Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Bug: Can't add on-prem AD group to Azure AWS gallery app's Users and Groups shortly after the group is created

January 12, 2019, 10:05 am
$
0
0

Hello,

This is a pair of weird bugs, probably related to sync/timing. To repeat:

  1. Set up a working Azure AD with sync from on-prem AD (no password sync)
  2. Set up a working Azure AWS gallery app / integration
  3. Create an on-prem AD group, wait for it to appear in Azure 
  4. Shortly after, attempt to add the group to the Azure AWS app's Users and groups in azure portal. You will receive an error that it cannot add the group.
  5. Wait some time (let's say half an hour)
  6. Then add the group again, it will work, _but_ users who are members of this group will not have Access Panel tile. 
  7. Create and add Azure AD group, add some users and add those to Azure AWS Users & Groups. It will successfully add, but users who are members will also not have access to the Azure AWS tile on access panel
  8. Wait some more
  9. Issues go away.
Search

How can I locate Service Connection Point for Azure AD connect?

January 15, 2019, 6:48 pm
$
0
0
How can I locate Service Connection Point for Azure AD connect in Windows Server?

stock with an Azure AD tenant (directory) and cannot delete it!

January 15, 2019, 10:04 pm
$
0
0

Here is what I did:

I first set up a test tenant under Azure AD and associated it with my domain name. then I added an enterprise app and tested out single sign on with google cloud. All good! 

I then needed to clean up my test tenant and go about creating the proper tenant for my application, but now things are messed up and I cannot delete the test tenant. Here are the problems:

1) Even though I have deleted all the applications under the tenant, it complains about enterprise applications and refuses to delete the tenant (directory). 

2) I then decided to use powershell to see if I could clean things up. Because I'm on free trial, it asked me to activate  "zure Active Directory Premium P2". So, I did. Now I'm further stock! It says I have to "Delete all license-based subscriptions", but I cannot find a way! 

Why on earth the user interface is SOOOO busy and complicated and unintuitive!

Any help is greatly appreciated! 

Query Regarding the Email storage in AAD

January 15, 2019, 11:17 pm
$
0
0

I have one query related to the Azure Active Directory Email provisions

The AAD provides a self service portal for recovery, where we can update the Email and Phone number by self. Can some one help us know actually where these information are stored in the Azure Active Directory. Because the upfront Email and Phone number in the Azure portal does not reflect these changed information.

I am attaching the document to refer the self service portal

Error when querying a list of available contact from Office365 APIM

January 4, 2019, 1:22 am
$
0
0

I'm getting an error when doing a GET call, using postman, for the Audit.General and Audit.AzureActiveDirectory subscriptions that I've enabled via a POST call. I'm passing the generate OAuth token with the following URL:

https://manage.office.com/api/v1.0/20157d3d-13e8-4af3-871a-d347e47d5b4a/activity/feed/subscriptions/content?contentType=Audit.General

But I'm getting a response error:

{
    "error": {
        "code": "String reference not set to an instance of a String.\r\nParameter name",
        "message": "s"
    }
}

Am I missing something?

I've followed the instructions provided from:

https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference

Also did an app registration like this:

https://blogs.msdn.microsoft.com/emeamsgdev/2018/08/03/querying-the-office-365-management-apis-using-postman/

Cheers,

Karthik

Azure AADconnect Placeholder issue

December 3, 2018, 10:43 pm
$
0
0

Hi All,

We have AADconnect to sync the objects with Azure. version 1.1.882.0

Recently i have noticed most of the Connector space are stopped and changed as Placeholder. So objects are not synced to azure.

Then after executing Full import , then again all the objects are connected to MV. 

What could be cause of the issue.? any communication error with AD or Management agent issue.

Also advice how can i avoid such issue in Future.

Regards,

Sridhar


 

Sridhar

Azure Web App bot not working - Authentication issues

January 16, 2019, 1:27 am
$
0
0

I have created a new Web App Bot in Azure Portal, using Microsoft App Id and Password which was provided by my organization admin, because of my permissions (I don't have Active Directory permissions to register a new application).

