Hi all just looking for ideas, here is my scenario:

I have Hybrid Domain join enabled (for over 4 months now) and no issues until today.

All sites except one were experiencing slow logins. 

I then ran dsregcmd /debug /leave on an affected machine and that turned off hybrid ad join, the problem went away.

I then configured another machine to have unrestricted access through the firewall while the machine was still hybrid joined.

That also resolved the issue.

We looked over this document and seem to have our ports allowed. 

Any suggestions?

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports

I have installed Azure AD Application Proxy Connector to an on-premises server, to publish a on-premises application. I have enabled application proxy, and downloaded the connector from the same portal page.

For some reason the Microsoft AAD Application Proxy Connector service starts and then shuts down. Event log says: "Your Connector version is not up to date. Install the latest version of the Connector." This is the only error message I can find.

Needless to say, it is the latest version I could find, 1.5.402.0. If there is a newer version available, it has been very well hidden. I have tried install on two different servers (2016 and 2012 R2) in two different networks, with identical results.

I can register the connector successfully to AAD, and it can be seen there, but the status is "Inactive".

I have gone through all troubleshooting guides I can find, network traffic goes smoothly, no blocking whatsoever in firewall. https://aadap-portcheck.connectorporttest.msappproxy.net/ shows all green, and I can login to login.microsoftonline.com.

I have no idea what to do next. Any suggestions are welcome!

Hello,

I tried multiple times to login Azure Account and chosen the option "Don't ask again for 3 days" in order to avoid repeated code entries for 3 days but it still ask me to enter a code which sent to my phone. Kindly check the snapshot to get better understanding of the issue. You may also notice the time that how frequent i tried the test.

Hope i have explained the issue clearly. could you please suggest me how i can bypass or suppress the text code entry pop-up for said days.

Kind Regards,

Ajay.

Hi,

We are about to start using Azure MFA from the cloud. One thing we need to do is ask our users to complete MFA proofup by going here

https://account.activedirectory.windowsazure.com/proofup.aspx

Last week I discovered that there's a new "converged portal for MFA and SSPR" in Public Preview. SSPR is also enabled in our environment.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-converged

Since we need to ask our users to complete MFA, why not to get them registered to SSPR at the same time. Our users are currently registered to onprem Azure MFA server.

Has anyone here enabled this new portal same time when migrating to Azure MFA cloud? Would it work in my scenario?

Hi All

I installed Azure AD Connect, the following error:

