Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Spurious Azure Active Directory Connect accounts; incorrect Proxy Address despite UPN being unique

September 19, 2019, 4:16 pm
$
0
0

I have a local AD account setup for myname.org. I created ONE user, with a UPN of me@myname.org. 

I used the Azure Active Directory Connect tool, with default / express configuration.

This went soso. Despite making SURE that my AD SPN/UPN was setup correctly, i.e. me@myname.org, as well as MYNAME\me, in the Active Directory The AD Sync has created not one but FOUR accounts in Azure Active Directory that all seem to be 'me'. 

I have a Member user type with the user name of me@myname.org  ... this seems to be associated with my O365 account.

I have a Member user type with the user name of me.MI@myname.onmicrosoft.com ... no idea where this came from

I have a Member user type with the user name of me4200@myname.onmicrosoft.com ... no idea where this came from, nor the number 4200. It's not significant for anything. The source of this one says it's Windows Server AD; I think it incorrectly created this user instead of synchronizing with me@myname.org as it should have.

If this happens with my client, we will have a right disaster. 

I have a Member user type with the user name of randomResourceMailbox@myname.org ... no idea where this came from. The "RandomResourceMailbox" was associated in O365 as "CTO@myconsultancy.com" and is a small resource mailbox with no user license, and no login. The name "CTO@myname.org" was created out of whole cloth. 

The last two accounts were NEVER in Active Directory. One of them was in Office365 as randomresourcemailbox@anotherTLD.com as an additional resource mailbox only with no user license.

I NEVER had any duplicated accounts in AD nor in O365. 

I elected not to use the alternative ID method as the point was to make this migration simple. Any ideas why me@myname.org and me@myname.org failed?

I found a synchronization error. It says my O365 account UPN is me@myname.org, and my AD Account is me4200@myname.org which is absolutely incorrect.

It then says my Proxy Address is wrong; the AD account is SMTP:me@myname.org but my Existing object (the O365 account) is an amalgamation of:

 smtp:nickname@myname.org
smtp:me@myname.onmicrosoft.com;SMTP:me@myname.org


So, the UPN got modified by the AD sync tool incorrectly, and the O365 SMTP address is incorrectly parsed, as well as becoming a multiple value field for a proxy address (which is incorrect).

What's worse, is despite the fact that my UPN's were setup correctly, the tool decided to use a non-editable field called "Proxy Address" for the match, and made this be a multiple value field, which means I'd have to update my email addresses (part of Exchange administration) in my AD and keep them synced. That seems wrong. 

How does this get fixed?

        == John ==

== John ==

Search

Undo Express Settings

September 19, 2019, 5:55 pm
$
0
0

So I'm running through Azure AD Connect and ran it with Express Settings before realizing what I have since come to learn, namely that it grabbed everything in the main domain rather than just in the sub domain. It appears I should have run with Custom settings to gather only those objects that were in the child.main.local. So, the setup is this: Our domain is main.local. We have clients hosted on here that are ou1.main.local, ou2.main.local, etc.

Azure AD now shows everything from main.local and I need to limit it to ou1.main.local.Can I simply re-run Azure AD Connect with Custom and select the desired OU? I've stopped the synching currently (with Set-MsolDirSyncEnabled –EnableDirSync $false) and I was able to manually delete one user (of probably hundreds that I need to delete) in Azure AD. But my concern is that when I start sycnhing back up, it'll just re-add that user. I don't want to delete them from the On-Premise DC, I just need to remove them from the Azure AD (in portal.azure.com) and I need to make sure these others don't go back over from On-Premise AD to Azure AD. Does all of that make sense?

Insufficient privileges to complete the operation - using azure image builder

September 19, 2019, 6:21 pm
$
0
0

I am following the steps listed in the following link 

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/image-builder-gallery

I have already registered the azure image builder for my subscription 

az provider show -n Microsoft.VirtualMachineImages | grep registrationState

  "registrationState": "Registered",

 az provider show -n Microsoft.Storage | grep registrationState

  "registrationState": "Registered",

Now when I try the step where I give the azure image builder permission to create resources in the resource group, I get 

Insufficient privileges to complete the operation.

Users in Azure Devops without AAD

September 19, 2019, 8:11 pm
$
0
0

Hi,

Is it possible to invite users from external organisation which do not have AAD?

