I am trying log into office 365 with the connect but somehow have another module loaded? 

connect-msolservice
connect-msolservice : The 'connect-msolservice' command was found in the module 'MSOnlineExtended', but the module
could not be loaded. For more information, run 'Import-Module MSOnlineExtended'.
At line:1 char:1
+ connect-msolservice
+ ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (connect-msolservice:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule

PS C:\WINDOWS\system32> Import-Module MSOnlineExtended
Import-Module : Could not load file or assembly 'file:///C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\MSOnlineExt
ended\Microsoft.Online.Administration.Automation.PSModule.Resources.dll' or one of its dependencies. The system cannot
find the file specified.
At line:1 char:1
+ Import-Module MSOnlineExtended

PS C:\WINDOWS\system32> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17134.590
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17134.590
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

I am new to this and just want to run some commands.  Help?

Hi i have a question.

Is Azure active directory domain services(https://azure.microsoft.com/nb-no/services/active-directory-ds/) buildt to replace Active directory on premise? Or is it more build towards autenication for cloud apps?

Is it possble to use this as a redudancy for your local AD? 

- student

Hi,

I've run into an interesting scenario. I have an Azure cli script that includes creating an app registration with the command:

`az ad app create --display-name ${APP_DISP_NAME} --identifier-uris ${APP_ID_URI} --homepage ${QDS_ENDPOINT} --password ${APP_SK}`

When I run my script from my local PC, everything runs fine. But, when I run my script from my Windows 10 VM, the app is created, but the password does not get set to the value ${APP_SK} I have designated, but gets set with the automatic one that Azure sets, which I have no way of retrieving.

I have not found an Azure CLI command that retrieves the password/key, which is why I am trying to set it via the create command. 

Interestingly, I see the same results when I run `az ad app update --id ${APP_ID} --pasword ${APP_SK}`. The password is set successfully from my PC, but not my VM.

All other Azure CLI commands in my script run successfully in the VM. 

Do you have any suggestions as to why I am unable to set the app password from a VM? Do you think it may be a network setting?

Thanks!

Hi,

I'm trying to configure MFA through Conditional Access, but when I enable this myiOS  Apple Mail app still works without requiring any additional authentication.

However, after trialling the policy for a few weeks, my Apple Mail app stopped working and I received an e-mail from my exchange server telling me that someone had tried to set up two step verification.

Can you explain why when I configured Conditional Access MFA it didn't affect my iOS Apple Mail app at all, then a few weeks later it seemed to break it (which I would have expected a lot sooner).

Can you also please confirm how I protect the Apple Mail app via Conditional Access MFA?

Thanks,

Will North

We've just integrated the azure AD in our environment, however we found out that there are a lot of users unable to logon due to multiple attempts of logon. Is there anyway, we can exclude the block to certain group or unblock the individual user quickly? 

Appreciate the advice. Thanks. 

https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup#step-5-verify-joined-devices

We have set this up successfully, but we see two entries for the most part for each computer (one for Azure AD registered" and one for "Hybrid Azure AD joined")

We are trying to do some Intune conditional access with "Hybrid" Windows devices, but best we can tell, the computer thinks we are coming from the Azure AD Registered computer, not the Hybrid joined computer, even though they are one in the same.

It was our understanding that activating this would "merge" the entries together, but that doesn't seem to be the case. Can anyone shed some light on this situation? We are in a password hash sync environment with no federation.

Is Modern Authentication or App Passwords for Office 2013 not needed when using Conditional access with Azure MFA?

It seems like our Office 2013 apps have no issue to connect to SPO locations/documents when the Conditional Access policy is applied. I can sign out of Office 2013, then sign in again when trying to access a document on SPO without any issues (after using MFA to sign in to SPO in the first place). Our Office install does currently not have the necessary registry keys to activate Modern Authentication.

It also seems like all App Password and Modern Authentication documentation is related to the Office 365 MFA (included with the subscription), so I am starting to think that it does not apply for Azure MFA generated by Conditional access (AAD Premium P1 or P2)? Is this correct?

Thank you!

 I'm using AD Connect 1.2.70.0 and have configured all steps outlined in "How-to: Configure password writeback".

