Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Azure Active Directory "Usage Location" shows up incorrectly

September 16, 2014, 7:10 am
$
0
0

Hello,

I am located in the United States, and my Azure Active Directory user accounts should reflect that in the "usage location" field. This morning, I noticed that the "usage location" is set to "Estados unidos" which appears to be the spanish name for United States. Can anyone explain why this is not showing up in English? I do not speak or read spanish so I need the Azure Active Directory UI to reflect the correct language.

Cheers,
Trevor Sullivan
Microsoft MVP: PowerShell

If this post was helpful, please click the little "Vote as Helpful" button :)

Trevor Sullivan
Trevor Sullivan's Tech Room
Twitter Profile

Search

sync Windows Server AD with users from Azure AD

August 19, 2014, 8:43 am
$
0
0

I have a Azure AD with all the users, now I am trying to create Azure VMs domain joined to Azure AD. for this I am trying below approach

created A domain controller on Azure VM (IaaS), now I want to sync users from Azure AD to my AD on VM.

is there any tool/option for sync users (along with passwords) from Azure AD to my AD running on Azure VM. DirSync is doing it in reverse direction (windows sever AD --> Azure AD), I am looking for Azure AD ---> Windows Server AD.

Thanks

singhhome

AADSTS70001: Application with identifier not found in the directory

September 16, 2014, 12:08 am
$
0
0

I have a rails application with SAML implementation. I try to integrate it with Windows Azure active directory for single sign on. I have created an application to the active directory.

From the end points I gave login and logout URL for SAML in my application. I needed SHA1 fingerprint, I used that from FederationMetaData.xml.

When I try to login to my application it is redirecting me and I am getting

Additional technical information:
Correlation ID: a025e799-2bdc-4c4b-8e42-a391099b6743
Timestamp: 2014-09-16 06:59:24Z
AADSTS70001: Application with identifier "<myapp.com>" was not found in the directory 9c7060dc-5b64-4632-a2e9-988288c59971

What am I doing wrong?


Tenant-specific URLs for Azure Active Directory Premium Branding

September 16, 2014, 8:22 am
$
0
0

The documentation for Company Branding in Microsoft Azure Active Directory Premium suggests that the branding customizations will show up when end users access a "tenant-specific URL." Can we receive some additional clarification on what "tenant-specific URLs" we can redirect users to, so that they see the company branding?

For example, what if I am using Microsoft Azure, but am not using Office 365, Windows Intune, or any other Microsoft cloud services. How would I ensure that end users logging into thehttp://myapps.microsoft.com portal, or the Azure management portal, see the Company Branding at the sign-in page? The documentation suggests redirecting tohttp://outlook.com/contoso.com, but again, what if I am not using Office 365?

How do I correctly set up DNS records (CNAME?) to redirect users to the custom page, for MyApps, Azure Management Portal, and other services, using their Azure Active Directory Premium-enabled organizational accounts?

Cheers,
Trevor Sullivan
Microsoft MVP: PowerShell

If this post was helpful, please click the little "Vote as Helpful" button :)

Trevor Sullivan
Trevor Sullivan's Tech Room
Twitter Profile


Windows Azure Active Directory Error Syncronization

September 16, 2014, 9:19 am
$
0
0

hi 

We are having problems with synchronization of DirSync. 

We have already installed and to start Sync receive an error...  User name or password incorrect..

This error in the last step so that the credentials of Office 365 and domain are correct

The Event Viewer shows the following:

System.Management.Automation.CmdletInvocationException: El nombre de usuario o la contraseña no son correctos.
 ---> System.Security.Authentication.AuthenticationException: El nombre de usuario o la contraseña no son correctos.
 ---> System.DirectoryServices.DirectoryServicesCOMException: El nombre de usuario o la contraseña no son correctos.