I created the bot successfully, but it is not working as expected. The messages are not sent from the bot. As soon as I send the message I got this error in bot output,

Error: Refresh access token failed with status code: 400 at Request._callback 
(D:\home\site\wwwroot\node_modules\botbuilder\lib\bots\ChatConnector.js:697:36) at Request.self.callback 
(D:\home\site\wwwroot\node_modules\request\request.js:185:22) at emitTwo (events.js:106:13) at Request.emit (events.js:191:7) at Request. 
(D:\home\site\wwwroot\node_modules\request\request.js:1161:10) at emitOne (events.js:96:13) at Request.emit (events.js:188:7) at IncomingMessage. 
(D:\home\site\wwwroot\node_modules\request\request.js:1083:12) at IncomingMessage.g (events.js:291:16) at emitNone (events.js:91:20)

Then I tried to troubleshoot the bot authentication, I followed the step provided in this page https://docs.microsoft.com/en-us/azure/bot-service/bot-service-troubleshoot-authentication-problems?view=azure-bot-service-3.0#step-2

Here after the POST request from curl with App Id as client Id and App password as client secret, I got the below error

{    "error": "unauthorized_client",    "error_description": "AADSTS700016: Application with identifier '[AppId]' was not found in the directory 'botframework.com'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant\r\nTrace ID: fb60c381-afa9-48f4-8946-155a3ab21a00\r\nCorrelation ID: 5f51355a-8e8d-471d-aeba-a286ba620362\r\nTimestamp: 2019-01-10 06:54:24Z",    "error_codes": [700016],    "timestamp": "2019-01-10 06:54:24Z",    "trace_id": "fb60c381-afa9-48f4-8946-155a3ab21a00",    "correlation_id": "5f51355a-8e8d-471d-aeba-a286ba620362"
}

From this one, I understood there is an issue with Bot's AppId and Password.

How can I fix this issue ??


Bug: Azure AWS gallery app for SSO integration does not save SSO choice

January 11, 2019, 4:08 pm
$
0
0

While following the "Tutorial: Azure Active Directory integration with Amazon Web Services (AWS)", I discovered that the step 2 of "Configure Azure AD single sign-on" section - doesn't work. Specifically the choice of "SAML" is never saved. Instead, it always reverts back to disabled (there is no "Save" button either). If you were to follow the guide as is, when you'd click "Test", you would be greeted by this error message: "This functionality is not enabled or not available".

The work-around is to switch to do the relevant setup, then switch to the "old experience" and click save. That enables SAML finally.

Search

AADB2C MFA Using Phone Number for Previous User

January 11, 2019, 8:19 am
$
0
0

Hi,

I've noticed that when signing into our application using different users that have different MFA phone numbers it will sometimes get stuck trying to send the text message to the wrong phone number (for the user that was signed in previously).  Any ideas on how to stop this from happening?  Please let me know if I can provide more details that would shed some light on the situation.

Thanks,

Brandon

Federation between two Azure AD B2C instances

January 16, 2019, 2:23 am
$
0
0

Hi,

is there a way to federate two azure AD B2C instances (from same subscitpion or not).

I've got a Azure AD B2C with users and I want to be able to signin (transparently) in a second Azure AD B2C with the user from the first one.

I've tried to with create a identity provider (OpenId Connect that is in preview) but for the moment it doesn't working

Thanks for your help

Microsoft.Graph: Insufficient privileges to complete the operation Error

January 16, 2019, 2:32 am
$
0
0
Please help me about how to resolve this error which is occurred while fetching user information from particular Azure AD Group using Microsoft.Graph library

Duplicate Attribute Error

January 16, 2019, 2:44 am
$
0
0

Hi,

I've just installed AAD connector. Installed express settings and all seemd well. But have 2 mismatches. Started with those two where global admins i AAD. Removed the role, and now i have  conflict 

ProxyAddresses
SMTP:user@ourdomain.no
Error Type: AttributeValueMustBeUnique

I alredy had an tenant i aad, and most of my existing users on premiss have been manually created i office 365 and AAD. But now i wanted to establish single signon, and therefore sync users between on premiss and Azure

My question is: How to fix this? 

My user i AAD are connected with exchange in office 365, and I want that my user on premiss should grant this user.

 

Azure Active Directory domain services, Join on prem machines without VNET.

January 16, 2019, 3:32 am
$
0
0

I deployed Azure active directory domain service then enabled secure LDAP to be accessed from the internet through the same VNET or any other connected VNETs using site 2 site i can join any machine to the active directory service

if its doable, is verified custom domain required or any other configuration required .

why change owner of device in azure ad doesnt affect list of user devices?

