime=null
[18:41:48.698] [  9] [INFO ] AzureTenantPage: Successfully retrieved 2 domains from the tenant.
[18:41:48.698] [  9] [INFO ] Calling to get the last dir sync time for the current user
[18:41:48.840] [  9] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[18:41:48.840] [  9] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[18:41:48.847] [  9] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[18:41:48.847] [  9] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[18:41:48.851] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[18:41:48.856] [  1] [INFO ] Property Username failed validation with error Enterprise Administrator credentials are required
[18:41:57.620] [  1] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[18:42:54.530] [  1] [INFO ] Property Password failed validation with error A password is required - unless using a Virtual or Managed Service Account .
[18:43:12.925] [  5] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - nickTEST\Administrator
[18:43:12.932] [  5] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user nickTEST\Administrator
[18:43:12.934] [  5] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[18:43:12.949] [  5] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - nicktest.local
[18:43:12.951] [  5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if nickTEST\Administrator has AccountEnterpriseAdminsSid privileges in nicktest.local
[18:43:13.006] [  5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-167444910-2459562663-2164828705, group sid - S-1-5-21-167444910-2459562663-2164828705-519
[18:43:13.007] [  5] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[18:43:13.011] [  5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: found membership - user is a member of the group
[18:43:13.017] [  5] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'nicktest.local' was successfully matched.
[18:43:13.021] [  5] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[18:43:13.025] [  5] [INFO ] Validating forest with FQDN nicktest.local
[18:43:13.039] [  5] [INFO ] Examining domain child2.nicktest.local (:0% complete)
[18:43:13.176] [  5] [ERROR] ValidateForest (nicktest.local): Unable to reach domain: child2.nicktest.local
Exception Data (Raw): System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   at Microsoft.Online.Deployment.Framework.Providers.ActiveDirectoryProvider.ValidateForest(String forestName, String domainName, String userName, SecureString password, Action`2 progressChanged)
[18:43:13.178] [  5] [INFO ] Examining domain nickchild.nicktest.local (:0.25% complete)
[18:43:13.359] [  5] [ERROR] ValidateForest (nicktest.local): Unable to reach domain: nickchild.nicktest.local
Exception Data (Raw): System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   at Microsoft.Online.Deployment.Framework.Providers.ActiveDirectoryProvider.ValidateForest(String forestName, String domainName, String userName, SecureString password, Action`2 progressChanged)
[18:43:13.359] [  5] [INFO ] Examining domain nicktest.local (:0.5% complete)
[18:43:13.361] [  5] [INFO ] ValidateForest: using NICKTEST-GTQD1VJ.nicktest.local to validate domain nicktest.local
[18:43:13.362] [  5] [INFO ] Successfully examined domain nicktest.local GUID:910af69d-63a4-4cc7-9b03-867e7fb20358  DN:DC=nicktest,DC=local
[18:43:13.362] [  5] [INFO ] Examining domain robertchild.nicktest.local (:0.75% complete)
[18:43:13.404] [  5] [ERROR] ValidateForest (nicktest.local): Unable to reach domain: robertchild.nicktest.local
Exception Data (Raw): System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   at Microsoft.Online.Deployment.Framework.Providers.ActiveDirectoryProvider.ValidateForest(String forestName, String domainName, String userName, SecureString password, Action`2 progressChanged)
[18:43:13.414] [  5] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[18:43:13.449] [  5] [VERB ] MsolDomainExtensions.ConnectMsolService: Connecting to MSOL service.
[18:43:13.449] [  5] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/nickworksfusion.onmicrosoft.com, AdalResource=https://graph.windows.net.
[18:43:13.449] [  5] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: a57c84f0-39b8-42f0-8172-89de688c83fc - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.windows.net/nickworksfusion.onmicrosoft.com/
