Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Open LDAP sync to Office 365

February 6, 2019, 6:06 pm
$
0
0

Hi Guys,

Is it possible to synchronize the Open LDAP users to Office 365 using Azure AD Connect?

Thanks,

Lawrence

Search

Want to move tenant from one region to other in Azure

February 7, 2019, 9:14 pm
$
0
0

Hi All,

I want to move tenant from West US to East US 2 in Azure. What is the best way to do it ? I don't want to delete from West US and recreate in East US 2 as it is time consuming process and may need downtime.

Any help would be really appreciated.

Regards,

Akash

Option to Resend verification email

February 7, 2019, 10:30 pm
$
0
0
We have implemented azure AD B2C in our project. We have verification email send functionality also. But the problem is, it gets expire in some time. If user does not use it in time, he is not able to register. There is no way to resend the verification email if user did not receive it or did not click on the link in time. Is there any provision to resend verification email in azure AD B2C?

Duplicate Computers and Conditional Access (Hybrid Azure AD Join)

June 22, 2018, 7:34 pm
$
0
0

https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup#step-5-verify-joined-devices

We have set this up successfully, but we see two entries for the most part for each computer (one for Azure AD registered" and one for "Hybrid Azure AD joined")

We are trying to do some Intune conditional access with "Hybrid" Windows devices, but best we can tell, the computer thinks we are coming from the Azure AD Registered computer, not the Hybrid joined computer, even though they are one in the same.

It was our understanding that activating this would "merge" the entries together, but that doesn't seem to be the case. Can anyone shed some light on this situation? We are in a password hash sync environment with no federation.

Duplicate devices Azure AD registered and hybrid joined

September 14, 2018, 1:14 am
$
0
0

We have exactly the same problem as this person: https://social.msdn.microsoft.com/Forums/azure/en-US/9930dec8-4cc0-445f-9a0e-e2db7c3336b5/duplicate-computers-and-conditional-access-hybrid-azure-ad-join?forum=WindowsAzureAD (but that forum post isn't answered).

Why are all devices duplicates? All devices now have a "registered" entry and a "hybrid" entry.

Some devices say Intune compliant on the "hybrid" device, others on the "registered" device. 

We just want one entry. Can we clean things up? Or merge the devices?

Thanks.

ADFS Configuration - Connect to AD DS Error - "The credential provided is not a domain administrator. Provide a credential that is a member of the Domain Admins group and try again"

February 8, 2019, 12:22 am
$
0
0

Hello,

I am getting above error while configuring ADFS through ADFS Configuration Wizard after it's installation.

First I have installed and deploy an AD Domain Service "shelvestech.in". Then created an Azure Virtual machine Windows Server 2016 Data Center "eisenvault-vm" and the administrator of this machine is user "eisenvault". There is an user "vipul.swarup" on domain shelvestech.in added in AAD DC Administrators group for the domain. 

Now I have joined domain shelvestech.in with the virtual machine eisenvault-vm. Then I logged in virtual machine with domain shelvestech.in AAD DC user vipu.swarup. I installed ADFS as a Role. Now after installation while configuring ADFS I getting below error for user vipul.swarup.

"The credential provided is not a domain administrator. Provide a credential that is a member of the Domain Admins group and try again"

So is AAD DC group user of domain not have the appropriate permissions to do this? What and how another appropriate permissions can be given? 

Thank you very much in advance for your help. I am suffering in this from a couple of days. Thank you.

Sumit Tomar

Grant access to CRM on-premises to Azure B2B users

February 6, 2019, 4:35 am

AD Connect - Sync Only Members of Specific Groups

February 8, 2019, 2:07 am
$
0
0

Hi all. new to AD Connect and Azure AD. We would like to start syncing a few on-prem accounts to Azure AD premium. I would prefer to control the users that are synced using group memberships i.e. sync a list of user based on their membership in group X rather than their location in the directory (OU).

Is this possible? 

 
Search

Account and Password expiry with Password hash Sync

February 8, 2019, 2:11 am
$
0
0

It seems that when using PHS if an on prem account expires or the password expires they can still logon at the Azure AD. I'm struggling to understand why this is implemented in this manner? I see that the accountExpires attribute in not synced and password expiration is driven by domain policy rather than a direct flag on the user.

Any way around this i.e. when an account or password expires on prem it is reflected in the cloud? 

Deleteing Tenant - Registered Apps

February 8, 2019, 2:58 am
$
0
0

Hi there,

for various reasons, I'm trying to delete my Azure AD lab tenant, however, two items are blocking the list and stopping me from deleteing the tenant. 

One is the registered apps. I've deleted all registered apps and the view is empty, but azure still seems to have an app somewhere that doesn't show up on the view.

The second is the subscription. I've cancelled that subscription and have no other license-based subscriptions, yet the item isn't cleared.

How can I check if there's still a registered app somewhere, blocking this item from being cleared. And how do I properly remove the subscription to clear the second item so I can delete the tenant?