January 16, 2019, 4:40 am
$
0
0

Hi,

I selected a new owner of device in azure AD and then removed old owner from device.

but when I try to list devices on new user I cant see this change. why? when I inspect device details, the owner is correct - the new one. 

thanks

non gallery in house java app integration with azure active directory single sign on issue

January 16, 2019, 4:41 am
$
0
0
Dear Teach Support,

We have our own inhouse app designed Java tomcat and hosted on Azure in Centos VM, we are using SAML 2.0 and

org.opensaml.saml2.metadata.provider

org.springframework.security.saml

for our SSO needs , while integrating our app with Microsoft Azure active directory sso with non gallaery app, we are receving following error. 

We have followed https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications

please help and advise



Error as follows:

HTTP Status 401 - Authentication Failed: Incoming SAML message is invalid

type Status report

message Authentication Failed: Incoming SAML message is invalid

description This request requires HTTP authentication.

Apache Tomcat/7.0.47






Search

Azure AD Sync & SSO

November 29, 2018, 9:52 pm
$
0
0

I am trying to enable seamless SSO for my AD forest however the wizard fails and so I am trying the Powershell route. In doing the command Enable-AzureADSSOForest I get the following error. I've tried a few different Google searches without finding a true fix. I'd appreciate any help!

PS C:\Program Files\Microsoft Azure Active Directory Connect> Enable-AzureADSSOForest

cmdlet Enable-AzureADSSOForest at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
OnPremCredentials
[23:49:52.158] [ 15] [INFORMATIONAL] GetDefaultWellKnownContainer: Attempting to look up the default well-known contain
r...
[23:49:52.251] [ 15] [INFORMATIONAL] GetDefaultWellKnownContainer: Found the default well-known container: CN=Computers
DC=my,DC=onpremise,DC=domain
Enable-AzureADSSOForest : A referral was returned from the server.
At line:1 char:1
+ Enable-AzureADSSOForest
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Enable-AzureADSSOForest], DirectoryServicesCOMException
    + FullyQualifiedErrorId : System.DirectoryServices.DirectoryServicesCOMException,Microsoft.KerberosAuth.Powershell
   .PowershellCommands.EnableAzureADSSOForestCommand

ADFS Protected ASMX and WCF service

January 8, 2019, 7:18 am
$
0
0
We registered all On-Premise applications and Services(ASMX/WCF) on Azure Active Directory to make them ADFS protected. We have DUO integrated on ADFS. But Since Azure AD Application proxy is in picture so all needs to be KCD authenticated. When an ADFS protected web application calls any service which is also ADFS protected, It breaks. Let me know what all changes, i can make in application or service to make both of them as ADFS Authenticated.

Static IP for a VM

January 16, 2019, 10:12 am
$
0
0
I need a static IP for a vm as one that apps that runs on it connects to a vendor app that is ip controlled.

SAML 2.0 SSO for office 365 not working

January 13, 2019, 5:56 pm
$
0
0

Hi,

We have a Saml 2.0 IDP setup that works for Google and Dropbox, but when implementing it on office 365 it keeps of failing.

It fails with the following response before JS auto redirect.

"AADSTS70002: Error validating credentials. AADSTS50064: Credential validation failed.
Trace ID: 5eb644d1-5d7e-4f6d-b9c4-cba667cf8500
Correlation ID: 77e1d097-ffe9-4775-94b8-857b206281f7
Timestamp: 2019-01-11 07:17:26Z"
After redirect, it will show this.

Sorry, that didn't work.
Please go back to Office.com and try again.
Thanks.

We are pretty sure that the NameID, IDPEmail are both correct since we tried logging in with Google as IDP and successfully logged in with the same values.

Already tried submitting an office 365 support ticket, but they replied saying that they don't deal with this kind of issues, so if anyone knows where I can get some help it would be very helpful.

Thanks in advance,

Michael

ADFS and integrated authentication with both SAML and OpenID Connect

December 6, 2018, 8:24 am
$
0
0

Hi,

We are using ADFS 4.0 and have one site using SAML, with IP restrictions, and another site using OpenID Connect. When using IE/Edge the windows integrated authentication is enabled. We get an internal error in ADFS when you first sign in to the site using SAML and then try to sign in to the other site using OpenID Connect. The sign in to the OpenID Connect site works if you clear cookies and go straight to that site. 

It appears ADFS gets into an internal error state trying to use single sign-on between the first site (SAML) and second site (OpenID Connect), or gets into some internal conflict trying to track session for the user. Our intent is to really treat these sites as completely different logins, with SSO being driven by windows integrated authentication through the browser.

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>