I have enabled Password Synchronization from Azure AD Connect to be used when ADFS is unavailable since the domain is federated. Recently I had a situation when this was necessary and I converted the domain to Standard using:

Set-MsolDomainAuthentication -DomainName {domain} –Authentication Managed

However, no user could sign in, the password was not accepted. So, how can I be sure that the passwords are indeed synced? In the Admin portal I see the following:

There is no status after Password sync:. So, how can I be sure that the next time I need to switch it will work?

azure active directory connect upgrade stuck for 45 hours after I was forced to upgrade when I wanted to add an internal OU to sync.  I don't believe it should be taking this long as we do not sync many users as of now.  Should I let it keep running or is there a problem.  Screen says it is upgrading synchronization engine.

What I am trying to do is return some additional information back to the client (via the SAML response).

I need to know more about the authentication of the user...For example...

- Were they a guest or a tenant user
- Which tenant authenticated the user

From looking at the following article...

How to: Provide optional claims to your Azure AD app

It appears that the following optionalClaims is what I'm after...

- acct
- upn (with externally authenticated upn)

I have created an application and have updated the manifest to include the following...

"optionalClaims": {"idToken": [
		{"name": "upn","source": null,"essential": false,"additionalProperties": ["include_externally_authenticated_upn"
			]
		}
	],"accessToken": [
		{"name": "ipaddr","source": null,"essential": false,"additionalProperties": []
		},
		{"name": "acct","essential": false,"additionalProperties": []
		}
	],"saml2Token": [
		{"name": "upn","source": null,"essential": false,"additionalProperties": ["include_externally_authenticated_upn"
			]
		}
	]
},

...but the data just doesn't come back in the SAML response.  I added a couple of other optionalClaims just to see if I could get anything back...but I don't get the modified upn, ip address nor the guest/user information.

I can't for the life of me figure this out!!

Please help!

Many thanks,

Lee

I have set up Azure AD Connect Health agents on some AD FS and WAP servers, and all is working well.

In the Usage Analytics area of the portal, it shows you a list of the top applications using AD FS for authentication. Lesser used applications are lumped into an 'Other' category.

It is the Other category I am interested in. I cannot find any hooks into AADC Health that will allow me to find the applications that belong to Other.

Does anyone know of a way to export a comprehensive report of every application using AD FS, including Other?

We have a long list of RP trusts and are just trying to identify which ones are in use.

Hi,

I am not able to log into Azure portal and cannot reset my password by using SSPR.

When I try to reset the password, i got the error:The user ID you entered does not exist. Please check that you have typed your user ID correctly.

I have done a full sync on both our azure servers but it didn't help.

Does anyone knows why?

Thank you.

Hi all,

I am planning a following task:

Windows 10 (1709 or later) devices are now joined to on-premises active directory. The desired state is to get device joined to Azure AD only, on-premises domain will be decommissioned. I assume this should be accomplished via hybrid AAD join, and then move to AAD only. The devices will be enrolled to Intune while joining Azure AD.

I can find lots of documentation how to move to hybrid AAD, but how to move from Hybrid AAD to AAD only?

A minor detail: I am a bit confused when documents are talking about Hybrid AAD join: Some sentences talk about registering devices, and some about joining the devices, this in the same document.

Any ideas how to get to the desired state (AAD only) with least trouble?

P.S. I am aware about applications and authentication changes (and lots of other changes), and those will also be taken care of in the same time. First I am trying to figure out how to move Windows 10 devices to AAD with least trouble, so in this post I am concentrating only to Windows.

Trying to update AD Connect due to the "high CPU utilization bug with .NET" met with UnauthorizedAccessException: Attempted to perform an unauthorized operation.

Steps taken:

1.) Verified AD Connect readiness requirements

2.) Checked that authorization users has AD Global Admin privileges

Trace:

