I have a question regarding Azure MFA Server On-Premises.  I work for a company where they have rolled out Office 365 in the US, but we are going to be migrating our UK users to Office 365 within the next 6-12 months.

In the meantime, I would like to enable MFA on our VPN users so one of the solutions we have been looking at is Azure MFA Server.  My question is, can we buy 150 Active Directory P1 licenses to cover the VPN users but not assign the license to a user in Azure AD?  Does the Azure MFA Server on-premises check who is authenticating against on-premises AD and then check if the user has a license in Azure AD to MFA against Azure MFA Server?

The reason for doing this is, I don't want to sync the users or create them manually in Azure AD until we are ready to start migrating to Office 365.

Thanks in advance for any advice.

---

Robert Milner | Website: http://www.remilner.co.uk | Twitter: @robm82

Hello!

I install a new AADC on mac AD server. The connection will be works with ADFS and WAP. When I deploy the AADC and during the wizard configuring got an error message:

"An error occurred executing Update Federated AAD Trust task: An error occurred while executing the 'Update-MsolFederatedDomain' command. The switch parameter SupportMultipleDomain is required here."

When I execute in powershell on the ADFS server:

Update-MsolFederatedDomain -DomainName "domain.com" -SupportMultipleDomain

I got it:

Successfully updated 'domain.com' domain.

But I run the command without -SupportMultipleDomain command I got the following error:

Update-MsolFederatedDomain : The switch parameter SupportMultipleDomain is required here.
At line:1 char:1
+ Update-MsolFederatedDomain -DomainName "domain.com"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Update-MsolFederatedDomain], FederationException
    + FullyQualifiedErrorId : MultipleDomainSwitchRequired,Microsoft.Online.Identity.Federation.Powershell.UpdateFeder
   atedDomainCommand

The error message seems like in the AADC error line.

Whats wrong?

Hi there, we created a new site called cloud-services@hoodgroup.net, as this was owned by us, it automatically added it to our tenant, and AD users were available. We didnt actually expect this, and wanted the site self contained. I wanted to create 'local users' for the domain management, because if I login to azure.portal.com with my AD login, i cant see any of the apps we have built on cloud-services@hoodgroup.net, we wanted to know if we could login to this without AD passwords, by modifying the URL somewhat to point to the cloud-services. Otherwise we just login to our Office 365 tenant, and no apps. Thanks

From Tonton(@tonton_marco) viaTwitterwho writes:

“I have an Office 365 subscription. I installed AAD. I have a 2k19 server on premise. The link between 2 AD is correct. But I can't synchronize existing users in AAD: conflict error using the email address. I read the doc, but no solution on this problem...

So how can your implement a hybrid environment with sharepoint 365?”

The customer was referred to the content on https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization and https://techcommunity.microsoft.com/t5/Office-365/Enable-AD-Connect-sync-with-existing-Office-365-accounts-and/td-p/214765 but these didn’t help

Appreciate if you may be able to assist the customer on this matter.

Thanks,

@AzureSupport

Dear forum,

we are trying to configure single sign on for an application, which is not listed in the Azure AD gallery.

Based on Azures Twitter Support we would need to add the application as "non gallery application" in the portal.
Since this would be the first and only Azure AD Premium feature, we would like to configure this without having to taking extra money in hand.

Maybe the application manifest file is the suitable solution here?

Our Applicaton is called Nextcloud and is hosted outside of Azure and supports SAML, OpenId, LDAP and so on.

We managed to get the SAML connection up and running but we need to add the custom field "quota" to the SAML token.

In difference to the tutorial on https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization we do not see the section "Single Sign On" for our application.

We are looking forward to your reponse and hope to find a good solution.

Best regards

Team,

How do I know my Azure account administraor for my account technically, Currently we are using B2B Azure accounts. 

We have so many local administrators and they don't know much about Azure accounts, so I want to contact only the right administor and do my password reset.


Regards,
Kishore

Hello,

I'm using Azure AD Sync to keep my on-premises AD in sync with Azure. I keep getting the following error:

Unable to update this object in Azure Active Directory, because the attribute
[extension_ebad079fee3145b286669fc781788c1b_thumbnailPhoto], in the local Directory
exceeds the maximum allowed length. If you want to update, reduce the length in the
local directory services, and then try again

I tried to clear the attribute locally via ADSI (I assume is thumbnailPhoto attribute in the user's AD profile), and also to replace with another image, but I keep getting the same error. Do you have any idea, please?

Thanks,
Luca

I keep on getting a 400 response :"error_description": "AADSTS50105: Application 'xxx-xxxx-xxxxx' is not assigned to a role for the application 'https//mytenat.onmicrosoft.com/xxxx-xxxx-xxxxx'. I'm trying service-to -service, Client app to web api. My web API defines application roles. I know how to assign application roles to users. But I think this one requires to assign roles to other applications. And I couldn't find any resource regarding that. How do I do that?

We added on-premises applications for remote access through Application Proxy in Azure Active Directory and integrated MFA on ADFS.