[22:55:31.620] [  1] [INFO ] 
[22:55:31.636] [  1] [INFO ] ================================================================================
[22:55:31.636] [  1] [INFO ] Application starting
[22:55:31.636] [  1] [INFO ] ================================================================================
[22:55:31.636] [  1] [INFO ] Start Time (Local): Thu, 06 Dec 2018 22:55:31 GMT
[22:55:31.636] [  1] [INFO ] Start Time (UTC): Fri, 07 Dec 2018 06:55:31 GMT
[22:55:31.636] [  1] [INFO ] Application Version: 1.2.68.0
[22:55:31.636] [  1] [INFO ] Application Build Date: 2018-11-29 02:50:36Z
[22:55:33.089] [  1] [INFO ] Telemetry session identifier: {0bfa7b7a-d4bc-4630-9fd3-53ec38652848}
[22:55:33.089] [  1] [INFO ] Telemetry device identifier: Zsow3wvreLBcVgAd89YAju1GX9VklDq3lvL+/lLeIPE=
[22:55:33.089] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (3cf46bbe5)
[22:55:33.260] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[22:55:33.276] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[22:55:33.276] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[22:55:33.276] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[22:55:33.276] [  1] [INFO ] Default Proxy [Enabled]: True
[22:55:33.276] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[22:55:33.369] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[22:55:33.369] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[22:55:33.479] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[22:55:33.494] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[22:55:33.526] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[22:55:33.526] [  1] [INFO ] Password Hash Sync supported: 'True'
[22:55:33.541] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[22:55:33.573] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[22:55:33.588] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[22:55:33.872] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:33.950] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[22:55:33.950] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[22:55:33.950] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[22:55:33.950] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[22:55:33.950] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[22:55:33.950] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:33.950] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[22:55:33.950] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[22:55:33.950] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[22:55:33.982] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[22:55:33.982] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[22:55:33.982] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[22:55:33.982] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:33.982] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[22:55:33.982] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[22:55:33.982] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[22:55:33.982] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[22:55:36.261] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[22:55:36.261] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[22:55:36.261] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.261] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[22:55:36.261] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[22:55:36.261] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[22:55:36.261] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[22:55:36.261] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.261] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[22:55:36.261] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[22:55:36.261] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[22:55:36.261] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[22:55:36.261] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.261] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[22:55:36.261] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[22:55:36.261] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[22:55:36.261] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[22:55:36.261] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.261] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {89ca7913-f891-4546-8f55-355338677fe6}.
[22:55:36.261] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.4.7001.0, ProductCode=89ca7913-f891-4546-8f55-355338677fe6, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[22:55:36.261] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[22:55:36.261] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.4.7001.0) is installed.
[22:55:36.261] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[22:55:36.261] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.261] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {72b030ed-b1e3-45e5-ba33-a1f5625f2b93}.
[22:55:36.261] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.4.7469.6, ProductCode=72b030ed-b1e3-45e5-ba33-a1f5625f2b93, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[22:55:36.261] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[22:55:36.261] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.4.7469.6) is installed.
[22:55:36.261] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[22:55:36.261] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.261] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {b9274744-8bae-4874-8e59-2610919cd419}.
[22:55:36.261] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.4.7001.0, ProductCode=b9274744-8bae-4874-8e59-2610919cd419, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[22:55:36.261] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[22:55:36.261] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.4.7001.0) is installed.
[22:55:36.261] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[22:55:36.261] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.261] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[22:55:36.261] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[22:55:36.261] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[22:55:36.277] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[22:55:36.640] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[22:55:36.640] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[22:55:36.640] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[22:55:36.640] [  1] [VERB ] Getting list of installed packages by upgrade code
[22:55:36.640] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {79d9d935-fb8c-4e64-8486-253633c32c31}.
[22:55:36.640] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.2.68.0, ProductCode=79d9d935-fb8c-4e64-8486-253633c32c31, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[22:55:36.640] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[22:55:36.640] [  1] [INFO ] Product Azure Active Directory Connect (version 1.2.68.0) is installed.
[22:55:36.907] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[22:55:36.922] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[22:55:36.922] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[22:55:36.922] [  1] [INFO ] Checking for DirSync conditions.
[22:55:36.922] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[22:55:36.922] [  1] [INFO ] Sync engine is not present. Performing clean install.
[22:55:51.330] [  1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[22:55:51.658] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.GatherEnvironmentData in Page:"Express Settings"
[22:55:51.674] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:1
[22:55:51.690] [ 13] [INFO ] Checking if machine version is 6.1.7601 or higher
