We have Internal Windows 2012 R2 CA. Since we are planning to move our infrastructure to Azure cloud we would like to architect certificate authentication for infrastructure access. As a newbie in azure I would like to know the best way to achieve this. What and how I can implement within Azure to accommodate this scenario. Parallel implementation, migration and decommission legacy On-Prem infrastructure.
Thanks for any guidance.
how to configure the alert when someone changes any roles in azure for the user.
For example if currently my user is Global Admin now somebody changed him to som other admin
So how we can configure that alert whenever there is a change in any role
I am using the default application that comes with my Samsung SM-G930V, Android v8.0.0 running the latest patch. I am attempting to use the default mail app that comes with the phone and to ensure security have enabled the use of Microsoft Authenticator. I am able to input my email address, get prompted and successfully authenticate and approve my credentials. I immediately then receive the following:
AADSTS50020: User account 'xxx@outlook.com' from identity provider 'live.com' does not exist in tenant 'Test" and cannot access the application xxx-xxx-xxxx-(email) in that tenant. the account needs to be added as an external user in the tenant first. Sign out and sign in again with a different azure active directory user account.
This is my account and I am successful logging in on all other devices cept the phone. So how do I enable this to work. I would like to be able to access my emails without having to sign into a web version if possible.
Mark
Hello,
I have setup the Azure LDAPs site and azure firewal as well.
The question now is it is not clear for me that how to connect and search the result. Such as what bind, base search, password (DN, CN structure etc)?
Thanks in advance.
Dear team,
I would like to know if i setup AAD Connect with 2008R2 today and after few months upgrade my domain controllers to 2016 and thus update forest functional level and domain functional level to 2016.
Does that impact my AAD Connect synchronization? IF yes, what would be effected?
#AADConnect #AzureAD #Domainfunctionallevel #forestfunctionallevel #AD #Active #DirectoryWRG
i get for all az ad sp create-for-rbac comands , even for
az ad sp create-for-rbac --help
this error
ImportError: cannot import name AppRole
full trackback i get :
The command failed with an unexpected error. Here is the traceback:
cannot import name AppRole
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/knack/cli.py", line 206, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/local/lib/python2.7/dist-packages/azure/cli/core/commands/__init__.py", line 496, in execute
self.commands_loader.load_arguments(command)
File "/usr/local/lib/python2.7/dist-packages/azure/cli/core/__init__.py", line 276, in load_arguments
self.command_table[command].load_arguments() # this loads the arguments via reflection
File "/usr/local/lib/python2.7/dist-packages/azure/cli/core/commands/__init__.py", line 290, in load_arguments
super(AzCliCommand, self).load_arguments()
File "/usr/local/lib/python2.7/dist-packages/knack/commands.py", line 97, in load_arguments
cmd_args = self.arguments_loader()
File "/usr/local/lib/python2.7/dist-packages/azure/cli/core/__init__.py", line 473, in default_arguments_loader
op = handler or self.get_op_handler(operation, operation_group=kwargs.get('operation_group'))
File "/usr/local/lib/python2.7/dist-packages/azure/cli/core/__init__.py", line 513, in get_op_handler
op = import_module(mod_to_import)
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/usr/local/lib/python2.7/dist-packages/azure/cli/command_modules/role/custom.py", line 29, in <module>
from azure.graphrbac.models import (ApplicationCreateParameters, ApplicationUpdateParameters, AppRole,
ImportError: cannot import name AppRolei am using ubuntu 16.04 virtual machine , this is the version (instaled via apt):
az --version azure-cli 2.0.68 command-modules-nspkg 2.0.3 core 2.0.68 nspkg 3.0.4 telemetry 1.0.3 Python location '/usr/bin/python' Extensions directory '/home/ubuntu/.azure/cliextensions' Python (Linux) 2.7.16 (default, Mar 26 2019, 10:00:46) [GCC 5.4.0 20160609] Legal docs and information: aka.ms/AzureCliLegal Your CLI is up-to-date.
We were using dirsync before and upgraded to AD Azure Sync. Before the upgrade, the attribute "MsExchHideFromAddressLists" was syncing across. After the upgrade, it is no longer syncing. What I'm curious of - do I need to check the box for Hybrid Exchange in the Directory Sync Config tool for that attribute to sync? We aren't using exchange on premise anymore, but haven't retired it yet until mid march to make sure everyone was successfully migrated to O365.
