Hi! URGENT! I am facing an error while trying to join a Windows 10 Machine to Azure AD. Error code: 801c000c There was an error communication with the server. You can try to do this again or contact your system administrator with the error code 801c000c.
↧
Windows 10 Machine to Azure AD. Error code: 801c000c
↧
2 factor ID turned on?
I started an Azure account to see if this would be compatible with my small business. I am using the AAD free subscription.
On initial log-in to the Azure AD, clients are being asked for 2 factor ID. I can bypass this but it may be confusing to my staff on their initial log-in. My understanding was MFA was only available for premium accounts. Any way to turn this off?
Thank you.
↧
↧
Grant access to CRM on-premises to Azure B2B users
Hi,
I need to give Azure B2B users access to an instance of CRM 2015 on-premises.
Any one would happen to know if what is explained in this post for Access to SAML apps is all required to allow access to guest users?
https://docs.microsoft.com/en-us/azure/active-directory/b2b/hybrid-cloud-to-on-premises
↧
Bug: WSE dasbhoard add Microsoft Cloud accounts - DataGridViewComboBoxCell value is not valid
Hi I am looking for solution to fix bug in WSE2016 dashboard. Dashboard version 10.0.0.14393.0.
Users add-in version: 10.0.0.14393.0
In Add microsoft cloud accounts dialog i get error:
The following exception occured in DataGridView:
SystemArgumentException: DataGridViewComboBoxCell value is not valid
To replace this default dialog please handle the DataError event
Any ideas, or temporary workarounds?
↧
Auto add users to non-gallery app
We have an Webapplication and made a SSO app in azure so users can login with their O365 account to our system.. The problem is that i have to invite users to the app as guest user before they can login. Is there a way of bypass that invite?
Now they get an error saying:
User account 'v...@live.no' from identity provider 'http://live.com ' does not exist in tenant 'Antenor AS' and cannot access the application 'https://developer.test.no ' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Hopefully someone can help out on this..
↧
↧
Azure AD Seamless Single Sign-On only works when password login used but not with Windows Hello?
We have a working Azure AD SSO as long as you login with password. If you use a device with Hello camera (Surface Pro) or Hello fingerprint (Lenovo X1 Yoga) it prompts for pin when accessing local resources then fails. Is this expected behavior?
Brian Hoyt
↧
Accessing local domain resources (file / print) with AAD joined device / login?
I am trying to figure out if what I am trying to do is supposed to work and I am doing something wrong or if it isn't supposed to work. In my environment I have a local AD that is connected to AAD / Office 365 via AD Connect and the synchronization works fine. I am doing some testing of Win 10 RS2 / CU in combination with newer Intune MDM stuff. If during OOBE I AAD Join the device everything works fine for AAD resources like auto login and business store access. However I can't access my local domain joined servers for things like file / print. If I look at computer management on the Win 10 device I see the local admin group has the AAD user listed as domain\username like it would if it was local domain joined. However if I try to access server it fails with permission error. If I manually type in domain\username using other user option and same password I am able to access resources. This however is not a good user experience.
Is this supposed to work? I can't seem to figure it out. Thanks for any help or pointers to documentation.
Brian Hoyt
↧
Azure B2B and automating setting up guest accounts between two O365 tenants.
Howdy!
We are now in a multi-tenant O365 environment and sharing SPO between environments has become cumbersome. So we are looking at automating importing Tenant B’s users as guests in to Tenant A without an invitation being sent out.
I know we can use PowerShell and a CSV file to create the Azure AD B2B guest accounts, but in order to keep up with on boarding and off boarding of users in the Tenant B we’d need to do this at least daily.
Is there another way to do this? Perhaps automatically federating accounts from Tenant B in to Tenant A as guest accounts without a PowerShell and CSV route?
Thanks!
↧
b2clogin.com replacing domain name with tenant name in callback url
I have an Azure AD B2C domain with a custom domain name.
Let's say the domain name is company.com and the ad tenant name is company.onmicrosoft.com.
If I send an authorize request such as https://company.b2clogin.com/company.onmicrosoft.com/b2c_1_signinup/oauth2/v2.0/authorize?client_id=XXXXXXXXXXXXXXXXXXXXXXX&response_type=id_token&redirect_uri=https%3a%2f%2fwww.company.com%2flogin%2fcallback&scope=openid&nonce=1549468309&p=B2C_1_SignInUp&response_mode=fragment
It works and redirects as expected.