[22:55:51.690] [ 13] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[22:55:51.690] [ 13] [INFO ] Password Hash Sync supported: 'True'
[22:55:51.752] [  1] [INFO ] Express Settings install is supported: domain-joined + OS version allowed.
[22:55:56.579] [  1] [INFO ] Express Settings:  Updating page flow for EXPRESS mode install.
[22:55:56.582] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[22:55:56.587] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Save: zero state elements provided, saving an empty persisted state file
[22:55:56.656] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[22:55:56.704] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.StartPrerequisiteInstallation in Page:"Express Settings"
[22:55:56.704] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:2
[22:55:56.759] [ 13] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartNewInstallation in Page:"Install required components"
[22:55:56.759] [ 13] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:3
[22:55:56.815] [  9] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[22:55:56.822] [  9] [INFO ] Sync engine data directory exists. Checking if the directory is empty.
[22:55:56.824] [  9] [ERROR] The sync engine data directory 'C:\Program Files\Microsoft Azure AD Sync\Data' contains existing files. This directory must be empty before installation can continue.
[22:55:56.824] [  9] [INFO ] Sync engine settings error (ValidateInstallDirectory): The sync engine data directory C:\Program Files\Microsoft Azure AD Sync\Data contains existing files. This directory must be empty before installation can continue.
[22:56:04.165] [  1] [INFO ] Express Settings:  Updating page flow for CUSTOM installation.
[22:56:04.165] [  1] [INFO ] Called SetWizardMode(CustomInstall, True)
[22:56:04.165] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Save: zero state elements provided, saving an empty persisted state file
[22:56:04.166] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[22:56:04.167] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[22:56:04.180] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Required Components" [InstallSyncEnginePageViewModel]
[22:56:11.418] [  1] [INFO ] Property ExistingSqlServerName failed validation with error A SQL Server name and instance name are required.
[22:56:11.418] [  1] [INFO ] Property SyncEngineSetup failed validation with error One or more errors exist.
[22:58:04.981] [  1] [INFO ] Property ServiceAccountName failed validation with error Enter the credentials of a domain user account
[22:58:22.882] [  1] [INFO ] Page transition from "Required Components" [InstallSyncEnginePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
[22:58:24.560] [  1] [INFO ] Express Settings:  Updating page flow for EXPRESS mode install.
[22:58:24.560] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[22:58:24.560] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Save: zero state elements provided, saving an empty persisted state file
[22:58:24.560] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[22:58:24.561] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[22:58:24.566] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.StartPrerequisiteInstallation in Page:"Express Settings"
[22:58:24.567] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:4
[22:58:24.621] [ 17] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartNewInstallation in Page:"Install required components"
[22:58:24.622] [ 17] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:5
[22:58:24.622] [ 14] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[22:58:24.693] [ 14] [INFO ] Enter ValidateSqlVersion.
[22:58:24.693] [ 14] [INFO ] Exit ValidateSqlVersion (localdb).
[22:58:24.701] [ 14] [INFO ] Enter ValidateSqlAoaAsyncInstance.
[22:58:24.701] [ 14] [INFO ] Exit ValidateSqlAoaAsyncInstance (localdb).
[22:58:24.704] [ 14] [INFO ] The ADSync database does not exist and will be created.  serverAdmin=True.
[22:58:24.704] [ 14] [INFO ] Attaching to the ADSync database: SQLServerName=DoesNotExist SQLInstanceName= ServiceAccountName=, state=, Collation=, /UseExistingDatabase=False.
[22:58:24.704] [ 14] [INFO ] Starting Sync Engine installation
[22:58:24.707] [ 14] [INFO ] Starting Prerequisite installation
[22:58:24.712] [ 14] [VERB ] WorkflowEngine created
[22:58:24.715] [ 14] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[22:58:24.715] [ 14] [VERB ] Getting list of installed packages by upgrade code
[22:58:24.715] [ 14] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[22:58:24.715] [ 14] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[22:58:24.715] [ 14] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[22:58:24.715] [ 14] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[22:58:24.719] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[22:58:24.728] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[22:58:32.809] [  1] [INFO ] Property Username failed validation with error Username must be in the format name@domain.com or name@domain.onmicrosoft.com
[22:58:45.270] [  1] [INFO ] Property Password failed validation with error A valid domain must be selected.
[22:58:51.955] [ 18] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - systemadmin@saigonxanh.com
[22:58:52.766] [ 18] [INFO ] AzureConfigurationFromPrincipalName: Successfully resolved UPN (systemadmin@saigonxanh.com) to the Worldwide Azure instance. 
Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (AS), Token Endpoint (https://login.microsoftonline.com/f7816936-af14-4d7d-bc3d-0f6826665b06/oauth2/token).
[22:58:52.787] [ 18] [INFO ] ResolveAzureInstance [Worldwide]: authority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, 
Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (AS), Token Endpoint (https://login.microsoftonline.com/f7816936-af14-4d7d-bc3d-0f6826665b06/oauth2/token).
[22:58:52.813] [ 18] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM), resource (https://graph.windows.net), userName (systemadmin@saigonxanh.com).
[22:58:52.837] [ 18] [INFO ] ADAL: 2018-12-07T06:58:52.8347686Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Clearing Cache :- 0 items to be removed
[22:58:52.837] [ 18] [INFO ] ADAL: 2018-12-07T06:58:52.8377715Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Successfully Cleared Cache
[22:58:52.878] [ 18] [INFO ] ADAL: 2018-12-07T06:58:52.8787936Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[22:58:52.880] [ 18] [INFO ] ADAL: 2018-12-07T06:58:52.8807953Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[22:58:53.452] [ 24] [INFO ] ADAL: 2018-12-07T06:58:53.4529238Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: No matching token was found in the cache
[22:58:53.452] [ 24] [INFO ] ADAL: 2018-12-07T06:58:53.4529238Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: No matching token was found in the cache
[22:58:53.452] [ 24] [INFO ] ADAL: 2018-12-07T06:58:53.4529238Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: No matching token was found in the cache
[22:58:53.452] [ 24] [INFO ] ADAL: 2018-12-07T06:58:53.4529238Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: No matching token was found in the cache
[22:58:53.452] [ 24] [INFO ] ADAL: 2018-12-07T06:58:53.4529238Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: No matching token was found in the cache
[22:58:53.452] [ 24] [INFO ] ADAL: 2018-12-07T06:58:53.4529238Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: No matching token was found in the cache
[22:58:53.495] [ 24] [INFO ] ADAL: 2018-12-07T06:58:53.4959485Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: Sending request to userrealm endpoint.
[22:58:54.093] [ 23] [INFO ] ADAL: 2018-12-07T06:58:54.0931119Z: 4c6f3b69-35f6-48e5-9227-07f09b8f6394 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 12/7/2018 7:58:54 AM +00:00
