Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Join this device to Azure Active Directory missing?

March 29, 2019, 8:34 am
$
0
0

Hi!

I'm trying to get my device(laptop) onto Azure AD. However I'm having an issue even getting the chance to enable it. Maybe I've missed a step?

The 'Join this device to Azure Active Directory' option doesn't even appear when the pop up appears to add my email. (whilst clicking onAccounts > Access work or school > Connect on Windows

  • I've added my device under device settings and clicked 'selected' and added my account
  • I'm a domain admin on current AD AND global admin on office 365
  • Windows 10 Pro

What steps am I missing?

Thanks,

Search

Azure AD Connect Pass-through Authentication Enable single sign-on Error

November 4, 2019, 7:54 am
$
0
0

I am attempting to migrate from AD FS authentication to Pass-through Authentication, and am getting "An error occured while locating computer account." error when entering domain administrator credentials on the Single sign-on screen.

I have tried a few different domain admin accounts.

I did notice that there is a computer account in AD called AZUREADSSOACC which was created in 2017. Could this be a pat of the problem?

The trace logs show this:

[15:28:51.976] [  1] [INFO ] Authenticate-ADAL: successfully acquired an access token.  TenantId=a481ae96-6a20-4f90-9ab6-f0819c93f62b, ExpiresUTC=04/11/2019 16:28:48 +00:00, UserInfo=ict.billing@ensors.onmicrosoft.com, IdentityProvider=https://sts.windows.net/a481ae96-6a20-4f90-9ab6-f0819c93f62b/.
[15:28:52.663] [  1] [INFO ] DesktopSso is only available for Active Directory forests. Getting all AD forests
[15:28:52.663] [  1] [INFO ] There are 1 eligible forests.
[15:28:52.663] [  1] [INFO ] MYDOMAIN.com are available for desktopsso.
[15:29:01.990] [  1] [INFO ] Check if username is in samAccount format
[15:29:01.990] [  1] [INFO ] Username is in samAccount format
[15:29:01.990] [  1] [INFO ] desktopsso computer account will be created in MY_DOM
[15:29:01.990] [  1] [INFO ] Checking if credentials belong to the forest
[15:29:02.008] [  1] [INFO ] ValidateForest: using IPSWICHDCB.MYDOMAIN.com to validate domain MYDOMAIN.com
[15:29:02.010] [  1] [INFO ] Successfully examined domain MYDOMAIN.com GUID:9bfa0096-9848-4ec2-8c27-6cd202950362  DN:DC=MYDOMAIN,DC=com
[15:29:02.010] [  1] [INFO ] MY_DOM\bhatt.admin belongs to the forest
[15:29:02.240] [  1] [ERROR] An error occurred while locating computer account.

Multiple accounts on portal login, one of them is not mine.

November 6, 2019, 5:09 am
$
0
0

Hi there

As a forewarning, I must admit that I don't know exactly where to post this. Wherever I ask, I receive the boilerplate "no suitable for this place", and since I'm unsure of the cause, it's hard to direct to the proper place. Last time, I asked the azure devops team because my devops profile showed the bug too, but they redirected me here...

Issue:
When I log into portal.azure.com using my private email (microsoft account, calling it "privateemail@hotmail.com" here for good measures), I get redirected to an account that is not mine. Rather, it is an account that uses my fathers private email. Neither my father nor I was aware of that account.

The issue can be seen here with boxes and respective numbers:

https://i.imgur.com/SlEzfdF.png

1) It is the wrong account set as primary, and it's related to a domain I personally have no connection to.

2) Even though my name is used, that is not my email, and this is the account associated with the wrong domain.

3) My real account is there, but if I manually switch to it, I get redirected back to the same state (with the wrong account as primary).

I want to sever the connection between those two accounts, so mine is left alone with no association to that email or workplace. The problem is that I can't find anywhere to do that, and I don't know where the connection is coming from.

Profile pages associated with microsoft accounts usually don't list anything about that "bugged" account, and if they do, there's no indication of where this information comes from.

Any help is appreciated, even if it just provides an inkling of where this information is coming from.

Kind regards,
Andreas

Azure Guest accounts after tenant move

November 6, 2019, 12:40 am
$
0
0

Hi,

We have the following scenario : for now AD X is being synced with tenant Y. Tenant Z has invited guest users from AD X ( synced to tenant Y ) into their Azure AD. 

Now we will stop syncing of AD X with tenant Y but it will be synced to another tenant W. Let's not discuss what happens to the users of AD X but the question is regarding the guest accounts in Tenant Z. Will they have to reinvite the AD X users to their tenant ? 

Thanks

Subscription Change Directory

November 22, 2019, 6:30 am
$
0
0

Hi

I want to change a SubscriptionA from AzureTenantA to AzureTenantB via Subscription Change Directory.
UserA has The Role Assignment Owner on SubscriptionA and is also a Global Admin on AzureTEnantA.

I have added UserA as guest in AzureTenantB. What kind of permissions do I need to assign UserA in AzureTenantB?