After registering applications on Azure, applications are throwing "Access to XMLHttpRequest at'https://login.microsoftonline.com/**/oauth2/authorize?response_type=code&client_id=**&scope=openid&nonce=**&redirect_uri=https//abc.com%2fAB%2f&

state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c

%22OriginalRawUrl:https//abc.com/**RequestProfileId:**EndOfStateParam%23'

(redirected from https://abc.xyz.com/......) from origin (redirected from https://abc.xyz.com) has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

This error is coming after 20-30 minutes of actively/inactively usage of applications. User opens the applications work on it for around 20-30 minutes and suddenly on AJAX request from application, user receives afore stated error in console.

Hi all,

I am about to deploy Password Protect for our on-premise AD. 

Noting that AAD P1 or P2 license is required for on-prem accounts synced to Azure AD. All our users have AAD P1 so that is find. Also, we have a number of service accounts that requires sync to AAD, but does not have a license.

Would these service accounts require a license? They do not change password normally and have no requirement for global or custom password ban list. 

Thanks.

Hi @all,

I have a question / problem I am working on for several days now.

I did some tests myself, I did a lot of research but I found nothing equal.

I wanted to change my Azure AD Connect from federated authentication to seamless single sign on with pass-through.
After I changed the options in the Azure AD Connect wizard, I got an error "failed to create single sign-on secret for true".
Pass-through was activated and works fine. Seamless SSO was enabled too, but the local domain computer account "AZUREADSSOACC" was created in the default computer OU and deleted after the wizard reported the error.

As I said, I did a lot of research and I tried to enable seamless SSO through powershell.

When I ran "Enable-AzureADSSOForest -OnPremCredentials $creds" with the credentials of a domain admin I got the following output:

[17:11:29.814] [  6] [INFORMATIONAL] GetDefaultWellKnownContainer: Attempting to look up the default well-known container...
[17:11:29.830] [  6] [INFORMATIONAL] GetDefaultWellKnownContainer: Found the default well-known container: CN=Computers,DC=DOMAIN,DC=local
[17:11:30.095] [  6] [INFORMATIONAL] No conflicts found for the reserved SPNs and computer account display name.
[17:11:30.095] [  6] [INFORMATIONAL] Creating computer account in CN=Computers,DC=DOMAIN,DC=local (DOMAIN.local)...
[17:11:30.127] [  6] [INFORMATIONAL] Setting password for computer account with DN 'CN=AZUREADSSOACC,CN=Computers,DC=DOMAIN,DC=local'...
Exception Data (Raw): System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
   --- End of inner exception stack trace ---
   at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
   at Microsoft.KerberosAuth.KerberosAuthInterface.OnPremiseOperations.LdapClientProvider.SetPassword(String dn, String password, OnPremAuthenticationContext onPremAuthenticationContext)
   at Microsoft.KerberosAuth.KerberosAuthInterface.OnPremKerberosAuthProvider.CreateComputerAccount(OnPremAuthenticationContext onPremAuthenticationContext, String containerOu)
[17:11:30.142] [  6] [INFORMATIONAL] DeleteComputerAccount: Locating SSO computer account with name 'AZUREADSSOACC'...
[17:11:30.158] [  6] [INFORMATIONAL] DeleteComputerAccount: AZUREADSSOACC found in DOMAIN.local. Deleting...
Enable-AzureADSSOForest : Exception has been thrown by the target of an invocation.
At line:1 char:1
+ Enable-AzureADSSOForest -OnPremCredentials $creds
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Enable-AzureADSSOForest], TargetInvocationException
    + FullyQualifiedErrorId : System.Reflection.TargetInvocationException,Microsoft.KerberosAuth.Powershell.PowershellCommands.EnableAzureADSSOForestCommand

I tried to run this command with another domain admin credentials.
I tried to create the computer object in another OU (with the parameter -parentdn)
I reinstalled Azure AD Connect just in case the AzureAdSSO.psd1 ist corrupt.

We have only one forest with one domain. I mention that because I found solutions for similar problems regarding root and child domain.

Unfortunately I have no idea how to solve the issue.

Can anyone help me out?

Thank you

Kind regards

Philipp

Hi,

I am creating a Custom Policy in Azure AD B2C, where I'm adding a new Technical Profile using protocol OAuth2.

And I'm configuring the metadata item HttpBinding as "POST" as this documentation - https://docs.microsoft.com/en-us/azure/active-directory-b2c/oauth2-technical-profile - says that this value sets "The expected HTTP binding to the access token and claims token endpoints.".
However, the Claims token endpoint is being called by GET, not POST. And the access token is being sent to the claims endpoint as a query string parameter.
How can I configure it to pass the access token in the Authorization header (and not in the query string), and call the claims endpoint by POST?

Thanks!

I would like to know if Azure AD supports remotely authenticating windows laptops / desktops. I have an on prem 2012 R2 domain controller that I am considering integrating with azure ad using azure ad connect but I need to verify that this configuration will allow domain connected remote computers to authenticate windows logins remotely.

If not could you please advise what configuration would work in this scenario?

Thanks in Advance.