[22:58:54.094] [ 18] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=f7816936-af14-4d7d-bc3d-0f6826665b06, ExpiresUTC=12/7/2018 7:58:54 AM +00:00, UserInfo=systemadmin@saigonxanh.com, IdentityProvider=https://sts.windows.net/f7816936-af14-4d7d-bc3d-0f6826665b06/.
[22:58:54.100] [ 18] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[22:58:54.110] [ 18] [INFO ] DiscoverServiceEndpoint [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalResource=https://graph.windows.net.
[22:58:54.110] [ 18] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring service token.
[22:58:54.110] [ 18] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM), resource (https://graph.windows.net), userName (systemadmin@saigonxanh.com).
[22:58:54.110] [ 18] [INFO ] ADAL: 2018-12-07T06:58:54.1100957Z: 0a88a6b0-0542-440f-8b0f-382a1dfc009f - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[22:58:54.110] [ 18] [INFO ] ADAL: 2018-12-07T06:58:54.1100957Z: 0a88a6b0-0542-440f-8b0f-382a1dfc009f - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[22:58:54.111] [ 18] [INFO ] ADAL: 2018-12-07T06:58:54.1110966Z: 0a88a6b0-0542-440f-8b0f-382a1dfc009f - LoggerBase.cs: An item matching the requested resource was found in the cache
[22:58:54.117] [ 18] [INFO ] ADAL: 2018-12-07T06:58:54.1172319Z: 0a88a6b0-0542-440f-8b0f-382a1dfc009f - LoggerBase.cs: 59.99821427 minutes left until token in cache expires
[22:58:54.117] [ 18] [INFO ] ADAL: 2018-12-07T06:58:54.1172319Z: 0a88a6b0-0542-440f-8b0f-382a1dfc009f - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[22:58:54.118] [ 18] [INFO ] ADAL: 2018-12-07T06:58:54.1182065Z: 0a88a6b0-0542-440f-8b0f-382a1dfc009f - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 12/7/2018 7:58:54 AM +00:00
[22:58:54.118] [ 18] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=f7816936-af14-4d7d-bc3d-0f6826665b06, ExpiresUTC=12/7/2018 7:58:54 AM +00:00, UserInfo=systemadmin@saigonxanh.com, IdentityProvider=https://sts.windows.net/f7816936-af14-4d7d-bc3d-0f6826665b06/.
[22:58:54.120] [ 18] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[22:58:56.165] [ 18] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[22:58:57.395] [ 18] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant f7816936-af14-4d7d-bc3d-0f6826665b06.  Initial domain (saigonxanh.onmicrosoft.com).
[22:58:57.406] [ 18] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[22:58:57.406] [ 18] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[22:58:57.406] [ 18] [INFO ] PowershellHelper: lastDirectorySyncTime=11/26/2018 7:13:04 AM
[22:58:58.491] [ 18] [INFO ] AzureTenantPageViewModel.GetSynchronizedUserCount: number of synchronized users (max 500) - 121
[22:58:59.335] [ 18] [INFO ] AzureTenantPageViewModel.GetSynchronizedUserCount: number of synchronized users (max 500) - 121
[22:58:59.616] [ 18] [INFO ] AzureTenantPage: Successfully retrieved 3 domains from the tenant.
[22:58:59.616] [ 18] [INFO ] AzureTenantPage: Calling to get the last dir sync time for the current user
[22:58:59.850] [ 18] [INFO ] DiscoverServiceEndpoint [AdminWebService]: ServiceEndpoint=https://adminwebservice.microsoftonline.com/provisioningservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalResource=https://graph.windows.net.
[22:58:59.866] [ 18] [INFO ] DiscoverServiceEndpoint [AdminWebService]: ServiceEndpoint=https://adminwebservice.microsoftonline.com/provisioningservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalResource=https://graph.windows.net.
[22:58:59.866] [ 18] [INFO ] AcquireServiceToken [AdminWebService]: acquiring service token.
[22:58:59.866] [ 18] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM), resource (https://graph.windows.net), userName (systemadmin@saigonxanh.com).
[22:58:59.866] [ 18] [INFO ] ADAL: 2018-12-07T06:58:59.8662111Z: 111bfb02-8add-4a1c-8cfb-b6af272f40f6 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[22:58:59.866] [ 18] [INFO ] ADAL: 2018-12-07T06:58:59.8662111Z: 111bfb02-8add-4a1c-8cfb-b6af272f40f6 - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[22:58:59.866] [ 18] [INFO ] ADAL: 2018-12-07T06:58:59.8662111Z: 111bfb02-8add-4a1c-8cfb-b6af272f40f6 - LoggerBase.cs: An item matching the requested resource was found in the cache
[22:58:59.866] [ 18] [INFO ] ADAL: 2018-12-07T06:58:59.8662111Z: 111bfb02-8add-4a1c-8cfb-b6af272f40f6 - LoggerBase.cs: 59.9023808333333 minutes left until token in cache expires
[22:58:59.866] [ 18] [INFO ] ADAL: 2018-12-07T06:58:59.8662111Z: 111bfb02-8add-4a1c-8cfb-b6af272f40f6 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[22:58:59.866] [ 18] [INFO ] ADAL: 2018-12-07T06:58:59.8662111Z: 111bfb02-8add-4a1c-8cfb-b6af272f40f6 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 12/7/2018 7:58:54 AM +00:00
[22:58:59.866] [ 18] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=f7816936-af14-4d7d-bc3d-0f6826665b06, ExpiresUTC=12/7/2018 7:58:54 AM +00:00, UserInfo=systemadmin@saigonxanh.com, IdentityProvider=https://sts.windows.net/f7816936-af14-4d7d-bc3d-0f6826665b06/.
[22:59:01.226] [ 18] [INFO ] GetCompanyConfiguration: tenantId=(f7816936-af14-4d7d-bc3d-0f6826665b06), IsDirSyncing=True, IsPasswordSyncing=True, DomainName=, DirSyncFeatures=41017, AllowedFeatures=None.
[22:59:01.226] [ 18] [INFO ] AzureTenantPage: AdminWebService returned the company information for tenant f7816936-af14-4d7d-bc3d-0f6826665b06.
[22:59:01.226] [ 18] [INFO ] AzureTenantPage: AzureTenantSourceAnchorAttribute is objectGUID
[22:59:01.273] [ 18] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[22:59:01.273] [ 18] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[22:59:01.273] [ 18] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[22:59:01.273] [ 18] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[22:59:01.289] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[22:59:01.320] [  1] [INFO ] Property Username failed validation with error Enterprise Administrator credentials are required
[22:59:05.611] [  1] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[22:59:08.950] [  1] [INFO ] Property Password failed validation with error A password is required - unless using a Virtual or Managed Service Account .
[23:06:12.367] [  9] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - SAIGONXANH.COM\admin
[23:06:12.440] [  9] [ERROR] ConfigOnPremiseCredentialsPage: LogOnUser failed for user SAIGONXANH.COM\admin
[23:06:12.441] [  9] [ERROR] The user name or password is incorrect
Exception Data (Raw): System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect
   at Microsoft.Online.Deployment.Framework.Providers.SecurityProvider.LogonUser(String username, String domain, SecureString password)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigOnPremiseCredentialsPageViewModel.ValidateCredentials(DynamicTextBlockViewModel& error)
[23:06:21.612] [ 28] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - SAIGONXANH.COM\admin
[23:06:21.662] [ 28] [ERROR] ConfigOnPremiseCredentialsPage: LogOnUser failed for user SAIGONXANH.COM\admin
[23:06:21.663] [ 28] [ERROR] The user name or password is incorrect
Exception Data (Raw): System.ComponentModel.Win32Exception (0x80004005): The user name or password is incorrect
   at Microsoft.Online.Deployment.Framework.Providers.SecurityProvider.LogonUser(String username, String domain, SecureString password)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ConfigOnPremiseCredentialsPageViewModel.ValidateCredentials(DynamicTextBlockViewModel& error)
[23:07:11.899] [  8] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - SAIGONXANH.COM\systemadmin
[23:07:11.921] [  8] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user SAIGONXANH.COM\systemadmin