Thanks,

Yuji

Not able to get the tenant ID

August 11, 2019, 8:44 pm
$
0
0

Hi,

I am trying to get the tenantID. I tried following the steps provided.

When trying to open Manage  -> Properties in Azure Active directory in the Azure Portel, i am getting an error

"Unable to complete due to service connection error, please try again later."

Please provide me with a solution on how to fix this.

Thanks and regards,

Anil Simon


What does Device Writeback Actually Do?

March 27, 2019, 10:57 pm
$
0
0

I have already seen this link on how to enable it:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

It has this explanation:

"

Device Writeback is used in the following scenarios:

  • Enable conditional access based on devices to ADFS (2012 R2 or higher) protected applications (relying party trusts)."

That's much too vague of an explanation.

What does device write back do specifically?

What are examples of specific useful things you can do with device writeback that you can't do without it?

azure ADDS

September 20, 2019, 12:07 am
$
0
0
hi everyone , i would like to install my domain controller, one RDS server, one data server in the cloud with azure ADDS, i don't want an hybride, i want only azure ADDS. Before install the domain controller and other servers in the cloud, i have a question. With the locals computers of the company if i don't have anymore a physically domain controller i could not connect my users on the domain controller in Azure ADDS because i will have account of this users but the locals computers will be not intgrated in this domain controller, so how can i do, do i'm forced to create virtual machine for my users ? thank you so much

How to ldap host of Active Directory

September 20, 2019, 1:28 am
$
0
0
I have created Active Directory server. How can I get host/public ip using which I can access LDAP. I need something likeldap://ip_of_AD_server:389. Here I am not getting how to find ip_of_AD_server
Search

Office-type groups in Azure subscription's Resource Manager roles

September 20, 2019, 1:36 am
$
0
0

I am having some diffuculties with assigning an Azure AD group to an Azure resource manager role.

What I have is an Azure Enterprise Agreement, an "Azure AD for Office 365" with accounts created in self-service and a particular Azure subscription, which I am the administrator of.

Our Azure AD contains a number of groups not administered by me. Those groups are mostly of type "Office 365", as groups tend to be created in and for O365 Teams usage. I would like to make use of some of these groups by assigning them to roles in my Azure subscription, but seem to be unable to find a way to do so. The Subscription/IAM/Role Assignments blade's "Add/Add role assignment" function seems to only list users and security groups for me.

What options do I have to use Office-type groups as assignees to Azure resource manager roles?

Device Writeback

March 14, 2018, 9:05 am
$
0
0

Hello,

This might be a noob question but, can someone please explain the point of enabling Device Writeback? What purpose does writing back devices to on Premise AD serve? I was under the impression that device writeback will allow management of Azure AD devices using on Premise AD? Also if my AD is hosted entirely in the cloud what options do I have domain joining machines without the need for VPN? Currently, my process Involve connecting the machine to VPN and then joining them to the Domain? Thanks in advance for any replies. 


M

BMW 5 SERIES & OFFICE 365 PROBLEM SETTING UP

September 20, 2019, 5:59 am
$
0
0

Hi 

When i'm trying to set up my office 365 in my BMW i keep on getting a message telling me to sign out and sign in again with a different Azure Active Directory user account

Add azure security group to mail enabled security group

September 20, 2019, 4:22 am
$
0
0

If I create azure security group, I can add it to mail enabled security group (created via office 365 ecp) using PowerShell.

The mail enabled security group is displayed in Azure portal. However, the "Add members" button is disabled.

The group chain (mail enabled security group -> azure security group) propagates Send On Behalf permission for azure security group

So, my question is: if SOB permission is propagated, why it is allowed to add azure group as a member only via PowerShell and not allowed in UI (including exchange admin center and exchange control panel)

Best regards,

Dmitry Alexandrov


Integrating MIM with ServiceNow

September 20, 2019, 9:08 am
$
0
0
Hi, We are thinking of connecting ServiceNow with Microsoft Identity Manager (MIM) to provision accounts into AD.  This is because the ServiceNow Ticket is the entry point through which AD accounts are created. Is it possible to pick up accounts from ServiceNow through MIM?

Mapping to Azure Resource

September 20, 2019, 9:52 am
$
0
0
I've got a question. A dumb one, but still. I'm trying to map to my resource share from a computer on a local domain.  So far I am unable to do so.  I can map using a pc not on a domain.  I was wondering if this was possible?  I don't believe it is, but I want to ask people far wiser than I.

