Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Get Application Information using .Net SDK

July 1, 2019, 8:11 am
$
0
0

Hi,

I wrote PS script to get application information in console application but function is not invoking when it calls Invoke function.

Below is the code :

using (PowerShell powershellInstance = PowerShell.Create())
                {
                    powershellInstance.AddScript(@"Import-Module AzureRM");
                    powershellInstance.AddScript("Connect-AzureRmAccount")
                        .AddParameter("-TenantId {GetSecretKeysFromAzureKeyVault(pipeline.datafactoryConfig.tenantId, pipeline.AzureKeyVault.url)}");
                    powershellInstance.AddScript("Get-AzureRmADServicePrincipal")
                        .AddParameter($"-SearchString '{appName}'");


                    Collection<PSObject> pSObjects = powershellInstance.Invoke();

                    var obj = pSObjects.FirstOrDefault();

                    prop.ApplicationId = Convert.ToString(obj.Members.First(a => a.Name == "ApplicationId").Value);
                    prop.DisplayName = Convert.ToString(obj.Members.First(a => a.Name == "DisplayName").Value);
                    prop.ObjectId = Convert.ToString(obj.Members.First(a => a.Name == "Id").Value);
                }
It does not call Invoke() function.

So, Is there any way to achieve this using .Net SDK

Please help me to fix this.

Thanks in advance

Ramandeep

Search

Error message: AADSTS700016 when want connect OneDrive Business via PhotoCloud Android App

July 26, 2019, 5:58 am
$
0
0

Hi,

When I want to Connect PhotoCloud Slideshow (Android App) to OneDrive Business is coming error message like below:

"AADSTS700016: Application with identifier '000000004015E800' was not found in the directory 'manlogistics.com.au'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant." 

Can anybody help me how to resolve this issue, so this PhotoCloud ndroid app can access my photos in OneDrive Business, please?

Cheers,

Gedhe ND


About PowerApps

July 27, 2019, 12:07 am
$
0
0

can i use powerApps for free, i mean i dont work in any business by i want to install it in my local computer, or use it in my browser. Thing is, when i tried to sign in with my MS account to access powerApps, i got this error message.

AADSTS50020: User account 'ntokodouglas7@gmail.com' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'a8f7a65c-f5ba-4859-b2d6-df772c264e9d'(make.powerapps.com) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

Errors When using Azure SDK for go to authenticate with AD using username password

July 25, 2019, 11:28 am
$
0
0

Hi, 

I'm trying to use Azure SDK for go to authenticate with AD to access blob. I'm able to use the client credential to do this. But if I change to username and password, it gave me the error as below. 

failed to list keys: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/{SubscriptionHidden}/resourceGroups/resgrpadblob/providers/Microsoft.Storage/storageAccounts/storageaccadblob/listKeys?api-version=2017-06-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_grant","error_description":"AADSTS50034: The user account {EmailHidden} does not exist in the {TenantHidden} directory. To sign into this application, the account must be added to the directory.\r\nTrace ID: ...\r\nCorrelation ID: ...\r\nTimestamp: 2019-07-25 00:11:57Z","error_codes":[50034],"timestamp":"2019-07-25 00:11:57Z","trace_id":"...","correlation_id":"..."}

My code:

func main() {
	storageAccountsClient := storage.NewAccountsClient(<subscriptionID>)
	authorizer, err := auth.NewAuthorizerFromEnvironment()
	if err == nil {
		storageAccountsClient.Authorizer = authorizer
	} else {
		fmt.Println(err)
	}

	response, err := storageAccountsClient.ListKeys(context.Background(), <resourceGroupName>, <storageAccountName>)
	if err != nil {
		log.Fatalf("failed to list keys: %v", err)
	}
	key := *(((*response.Keys)[0]).Value)
	credential, err := azblob.NewSharedKeyCredential(<storageAccountName>, key)
	if err != nil {
		log.Fatal("Invalid credentials with error: " + err.Error())
	}
	p := azblob.NewPipeline(credential, azblob.PipelineOptions{})

	// From the Azure portal, get your storage account blob service URL endpoint.
	URL, _ := url.Parse(
		fmt.Sprintf("https://%s.blob.core.windows.net/%s", storageAccountName, containerName))

	// Create a ContainerURL object that wraps the container URL and a request
	// pipeline to make requests.
	containerURL := azblob.NewContainerURL(*URL, p)

	// Create the container
	fmt.Printf("Creating a container named %s\n", containerName)
	ctx := context.Background() // This example uses a never-expiring context
	_, err = containerURL.Create(ctx, azblob.Metadata{}, azblob.PublicAccessNone)
	handleErrors(err)
}

I have set up a service principal in the directory with the user and added API permission for Azure storage. The authentication method I used is environment-based authentication. When I set up the variable with client ID and secret, I'm able to access blob to create, delete, upload and etc. But if I set up the username and password, it won't work. Can anyone help me on this? Thank you so much!