[23:07:11.946] [  8] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[23:07:11.985] [  8] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - saigonxanh.com
[23:07:11.994] [  8] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if SAIGONXANH.COM\systemadmin has AccountEnterpriseAdminsSid privileges in saigonxanh.com
[23:07:12.341] [  8] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-4122347706-1090875728-1142080020, group sid - S-1-5-21-4122347706-1090875728-1142080020-519
[23:07:12.348] [  8] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[23:07:12.354] [  8] [WARN ] ActiveDirectoryProvider.IsUserGroupMember: membership not found - user is NOT a member of the group
[23:07:12.354] [  8] [ERROR] ConfigOnPremiseCredentialsPage: The user SAIGONXANH.COM\systemadmin is not a member of the EnterpriseAdmins group.
[23:09:05.091] [  6] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - SAIGONXANH.COM\administrator
[23:09:05.095] [  6] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user SAIGONXANH.COM\administrator
[23:09:05.095] [  6] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[23:09:05.105] [  6] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - saigonxanh.com
[23:09:05.105] [  6] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if SAIGONXANH.COM\administrator has AccountEnterpriseAdminsSid privileges in saigonxanh.com
[23:09:05.116] [  6] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-4122347706-1090875728-1142080020, group sid - S-1-5-21-4122347706-1090875728-1142080020-519
[23:09:05.116] [  6] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[23:09:05.121] [  6] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: found membership - user is a member of the group
[23:09:05.133] [  6] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'saigonxanh.com' was successfully matched.
[23:09:05.146] [  6] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[23:09:05.153] [  6] [INFO ] Validating forest with FQDN saigonxanh.com
[23:09:05.193] [  6] [INFO ] Examining domain LA.saigonxanh.com (:0% complete)
[23:09:20.416] [  6] [ERROR] ValidateForest (saigonxanh.com): Unable to reach domain: LA.saigonxanh.com
Exception Data (Raw): System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   at Microsoft.Online.Deployment.Framework.Providers.ActiveDirectoryProvider.ValidateForest(String forestName, String domainName, String userName, SecureString password, Action`2 progressChanged)
[23:09:20.452] [  6] [INFO ] Examining domain saigonxanh.com (:0.5% complete)
[23:09:20.455] [  6] [INFO ] ValidateForest: using SGX05.saigonxanh.com to validate domain saigonxanh.com
[23:09:20.458] [  6] [INFO ] Successfully examined domain saigonxanh.com GUID:18e44735-d55f-4d38-8cac-78111f51eb84  DN:DC=saigonxanh,DC=com
[23:09:20.475] [  6] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[23:09:20.521] [  6] [VERB ] MsolDomainExtensions.ConnectMsolService: Connecting to MSOL service.
[23:09:20.521] [  6] [INFO ] DiscoverServiceEndpoint [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalResource=https://graph.windows.net.
[23:09:20.521] [  6] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring service token.
[23:09:20.521] [  6] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM), resource (https://graph.windows.net), userName (systemadmin@saigonxanh.com).
[23:09:20.521] [  6] [INFO ] ADAL: 2018-12-07T07:09:20.5215352Z: 592e58b7-04d6-4407-a67b-3f11531f3b46 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[23:09:20.522] [  6] [INFO ] ADAL: 2018-12-07T07:09:20.5215352Z: 592e58b7-04d6-4407-a67b-3f11531f3b46 - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[23:09:20.522] [  6] [INFO ] ADAL: 2018-12-07T07:09:20.5225361Z: 592e58b7-04d6-4407-a67b-3f11531f3b46 - LoggerBase.cs: An item matching the requested resource was found in the cache
[23:09:20.522] [  6] [INFO ] ADAL: 2018-12-07T07:09:20.5225361Z: 592e58b7-04d6-4407-a67b-3f11531f3b46 - LoggerBase.cs: 49.55810875 minutes left until token in cache expires
[23:09:20.522] [  6] [INFO ] ADAL: 2018-12-07T07:09:20.5225361Z: 592e58b7-04d6-4407-a67b-3f11531f3b46 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[23:09:20.522] [  6] [INFO ] ADAL: 2018-12-07T07:09:20.5225361Z: 592e58b7-04d6-4407-a67b-3f11531f3b46 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 12/7/2018 7:58:54 AM +00:00
[23:09:20.522] [  6] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=f7816936-af14-4d7d-bc3d-0f6826665b06, ExpiresUTC=12/7/2018 7:58:54 AM +00:00, UserInfo=systemadmin@saigonxanh.com, IdentityProvider=https://sts.windows.net/f7816936-af14-4d7d-bc3d-0f6826665b06/.
[23:09:20.522] [  6] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[23:09:21.673] [  6] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Azure AD sign-in" [UserSignInConfigPageViewModel]
[23:09:21.682] [  6] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.UserSignInConfigPageViewModel.ValidateScenario in Page:"Azure AD sign-in configuration"
[23:09:21.682] [  6] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:6
[23:09:21.773] [ 31] [VERB ] MsolDomainExtensions.ConnectMsolService: Connecting to MSOL service.
[23:09:21.773] [ 31] [INFO ] DiscoverServiceEndpoint [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalResource=https://graph.windows.net.
[23:09:21.773] [ 31] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring service token.
[23:09:21.773] [ 31] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM), resource (https://graph.windows.net), userName (systemadmin@saigonxanh.com).
[23:09:21.773] [ 31] [INFO ] ADAL: 2018-12-07T07:09:21.7736903Z: 9e3580bc-c90a-4b4e-98a4-3d3cf95fa9ab - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[23:09:21.773] [ 31] [INFO ] ADAL: 2018-12-07T07:09:21.7736903Z: 9e3580bc-c90a-4b4e-98a4-3d3cf95fa9ab - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[23:09:21.773] [ 31] [INFO ] ADAL: 2018-12-07T07:09:21.7736903Z: 9e3580bc-c90a-4b4e-98a4-3d3cf95fa9ab - LoggerBase.cs: An item matching the requested resource was found in the cache
[23:09:21.773] [ 31] [INFO ] ADAL: 2018-12-07T07:09:21.7736903Z: 9e3580bc-c90a-4b4e-98a4-3d3cf95fa9ab - LoggerBase.cs: 49.53725618 minutes left until token in cache expires
[23:09:21.773] [ 31] [INFO ] ADAL: 2018-12-07T07:09:21.7736903Z: 9e3580bc-c90a-4b4e-98a4-3d3cf95fa9ab - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[23:09:21.774] [ 31] [INFO ] ADAL: 2018-12-07T07:09:21.7746920Z: 9e3580bc-c90a-4b4e-98a4-3d3cf95fa9ab - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 12/7/2018 7:58:54 AM +00:00
[23:09:21.774] [ 31] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=f7816936-af14-4d7d-bc3d-0f6826665b06, ExpiresUTC=12/7/2018 7:58:54 AM +00:00, UserInfo=systemadmin@saigonxanh.com, IdentityProvider=https://sts.windows.net/f7816936-af14-4d7d-bc3d-0f6826665b06/.
[23:09:21.774] [ 31] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[23:09:22.569] [  1] [INFO ] UPN Suffix List
[23:09:22.569] [  1] [INFO ] --------------------------------------------------------------------
[23:09:22.569] [  1] [INFO ] UPN Suffix [Azure Status]
[23:09:22.569] [  1] [INFO ] --------------------------------------------------------------------
[23:09:22.573] [  1] [INFO ] la.saigonxanh.com [Not Added]
[23:09:22.573] [  1] [INFO ] saigonxanh.com [Verified]
[23:09:22.573] [  1] [INFO ] --------------------------------------------------------------------
[23:09:22.574] [ 31] [INFO ] UserSignInConfigPageViewModel: AD Domains: notAddedDomains 1, notVerifiedDomains 0, verifiedDomains 1
[23:09:22.574] [ 31] [INFO ] UserSignInConfigPageViewModel: Azure Domains: aadUnverifiedDomains 0, aadVerifiedDomains 1