[10:03:33.517] [  1] [INFO ]
[10:03:33.533] [  1] [INFO ] ================================================================================
[10:03:33.533] [  1] [INFO ] Application starting
[10:03:33.533] [  1] [INFO ] ================================================================================
[10:03:33.533] [  1] [INFO ] Start Time (Local): Fri, 12 Oct 2018 10:03:33 GMT
[10:03:33.533] [  1] [INFO ] Start Time (UTC): Fri, 12 Oct 2018 14:03:33 GMT
[10:03:33.549] [  1] [INFO ] Application Version: 1.1.882.0
[10:03:33.549] [  1] [INFO ] Application Build Date: 2018-08-31 22:50:05Z
[10:03:36.142] [  1] [INFO ] Telemetry session identifier: {aa4d10f5-8549-49ab-bbeb-f44a85a3e40a}
[10:03:36.142] [  1] [INFO ] Telemetry device identifier: ihlWC1zb0KcA8AsoJLSJDXFzE2OCStb4QFh0nTO/zAw=
[10:03:36.142] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (0eb4240d4)
[10:03:36.502] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
[10:03:36.502] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
[10:03:36.502] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
[10:03:36.502] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
[10:03:36.502] [  1] [INFO ] Default Proxy [Enabled]: True
[10:03:36.502] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
[10:03:36.517] [  1] [VERB ] Scheduler wizard mutex wait timeout: 00:00:05
[10:03:36.517] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
[10:03:36.564] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
[10:03:36.580] [  1] [INFO ] Loading the persisted settings .
[10:03:36.627] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
[10:03:36.830] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
[10:03:36.830] [  1] [INFO ] Password Hash Sync supported: 'True'
[10:03:37.049] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 7
[10:03:37.049] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
[10:03:37.049] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[10:03:37.064] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[10:03:37.064] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[10:03:37.064] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[10:03:37.064] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[10:03:37.064] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
[10:03:37.064] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[10:03:37.064] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {526b2e61-721f-4a22-9034-474ed46b1727}.
[10:03:37.064] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.882.0, ProductCode=526b2e61-721f-4a22-9034-474ed46b1727, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[10:03:37.080] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
[10:03:37.080] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
[10:03:37.236] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
[10:03:37.236] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: verified product code {526b2e61-721f-4a22-9034-474ed46b1727}.
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
[10:03:37.236] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
[10:03:37.236] [  1] [VERB ] Package=Microsoft Azure AD Connect synchronization services, Version=1.1.882.0, ProductCode=526b2e61-721f-4a22-9034-474ed46b1727, UpgradeCode=545334d7-13cd-4bab-8da1-2775fa8cf7c2
[10:03:37.236] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
[10:03:37.830] [  1] [VERB ] Check product code installed: {4e67cad2-d71b-4f06-a7ae-bb49c566bb93}
[10:03:37.830] [  1] [INFO ] GetProductInfoProperty({4e67cad2-d71b-4f06-a7ae-bb49c566bb93}, VersionString): unknown product
[10:03:37.924] [  1] [INFO ] TryGetPersistedMarker: upgrade marker registry key found UpgradeFromAADConnect,1.1.647.0
[10:03:37.939] [  1] [INFO ] AzureADSyncEngineComponent: Product Azure AD Sync Engine (version 1.1.882.0) is installed.
[10:03:37.939] [  1] [INFO ] AzureADSyncEngineComponent: Configuration is still pending completion.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
[10:03:37.939] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: verified product code {eca633f0-02e9-466d-91e2-1c56b79b8f01}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft Azure AD Connect Health agent for sync, Version=3.0.103.0, ProductCode=eca633f0-02e9-466d-91e2-1c56b79b8f01, UpgradeCode=114fb294-8aa6-43db-9e5c-4ede5e32886f
[10:03:37.939] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
[10:03:37.939] [  1] [INFO ] Product Azure AD Connect Health agent for sync (version 3.0.103.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {0c06f9df-c56b-42c4-a41b-f5f64d01a35c}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (0c06f9df-c56b-42c4-a41b-f5f64d01a35c)
[10:03:37.939] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: verified product code {89ca7913-f891-4546-8f55-355338677fe6}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Command Line Utilities , Version=11.4.7001.0, ProductCode=89ca7913-f891-4546-8f55-355338677fe6, UpgradeCode=52446750-c08e-49ef-8c2e-1e0662791e7b
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities (version 11.4.7001.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: verified product code {72b030ed-b1e3-45e5-ba33-a1f5625f2b93}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Express LocalDB , Version=11.4.7469.6, ProductCode=72b030ed-b1e3-45e5-ba33-a1f5625f2b93, UpgradeCode=c3593f78-0f11-4d8d-8d82-55460308e261
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB (version 11.4.7469.6) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: verified product code {b9274744-8bae-4874-8e59-2610919cd419}.
[10:03:37.939] [  1] [VERB ] Package=Microsoft SQL Server 2012 Native Client , Version=11.4.7001.0, ProductCode=b9274744-8bae-4874-8e59-2610919cd419, UpgradeCode=1d2d1fa0-e158-4798-98c6-a296f55414f9
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
[10:03:37.939] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client (version 11.4.7001.0) is installed.