However, if I send a request at the suggested url to
https://company.b2clogin.com/company.com/b2c_1_signinup/oauth2/v2.0/authorize?client_id=XXXXXXXXXXXXXXXXXXXXXXX&response_type=id_token&redirect_uri=https%3a%2f%2fwww.company.com%2flogin%2fcallback&scope=openid&nonce=1549468309&p=B2C_1_SignInUp&response_mode=fragment
I get an error response back that says https://www.company.onmicrosoft.com/login/callback is not a valid registered callback url.
Notice that Azure AD replaces "company.com" with "company.onmicrosoft.com" in the callback url that I sent.
I would prefer not to have "company.onmicrosoft.com" in the login url path.
Is my AD B2C instance not configured correctly or is this a bug in Azure AD B2C?
↧
↧
Removed user remains sign in app and access the app until he does logout
When I remove the user from an assigned app, User still remains sign in app until he does log out.
↧
Azure Active Directory name and Account status after ADDS Integration.
Hello World,
Newbie to Azure here. We run an on prem ADDS that is Server 2008 native in a 2012 Windows server.
We want to use AAD with Enable seamless sign on with PTA using password hash sync (not ADFS). Eventually we want to use this for Office 365 and other cloud services.
Our current on prem AD domain is called cok.xxxx.ca and our main website is xxxxx.ca. I was reading an article on AAD prerequisites and they recommend adding a custom domain name using the Azure Active Directory portal https://docs.microsoft.com/en-ca/azure/active-directory/fundamentals/add-custom-domain
If I have to register then, what should I name the AAD domain (recommended) to enable the seamless sign on with PTA? (I want users to login using their corporate email address and password for Office 365 and other cloud services)
Also, MS helped us set up our current subscription in Azure that is probably liked to our support agreement. I use my first.lastname@xxxx.ca address to login. However when i login i select it as my personal email address. The system will not allow me to login if i select that this is my work email address.
If I get AAD connect and the sync functionality working successfully, then when I sync the on prem AD with AAD then how will the system handle the email address conflict (as my AD password is separate from the current Azure password but the email address/username
is the same.)
↧
Username not email address using Resource Owner Password Credentials in Azure AD B2C
I wonder if it is possible to use username like `john.smith` instead of `john.smith@myfirm.com` in Resource Owner Password Credentials in Azure AD B2C.
https://docs.microsoft.com/en-gb/azure/active-directory-b2c/configure-ropc
For example like below:
All users are my firm's employees. We will import user data into azure AD before using B2C.https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth
Content-Type: application/x-www-form-urlencoded
username=john.smit&password=mypassword&grant_type=password&scope=openid myappId offline_access&client_id=myappId&response_type=token+id_token
Ideally, we don't want to append @myfirm.com before sending it to B2C.
Any idea?
↧
Unable to update the SPN keys hits an error while doing so
I have created an SPN on azure.
I am unable to set another key it gives me an error.
Unable to complete the request due to data validation error.
Any idea what might be causing this.
KK
↧
↧
Sign In Logs not coming to Storage account despite having P2 Trial
Hi,
I am having trouble with receiving the SignIn Logs of Azure Active Directory to a storage account through Azure Active Directory Diagnostics Settings. I enabled the P2 trial license and then configured the storage account to get sign in logs as well but they are not coming. I have tried disabling and then enabling again as well after some time but nope. Could you please check?
Directory ID -- 2dfc6a32-d03c-4504-8d69-f08da326f294
Any idea what is happening?
Thanks,
Pranav
↧
ADFS 3.0 & "AutoCertificateRollover set to False"
Dear,
i need to double check one thing for ADFS certificates
Token Sign/Decrypt certificates are about to expire (< 1 month)
Service Com/SSL certificate is about to expire (1 month)
Now, when logging on Portal.office.com I have a message that states that
"One of your on-premises Federation Service certificates is expiring.
Failure to renew the certificate and update trust properties within 11 days
will result in a loss of access to all O365 services for all users"
Considering that
- all three certs are generated from a CA => none are self-signed.
- "AutoCertificateRollover" is set to False
Will ADFS still generate the new self signed certificates within this period (my understanding is no)
Is that "11 days" the effective value or is it the certificates expiry date that matters ?