[23:09:22.574] [ 31] [INFO ] UserSignInConfigPageViewModel: The currently selected sign-in method is PasswordHashSync
[23:09:22.577] [  1] [WARN ] UserSignInConfigPageViewModel: Some users will not be able to sign-in to Azure AD with on-premises credentials as their UPN suffixes in AD do not have a corresponding Azure verified domain in tenant (saigonxanh.com).
[23:09:32.837] [  1] [INFO ] Page transition from "Azure AD sign-in" [UserSignInConfigPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[23:09:32.845] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize in Page:"Ready to configure"
[23:09:32.845] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:7
[23:09:33.855] [ 30] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: context.WizardMode ExpressInstall.
[23:09:33.892] [ 30] [WARN ] DetermineAutoUpgradeState: AutoUpgrade entering ENABLED mode for express installation.
[23:09:33.892] [ 30] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: autoUpgradeState set to Enabled.
[23:09:33.900] [ 30] [INFO ] SetAutoUpgradeViaAdhealthRegistrykey: Updated SOFTWARE\Microsoft\ADHealthAgent\Sync\UpdateCheckEnabled registry value to 1
[23:09:33.903] [ 30] [INFO ] Restarting Monitoring Agent service.
[23:09:33.906] [ 30] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service AzureADConnectHealthSyncMonitor was not found
[23:09:33.906] [ 30] [WARN ] Monitoring Agent service is not installed, so the service cannot be restarted.
[23:09:37.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[23:09:37.542] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[23:09:37.544] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[23:09:37.557] [  1] [INFO ] PersistAzureAffinity: updating Azure affinity to Worldwide (0).  Original value: <not configured>.
[23:09:37.558] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteADSyncConfiguration in Page:"Configuring"
[23:09:37.558] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:8
[23:09:37.561] [  6] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[23:09:37.564] [  6] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[23:09:37.570] [  6] [INFO ] Starting Sync Engine installation
[23:09:47.607] [  6] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[23:09:47.659] [  6] [INFO ] ServiceControllerProvider:CreateService - serviceName:ADSync, username:SAIGONXANH\AAD_15056d868f5c, assemblyPath:C:\Program Files\Microsoft Azure Active Directory Connect\ADSyncBootstrap.exe
[23:10:21.021] [  6] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[23:10:21.022] [  6] [VERB ] ServiceControllerProvider:Initial service status: Stopped
[23:10:21.022] [  6] [VERB ] ServiceControllerProvider:Starting service and waiting for completion.
[23:10:21.411] [  6] [INFO ] ServiceControllerProvider: StartService status: Running
[23:10:32.230] [  6] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[23:10:32.231] [  6] [VERB ] ServiceControllerProvider:Initial service status: Running
[23:10:32.231] [  6] [VERB ] ServiceControllerProvider:stopping service and waiting for completion.
[23:10:32.483] [  6] [INFO ] ServiceControllerProvider: StopService status: Stopped
[23:10:32.483] [  6] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[23:10:32.483] [  6] [VERB ] ServiceControllerProvider:Initial service status: Stopped
[23:10:32.483] [  6] [VERB ] ServiceControllerProvider:Starting service and waiting for completion.
[23:10:32.859] [  6] [INFO ] ServiceControllerProvider: StartService status: Running
[23:10:33.104] [  6] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[23:10:33.104] [  6] [VERB ] ServiceControllerProvider:Initial service status: Running
[23:10:33.104] [  6] [VERB ] ServiceControllerProvider:stopping service and waiting for completion.
[23:10:33.357] [  6] [INFO ] ServiceControllerProvider: StopService status: Stopped
[23:10:33.361] [  6] [INFO ] ServiceControllerProvider:DeleteService - serviceName:ADSync
[23:10:43.365] [  6] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[23:10:43.365] [  6] [INFO ] ServiceControllerProvider:DeleteService successful - serviceName:ADSync
[23:10:43.376] [  6] [INFO ] BuildMsiArguments: Setting Sync Engine MSI parameters for clean installation
[23:11:47.594] [  6] [INFO ] InstallSyncEngineStage: Sync Engine was successfully installed.
[23:11:47.594] [  6] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[23:11:47.602] [  6] [INFO ] TestAadConnectivity: Test Connectivity to Azure Services under Sync Service Account.
[23:11:48.004] [  6] [INFO ] DiscoverServiceEndpoint [SecurityTokenService]: ServiceEndpoint=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalResource=https://graph.windows.net.
[23:11:48.004] [  6] [INFO ] TestAadConnectivity: Attempting connection to SecurityTokenService service: HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM
[23:11:48.492] [  6] [INFO ] TestAadConnectivity: Connection successful to : SecurityTokenService
[23:11:48.497] [  6] [INFO ] DiscoverServiceEndpoint [AdminWebService]: ServiceEndpoint=https://adminwebservice.microsoftonline.com/provisioningservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/SAIGONXANH.COM, AdalResource=https://graph.windows.net.
[23:11:48.497] [  6] [INFO ] TestAadConnectivity: Attempting connection to AdminWebService service: https://adminwebservice.microsoftonline.com/provisioningservice.svc
[23:11:51.513] [  6] [INFO ] TestAadConnectivity: Connection successful to : AdminWebService
[23:11:51.514] [  6] [INFO ] TestAadConnectivity: Set AzureServiceConnectivityStatus = Success
[23:11:51.517] [  6] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[23:11:51.517] [  6] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[23:11:51.518] [  6] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[23:11:51.530] [  6] [INFO ] PerformConfigurationPageViewModel.StartInstallation: Preparing to configure sync engine.
[23:11:51.558] [  6] [VERB ] GetAdminCredential called with account SAIGONXANH.COM\administrator
[23:11:51.558] [  6] [VERB ] AdministratorUsername is in NTAccount format.
[23:11:51.558] [  6] [VERB ] GetAdminCredential returning account SAIGONXANH.COM\administrator
[23:11:51.558] [  6] [INFO ] Creating AD Connector account for saigonxanh.com.
[23:11:51.722] [  6] [VERB ] CreateADConnectorAccount(System.Net.NetworkCredential, 02af2a5b28b448cc9600c289b3818cbd, saigonxanh.com)
[23:11:51.727] [  6] [INFO ] AD Connector account will have account name SAIGONXANH.COM\MSOL_02af2a5b28b4
[23:11:51.774] [  6] [INFO ] AD Connector account already exists.
[23:11:51.905] [  6] [INFO ] GrantAllActiveDirectoryPermissions: Granting DsReplicationGetChanges permission on all domains for password hash synchronization.
[23:12:13.291] [  6] [ERROR] Caught exception while creating synchronization account.
Exception Data (Raw): System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   at System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
   at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(String forestFQDN, NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.GrantAllActiveDirectoryPermissions(String forestFQDN, NetworkCredential enterpriseAdminCredential, String syncAccountName)
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateADConnectorAccount(String forestFQDN, NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
[23:12:13.294] [  6] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[23:12:13.367] [  6] [ERROR] PerformConfigurationPageViewModel: An error occurred while retrieving the Active Directory schema. The error was: Unknown error (0x80005000)
[23:12:13.367] [  6] [ERROR] PerformConfigurationPageViewModel: Unknown error (0x80005000)
[23:14:19.549] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20181206-225531.log