	Resource: https://graph.windows.net
	ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
	Authentication Target: User
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: a57c84f0-39b8-42f0-8172-89de688c83fc - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: a57c84f0-39b8-42f0-8172-89de688c83fc - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: a57c84f0-39b8-42f0-8172-89de688c83fc - TokenCache: 58.5246838133333 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: a57c84f0-39b8-42f0-8172-89de688c83fc - TokenCache: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: a57c84f0-39b8-42f0-8172-89de688c83fc - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: oQnaQC1DgcT9bvIixKdwcYngOBT0TlEdGy54A11xMVY=
	Refresh Token Hash: ihbxItz3KvTksazNZQofKXGCjzQg5uAwMX32S5UyFqM=
	Expiration Time: 03/29/2018 19:41:44 +00:00
	User Hash: VrbU/4OeUFF4/7FAF24ZDzZUJD/x9wVZQSqn3dFwsZc=
[18:43:13.450] [  5] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[18:43:13.752] [  5] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Azure AD sign-in" [UserSignInConfigPageViewModel]
[18:43:13.754] [  5] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.ValidateScenario in Page:"Azure AD sign-in configuration"
[18:43:13.755] [  5] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:10836
[18:43:13.820] [  4] [VERB ] MsolDomainExtensions.ConnectMsolService: Connecting to MSOL service.
[18:43:13.820] [  4] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/nickworksfusion.onmicrosoft.com, AdalResource=https://graph.windows.net.
[18:43:13.820] [  4] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: 3aafec0a-413d-4561-b692-10042c409165 - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.windows.net/nickworksfusion.onmicrosoft.com/
	Resource: https://graph.windows.net
	ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
	CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
	Authentication Target: User
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: 3aafec0a-413d-4561-b692-10042c409165 - TokenCache: Looking up cache for a token...
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: 3aafec0a-413d-4561-b692-10042c409165 - TokenCache: An item matching the requested resource was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: 3aafec0a-413d-4561-b692-10042c409165 - TokenCache: 58.51848383 minutes left until token in cache expires
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: 3aafec0a-413d-4561-b692-10042c409165 - TokenCache: A matching item (access token or refresh token or both) was found in the cache
AzureADConnect.exe Information: 0 : 03/29/2018 18:43:13: 3aafec0a-413d-4561-b692-10042c409165 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: oQnaQC1DgcT9bvIixKdwcYngOBT0TlEdGy54A11xMVY=
	Refresh Token Hash: ihbxItz3KvTksazNZQofKXGCjzQg5uAwMX32S5UyFqM=
	Expiration Time: 03/29/2018 19:41:44 +00:00
	User Hash: VrbU/4OeUFF4/7FAF24ZDzZUJD/x9wVZQSqn3dFwsZc=
[18:43:13.821] [  4] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[18:43:14.114] [  1] [INFO ] UPN Suffix List
[18:43:14.114] [  1] [INFO ] --------------------------------------------------------------------
[18:43:14.114] [  1] [INFO ] UPN Suffix [Azure Status]
[18:43:14.114] [  1] [INFO ] --------------------------------------------------------------------
[18:43:14.116] [  1] [INFO ] child2.nicktest.local [Not Added]
[18:43:14.116] [  1] [INFO ] nickchild.nicktest.local [Not Added]
[18:43:14.116] [  1] [INFO ] nicktest.local [Not Added]
[18:43:14.116] [  1] [INFO ] robertchild.nicktest.local [Not Added]
[18:43:14.116] [  1] [INFO ] das.nickworks.com [Not Added]
[18:43:14.117] [  1] [INFO ] ad.lab.nickworks.com [Verified]
[18:43:14.117] [  1] [INFO ] --------------------------------------------------------------------
[18:43:14.118] [  1] [WARN ] Users will not be able to sign-in Azure AD using their on-premises credentials.
[Partial matching domains]
[18:43:26.350] [  1] [INFO ] Page transition from "Azure AD sign-in" [UserSignInConfigPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[18:43:26.353] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize in Page:"Ready to configure"
[18:43:26.353] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:13183