[10:03:37.939] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Authentication Agent
[10:03:37.939] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:37.939] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Authentication Agent (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
[10:03:37.939] [  1] [INFO ] Product Microsoft Azure AD Connect Authentication Agent is not installed.
[10:03:37.939] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
[10:03:38.033] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
[10:03:38.033] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
[10:03:38.033] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
[10:03:38.033] [  1] [VERB ] Getting list of installed packages by upgrade code
[10:03:38.033] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {786f1270-e605-4b12-80a1-6dde0de09323}.
[10:03:38.033] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.882.0, ProductCode=786f1270-e605-4b12-80a1-6dde0de09323, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
[10:03:38.033] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
[10:03:38.033] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.882.0) is installed.
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: verifying EventLog is in state (Running)
[10:03:39.533] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[10:03:39.533] [  1] [INFO ] DetectInstalledComponents stage: Sync engine upgrade required.
[10:03:39.533] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Backup: backing up the persisted state file
[10:03:39.533] [  1] [INFO ]      - Current: C:\ProgramData\AADConnect\PersistedState.xml
[10:03:39.533] [  1] [INFO ]      - New backup: C:\ProgramData\AADConnect\Backup-PersistedState-20181012-100339.xml
[10:03:39.533] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\Backup-PersistedState-20181012-100339.xml, isAddProtection: True
[10:03:39.674] [  1] [INFO ] CallExportSyncConfig: launching ExportSyncConfig.exe.
[10:03:43.111] [  1] [INFO ] ServiceControllerProvider: verifying ADSync is in state (Running)
[10:03:43.111] [  1] [INFO ] ServiceControllerProvider: current service status: Running
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: open existing persisted state file to check if GA/QFE version
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: No ScenarioIds were found
[10:03:43.111] [  1] [INFO ] IsExistingScenarioCompleted: IsConfigurationComplete=False, userSignInMethodType=PasswordHashSync
[10:03:43.205] [  1] [INFO ] TryGetPersistedMarker: upgrade marker registry key found UpgradeFromAADConnect,1.1.647.0
[10:03:43.205] [  1] [INFO ] Called SetWizardMode(UpgradeFromAADConnect, True)
[10:03:43.205] [  1] [INFO ] DetectInstalledComponents stage: Wizard mode is now set to UpgradeFromAADConnect.
[10:03:43.205] [  1] [INFO ] Persist: Setting upgrade marker (UpgradeFromAADConnect,1.1.647.0).
[10:03:43.299] [  1] [INFO ] ExistingUserSignInMethodType=PasswordHashSync
[10:03:43.299] [  1] [INFO ] Checking for DirSync conditions.
[10:03:43.299] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
[10:03:43.299] [  1] [INFO ] AADSync/AADConnect is present. App.WizardMode=UpgradeFromAADConnect
[10:03:45.080] [  1] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" IsEligibleForEaCredentials.
[10:03:45.080] [  1] [INFO ] IsEligibleForEaCredentials [True]: received exit code: 97
[10:03:45.080] [  1] [INFO ] IsEligibleForEaCredentials: Express Mode re-provisioning is NOT required.
[10:03:45.095] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[10:03:45.095] [  1] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[10:03:45.095] [  1] [ERROR] PerformConfigurationPageViewModel: Caught exception when connecting to persisted state store.
Exception Data (Raw): System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.RootPageViewModel.SavePersistedState()
[10:03:45.111] [  1] [INFO ] UpgradeSyncEngine: verifying current user has db_owner permissions ((localdb)\.\ADSync).
[10:03:45.142] [  1] [INFO ] CheckCurrentUserIsDbOwner: executing query (SELECT IS_MEMBER('db_owner')).
[10:03:45.283] [  1] [INFO ] CheckCurrentUserIsDbOwner: current user is db_owner for the AADSync database. (result=1)
[10:03:45.283] [  1] [INFO ] UpgradeSyncEngine: db_owner permission verified.
[10:03:45.345] [  1] [INFO ] VerifySecurityGroupsExists: verifying if the Security Groups are present
[10:03:45.361] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncAdmins is present in Machine context .
[10:03:47.689] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncBrowse is present in Machine context .
[10:03:47.705] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncOperators is present in Machine context .
[10:03:47.720] [  1] [INFO ] VerifyGroupExists: Checking if the group ADSyncPasswordSet is present in Machine context .
[10:03:50.424] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.InstallSyncEnginePageViewModel.StartAADSyncUpgrade in Page:"Upgrade Azure Active Directory Connect"
[10:03:50.424] [  1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:121
[10:03:50.439] [ 15] [INFO ] Starting Prerequisite installation
[10:03:50.439] [ 15] [VERB ] WorkflowEngine created
[10:03:50.439] [ 15] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
[10:03:50.439] [ 15] [VERB ] Getting list of installed packages by upgrade code
[10:03:50.439] [ 15] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
[10:03:50.439] [ 15] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
[10:03:50.439] [ 15] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
[10:03:50.439] [ 15] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
[10:03:50.439] [ 15] [INFO ] VerifyAzureAdConnectorPresent: Check if the Azure AD connector with ID b891884f-051e-4a83-95af-2544101c9083 is present.
[10:03:51.871] [ 15] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" IsAzureAdConnectorPresent.