I am a desktop technician and login to multiple different Hybrid Azure AD Joined devices on a daily basis.  In the past, a new Azure AD Device registration record is generated for each device that I login to.  This has resulted in multiple entries for the same device, and my profile has exceeded the maximum number of devices each user is allowed per our settings.  Because this threshold has been exceeded, I can no longer join new devices to Azure AD.  If I delete the device record that is tied to my profile, and retain the records for the other users, will this action impact or disable the device for other users?

The Intune Device Enrollment Manager role has been added to my profile, and no devices have been registered in my name since this role was added.

I want to create an AAD tenant for a domain I own. When I try to create the domain, the validation says : 'Already in use by another directory'.

The domain name is quite unusual -- it's unlikely (not impossible of course) that the AAD domain was created by someone else. 

Question is: How could I possibly find the AAD, access it, and add it to my Azure Portal? 

Assume I can answer any security questions etc that would identify me as the owner.

Is there a way to get AD Sync service availability report?

---

Warm Regards, Hariprakash T

I am having difficulty joining an Azure Windows Server 2016 VM to an “Azure AD Domain Services” domain. I think the problem may be that I am not getting my credentials entered correctly when I get prompted for the name and password of an account with permission to join the domain. I have referenced the following document to assist: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-join-windows-vm-portal

Per this note in the document I have tried both the UPN and SAM account name format but I always get “the user name or password is incorrect”:

Tip - We recommend using the UPN format to specify credentials. If a user's UPN prefix is overly long (for example, joehasareallylongname), the SAMAccountName might be auto-generated. If multiple users have the same UPN prefix (for example, bob) in your Azure AD tenant, their SAMAccountName format might be auto-generated by the service. In these cases, the UPN format can be used reliably to log on to the domain.

Domain name is like: thisnamexxxxxx.onmicrosoft.com (14 characters prefix the “.onmicrosoft.com”)

User name is like: myname@whatever.com

When the credential dialog box comes up I have tried all of the following:

1.             Domain listed in box: thisnamexxxxxx.onmicrosoft.com               username: myname
2.             Domain listed in box: thisnamexxxxxx.onmicrosoft.com               username: myname@whatever.com
3.             No domain listed in box, UPN format: myname@thisnamexxxxxx.onmicrosoft.com
4.           No domain listed in box, UPN format: myname@whatever.com@thisnamexxxxxx.onmicrosoft.com
5.           No domain listed in box, SAM format: thisnamexxxxxx.onmicrosoft.com\myname
6.           No domain listed in box, SAM format: thisnamexxxxxx.onmicrosoft.com\myname@whatever.com

None of these work.... They all get a NetJoin 1326 error (the user name or password is incorrect)

-             thisnamexxxxxx.onmicrosoft.com is listed as my default directory

-             I have enabled password synchronization as these accounts are Azure AD only accounts.

-             I am using an account that is in the AAD DC Administrators group

-             I have verified and re-verified I am using the correct password....

-             I have searched and read many answers to this question but can’t seem to find the needed solution

Any help would be greatly appreciated. Thanks.

I am attempting to install MS Azure AD connect on a Server 2008 machine. I receive the following error:

Framework 4.5.2 is already installed on the machine. If I attempted to install 4.0 or 4.51, I receive an error that there is a newer version installed. 

What is the workaround for this? 

I have a problem in deleting one of my Active Directories.

When I try deleting the directory from its dashboard, it shows there are still some registered apps and I cannot proceed to the next step.

I confirmed that there are no apps shown as the pictures indicate, and am not sure how to resolve the problem.

Hi All,

Trying to setup a new AAD Connect on a DC using the administrator (tried other enterprise admin accounts as well) Logs as follows. I have xxx out the domain

