Hi Team,
Can you please help/guide how to hide users from the GAL list when the on-prem AD server is on windows 2008. We don't have exchange server & using o365. However, we did try with to add this "msDS-cloudExtensionAttribute1" via AD sync rule but it's not supported on windows 2008. Please guide us how can we hide the users now. Thanks in advance.
Hi Team,
We've windows 10 Pro installed in on-prem users, however when we've setup hybrid AD only few of them converted into Hybrid Ad rest of others are still showing Azure AD Registered state, can someone please guide what approach we should follow so that all devices can be mapped with Hybrid AD. Thanks in advance.
I've created a Group Naming Policy that has Blocked Words and a Naming Policy with the Attribute of <Department>, a String "-", then <Group Name>.
I've signed up for the Azure AD Premium 2 Trial, gave my test users the Azure AD Premium 2 license and logged in as my test user, went to Outlook online, and Created a New Group, and typed in a Group Name (which doesn't show the Group Naming Policy with either the Department and it allows me to enter Blocked Words). Does the policy and licensing go into affect immediately, or does it take a few hours? I wanted to test this in my dev environment before I implemented into Production, but not able to see any policy taking affect.
Any ideas of what could be happening?
thanks
Kim
I am currently working with my Admin to restrict an Azure application to just a few users. I am following the steps outlined on the first site that comes up when using Google to search "restrict access to azure website with active directory." Apologies for not including the link but Microsoft, for some reason, believes my account is not verified.
On step 3 it appears there is a box to set the 'Current Active Directory'. Neither I nor my administrator are able to change the setting. How would one change this setting? Would doing so restrict the application to just the individuals in the Active Directory Group?
Thanks,
Matt
I am sure this is possible but apparently I am not wording my search properly.
My organization is moving to o365, and there are three active directory domains. All of the licenses were bought at one time by the parent directory. I have two sub directories that have been created and I need to assign licenses to these sub directories. When i try to assign the licenses from the parent portal, the users i am looking for are not there. So how do i assign licenses to users that are in the sub directory not the parent directory?
I can query this server/db in azure portal but when i try to connect to it in SSMS, I get below error:
TITLE: Connect to ServerCheers
Vaibhav
MCSA (SQL Server 2012)
We have multiple users that get the Windows 10 system tray notification that their Azure AD (GOV) password is about to expire in X days, which is normal and expected. They go ahead and reset their password which I am able to verify with powershell, but the next day they receive another notification that their password is about to expire in the same X days. This keeps repeating every day always with the same X day.
Has anyone else seen this? Any ideas to resolve? Our plan doesn't include technical support, so I really don't want to have to pay for a case when the issue appears to be on Microsoft side.
I have secured an azurewebsites domain with AAD authentication
I've navigated to the home page, logged in to the B2C account, and can access the contents of the Azure website - API, Views
What I'm puzzled about is every time I've done this before, it's been from an MSAL or ADAL library inside a Xamarin app. I've then known how to retrieve and use the token
Since I've just logged into the site and am browsing it, if I want to write some code to interact with the back end using tokens, how do I start to write code to access the current token? Is it saved somewhere when I log into the app?
I decided to see what would happen by calling AcquireTokenSilentAsync and it responds with "no token was found in the cache."
I don't want the user to have to log in again after signing in, so how can I get a token I can use from that initial sign in please?
Hi,
We've been using Azure AD DS for the past 6 months without any issues and today I had to create a new set of test accounts for usage on our VMs that are using Domain Services and upon inspection the User logon name (pre-Windows 2000) it's coming through as:
Domain\test (CEDD46B9)
This is causing issues with out applications that are using Windows Authentication as they can't validate the user logon name correctly.
Just wondering if there is something that I am doing wrong suddenly or if there was a change recently?
Steps to create the account:
Thank you.
Hi,
I Used AAD Connect to sync our AD and it works fine.
Now i get the following Error when Accessing "All users" List
Only have this Problem with 2 users and all Browsers.
Works fine for 2 other users.
What i've tried:
- Restart Computer
- Different Browser (IE, FireFox, Chrome, Edge)
- Delete all Browser Data (inkl Cache and Logins)
I'm trying to verify the publisher domain of my application but it's not working despite the json file being available when checking the link in a browser.https://{publisher_domain}/.well-known/microsoft-identity-association.
The instructions ask for the json file being hosted at https://{publisher_domain}/.well-known/microsoft-identity-association.json.
I get the following error message:
Verification of publisher domain failed. Error getting JSON file from https://app.swydo.com/.well-known/microsoft-identity-association. The server returned an unexpected content type header value.
[vquV0]
Does anyone know what can be the problem?
Hello,
I have a application with a Rest API using Azure B2C to authenticate the users. A user gets a token using a B2C ROPC policy thru the Rest API sending a request to:
https://<myTenant>.b2clogin.com/<myTenant>.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_ropc
To register a new user, for now, I'm using a B2C Sign In and Sign Up policy. So, the registration goes thru a web interface asking the user's data. I would like to register a new user using the Rest API, something like:
https://<myTenant>.b2clogin.com/<myTenant>.onmicrosoft.com/oauth2/v2.0/user?p=b2c_1_ropc
Is it possible? I cannot find the reference documentation for the B2C Rest API... I guess I missed something :-)
I would like to use Azure AD Connect to sync my company AD with Azure. I would like to simplify usage of Microsoft Teams then subscribe to Office 365 solution step by step.