[10:03:51.871] [ 15] [INFO ] VerifyAzureAdConnectorPresent: The default Azure AD connector is present.
[10:03:51.871] [ 15] [INFO ] Starting Sync Engine upgrade
[10:03:51.873] [ 15] [INFO ] UpgradeSyncEngineStage: Starting Sync Engine upgrade (WizardMode=UpgradeFromAADConnect)
[10:03:54.526] [ 15] [INFO ] ExecuteInstalledADSyncPowerShell: Got back success:true for "" SetGlobalParameterValue Microsoft.Synchronize.SchedulerSuspended True.
[10:03:54.539] [ 15] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
[10:03:54.548] [ 15] [INFO ] SyncDataProvider:LoadSettings - loading context with persisted global settings.
[10:03:55.023] [ 15] [VERB ] SynchronizationRuleTemplateEngine: Setting multi forest user join criteria AlwaysProvision:
[10:03:56.234] [  1] [INFO ] Page transition from "Upgrade AAD Connect" [InstallSyncEnginePageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
[10:03:56.359] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
[10:03:56.361] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
[10:04:34.885] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
[10:04:43.335] [ 15] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credential validation for user - (omitted)
[10:04:43.835] [ 15] [INFO ] DiscoverAzureInstance [Worldwide]: authority=https://login.windows.net/montoursvillepa.onmicrosoft.com, awsServiceResource=https://graph.windows.net. Resolution Method [AzureInstanceDiscovery]: Cloud Instance Name (microsoftonline.com), Tenant Region Scope (NA), Token Endpoint.
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Clearing Cache :- 0 items to be removed
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: 00000000-0000-0000-0000-000000000000 - LoggerBase.cs: Successfully Cleared Cache
[10:04:43.850] [ 15] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:43.850] [ 15] [INFO ] ADAL: 2018-10-12T14:04:43.8506687Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: No matching token was found in the cache
[10:04:44.163] [ 19] [INFO ] ADAL: 2018-10-12T14:04:44.1631691Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: Sending request to userrealm endpoint.
[10:04:44.585] [ 18] [INFO ] ADAL: 2018-10-12T14:04:44.5850476Z: c36987d9-158e-42f8-bf1f-284ac1256230 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:44.585] [ 15] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=fd61afb6-3929-4834-aedc-ca5e889e0bf1.
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: An item matching the requested resource was found in the cache
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: 59.9929687866667 minutes left until token in cache expires
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[10:04:44.975] [ 15] [INFO ] ADAL: 2018-10-12T14:04:44.9756681Z: 4a6a01a4-6343-4657-a3ce-c63c45b22506 - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:46.210] [ 15] [INFO ] Authenticate: tenantId=(fd61afb6-3929-4834-aedc-ca5e889e0bf1), IsDirSyncing=True, IsPasswordSyncing=True, DomainName=, DirSyncFeatures=57, AllowedFeatures=ObjectWriteback, PasswordWriteback.
[10:04:46.210] [ 15] [INFO ] AzureTenantPage: AzureTenantSourceAnchorAttribute is objectGUID
[10:04:46.210] [ 15] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
[10:04:46.225] [ 15] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/montoursvillepa.onmicrosoft.com, AdalResource=https://graph.windows.net.
[10:04:46.225] [ 15] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: ADAL PCL.Desktop with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: === Token Acquisition started:
 CacheType: null
 Authentication Target: User
 , Authority Host: login.windows.net
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: An item matching the requested resource was found in the cache
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: 59.9721353566667 minutes left until token in cache expires
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: A matching item (access token or refresh token or both) was found in the cache
[10:04:46.225] [ 15] [INFO ] ADAL: 2018-10-12T14:04:46.2256739Z: 07c81279-1644-49a9-b1d2-bdba628bd8ef - LoggerBase.cs: === Token Acquisition finished successfully. An access token was returned: Expiration Time: 10/12/2018 3:04:44 PM +00:00
[10:04:46.225] [ 15] [INFO ] PowerShellHelper.ConnectMsolService: Connecting using an AccessToken. AzureEnvironment=0.
[10:04:47.178] [ 15] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant fd61afb6-3929-4834-aedc-ca5e889e0bf1.  Initial domain (MontoursvillePA.onmicrosoft.com).
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=True
[10:04:48.022] [ 15] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Enabled
[10:04:48.038] [ 15] [INFO ] PowershellHelper: lastDirectorySyncTime=10/11/2018 12:35:00 PM
[10:04:48.241] [ 15] [INFO ] AzureTenantPage: Successfully retrieved 3 domains from the tenant.
[10:04:48.241] [ 15] [INFO ] Calling to get the last dir sync time for the current user
[10:04:48.475] [ 15] [INFO ] MicrosoftOnlinePersistedStateProvider.Save: saving the persisted state file
[10:04:48.475] [ 15] [INFO ] MicrosoftOnlinePersistedStateProvider.UpdateFileProtection: updating file protection from the persisted state file: C:\ProgramData\AADConnect\PersistedState.xml, isAddProtection: False
[10:04:48.475] [ 15] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.AggregateException: One or more errors occurred. ---> System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.AzureTenantPageViewModel.ValidateCredentials()
   at System.Threading.Tasks.Task.Execute()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.UpdateFileProtection(String fileName, Boolean isAddProtection)
   at Microsoft.Online.Deployment.Types.PersistedState.MicrosoftOnlinePersistedStateProvider.Save(PersistedStateContainer state)
   at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.AzureTenantPageViewModel.ValidateCredentials()
   at System.Threading.Tasks.Task.Execute()<---