[17:55:20.239] [  1] [INFO ] 
[17:55:20.241] [  1] [INFO ] ================================================================================
[17:55:20.241] [  1] [INFO ] Application starting
[17:55:20.241] [  1] [INFO ] ================================================================================
[17:55:20.241] [  1] [INFO ] Start Time (Local): Fri, 22 Feb 2019 17:55:20 GMT
[17:55:20.241] [  1] [INFO ] Start Time (UTC): Fri, 22 Feb 2019 09:55:20 GMT
[17:55:20.243] [  1] [INFO ] Application Version: 1.2.70.0
[17:55:20.243] [  1] [INFO ] Application Build Date: 2018-12-17 07:19:47Z
[17:55:21.414] [  1] [INFO ] Telemetry session identifier: {82bbfdf2-3a42-489d-b95a-532a5d388c08}
[17:55:21.414] [  1] [INFO ] Telemetry device identifier: AV8mjaQGze1L1EzqRB5RVBs4FGfblc1f9QHKWP56aYI=
[17:55:21.415] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (590693a40)
[17:55:21.541] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[17:55:21.542] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[17:55:21.542] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[17:55:21.542] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[17:55:21.542] [  1] [INFO ] Default Proxy [Enabled]: True
[17:55:21.542] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[17:55:21.596] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[17:55:21.596] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[17:55:21.699] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[17:55:21.733] [  1] [INFO ] Loading the persisted settings .
[17:55:21.797] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[17:55:21.836] [  1] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
[17:55:21.836] [  1] [INFO ] Password Hash Sync supported: 'True'
[17:55:21.876] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[17:55:21.890] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[17:55:21.899] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[17:55:21.904] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:21.920] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[17:55:21.921] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[17:55:21.924] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[17:55:21.924] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[17:55:21.925] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[17:55:21.935] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:21.936] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:55:21.936] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:55:21.936] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[17:55:21.950] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[17:55:21.950] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[17:55:21.950] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[17:55:21.951] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:21.951] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
[17:55:21.951] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[17:55:21.951] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[17:55:21.960] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[17:55:22.407] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
[17:55:22.408] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[17:55:22.408] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.408] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[17:55:22.408] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[17:55:22.408] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[17:55:22.408] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[17:55:22.408] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.408] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
[17:55:22.408] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[17:55:22.408] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
[17:55:22.408] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[17:55:22.408] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.408] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[17:55:22.408] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[17:55:22.408] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[17:55:22.408] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[17:55:22.408] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.408] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {89ca7913-f891-4546-8f55-355338677fe6}.
[17:55:22.409] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.4.7001.0, ProductCode=89ca7913-f891-4546-8f55-355338677fe6, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[17:55:22.409] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[17:55:22.409] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.4.7001.0) is installed.
[17:55:22.409] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[17:55:22.409] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.410] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {72b030ed-b1e3-45e5-ba33-a1f5625f2b93}.
[17:55:22.410] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.4.7469.6, ProductCode=72b030ed-b1e3-45e5-ba33-a1f5625f2b93, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[17:55:22.410] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[17:55:22.410] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.4.7469.6) is installed.
[17:55:22.410] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[17:55:22.411] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.411] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {b9274744-8bae-4874-8e59-2610919cd419}.
[17:55:22.412] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.4.7001.0, ProductCode=b9274744-8bae-4874-8e59-2610919cd419, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[17:55:22.412] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[17:55:22.412] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.4.7001.0) is installed.