1. I would like to sync my AD
2. I would like to subscribe to a limited number of Office 365 account to tests
So I would like to start step 1 right now. What is the cost if I just want to sync?
Hi All,
We use Intune to enroll our iPad devices, however for our Windows 10 machines, we simply log into the device with an account and it auto enrolls. I haven't done a lot on this side so I am looking for advice.
Up until now I have generally reset the machine (delete all) and then log in with my account. Which then makes me the admin. I then install all the software we generally roll out to our employees before sending it to them. When they get it they log in (via TeamViewer) on their account and we just have to move a few desktop icons etc for them. They are mostly remote employees.
However as you could imagine this is not ideal. All the machines are registered as me in Azure\Devices and I think I may have just hit a limit as i went to do it and it says I dont have authority to add a device. This may not be a limit and may be unrelated, but either way this cant be the ideal way of doing this.
We are not a large company and after talking to DELL about auto-enrollment it puts our cost per machine up by about $200-$300, so auto-enrollment isn't really viable. I haven't had a lot of luck installing non-microsoft apps on machines via Azure either.
Any ideas or a link to some good advice on how we should now be setting these up?
Thank you for any advice given or links supplied that are helpful and have a good weekend.
PS. I know Azure AD isnt really the right subforum, but I couldnt find something that had a better match.
Testing Azure Reviews in Azure AD Premium P2.
I have tried creating couple of reviews for Azure AD Groups but the creation fails. I have tried with different setting
The error is as shown below. How do I get rid of this error and create an Review.
I am logging in as a Global Administrator
Thanks
Hi, I'm trying to sync an on-prem user with all its properties where there was initially a conflict with a Contact for UserPrincipalName. But the contact was deleted days ago and the synced user still isn't getting its proper userprincipalname.
There's no recycle bin for contacts is there?
Thanks!
Hi,
Sorry if this is not the right forum.
In our service (back-end in Java/Spring, front-end in React) we implemented Google Sign in.
The end result of the Sign In process is that the front-end receives an object from Google which it re-sends to the back-end. The back-end verifies (with a Google Library) that the object is valid and extracts user info from it. Like this:
public void authenticateGoogleUser(Object googleInfo){
LinkedHashMap<String, String> map = (LinkedHashMap) googleInfo;
String tokenId = map.get("tokenId");
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(...).build();
GoogleIdToken googleIdToken = verifier.verify(tokenId);// verify that the tokenId is valid
GoogleIdToken.Payload payload = googleIdToken.getPayload();
String userId = payload.getSubject();
String email = payload.getEmail();// etc.
}
Now we want to implement the same functionality with Microsoft Sign in.
The front end shows the Microsoft SignIn button, user signs in,
front-end receives the Microsoft SignIn response object and re-sends it to the back-end server.
Our question is: How do we validate this response in the back-end server?
Is there a library that does it, like the GoogleIdTokenVerifier?
Thank you
Dear All,
I would like to know How the change password link is working, I have configured both asp.net core application with Azure b2c as well as the moodle (LMS) open source with Azure b2c.
1. asp.net core web application it works fine and the Password reset and profile edit policies are mentioned in the config file.
2. Moodle LMS we have modified the custom code changes and now the sign in and sign up is working as expected but the forgot password link is not working.
below in the URL captured when try to login for the moodle LMS system
https://b2ctest.b2clogin.com/b2cTest.onmicrosoft.com/B2C_1_signinupmoodle/api/CombinedSigninAndSignup/forgotPassword?csrf_token=SgsdgsgsdfmdfgdfgdfWDfgfdgfdgfdycXkvZUR5sdfsA4LTE0VDEwOjA0OjE2LjA4MzQxNFo7S2pOaUtlVk95WFdkY0FRclZpOWpmdz09O3siT3JjaGVzdHJhdGlvblN0ZXAiOjF9&
tx=StateProperties=eyJUSUQiOiI2ZTUxZmY0My1lN2I5LTQ5N2EtYTFkMi00YzgxNTFiZDBjNGUifQ&p=B2C_1_signinupmoodle
When trying to login both the application the forgot password link is appropriate to that application's policies.
But not sure how it is working for the asp.net core application and not working for PHP application. Requesting the expert to answer this question.
Selvakumar Rathinam
Hi,
As there is no Oauth authentication available for Odata connector in ADFv2, I explored some links and found out this one:
Here, the steps described used 'AAD Service Principal with Cert'
While on the grant consent step, I got an error saying:
"Could not grant admin consent. Your organization does not have a subscription (or service principal) for the following API(s): SharePoint"
Here, can someone explain what exactly I have to do in order to get this working?
Thanks,
Sahil
Hi Team,
As a best practice what will be the sign on url in case of app registration using OpenIDC/Oauth2.0 ?
We configure using redirect URI though for signing what user should use , we are not clear can you please help ?
Thanks