PLS help Fix it

Thanks ALL

Hi

I'm needing advise on setting up a 2nd domain under existing forest, on a Azure VM.

Once this is set up I want to migrate users from my exisitng local prem AD to this Cloud VM.

I can't manage to permanetly delete a user from Azure AD.

For example. We have added a user with email: test@täst.com.
We don't want to use this account with swedish char ä. Then i try to add test@tast.com wich is the correct address. Thats not possible cuz the account already exists. I assume that our "ä" being parsed as "a". And we can't verify and login with test@tast.com

For that reason i would like to delete test@täst.com and then add test@tast.com.

I follow these steps to permanently delete a user. https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-restore

It's then gone from the UI. 

But if i then add test@tast.com it still says the account already exists.

How do a really delete that user?

/Fredrik

I created one user on-premise yesterday still user is not synced to Azure AD using AAD connect. There is no error in on AAD connect. 

Checked OU filtering but that is fine, also there is no rule in sync rule editor ? also ran IDfix tool no error?

what else I should check ? can you please help..

Afternoon,

I've just downloaded and installed the new Windows Configuration Designer, and am trying to set up bulk enrollment to Azure AD, but whenever I click "Get Bulk Token", I get the prompt to sign into my account but then come back to the first screen with the error:

Bulk token retrieval failed

Bad Request

Have tried on a couple of machines, and get the same error each time. 