[17:55:22.412] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[17:55:22.412] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.413] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[17:55:22.413] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[17:55:22.413] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[17:55:22.415] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[17:55:22.465] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[17:55:22.467] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[17:55:22.467] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[17:55:22.467] [  1] [VERB ] Getting list of installed packages by upgrade code
[17:55:22.467] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {b9170312-edaf-4e0c-9241-2407915b93ec}.
[17:55:22.468] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.2.70.0, ProductCode=b9170312-edaf-4e0c-9241-2407915b93ec, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[17:55:22.468] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[17:55:22.468] [  1] [INFO ] Product Azure Active Directory Connect (version 1.2.70.0) is installed.
[17:55:22.820] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[17:55:22.822] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[17:55:22.824] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[17:55:22.824] [  1] [INFO ] Checking for DirSync conditions.
[17:55:22.824] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[17:55:22.836] [  1] [INFO ] Initial configuration is incomplete.
[17:55:22.840] [  1] [INFO ] Resume Wizard from previous Azure service connectivity failure.
[17:55:22.859] [  1] [INFO ] SyncDataProvider:LoadSettings - loading context with persisted global settings.
[17:55:23.646] [  1] [ERROR] Configuration policy could not be retrieved (GetGlobalConfigurationParameters).  Details: System.Management.Automation.CommandNotFoundException: The term 'Get-ADSyncGlobalSettingsParameter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.GlobalSettingsConfigAdapter.GetGlobalConfigurationParameters()
   at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.LoadSettings(IAadSyncContext aadSyncContext)
[17:55:23.763] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.GatherEnvironmentData in Page:"Express Settings"
[17:55:23.764] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:11
[17:55:23.781] [ 19] [INFO ] Checking if machine version is 6.1.7601 or higher
[17:55:23.782] [ 19] [INFO ] The current operating system version is 10.0.14393, the requirement is 6.1.7601.
[17:55:23.782] [ 19] [INFO ] Password Hash Sync supported: 'True'
[17:55:24.254] [  1] [INFO ] Express Settings install is supported: domain-joined + OS version allowed.
[17:55:28.058] [  1] [INFO ] Express Settings:  Updating page flow for EXPRESS mode install.
[17:55:28.061] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
[17:55:28.065] [  1] [WARN ] MicrosoftOnlinePersistedStateProvider.Save: zero state elements provided, saving an empty persisted state file
[17:55:28.068] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[17:55:28.077] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[17:55:28.114] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.ExpressSettingsPageViewModel.StartPrerequisiteInstallation in Page:"Express Settings"
[17:55:28.114] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:1130
[17:55:28.197] [ 19] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartNewInstallation in Page:"Install required components"
[17:55:28.198] [ 19] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:1155
[17:55:28.261] [ 20] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
[17:55:28.269] [ 20] [INFO ] Enter ValidateSqlVersion.
[17:55:28.269] [ 20] [INFO ] Exit ValidateSqlVersion (localdb).
[17:55:28.273] [ 20] [INFO ] Enter ValidateSqlAoaAsyncInstance.
[17:55:28.273] [ 20] [INFO ] Exit ValidateSqlAoaAsyncInstance (localdb).
[17:55:28.275] [ 20] [INFO ] The ADSync database does not exist and will be created.  serverAdmin=True.
[17:55:28.275] [ 20] [INFO ] Attaching to the ADSync database: SQLServerName=DoesNotExist SQLInstanceName= ServiceAccountName=, state=, Collation=, /UseExistingDatabase=False.
[17:55:28.275] [ 20] [INFO ] Starting Sync Engine installation
[17:55:28.278] [ 20] [INFO ] Starting Prerequisite installation
[17:55:28.280] [ 20] [VERB ] WorkflowEngine created
[17:55:28.283] [ 20] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[17:55:28.284] [ 20] [VERB ] Getting list of installed packages by upgrade code
[17:55:28.284] [ 20] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[17:55:28.285] [ 20] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[17:55:28.285] [ 20] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[17:55:28.285] [ 20] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[17:55:28.292] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[17:55:28.329] [  1] [INFO ] Property Password failed validation with error A valid domain must be selected.
[17:55:38.353] [ 17] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au
[17:55:38.401] [ 17] [INFO ] AzureConfigurationFromPrincipalName: Successfully resolved UPN (xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au) to the Worldwide Azure instance. 
Resolution Method [Registry Configuration]: Worldwide.
[17:55:38.419] [ 17] [INFO ] ResolveAzureInstance [Worldwide]: authority=HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU, 
Resolution Method [Registry Configuration]: Worldwide.
[17:55:38.440] [ 17] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU), resource (https://graph.windows.net), userName (xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au).
[17:55:38.456] [ 17] [INFO ] ADAL: 2019-02-22T09:55:38.4540451Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Clearing Cache :- 0 items to be removed
[17:55:38.456] [ 17] [INFO ] ADAL: 2019-02-22T09:55:38.4560620Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Successfully Cleared Cache
[17:55:38.481] [ 17] [INFO ] ADAL: 2019-02-22T09:55:38.4810434Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[17:55:38.482] [ 17] [INFO ] ADAL: 2019-02-22T09:55:38.4820431Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[17:55:39.164] [ 16] [INFO ] ADAL: 2019-02-22T09:55:39.1640474Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: No matching token was found in the cache