[10:04:48.491] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Error" [ErrorPageViewModel]
[10:04:52.506] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20181012-100333.log

Any ideas greatly appreciated.

-Fess

Hi,

I recently setup Azure AD sync, this is in readiness to move email to office 365.

I originally setup the mail accounts (Non active) in the O365 portal and then setup Azure AD connect.

The on premise UPN is domainname.local and the domain to move to O365 is emaildomain.co.uk. I completed the initial sync to Azure and the UPN is emaildomaincouk.onmicrosoft.com. I figured this may have been because I already had the users setup directly in O365 with emaildomain.co.uk

As the O365 email is not live yet I deleted all the mail users and then added the emaildomain.co.uk into AD on premise. I created a test user and then synced.

The new user took the UPN as the others emaildomaincouk.onmicrosoft.com. 

I want the users in Azure to have the UPN emaildomain.co.uk is there any way that I can change this so there is fluidity throughout on premise login and azure / mail login.

On premise server farm is server 2016 with domain functional level at 2016 also.

Any guidance would be appreciated.

Hi,

I've run into an interesting scenario. I have an Azure cli script that includes creating an app registration with the command:

`az ad app create --display-name ${APP_DISP_NAME} --identifier-uris ${APP_ID_URI} --homepage ${QDS_ENDPOINT} --password ${APP_SK}`

When I run my script from my local PC, everything runs fine. But, when I run my script from my Windows 10 VM, the app is created, but the password does not get set to the value ${APP_SK} I have designated, but gets set with the automatic one that Azure sets, which I have no way of retrieving.

I have not found an Azure CLI command that retrieves the password/key, which is why I am trying to set it via the create command. 

Interestingly, I see the same results when I run `az ad app update --id ${APP_ID} --pasword ${APP_SK}`. The password is set successfully from my PC, but not my VM.

All other Azure CLI commands in my script run successfully in the VM. 

Do you have any suggestions as to why I am unable to set the app password from a VM? Do you think it may be a network setting?

Thanks!

Hi,

I have a PowerBI Pro License and I want to share a PowerBI report with 30 People from another company by Azure AD B2B. These guest users all have also a Power BI Pro License. Is this possible with jsut having a Azure AD free account? I think I'm not using any advanced Azure AD features and according to the feature list Azure B2B is available for free user or do I need any other additional licenses?

Thanks for your help!

J. Sievers