[18:43:27.380] [ 17] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: context.WizardMode ExpressInstall.
[18:43:27.408] [ 17] [INFO ] DiscoverAzureEndpoints [AADHealth]: ServiceEndpoint=https://s1.adhybridhealth.azure.com/, AdalAuthority=https://login.windows.net/nickworksfusion.onmicrosoft.com, AdalResource=https://management.core.windows.net/.
[18:43:27.409] [ 17] [WARN ] DetermineAutoUpgradeState: AutoUpgrade entering ENABLED mode for express installation.
[18:43:27.409] [ 17] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: autoUpgradeState set to Enabled.
[18:43:27.411] [ 17] [INFO ] SetAutoUpgradeViaAdhealthRegistrykey: Updated SOFTWARE\Microsoft\ADHealthAgent\Sync\UpdateCheckEnabled registry value to 1
[18:43:27.412] [ 17] [INFO ] Restarting Monitoring Agent service.
[18:43:27.413] [ 17] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service AzureADConnectHealthSyncMonitor was not found
[18:43:27.413] [ 17] [WARN ] Monitoring Agent service is not installed, so the service cannot be restarted.
[18:43:27.441] [  1] [INFO ] Exchange schema is not detected for forest nicktest.local , so no exchange option displayed.
[18:43:30.587] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[18:43:30.587] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[18:43:30.594] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[18:43:30.596] [  1] [INFO ] PersistAzureAffinity: setting Azure affinity to value 0.  Original value: <not configured>.
[18:43:30.596] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteADSyncConfiguration in Page:"Configuring"
[18:43:30.597] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:13904
[18:43:30.597] [  5] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[18:43:30.598] [  5] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[18:43:30.617] [  5] [INFO ] Starting Sync Engine installation
[18:43:33.263] [  5] [INFO ] ServiceControllerProvider: service ADSync exists
[18:43:33.265] [  5] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[18:43:33.265] [  5] [VERB ] ServiceControllerProvider:	 Initial service status: Stopped
[18:43:33.265] [  5] [INFO ] ServiceControllerProvider: StopService status: Stopped
[18:43:33.266] [  5] [INFO ] ServiceControllerProvider:DeleteService - serviceName:ADSync
[18:43:43.273] [  5] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[18:43:43.273] [  5] [INFO ] ServiceControllerProvider:DeleteService successful - serviceName:ADSync
[18:43:43.276] [  5] [INFO ] ServiceControllerProvider:CreateService - serviceName:ADSync, username:nickTEST\AAD_e37325cb7a2a, assemblyPath:C:\Program Files\Microsoft Azure Active Directory Connect\ADSyncBootstrap.exe
[18:43:43.292] [  5] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[18:43:43.292] [  5] [VERB ] ServiceControllerProvider:	 Initial service status: Stopped
[18:43:43.292] [  5] [VERB ] ServiceControllerProvider:	 Starting service and waiting for completion.
[18:43:43.772] [  5] [INFO ] ServiceControllerProvider: StartService status: Running
[18:44:13.925] [  5] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[18:44:13.925] [  5] [VERB ] ServiceControllerProvider:	 Initial service status: Running
[18:44:13.925] [  5] [VERB ] ServiceControllerProvider:	 stopping service and waiting for completion.
[18:44:14.177] [  5] [INFO ] ServiceControllerProvider: StopService status: Stopped
[18:44:14.177] [  5] [INFO ] ServiceControllerProvider:DeleteService - serviceName:ADSync
[18:44:24.183] [  5] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[18:44:24.183] [  5] [INFO ] ServiceControllerProvider:DeleteService successful - serviceName:ADSync
[18:44:26.493] [  5] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Please see the event log for additional details. ---> System.InvalidOperationException: LocalDB powershell operation failed on ADSync Bootstrap service: Enable-ADSyncBootstrapLocalDBInstance
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.EnableADSyncBootstrapLocalDBInstance(String syncAdminsGroupName, String currentUserAccount)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description, String logFileName, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[18:51:53.566] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180329-184103.log
[19:02:09.034] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20180329-184103.log