Kind regards,
Thanks in advance
If the provided answer is helpful, please click 'Propose as Answer' Managing Office 365, Identities and Requirements Windows Server Virtualization, Configuration
↧
Connect to Azure AD - Creds not Working
Trying to setup Micorsoft Azure Active Directory Connect and I'm at the Connect to Azure AD screen. Now the username and password that I'm using to get into the portal are what I'm inputting here and I'm getting an error about the user name or password
being incorrect. What am I missing? The credentials are fine - I can sign into the portal without an issue.
↧
System.AggregateException Daemon Applications Azure Active Directory code samples
Hello!
I was using https://docs.microsoft.com/en-us/azure/active-directory/develop/sample-v1-code#daemon-applications-accessing-web-apis-with-the-applications-identity to test automation with service principals and hit a road block.
When the value of key="todo:TodoListBaseAddress" in app.config file is changed to the URL of the web api it fails with the following error.
System.AggregateException
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib
StackTrace:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at TodoListDaemon.Program.Main(String[] args) in C:\gitClones\active-directory-dotnet-daemon-master\TodoListDaemon\Program.cs:line 82
Inner Exception 1:
HttpRequestException: An error occurred while sending the request.
Inner Exception 2:
WebException: The underlying connection was closed: An unexpected error occurred on a send.
Inner Exception 3:
IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Inner Exception 4:
SocketException: An existing connection was forcibly closed by the remote host
The URL works fine when pasted into a web browser. Can anyone verify that the sample works as intended?
Thanks!
↧
↧
Unable to create Service Principal with correct permissions to Log Analytics
Hi all
I'm trying to create a Service Principal (SP) with the correct permissions to Log Analytics to allow me to connect with Grafana to create Dashboards. Whichever way I create the SP (Portal, CLI, etc) or use an existing SP, Grafana gives me the below error
Azure Log Analytics: Forbidden: InsufficientAccessError. The provided credentials have insufficient access to perform the requested operation
I have followed the documentation to create the SP that's in various locations eg https://dev.loganalytics.io/oms/documentation/2-Authorization/1-AAD-Setup or https://docs.microsoft.com/en-us/azure/azure-monitor/platform/grafana-plugin.
The SP has Log Analytics Contributor role to the workspace itself (as well as the rest of the subscription). The SP has Delegated Permissions to Read Log Analytics Data as user and permissions have been granted. Not sure what I'm missing, have tried this with different installs of Grafana (local machine and hosted in Azure).
I can connect to Azure Monitor successfully from Grafana using an SP. If I try to use the same SP for Log Analytics I get the above error again. I'm trying to test this out in my MSDN subscription, if that makes any difference?
Happy to provide any other info that might be useful
Thanks
↧
how to get token using Microsoft oAuth2 authentication using Java
we are using Java and rest assured to test a API. Our API are using Microsoft Integrated login with oAuth2 authentication.
In order to test the API's we need to get token and use the token in the automation suite.
we are using below code with Rest-Assured libraries to get the token but receiving 302 status code.
How do I get token using oAuth2 from Rest-Assured/Java or only from Java ?
RestAssured.given().relaxedHTTPSValidation().redirects().follow(false).param("Auth URL", AUTHORITY1).param("Access Token URL", ACCESSURL).param("Client ID", CLIENT_ID).param("Client Secret", CS).param("Scope","read").param("Grant Type","Client Credentials").auth().preemptive().basic(UN, PSSWD).when().redirects().follow(false).get(URL).statusCode());ATDD automation developer
↧
Unable to find out when my Azure Active Directory Premium trial started.
On my Azure account, I enabled Azure Active Directory Premium FREE trial a few weeks back. The trial is for 30 days. When I go to Azure portal and Click on `Azure Active Directory` from left, it does not give any option to find out exactly when the trial had started. I don't recal the exact date I had started the trial and there is no email sent by Azure on my email address on their file for my Azure account.
Question: How can I find out when exactly trial expiration date is so I can discontinue the Azure AD trial subscription because according the above link after the trial the regular rate applies and there is one year commitment (that I do not wat to make). Please help.
UPDATE:
Please note that this is NOT an Office 365 plan. It's a regular Azure plan that you get access to viahttps://portal.Azure.com. When I click on Azure Active Directory > Licenses > Purchased Products,I get the following screen:
And when I click on first row above, I get the following screen:
↧