Any help would be greatly appreciated! Microsoft support has been scratching their head at the first level for the last 4 days..
Thanks!
We've moved all resources from one Azure account to another, including our Azure DevOps resource. I'm trying to disconnect our Azure DevOps organization from the old Azure Active Directory so that I can re-connect it to the new Azure Active Directory. I am following the instructions at https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/change-azure-ad-connection?view=azure-devops
I have changed the owner of the organization to a personal Microsoft account and added it to the Project Collection Administrator group. I have Global Admin in Azure AD. When I attempt to disconnect the directory inside of Azure DevOps, I get the following error:
Your organization <ORGANIZATION CENSORED> failed to disconnect from the Default Directory Azure Active Directory.
What further can I do to get this switched over?
Hi Everyone,
I have a Windows Server VM and Azure AD under same resource group. I can't join the Server to the AD because it can't find the AD.
My server IP address is: 10.0.0.4 and Azure AD IP address is: 10.1.0.4 so this is most likely cause but I haven't been able to fix this issue.
Any help will be appreciated.
Regards
Ruhi
Hi,
How can on-premise workstations/users join to domain of ADDS in Windows Server in a VM in Azure?
Is it possible? Does it require on-premise ADDS to connect to ADDS in Windows Server VM in Azure?
PS: Not referring to Azure AD Connect.
Thanks!!
Aleksandar Nikolić http://powershellers.blogspot.com http://twitter.com/alexandair
Hi All,
I would like to ask if adding azure SSO authentication in Jira \ Confluence works when having other other 2 AD User Directories for Authentication. At he moment we have 2 AD User Directories from two separate trusted AD domains which is working fine. However, I would like to ask if we can add another authentication method from a separate azure AD using the SAML SSO azure Ad-on. As per MS tutorial for this plugin, azure AD and Jira has a common domain, which in our case is a different domain too.
Thanks all for your help.
Hi Team,
When I am modifying Azure AD connect configuration under customize synchronization options --> directory extension attribute Sync.it is getting below error.
I am using Global admin account and Domain admin account also I have added my domain admin account under"ADsynadmin,ADSyncoprtation" group.
Please help me it is too urgent.
Thanks & Regards,
Thanks Devendra B2-Consulate(Capgemini)
Something wrong with my token???
Failed to validate access token with following errors.
{When i try to reset password for on-prem account from azure ad, it fails with reason stating -ADAdminActionRequired
This is happening inconsistently for few accounts. Any solution would be appreciated.
Thanks in Advance
how to configure the alert when someone changes any roles in azure for the user.
For example if currently my user is Global Admin now somebody changed him to som other admin
So how we can configure that alert whenever there is a change in any role
I am trying to use the cmdlet Get-AzRoleAssignment using a service principal as advised. But I am receiving an error when doing this: Exception of type 'Microsoft.Rest.Azure.CloudException' was thrown.
I tried to add API Graph permission but that did not help, maybe I am missing something but I can't find the requirments for this cmdlet.
I already added:
Besides the API permissions the account is owner and is able to perform other cmdlets without error.
Version:
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Get-AzRoleAssignment 1.3.0 Az.Resources
Bart Scheltinga | www.bartsp34ks.nl | MCSA
I have some problems in configuring Azure Conditional Access. I would like to restrict logon capabilities to one location (one external IP) - this is the case when users can only logon to their O365 accounts while being inside their office. And it works, but only partially. 1. Browser session. Let's say that the user bas logged in in the office and went home - to be precise: changed his external IP on which the policy is based. The user should not be now allowed to use O365 account, any of the functionality. And after some testing performed in my office this doesn't work properly. I can still access some of the applications after switching to another external IP. Some of them are blocked after a few seconds, some after a few minutes and some never (Outlook, Calendar) - while every app is included in CA policy. I have a feeling that it depends on the auth tokens used in O365. Is there any possibility to force checking external IP every time a user does something on his account? How to configure CA in a way that prevents situations I described above? I tried session policy settings in CA but their does not seem to work. If it helps, test users are assigned Azure AD Premium P2 licences. Do you have any ideas?