The solution I tried and failed are:

1. Change username from email to the form of smtp:email. based on AADSTS50034

2. Add the user with Storage Blob Data Contributor role in the storage account. 

 

Besides, I read in the document the following. Should I add the resource manger deployment or the redirect URI?

Only storage accounts created with the Azure Resource Manager deployment model support Azure AD authorization.

صيانة اجهزة نورج (01014723434)اصلاح نورج (0235695244) فيصل

July 27, 2019, 4:33 am

How to give access to API app deployment slot to specific users

July 27, 2019, 7:10 am
$
0
0

Hi,

I have 4 deployment slots for my API app namely Dev Slot,QA Slot,Staging Slot and Production slot.

Let em know how can we give access to users only to Dev,QA,Stage slots.

 

Unable to disconnect Azure DevOps from Azure Active Directory

July 7, 2019, 7:29 am
$
0
0

We've moved all resources from one Azure account to another, including our Azure DevOps resource. I'm trying to disconnect our Azure DevOps organization from the old Azure Active Directory so that I can re-connect it to the new Azure Active Directory. I am following the instructions at https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/change-azure-ad-connection?view=azure-devops

I have changed the owner of the organization to a personal Microsoft account and added it to the Project Collection Administrator group. I have Global Admin in Azure AD. When I attempt to disconnect the directory inside of Azure DevOps, I get the following error:

Disconnect Failed

Your organization <ORGANIZATION CENSORED> failed to disconnect from the Default Directory Azure Active Directory.

System.Data.SqlClient.SqlError: %error="400101";%:a0lxyx27co.Sps_spsprodch1su1_3beb3fe6-ef89-47f5-b9a7-6e80c5d6f82f..prc_UpdateIdentityIdTranslations: new translations have a record that may corrupt the existing translation data

What further can I do to get this switched over?


Azure App registration

July 19, 2019, 8:20 am
$
0
0

We need propagate 5 attributes: country, department, mobile, telephoneNumber, usageLocation into JWT token.


How Can I create azure policy and link to app which is registered in Azure to insert more attribute ?

Thanks in Advance for your help !!

Search

Find out the User Sign in method in Azure Active Directory using API

July 27, 2019, 11:38 am
$
0
0

I have added few domains in my Azure Active Directory tenant. All of which are synced from on premise Active Directory. I have enabled Password Hash Synchronization for few domains and I have enabled Pass though authentication for the others. I assume that in Pass through authentication, the authentication is managed by the on premise Active Directory and not the cloud. So, why doesn't the Authentication Type change to Federated for those domains. I would also like to know the User sign in method used for every domain using an API. If there is no API, I would like to know if there is any cmdlet to achieve this.

Azure App Services - Difference between D:\Home vs d:\local

July 27, 2019, 2:11 pm
$
0
0
I have an App Service on Azure.  I do not understand completely the difference between D:\Home and d:\local usage when viewing System Info in Kudu.  I have the app service on an S1 plan with 50gb of storage.  However, my d:\local shows 11 gb.  Can anyone explain why this is the case?

Azure AD Sign-In Logs not working for Log Analytics, Premium P2 Tenant.

December 3, 2018, 2:41 am
$
0
0
I'm having troubles getting the Sign In Activity logs ingested to Log Analytics, although I've enabled diagnostics settings and selected both Audit and Sign IN Logs. I can only see the Audit logs in my Log Analytics workspace. 

Active Directory Role based access control to web App slots

July 27, 2019, 2:50 pm
$
0
0

Hi

I have web app with 3 slots  (Dev,test and Prod).

I need to give specific users access to only Prod slot and users in the Dev group should have full access on Dev,Test and Read only access on the Prod.

I tried this-- On Webb App i provided read access to Dev group then on Slots i provided contributor role to Dev Group (Dev slot and Test Slot) and on production slot i gave Read role.

But still users in the Dev group are able to deploy on production slot. Please let em know what wrong i am doing here.


Unable to Delete Azure AD

July 27, 2019, 9:18 pm
$
0
0
Hello,

I have followed the suggestions outlined in the links provided below, but I continue to get an error when attempting to remove some apps from my Azure AD test tenant. Details below:

Links followed: 

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-administer#how-to-prepare-to-delete-an-azure-ad-directory 

and

https://social.msdn.microsoft.com/Forums/azure/en-US/eb1abf5f-0fe2-47f1-8305-75693dae63b6/cannot-delete-an-azure-ad-tenant?forum=WindowsAzureAD

Error Received:

Remove-AzureADServicePrincipal : Error occurred while executing RemoveServicePrincipal
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
RequestId: b9a793c0-e92d-469f-9612-a760f757436b
DateTimeStamp: Sun, 28 Jul 2019 04:09:09 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ Remove-AzureADServicePrincipal -objectid ee0fac25-61dd-4fb5-906f-18c6 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Remove-AzureADServicePrincipal], ApiException
    + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.RemoveServicePrin
   cipal



I have removed ALL but the list below which ALL give me the above error. Both PowerShell and the Portal will not allow me to delete the Azure AD

 Microsoft.SMIT
 AAD Request Verification Service - PROD
 Azure ESTS Service
 AzureSupportCenter
 Windows Azure Service Management API
 Microsoft.Azure.SyncFabric
 Azure Portal
 MCAPI Authorization Prod
 Microsoft Graph
 Windows Azure Active Directory
 IAM Supportability
 Azure AD Application Proxy
 Signup
 LinkedIn Connection
 Microsoft App Access Panel
 Office 365 Configure



Any help would be greatly appreciated!! :-)


How to delegate permission rights to my Angular App for my Asp.net Core Web API app in App registrations?