[17:55:39.164] [ 16] [INFO ] ADAL: 2019-02-22T09:55:39.1640474Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: No matching token was found in the cache
[17:55:39.164] [ 16] [INFO ] ADAL: 2019-02-22T09:55:39.1640474Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: No matching token was found in the cache
[17:55:39.164] [ 16] [INFO ] ADAL: 2019-02-22T09:55:39.1640474Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: No matching token was found in the cache
[17:55:39.164] [ 16] [INFO ] ADAL: 2019-02-22T09:55:39.1640474Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: No matching token was found in the cache
[17:55:39.164] [ 16] [INFO ] ADAL: 2019-02-22T09:55:39.1640474Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: No matching token was found in the cache
[17:55:39.200] [ 16] [INFO ] ADAL: 2019-02-22T09:55:39.2000509Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: Sending request to userrealm endpoint.
[17:55:40.358] [ 13] [INFO ] ADAL: 2019-02-22T09:55:40.3580527Z: 9bcef4df-871f-49d9-b98f-d47c2a0fa3c4 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 2/22/2019 10:55:40 AM +00:00
[17:55:40.359] [ 17] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=9f6b161d-2543-4744-bfb6-60239033100a, ExpiresUTC=2/22/2019 10:55:40 AM +00:00, UserInfo=xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au, IdentityProvider=https://sts.windows.net/9f6b161d-2543-4744-bfb6-60239033100a/.
[17:55:40.362] [ 17] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[17:55:40.370] [ 17] [INFO ] DiscoverServiceEndpoint [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU, AdalResource=https://graph.windows.net.
[17:55:40.370] [ 17] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring service token.
[17:55:40.370] [ 17] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU), resource (https://graph.windows.net), userName (xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au).
[17:55:40.371] [ 17] [INFO ] ADAL: 2019-02-22T09:55:40.3710553Z: 362d3836-4d9f-4831-a47a-ba4809127306 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[17:55:40.371] [ 17] [INFO ] ADAL: 2019-02-22T09:55:40.3710553Z: 362d3836-4d9f-4831-a47a-ba4809127306 - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[17:55:40.371] [ 17] [INFO ] ADAL: 2019-02-22T09:55:40.3710553Z: 362d3836-4d9f-4831-a47a-ba4809127306 - LoggerBase.cs: An item matching the requested resource was found in the cache
[17:55:40.373] [ 17] [INFO ] ADAL: 2019-02-22T09:55:40.3730545Z: 362d3836-4d9f-4831-a47a-ba4809127306 - LoggerBase.cs: 59.99875031 minutes left until token in cache expires
[17:55:40.373] [ 17] [INFO ] ADAL: 2019-02-22T09:55:40.3730545Z: 362d3836-4d9f-4831-a47a-ba4809127306 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[17:55:40.373] [ 17] [INFO ] ADAL: 2019-02-22T09:55:40.3730545Z: 362d3836-4d9f-4831-a47a-ba4809127306 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 2/22/2019 10:55:40 AM +00:00
[17:55:40.373] [ 17] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=9f6b161d-2543-4744-bfb6-60239033100a, ExpiresUTC=2/22/2019 10:55:40 AM +00:00, UserInfo=xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au, IdentityProvider=https://sts.windows.net/9f6b161d-2543-4744-bfb6-60239033100a/.
[17:55:40.379] [ 17] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[17:55:41.791] [ 17] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[17:55:43.957] [ 17] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant 9f6b161d-2543-4744-bfb6-60239033100a.  Initial domain (xxxxxxxxxxxxx.onmicrosoft.com).
[17:55:43.962] [ 17] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=False
[17:55:43.968] [ 17] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Disabled
[17:55:43.973] [ 17] [INFO ] PowershellHelper: lastDirectorySyncTime=10/23/2018 5:46:50 AM
[17:55:44.912] [ 17] [INFO ] AzureTenantPageViewModel.GetSynchronizedUserCount: number of synchronized users (max 500) - 37
[17:55:45.571] [ 17] [INFO ] AzureTenantPageViewModel.GetSynchronizedUserCount: number of synchronized users (max 500) - 37
[17:55:46.158] [ 17] [INFO ] AzureTenantPage: Successfully retrieved 5 domains from the tenant.
[17:55:46.158] [ 17] [INFO ] AzureTenantPage: Calling to get the last dir sync time for the current user
[17:55:47.121] [ 17] [INFO ] DiscoverServiceEndpoint [AdminWebService]: ServiceEndpoint=https://adminwebservice.microsoftonline.com/provisioningservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU, AdalResource=https://graph.windows.net.
[17:55:47.190] [ 17] [INFO ] DiscoverServiceEndpoint [AdminWebService]: ServiceEndpoint=https://adminwebservice.microsoftonline.com/provisioningservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU, AdalResource=https://graph.windows.net.
[17:55:47.190] [ 17] [INFO ] AcquireServiceToken [AdminWebService]: acquiring service token.
[17:55:47.190] [ 17] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU), resource (https://graph.windows.net), userName (xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au).
[17:55:47.190] [ 17] [INFO ] ADAL: 2019-02-22T09:55:47.1900986Z: 80daf311-870b-478a-bf08-4e60cc2d92d7 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[17:55:47.190] [ 17] [INFO ] ADAL: 2019-02-22T09:55:47.1900986Z: 80daf311-870b-478a-bf08-4e60cc2d92d7 - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[17:55:47.191] [ 17] [INFO ] ADAL: 2019-02-22T09:55:47.1910985Z: 80daf311-870b-478a-bf08-4e60cc2d92d7 - LoggerBase.cs: An item matching the requested resource was found in the cache
[17:55:47.191] [ 17] [INFO ] ADAL: 2019-02-22T09:55:47.1910985Z: 80daf311-870b-478a-bf08-4e60cc2d92d7 - LoggerBase.cs: 59.8851162433333 minutes left until token in cache expires
[17:55:47.191] [ 17] [INFO ] ADAL: 2019-02-22T09:55:47.1910985Z: 80daf311-870b-478a-bf08-4e60cc2d92d7 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[17:55:47.191] [ 17] [INFO ] ADAL: 2019-02-22T09:55:47.1910985Z: 80daf311-870b-478a-bf08-4e60cc2d92d7 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 2/22/2019 10:55:40 AM +00:00