Thanks in advance,

Dan

Hey everybody,

We're actually using a full on-premise infrastructure. The fact is, users are connecting to their desktop using a PKI authentication. We want to move on an hybrid solution using AD Connect & PTA Authentication, but for some reason we're force to keep PKI authentication. Can we achieve this ? Or AD Connect do not accept PKI auth. ?

Is there a way to go through this ? 

rgds.

We have a free GIT "visualstudio.com" account (small company), one of my users is declared in the portal but can't log through login.live.com, when she tries to change the passowrd the message is "The ID you entered does not exists", I delete and re-create the user but the problem remains the same.

We are configuring Azure AD as an Idp (using SAML 2.0) and using PingFederate as a Service Provider. When there're multiple logged-in user sessions and user logs out one of them, we are seeing the following behavior:

1. SP sends a SAML logoutRequest to Azure AD
2. SP receives a logoutRequest from Azure AD (looks like Azure AD is doing the 'broadcast' as there is another logged-in session from the same SP)
3. SP responds with logout success to Azure AD's SLO endpoint
4. Azure AD throws error that SLO endpoint does not support SAML logoutResponse protocol
5. SP not receiving a logout response from Azure AD, logout interrupted.

So my questions are:

1. When there're multiple logged-in sessions from same SP and SLO is initiated from one session, why the originating SP is receiving a broadcast?

2. Does the broadcast expect a logout response? I would assume any SP would respond to a logout request, but where should that response be sent to? Apparently the SLO endpoint doesn't support logout response, so is there a different response url on Azure AD to receive these logout response?

3. If we config SP to not send logout response to Azure AD (by setting an empty SLO response url), that does seem to allow logout to continue but SP doesn't finish the logout process by redirecting to customer's redirect endpoint and user stays on a screen telling them to close all browser sessions. (Probably because it's not receiving a success logout response) Note that when there's only one logged-in session, the SLO process works as expected, i.e., user will be redirecting to application's configured endpoint after SLO success.

I am using 

AzureGraphAuthenticationProvider graphAuth = new AzureGraphAuthenticationProvider();        graphAuth.tenantId = tenantId;
        graphAuth.applicationID = applicationID;
        graphAuth.applicationKey = applicationKey;
        GraphServiceClient graphClient = new GraphServiceClient(graphAuth); //sets graph client using previously obtained token
        //graphClient.HttpProvider.OverallTimeout = 0;
        var users = await graphClient.Users.Request().GetAsync();
        string title = "";
        int count = 0;
        while (users != null)
        {
            var usersList = users.CurrentPage.ToList();
            count = count + usersList.Count();
            //users = null;
            users = await users.NextPageRequest.GetAsync();
        }

But I have had no luck in listing the users, I can pull my own info but no one elses.

Though if I use

        User user = await graphClient.Users[currentUser].Request().GetAsync();

I have no problem pulling that specific user's info.

is it possible it is timing out? If so how can I adjust it?

Any thoughts?

Solution:

 try
        {
            while (users != null)
            {
                var usersList = users.CurrentPage.ToList();
                count = count + usersList.Count();
                users = await users.NextPageRequest.GetAsync();
            }
        }
        catch
        {
            //
        }

If you add a user role from the Azure AD portal and then make changes to user roles using the Microsoft 365 portal, once you apply them they remove the roles given from Azure AD.

To test this:

1. From the Azure AD portal, add Application Administrator to a user (Directory Role).
2. Switch over to the Microsoft 365 portal and edit the users roles (User > Account blade > Roles).
3. Uncheck and check a role and save (you don't have to add or remove anything, just make a change so you can save)
   
4. Switch back to Azure portal - Application Admin is gone.

Not all roles in Azure AD are available in Microsoft 365 portal (this is understandable) but it seems that they take precedence over Azure AD (or the back-end command is doing a complete overwrite of permissions and not add)

Hello,

Our current AD Connect server is outdated. We are making plans to update. Currently we have only one AD Connect server. We want the environment more high available. We have a Azure subscription so It’s possible to use that.

Question: I am looking for information and best practice to make AD Connect high available.

Your advice and suggestions are highly appreciated.

Kind Regards,

Finn

Heya, 

I'll start small and spread my question as I see where the wind blows but in short I was wondering why the roles I can grant to users through the Azure Active Directory (portal.azure.com dashboard -> Azure Active Directory -> Users -> [select a user] -> Directory Role -> Add Role) do not match IN THE SLIGHTEST the roles I can view from a resources (let's say Virtual Machine) IAM menu (eg: portal.azure.com dashboard -> Virtual Machines -> [select a VM] -> Access Control (IAM) -> Add Role Assignment).

Does this mean that, for example, I cannot assign the Virtual Machine Contributor role to a user, and I can only do so to a combination of User + Resource (weaksauce)?

Regards,

Jaime

Hello

We have Office 365 tenant with many users, and we do not have nor use Enterprise Mobility + Security (EMS).

My question is: How can I find out what Azure AD edition do we have? Is there any option in the UI that tells what Azure AD edition e.g. Basic, Premium P1, or Premium P2 that we have?

Thank you & Please let me know!

https://docs.microsoft.com/en-us/learn/modules/design-for-security-in-azure/4-infrastructure-protection

From this knowledge base, it seems SP is different to MI, MI sounds more robust and quick to deploy and dedicated to fewer resources by default. However, in this article : 

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

The SP now at the picture at MI - and it's suddenly confusing to me now. Can any one guide me through:

1) Are they the same thing? If yes, why inventing MI as we already have SP?

2) If I already have an Application registered under AAD, how do i tell it's MI or SP?

Thank you.