Changed hosting of wordpress site

September 19, 2019, 7:50 am
$
0
0

Hi,

I have a wordpress website that is running the Power BI Embedded plugin. I have just changed hosting, and now these elements don't work at all. 

I get an error message under Azure Authorization that says:

Oauth StatusAADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '00000009-0000-0000-c000-000000000000'. Trace ID: 29374611-18d3-40b2-9cca-fd0103901d00 Correlation ID: 5217f8fd-e686-4434-9ea9-0cffeb6a8023 Timestamp: 2019-09-19 13:57:38Z

Can someone please help me to change something in Azure AD to fix this problem?

Thanks,

Dean

Search

Not Getting Custom Field in SCIM Post Request

September 13, 2019, 12:40 am
$
0
0

We have created one custom field call "tags" in SCIM mapping. But when we create a user, the POST request doesn't contain "tags" field. The same field gets updated when next PATCH call happens during an update. Here is the mapping for"tags" field:

Join(":", [jobTitle], [department])    tags

Apply this mapping : Always

Also pasting request body for reference. Please check & let us know why "tags" field is not coming as part of POST request. "tags" is part of schema "urn:ietf:params:scim:schemas:core:2.0:User"

{
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
    "externalId": "new.scim.user5",
    "userName": "new.scim.user5",
    "active": true,
    "displayName": "new.scim.user5 DN",
    "emails": [{
        "primary": true,
        "type": "work",
        "value": "new.scim.user5@BlueJeansNetwork.onmicrosoft.com"
    }],
    "meta": {
        "resourceType": "User"
    },
    "name": {
        "formatted": "new.scim.user5 FN new.scim.user5 LN",
        "familyName": "new.scim.user5 LN",
        "givenName": "new.scim.user5 FN"
    },
    "roles": [],
    "title": "QA Lead",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "department": "Q&A Engineering"
    }
}

Error code 700003 Your organizations has deleted this device Office 365

September 18, 2019, 3:22 am
$
0
0

Hi!

I´ve a really anoying problem. When trying to sign in on my university account in Word or Excel (Office 365) I get the error code 700003 stating that "Your organization has deleted this device". Everything works online, but when opening Word or Excel on the desktop, then I can´t sign in. Everything looks ok from the university´s side and the IT-support couldn´t help me. I´ve tried everything (I think). Does anyone know how to solve this? Didn´t use my computer during June-July and everything was working before that. In August when returning I had this problem.

AAD - AuthenticationContext AcquireTokenAsync

September 17, 2019, 8:42 pm
$
0
0

Hi there,

when I attempt to login to AAD by using API "AuthenticationContext AcquireTokenAsync", but I always run into the problems

"

An unexpected error occurred.
Message: One or more errors occurred.
Inner Exception : AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: 513c12d4-ed0d-490b-acd1-6a44db091100
Correlation ID: af41a573-65a5-40b7-b556-059279bd3d87
Timestamp: 2019-09-18 03:38:27Z

"

I use the following api and method to do it for getting back a result.

"authenticationResult = authContext.AcquireTokenAsync(resourceHostUri, clientId, uc).Result;" [uc isUserCredential]

my question is where the "resourceHostUri" is and where the information comes from??

Thanks

WILL

Hi there, if you found my comment very helpful then please | Propose as answer | . Thanks and Regards.


Unable to create NS (Name Server) record within DNS for Azure AD DS PaaS service

September 19, 2019, 2:04 am
$
0
0

Hi,

Within DNS Manager connected to our Azure AD DS PaaS DCs it seems I am unable to create NS records.

NS records for the 2 Microsoft managed Domain Controllers appear as expected, but I am unable to add new ones to a new DNS subdomain of the parent. The new name servers records are requied to solve the problem of locking down external access for AKS via our 3rd party firewall (CheckPoint Cloud Guard). Is this inablity to add NS records a bug or by design?

Thanks

Zulf

Accessing Onprem Sharepoint 2019 using iPhone Word\Excel App through Azure Application Proxy

September 20, 2019, 1:20 pm
$
0
0
We can open a document from the Onprem Sharepoint 2019 server in Office Online Server web view from an iPhone but when we go to edit the document in the Microsoft office app it hangs trying to open it. Has anyone gotten this to work?
Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>