[17:55:47.191] [ 17] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=9f6b161d-2543-4744-bfb6-60239033100a, ExpiresUTC=2/22/2019 10:55:40 AM +00:00, UserInfo=xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au, IdentityProvider=https://sts.windows.net/9f6b161d-2543-4744-bfb6-60239033100a/.
[17:55:48.748] [ 17] [INFO ] GetCompanyConfiguration: tenantId=(9f6b161d-2543-4744-bfb6-60239033100a), IsDirSyncing=False, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=41016, AllowedFeatures=None.
[17:55:48.748] [ 17] [INFO ] AzureTenantPage: AdminWebService returned the company information for tenant 9f6b161d-2543-4744-bfb6-60239033100a.
[17:55:48.748] [ 17] [INFO ] AzureTenantPage: AzureTenantSourceAnchorAttribute is mS-DS-ConsistencyGuid
[17:55:48.758] [ 17] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[17:55:48.759] [ 17] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[17:55:48.761] [ 17] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[17:55:48.762] [ 17] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
[17:55:48.774] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
[17:55:48.780] [  1] [INFO ] Property Username failed validation with error Enterprise Administrator credentials are required
[17:55:52.108] [  1] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
[17:55:55.867] [  1] [INFO ] Property Password failed validation with error A password is required - unless using a Virtual or Managed Service Account .
[17:56:05.213] [ 21] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials for user - xxxxxxxxxxxxx\admin2
[17:56:05.244] [ 21] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user xxxxxxxxxxxxx\admin2
[17:56:05.250] [ 21] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[17:56:05.303] [ 21] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - xxxxxxxxxxxxx.com.au
[17:56:05.308] [ 21] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if xxxxxxxxxxxxx\admin2 has AccountEnterpriseAdminsSid privileges in xxxxxxxxxxxxx.com.au
[17:56:05.588] [ 21] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-3624718830-1735865960-2013706303, group sid - S-1-5-21-3624718830-1735865960-2013706303-519
[17:56:05.593] [ 21] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[17:56:05.614] [ 21] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: found membership - user is a member of the group
[17:56:05.649] [ 21] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'xxxxxxxxxxxxx.com.au' was successfully matched.
[17:56:05.658] [ 21] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
[17:56:05.667] [ 21] [INFO ] Validating forest with FQDN xxxxxxxxxxxxx.com.au
[17:56:05.746] [ 21] [INFO ] Examining domain xxxxxxxxxxxxx.com.au (:0% complete)
[17:56:05.751] [ 21] [INFO ] ValidateForest: using RH-DC-01.xxxxxxxxxxxxx.com.au to validate domain xxxxxxxxxxxxx.com.au
[17:56:05.754] [ 21] [INFO ] Successfully examined domain xxxxxxxxxxxxx.com.au GUID:e49842d8-026c-4125-8aa3-d1ca5a13c06a  DN:DC=xxxxxxxxxxxxx,DC=com,DC=au
[17:56:05.799] [ 21] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
[17:56:05.874] [ 21] [VERB ] MsolDomainExtensions.ConnectMsolService: Connecting to MSOL service.
[17:56:05.874] [ 21] [INFO ] DiscoverServiceEndpoint [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU, AdalResource=https://graph.windows.net.
[17:56:05.874] [ 21] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring service token.
[17:56:05.874] [ 21] [INFO ] Authenticate-ADAL [Acquiring token]: STS endpoint (HTTPS://LOGIN.WINDOWS.NET/xxxxxxxxxxxxx.COM.AU), resource (https://graph.windows.net), userName (xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au).
[17:56:05.874] [ 21] [INFO ] ADAL: 2019-02-22T09:56:05.8743882Z: 6b086559-a1cf-4cd9-adf9-bc15b417d5e7 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[17:56:05.874] [ 21] [INFO ] ADAL: 2019-02-22T09:56:05.8743882Z: 6b086559-a1cf-4cd9-adf9-bc15b417d5e7 - LoggerBase.cs: === Token Acquisition started: 
CacheType: null
Authentication Target: User
, Authority Host: login.windows.net
[17:56:05.874] [ 21] [INFO ] ADAL: 2019-02-22T09:56:05.8743882Z: 6b086559-a1cf-4cd9-adf9-bc15b417d5e7 - LoggerBase.cs: An item matching the requested resource was found in the cache
[17:56:05.874] [ 21] [INFO ] ADAL: 2019-02-22T09:56:05.8743882Z: 6b086559-a1cf-4cd9-adf9-bc15b417d5e7 - LoggerBase.cs: 59.5737280816667 minutes left until token in cache expires
[17:56:05.874] [ 21] [INFO ] ADAL: 2019-02-22T09:56:05.8743882Z: 6b086559-a1cf-4cd9-adf9-bc15b417d5e7 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[17:56:05.875] [ 21] [INFO ] ADAL: 2019-02-22T09:56:05.8753861Z: 6b086559-a1cf-4cd9-adf9-bc15b417d5e7 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 2/22/2019 10:55:40 AM +00:00
[17:56:05.875] [ 21] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=9f6b161d-2543-4744-bfb6-60239033100a, ExpiresUTC=2/22/2019 10:55:40 AM +00:00, UserInfo=xxxxxxxxxxxxx_admin@xxxxxxxxxxxxx.com.au, IdentityProvider=https://sts.windows.net/9f6b161d-2543-4744-bfb6-60239033100a/.
[17:56:05.875] [ 21] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[17:56:07.247] [ 21] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
[17:56:07.252] [ 21] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.BackgroundInitialize in Page:"Ready to configure"
[17:56:07.252] [ 21] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:5110
[17:56:08.262] [ 20] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: context.WizardMode ExpressInstall.
[17:56:08.287] [ 20] [WARN ] DetermineAutoUpgradeState: AutoUpgrade entering ENABLED mode for express installation.
[17:56:08.287] [ 20] [VERB ] PerformConfigurationPageViewModel:ExecuteAutoUpgradeCheck: autoUpgradeState set to Enabled.
[17:56:08.292] [ 20] [INFO ] SetAutoUpgradeViaAdhealthRegistrykey: Updated SOFTWARE\Microsoft\ADHealthAgent\Sync\UpdateCheckEnabled registry value to 1