   en System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   en System.DirectoryServices.DirectoryEntry.Bind()
   en System.DirectoryServices.DirectoryEntry.get_AdsObject()
   en System.DirectoryServices.PropertyValueCollection.PopulateList()
   en System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   en System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   en System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)
   en System.DirectoryServices.ActiveDirectory.DirectoryEntryManager.ExpandWellKnownDN(WellKnownDN dn)
   en System.DirectoryServices.ActiveDirectory.Domain.GetDirectoryEntry()
   en Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.Domain.GetDirectoryEntry()
   en Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
   en Microsoft.Online.Coexistence.PS.Config.SetCoexistenceConfiguration.GrantReplicateChangesPermission(DomainCollection domains, SecurityIdentifier sid)
   en Microsoft.Online.Coexistence.PS.Config.SetCoexistenceConfiguration.ActiveDirectoryCredential(PSCredential sourceDirectory, String tenantDomainName, String& userNameADMA, String& passwordADMA)
   en Microsoft.Online.Coexistence.PS.Config.SetCoexistenceConfiguration.ConfigureServerConfiguration()
   en Microsoft.Online.Coexistence.PS.Config.SetCoexistenceConfiguration.ProcessRecord()
   en System.Management.Automation.CommandProcessor.ProcessRecord()
   --- Fin del seguimiento de la pila de la excepción interna ---
   en System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   en Microsoft.Online.DirSync.PowerShellAdapter.PowerShellCommand.ExecuteCommand(Command command, Boolean refreshPath)

What Know is Happening?

Thanks!

very regards!!

AADSync - SQL Server and Domain for the service account

September 16, 2014, 7:39 am
$
0
0

I would like to install AADSync BETA 3 to use a SQL Server and a domain account for the service account. I used the command line:

DirectorySyncTool.exe /sqlserver localhost /sqlserverinstance InstanceName /serviceAccountDomain AADSync /serviceAccountName AADSyncSvc /serviceAccountPassword VerySecretP@ssw0rd

REF: http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx 

But I have a local SQL Express database and a local service account. Are there anything I missed?

Are there any further details on a release date for AADSync?

Thanks

Azure Active Directory Sync is now GA!

September 16, 2014, 12:54 pm
$
0
0

Hereare more details about this – and here is the related documentation.

Happy reading,
Markus

Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Azure RMS required attribute

September 9, 2014, 3:07 am
$
0
0

Hi,

I am looking for the minimum attribute required for Azure RMS which needs to be sync to AAD. Related TechNet/MSDN link will be very helpful.

Thanks

Search

Azure network packet inspection

September 17, 2014, 12:57 am
$
0
0
Does Azure have any native or third party options for inspecting network traffic either within or between VNets to determine if the packet contains malicious content? We have a customer who has a 3 tier business application and they are keen to know if Azure can inspect the network packets traversing between the tiers.

Granting access to the web application for external Office365 users

September 17, 2014, 7:42 am
$
0
0
Hi, I managed to develop multi-tenant web application in Active Directory.
Everything works smoothly for my directory users and for external directory users with Office365 and Azure subscription.
I was wondering if it's possible to grant access to users who have only Office365 and admin is without Azure subscription..?
Is it possible? I mean I don't know anyone with only whatever Office365 subscription and before starting test account for Office365 I decided to ask firstly.. =]
If there is no way to do this, does someone knows the workaround? =P

Thanks in advance!
Kamil

Azure Active Directory Duplicate Token Error

September 8, 2014, 3:52 am
$
0
0
We are using Azure Active Directory with Graph API extensions.     Periodically we run into a problem where we get the error "Duplicate Token Found"...

We neither understand what the issue is that is causing this nor how to prevent it from happening or what to do when it happens.  Can anyone offer pointers to any resources?

How To Force Sync w/ new Azure AD Connect Preview?

August 26, 2014, 4:49 pm
$
0
0

...the old start-onlinecoexistencesync doesn't seem to be working with the new preview.

How do you force a sync?

Problems accessing ACS response content from https website

September 5, 2014, 7:56 am
$
0
0

I have ACS setup for several providers including custom ADFS.

It works fine when accessing my website over http.  However, when I use ssl for my website, the requests to ACS get cancelled.

Is there a way to call ACS from https website?

ADFS Disaster Recovery Options

September 18, 2014, 6:13 am
$
0
0

So say you have a resilient ADFS set-up on premise and it breaks to an extent it is going to take an unacceptable amount of time to recover or your on-premise internet connection is down for extended period and you want a quick fix to get all your Office 365 users up and running, what do you do? The assumption is that you don't already have password sync in place and even if you did you still need to be able to run convert-msoldomaintostandard and I THINK that requires on-premise adfs servers to be working and needs an internet connection from on-premise adfs to the cloud.