July 28, 2019, 5:45 am
$
0
0

Hi, 

   I have two applications: One angular app on a port(ex: 4200) and asp.net core web api on another port(ex: 4332). I registered both my apps inside app registration section of Azure Active Directory page.

Now, I want my client side app i.e Angular app to have permissions to access my Asp.net Core Web API app but in order to delegate the permissions I can't find my newly created web api app in the list.

Can anyone help me how do I delegate permissions in such scenario?

Here's the page I am trying to find my api app inside of angular app's app registration: 

Edit: After searching around Expose API section inside my api app, There is an option to add client app but it is disabled. 

ms forum help




Unable to join a new Windows 10 machine to Azure AD

May 2, 2019, 6:53 pm
$
0
0

We have an Azure AD on free tier, and previously we didn't have any problems with joining our laptops. Now, when we perform the same steps as before, we get the following:

Something went wrong.

Looks like we can't connect to the URL for your organization's MDM terms of use. ...

Error: invalid_client

Error subcode:

Description: failed%20to%20authenticate%20user

I found few solutions to this or similar problems, none of them seem to be applicable or help us. The only possible explanation to having this problem is that we had AAD P2 trial enabled at some point and it ended recently, we didn't make much use of it though.
Any ideas appreciated.

Search

How to get a message body using the Graph API

July 28, 2019, 7:21 pm
$
0
0

Hello,

I am trying to use the Microsoft Graph API to get the content of outlook messages. I am using the example in https://docs.microsoft.com/en-us/outlook/rest/node-tutorial.

The part I am trying to modify is the following snippet:

try { // Get the 10 newest messages from inboxconst result = await client .api('/me/mailfolders/inbox/messages') .top(10) .select('subject,from,receivedDateTime,isRead') .orderby('receivedDateTime DESC') .get();

I am trying to display the body of the message instead of the properties listed above for the $select statement

try { // Get the 10 newest messages from inboxconst result = await client .api('/me/mailfolders/inbox/messages') .top(10) .select('subject,from,body') .orderby('receivedDateTime DESC') .get();


However, body does not seem to be a property supported by $select and my PC hangs waiting indefinitely for the api call to return.

Where can I find a list of all the properties supported by $select?

I thought the following URL (https://docs.microsoft.com/en-us/graph/api/resources/message?view=graph-rest-1.0) would list all the available properties for the message resource and that those in turn are supported by $select.

Thanks in advance

Yorg


Publisher Domain verification not working for an "application from personal account" despite json available in browser

June 6, 2019, 10:23 am
$
0
0

I'm trying to verify the publisher domain of my application but it's not working despite the json file being available when checking the link in a browser.

I suspect it's because the app is listed under 'Applications from personal account', as the error message shown is:

"Verification of publisher domain failed. The application was not found. If the application was just created, wait a few minutes and refresh the page. [62wAT]"

It's a several years old app that's working fine "in the wild" so it's definitely not "just created".

Does anyone know if I'm right that this is the problem and if so whether the app can be moved away from being a personal app? Re-creating it (with a different id) is not currently an option as it's "live".

Unable to login to SQL with AD integrated mode

July 11, 2019, 5:25 am
$
0
0

I can query this server/db in azure portal but when i try to connect to it in SSMS, I get below error:

TITLE: Connect to Server
------------------------------

Cannot connect to aaa.database.windows.net.

------------------------------
ADDITIONAL INFORMATION:

One or more errors occurred. (mscorlib)

------------------------------

One or more errors occurred. (mscorlib)

------------------------------

AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access 'xxx'.
Trace ID: xxx
Correlation ID: xxx
Timestamp: 2019-07-11 11:47:36Z (System.Data)


Cheers
Vaibhav
MCSA (SQL Server 2012)

Unable to complete due to service connection error, please try again later

July 28, 2019, 10:22 pm
$
0
0

Its been saying this for last two days!!. 
Whats the issue

How Azure AD handles Rate Limiting (Error code 429) in SCIM

July 26, 2019, 12:24 am
$
0
0

While doing initial sync up, SCIM will make hundreds or thousands of calls based on user base. Now if the service provider's server doesn't handle the specific load & returns 429 error code, how does Azure AD handles the scenario. Does it try to re sync again & throttle the requests?  If yes, at what rate & how does it decide on that? Can service provider send anything to indicate the threshold?

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>