What would cause this error? 

We found some vague posts about TLS settings, but I'm having a hard time figuring out what step this means we missed?

Is there any comprehensive guides for setting ADFS + SharePoint online from scratch we can follow? 

We found this link: https://social.msdn.microsoft.com/Forums/en-US/38d95e61-1972-431b-a38c-65016f28de7f/problem-when-i-install-azure-ad-connect-on-windows-server-201216?forum=WindowsAzureAD

We seem to have exhausted every idea we can. no luck. 

Regards, Srivatsa

Putting in new segmentation firewalls and have noted traffic from various users to autologon.microsoftazuread-sso.com - From reading several articles and docs this URL should only be used if you have Azure AD Connect SSO running which we do not.

I've looked through the GPO's and other settings and cannot find why users/machines are attempting to access this URL - We would have probably not noticed this but we have printers (setup to scan to sharepoint on premise) and we don't feel like we should have a firewall rule to allow this traffic to the WAN. It would seem like it's a user settings since we're using a domain user to authenticate to Sharepoint in order to do this scan to a folder. Any ideas as to why users/pc's would be attempting this connection to Azure by default?

Thanks-

I'm having some trouble removing the requirement to set up additional security verification when a user joins a device to Azure AD.

We do not have Multi Factor Authentication enabled for any users in our domain and the option to require multi factor auth when joining to domain is turned off.

Can someone advise me how I can disable the requirement for additional security verification for all users?

Thanks

Henry

I have MFA disabled on AzureAD and on o365 portal for any users.   However when user joins PC to AzureAD it asks for Additional Security Verification

Any suggestions how to turn this off for newly joined PCs to Azure AD?

Eimis

Hello, 

I am trying to learn Azure and DevOPS in general, and my first try and already a failure. I am trying to create continous integration and continous deployment for my NextJs app which is wrapping ExpressJS server. Application can be found under the github link.

I used default DevOps project settings for NodeJs app with Github as source control, only thing that I added was custom npm command run build on Build pipeline.

This is my Build agent in vsts:



 And this is my release task in Vsts:



Only change that I did in Deploy Azure App Service is that I change startup command(Which I assume means, run your application) to npm start.

This is how my azure portal devOps Project looks like:



So as you can see both build and release ended up successful.

Problem is that when I try to access my app via url: https://teatrganeshh.azurewebsites.net/. It loads for few minutes and then in the end break with following screen:









At first I thought that it might have something to do with the port but as you can see in my server.js I am using process.env.port so it should automatically pick up the right port. DevOps Project default settings is also correct because before running first the deployment default page loaded as it should. I am thinking that it with configuration of my app or my devOps Project. Or maybe I am not even running "npm start" command when app arrives to azure?

I would be really grateful for help I spend already three days on this problem.

Hi All,

We have AADconnect to sync the objects with Azure. version 1.1.882.0

Recently i have noticed most of the Connector space are stopped and changed as Placeholder. So objects are not synced to azure.

Then after executing Full import , then again all the objects are connected to MV. 

What could be cause of the issue.? any communication error with AD or Management agent issue.

Also advice how can i avoid such issue in Future.

Regards,

Sridhar

Sridhar

I am trying to delete a custom domain from an Azure Active Directory, but get the error "errorCode": "ObjectPendingTakeover".

The domain is not marked as primary, is not used by any resources, and I have signed in as a use that does not have the domain name as part of the username.

Any suggestions on what I can try?

Hi, I have created a group in Azure Active Directory however I'm unable to add a device to the group that exists in the Azure AD Domain Services 'AADDC Computers' group (via domain join) i.e. the devices do not appear in the list of members that can be added to an AAD group via the portal and typing the name into the selection box doesn't resolve.<o:p></o:p>

It seems like Azure Active Directory is not aware of devices in the Azure AD Domain Services 'AADDC Computers' group. Can someone please tell me if I've missed something here or is there another way to add it?<o:p></o:p>

Also looked at PowerShell however 'Add-MsolGroupMember' only works for "either users or other security groups."<o:p></o:p>

Thanks,<o:p></o:p>

Paul<o:p></o:p>