[17:56:08.296] [ 20] [INFO ] Restarting Monitoring Agent service.
[17:56:08.298] [ 20] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service AzureADConnectHealthSyncMonitor was not found
[17:56:08.298] [ 20] [WARN ] Monitoring Agent service is not installed, so the service cannot be restarted.
[17:56:09.911] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[17:56:09.911] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[17:56:09.913] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: True
[17:56:09.920] [  1] [INFO ] PersistAzureAffinity: Azure affinity was previously persisted as Worldwide (0).
[17:56:09.920] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteADSyncConfiguration in Page:"Configuring"
[17:56:09.921] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:5733
[17:56:09.922] [ 22] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
[17:56:09.924] [ 22] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
[17:56:09.929] [ 22] [INFO ] Starting Sync Engine installation
[17:56:15.523] [ 22] [INFO ] ServiceControllerProvider: service ADSync exists
[17:56:15.528] [ 22] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
[17:56:15.529] [ 22] [VERB ] ServiceControllerProvider:Initial service status: Stopped
[17:56:15.529] [ 22] [INFO ] ServiceControllerProvider: StopService status: Stopped
[17:56:15.532] [ 22] [INFO ] ServiceControllerProvider:DeleteService - serviceName:ADSync
[17:56:25.542] [ 22] [INFO ] ServiceControllerProvider: InvalidOperationException on serviceController.Status property means the service ADSync was not found
[17:56:25.543] [ 22] [INFO ] ServiceControllerProvider:DeleteService successful - serviceName:ADSync
[17:56:25.552] [ 22] [INFO ] ServiceControllerProvider:CreateService - serviceName:ADSync, username:xxxxxxxxxxxxx\AAD_618f8bece031, assemblyPath:C:\Program Files\Microsoft Azure Active Directory Connect\ADSyncBootstrap.exe
[17:56:25.584] [ 22] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
[17:56:25.584] [ 22] [VERB ] ServiceControllerProvider:Initial service status: Stopped
[17:56:25.584] [ 22] [VERB ] ServiceControllerProvider:Starting service and waiting for completion.
[17:56:25.625] [ 22] [WARN ] ServiceControllerProvider: StartService failed to start service (ADSync), attempt (1).
Exception Data (Raw): System.InvalidOperationException: Cannot start service ADSync on computer '.'. ---> System.ComponentModel.Win32Exception: The service did not start due to a logon failure
   --- End of inner exception stack trace ---
   at System.ServiceProcess.ServiceController.Start(String[] args)
   at Microsoft.Online.Deployment.Framework.Providers.ServiceControllerProvider.StartService(String serviceName, TimeSpan timeout, Boolean verifyStart, String[] args)
[17:56:25.629] [ 22] [VERB ] ServiceControllerProvider:Initial service status: Stopped
[17:56:25.629] [ 22] [VERB ] ServiceControllerProvider:Starting service and waiting for completion.
[17:56:25.671] [ 22] [WARN ] ServiceControllerProvider: StartService failed to start service (ADSync), attempt (2).
Exception Data (Raw): System.InvalidOperationException: Cannot start service ADSync on computer '.'. ---> System.ComponentModel.Win32Exception: The service did not start due to a logon failure
   --- End of inner exception stack trace ---
   at System.ServiceProcess.ServiceController.Start(String[] args)
   at Microsoft.Online.Deployment.Framework.Providers.ServiceControllerProvider.StartService(String serviceName, TimeSpan timeout, Boolean verifyStart, String[] args)
[17:56:25.672] [ 22] [VERB ] ServiceControllerProvider:Initial service status: Stopped
[17:56:25.672] [ 22] [VERB ] ServiceControllerProvider:Starting service and waiting for completion.
[17:56:25.710] [ 22] [WARN ] ServiceControllerProvider: StartService failed to start service (ADSync), attempt (3).
Exception Data (Raw): System.InvalidOperationException: Cannot start service ADSync on computer '.'. ---> System.ComponentModel.Win32Exception: The service did not start due to a logon failure
   --- End of inner exception stack trace ---
   at System.ServiceProcess.ServiceController.Start(String[] args)
   at Microsoft.Online.Deployment.Framework.Providers.ServiceControllerProvider.StartService(String serviceName, TimeSpan timeout, Boolean verifyStart, String[] args)
[17:56:25.711] [ 22] [ERROR] ServiceControllerProvider: StartService unable to start service (ADSync). The system event log may contain more details for this issue.
[17:56:25.819] [ 22] [ERROR] PerformConfigurationPageViewModel: Caught exception while installing synchronization service.
Exception Data (Raw): System.Exception: Unable to install the Synchronization Service.  Please see the event log for additional details. ---> System.InvalidOperationException: ADSync Bootstrap Service failed to Start
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.CreateAndStartBootstrapService(SyncServiceAccount syncServiceAccount)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SynchronizationServiceSetupTask.InstallCore(String logFilePath, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.ExecuteWithSetupResultsStatus(SetupAction action, String description, String logFileName, String logFileSuffix)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   --- End of inner exception stack trace ---
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.ThrowSetupTaskFailureException(String exceptionFormatString, String taskName, Exception innerException)
   at Microsoft.Azure.ActiveDirectory.Synchronization.Setup.SetupBase.Install()
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstallCore(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.InstallSyncEngineStage.ExecuteInstall(ISyncEngineInstallContext syncEngineInstallContext, ProgressChangedEventHandler progressChangesEventHandler)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore(AADConnectResult& result)
[17:56:29.080] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20190222-175520.log
[18:13:47.479] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20190222-175520.log