Thanks,

Fred  

Azure AD connect TLS 1.2 upgrade

February 8, 2019, 4:01 am
$
0
0

Hi ,

I am planning to Enable TLS 1.2 protocol for my AAD connect server. AAD Connect server 1.2.68.0 version and windows server 2012 SP1. 

After TLS upgrade it may impact any azure AD authentication,attribute flow ,ADFS SSO and SSPR? Do i need to do any change in ADFS server and Azure AD also?

Are AAD connect and ADFS server are integrate.? I thought there is no link between this ADFS Server and AAD connect?. 

Not able get any technical clarification for this queries. 

Sridhar

Azure MFA server - conditional access

February 7, 2019, 1:59 am
$
0
0

Hi, 

We have an on-prem MFA server which uses the local Active Directory as primary authentication and Azure MFA service for phone auth. 

This is working fine, however, is it possible to utilise the conditional access settings found in Azure for these logins?

The accounts are being sync'd to Azure Active Directory using AD connect. 

Regards

Shaun

Azure AD connect Filter

February 8, 2019, 4:09 am
$
0
0

Hi

Is it possible to filter the object not to import from AD in AAD connect. I am planning through Attribute base filtering but objects comes to MV and then enabling Cloud filter true to stop Azure sync. But I doesn't required that object should flow from AD to AAD itself. 

Mostly how we do filter in FIM 2010 /MIM 2016 Sycnhronization engine.  I can't use Organization Unit Filtering, we required all the OU to be connected. 

Please suggest some options

Sridhar

Powershell script for get Azure AD Joined devices

February 8, 2019, 4:57 am
$
0
0

Powershell script for get Azure AD Joined devices


Microsoft Graph API

February 7, 2019, 5:57 am
$
0
0

I really don't know where to post din but since my problem involves azure, I'm going to drop it down here.
Basically, what I am trying to achieve is to create an appointment in my outlook calendar from my WinForm App so I looked if there's an API for that. I found out about the Microsoft Graph. I read some docs and they are redirecting me to an Azure Portal which I really don't have.

Will you be so <g class="gr_ gr_517 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" data-gr-id="517" id="517">kind</g> to explain what will be the things I need to get this done. Also, is this MS Graph API free, Is Azure free?

Regards

Search

Azure AD B2C and Flask

February 6, 2019, 10:45 pm
$
0
0

I'm trying to authenticate my Python Flask app with Azure AD B2C and my user flow (policy). However I keep getting this error:


oauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter.127.0.0.1 - - [07/Feb/2019 17:06:17]

when trying https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c<name>

I have been able to successfully authenticateto https://login.microsoftonline.com/<tenant>.onmicrosoft.com/oauth2/v2.0/authorize?

Any ideas?

Thanks


Unable to access oauth api for client tenant (timeout)

February 6, 2019, 2:47 pm
$
0
0

I have a service application that can request single sign on from azure, in this case using openId. I have a customer trying to implement this feature, but any request to the oauth api under their azure tenant results in a timeout. I have other customers set up who don't have an issue, just this one. Any ideas?

One of the api calls from the tenant: https://login.microsoftonline.com/02760698-17fe-40de-9be0-0e948230e39f/oauth2/v2.0/authorize

I know that this call doesn't work without the other query parameters, but normally this base url call would result in the microsoft page displaying an error message and error code. This url just causes the browser itself to eventually implement a timeout error.

Azure Identity Protection missing options from Sign-in Policy controls

February 6, 2019, 10:48 pm
$
0
0

Hello!

Started playing with Azure Identity Protection and noticed that I do not have same options for controls that the MS docs site has: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy

Image: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/media/howto-sign-in-risk-policy/13.png

I only have "Require Password change" under User Risk policy when allowing access
And only have "Require multi-factor authentication aunder Sign-in risk policy when allowing access

Convert Azure Active Directory to Azure AD Managed Domain Services

February 8, 2019, 9:10 am
$
0
0

We have all the users (150+) in the Azure cloud with O365 and Intune licenses (Intune joined machines). These users are cloud only and not syncing with any on-premises Domain controller.

We want to use LDAPs for Azure. Can we convert Azure AD to managed domains without breaking anything? Is it supported?

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-getting-started 

 

stock with an Azure AD tenant (directory) and cannot delete it!

January 15, 2019, 10:04 pm
$
0
0

Here is what I did:

I first set up a test tenant under Azure AD and associated it with my domain name. then I added an enterprise app and tested out single sign on with google cloud. All good! 

I then needed to clean up my test tenant and go about creating the proper tenant for my application, but now things are messed up and I cannot delete the test tenant. Here are the problems:

1) Even though I have deleted all the applications under the tenant, it complains about enterprise applications and refuses to delete the tenant (directory). 

2) I then decided to use powershell to see if I could clean things up. Because I'm on free trial, it asked me to activate  "zure Active Directory Premium P2". So, I did. Now I'm further stock! It says I have to "Delete all license-based subscriptions", but I cannot find a way! 

Why on earth the user interface is SOOOO busy and complicated and unintuitive!

Any help is greatly appreciated! 

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>