I am guessing the only option would be to convert all the federated users to non-federated and have a password reset for all users. Can this be done from an external non-domain joined PC if your on-premise infrastructure is all destroyed? Other interesting related articles below.

NOTE: We want to avoid the additional cost, time, complexity, of moving resilient ADFS infrastructure and Active Directory to Azure. I think the easier option to that would be just use Dirsync with password sync exclusively.

http://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to-switch-from-single-sign-on-to-password-sync.aspx

http://social.msdn.microsoft.com/Forums/azure/en-US/76258285-321e-4520-99ef-4b9c42c11176/dirsync-with-password-sync-as-temporary-backup-for-dr?forum=WindowsAzureAD

Q: Rate limiting on GraphAPI

September 17, 2014, 9:12 pm
$
0
0

I was wondering if there's anything I should be aware of regarding rate limiting/throttling of requests against GraphAPI? Are there any policies, wan't to make sure were compliant and able to handle any throttling/back-off requests the service may issue.

Thanks in advance!

//Adam

 
Search

Loggin out of Azure ACS and custom identity provider

September 18, 2014, 12:49 pm
$
0
0

Sometimes this weird error comes up when I am trying to logout of the Azure ACS.

The wtrealm parameter is missing or incorrect. Try clearing all of your browser cookies, and then close all browser windows.

Has anybody seen this kind of error before. All I was doing is a sign out which gets processed through this URL https://test.accesscontrol.windows.net/v2/wsfederation?wa=wsignout1.0&wreply=https%3a%2f%2ftest-qa.azurewebsites.net%2f but it throws the above error. When I tried to debug it it is not even hitting the custom idenity provider code for logout and is failing at the ACS level.

I am not sure what's going on here.

Thanks

Can not verify custom domain

August 20, 2014, 11:16 pm
$
0
0

Hello,

up with following error "Could not verify this domain because it was previously configured for your tenant or for another tenant"

I know that the message clearly say that its been previously configured with other tenant.
The big question is, how can I search which tenant use the same custom domain? In my situation, I manage many subscriptions in Azure and Office 365.

Fyi, I have clear any previous TXT / MX entries in my DNS entry.

Thanks to give me shed of light to solve this issue.

Best regards,

Riwut Libinuko
SharePoint Architect, Singapore
Microsoft MVP | SharePoint Server | Singapore
Blog : http://blog.libinuko.com

Centralize Azure Active Directories

September 9, 2014, 6:34 am
$
0
0

Hi,

I have a Office 365 tenant, and 3 Azure Active Directories: Prod,PreProd, Dev,

I have also a on-premise AD.

As i cannot federate my domain with all environment in cloud (off365, AAD prod, AAD preprod and AAD dev), I have to centralize my accounts in one AAD  (Ex: Prod) and connect the others AAD and Office 365 to this central repository.

The Central AAD ( Prod) will be Sunchronized and federated (ADFS) with my on-premise AD

I can connect my AAD to Office365, but I need a connection in the other sens: use Synchroinzed accounts to Prod AAD in Office 365.

My question, if it'S possible to implement this scenario where all environments are connected to a central AAD who will be provisioned from on-premise AD .

Thanks

Lourh

AADSync

September 12, 2014, 4:50 am
$
0
0

Hi All,

The link - http://msdn.microsoft.com/library/azure/dn532272.aspx mentions that following features are currently in preview.

I have a question about bi-directional synchronization.

Does this include everything like users, contacts, groups?

We have an on-premise AD and currently synchronize one way to Azure AD.

I can see the benefit in password reverse sync - to allow users self service reset without having to deploy on-premises FIM.

But could not think of reasons why we would want to manage users, groups in Azure AD and synchronize them back to on-premises AD.....especially for those who have FIM to do group management on-premises and DirSync to synchronize them to AAD.

Regards,

Ajay Suri


Cannot re-install Dir Sync

September 19, 2014, 1:06 am
$
0
0

Hi,

Recently did an in place upgrade from 2008 R2 to 2012 R2 and Dir Sync stopped working. 

Ran through the published manual uninstall (MSIEXEC and confirming registry entries gone), but everytime I run the install, this message appears: 

"The Setup Wizard has detected a previous installation of the Directory Sync tool. The previous installation is incompatible with this newer configuration of the Directory Sync Tool. Please uninstall the previous version of the Directory Sync tool and run the installation wizard again."

Please help!

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>