I have read the:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory

Giving UserA Global Admin on AzureTenantB enables me to use the Change Directory (I can see the destination directory now). But is Global Admin required?

brgs

Bjørn Roalkvam

Getting Unauthorised in the azure Portal

November 1, 2019, 7:15 am
$
0
0

Hello,

I have an app that is using the graphAPI and was registered in the azure AD via the web portal. I need to update the secret and URL from this app, but every time I tried to access anything in the azure AD I get a "Authentication_Unauthorized" error. I'm logged in with the same user I configured the application, but I cannot access anything anymore. It seems to be related to the new UI but I think I cannot change back.

Here is the detailed error: 

{ "shellProps": { "sessionId": "2e3692d1c6cd4620a0146472f56d9990", "extName": "Microsoft_AAD_IAM", "contentName": "EnterpriseApplicationsUserSettingsBlade", "code": 403 }, "error": { "message": "Graph call failed with httpCode=Forbidden, errorCode=Authentication_Unauthorized, errorMessage=User was not found., reason=Forbidden, correlationId = 8e2e5ef4-6114-4574-a6a2-fa94d611e002, response = {\"odata.error\":{\"code\":\"Authentication_Unauthorized\",\"message\":{\"lang\":\"en\",\"value\":\"User was not found.\"},\"requestId\":\"2a7dbab7-0fc6-4c53-821f-ab06d7590511\",\"date\":\"2019-11-01T14:00:58\"}}", "code": 403 }}

Is there any way to fix this?


Azure App - Publisher Domain - unexpected content type header

November 24, 2019, 11:22 pm
$
0
0
Hi Support Team,

I set up an app for OAuth and am trying to verify my domain via the "Configure a Domain" mechanism. I have uploaded the JSON file to the requested URL. But when I click "Verify and save domain", am getting following error response. 
Verification of publisher domain failed. Error getting JSON file from https://govreports.com.au/.well-known/microsoft-identity-association. The server returned an unexpected content type header value. [ImJ+Z]

Can you please check and let me know the details? Thank you.

Store BitLocker recovery keys (for removable media) to Azure AD

November 25, 2019, 5:24 am
$
0
0

Dear All,

We are using a configuration policy in intune in order to dissallow copying any data in removable media if are not encrypted with bitlocker.

Is there any way to store the encryption keys in Azure AD (currently the only options are to save o rprint the recovery key)

Kind Regards,

Search

AADSTS65001 error trying to access mt Web API from Angular client

November 15, 2019, 8:58 am
$
0
0

Hi

I have and angular project talking to .Net Core 3.0 Web API, authentication Azure AD.  Apps setup for both, have followed instructions to expose API and then Grant Permissions.  Client app logs in successfully but get this error at the point it trys to call my web api.

Anyone got any ideas?

Regards

Mike

Cannot Host Multiple Apps with PingAccess for Azure AD?

November 7, 2019, 3:31 pm
$
0
0

I am trying to use header-based authentication for single sign-on with Azure AD Application Proxy and PingAccess. I am following the following documentation here.

I want to host two applications behind the same PingAccess server. Diagram here:https://i.imgur.com/ZhILBWq.png

Microsoft documentation state the following:

Internal URL: Normally you provide the URL that takes you to the app’s sign-in page when you’re on the corporate network. For this scenario, the connector needs to treat the PingAccess proxy as the front page of the application. Use this format: https://<host name of your PingAccess server>:<port>. The port is 3000 by default, but you can configure it in PingAccess.

When hosting two applications behind the same PingAccess instance, the Azure AD Application Proxy connector needs to treat the host name of the PingAccess server as the Internal URL for both applications. However, thisdoes not seem to be possible, as trying to configure the same Internal URL on two applications in Azure AD leads to the error "Internal url entered is already being used by another application".Screenshot here.

Simply entering two different DNS records for the same PingAccess server does not seem to work, as:

  • The application configured with the Internal URL that matches the hostname of the PingAccess server works, but
  • The application configured with an alternate Internal URL, that still points to the PingAccess server in DNS, but does not match the hostname of the PingAccess server, does notwork, producing the error "Forbidden: This corporate app cannot be accessed. You are not authorized to access this application".Screenshot here.

Note that the configuration of Users and Groups, and the configuration of whether user assignment is required to access an application, is both identical between both apps.

There must be a way to host multiple applications with Azure AD Application Proxy and PingAccess. How can this be done?


No identities found ADO 2019 on prem

November 25, 2019, 8:06 am
$
0
0

I am getting error "No identities found" after entering the domain\user into the search box when trying to add users to TFS group.There used to be a 'check name' button in previous versions of TFS but not anymore.The only identities that I'm able to add and have synchronized with TFS db are those users that have been added to local admin group on TFS server itself.  I also do not see any errors from the AD sync job that runs every hour.

 I am a project collection admin, and I have admin permissions to the app tier and data tier. Any help would be appreciated.




Azure Active Directory

November 24, 2019, 10:07 pm
$
0
0
I am working on a POC for SSO integration with Azure AD for our product(SAAS Based).
I am stuck at SSO integration with our system, where we want to allow our customers to login in our application via SSO with Azure AD.

Here we have configured as required, and able to make the Login request, and get the response back, but as the response is Encrypted, we are not able to parse and proceed further. Our application is developed in JAVA. Here your little technical help will complete our POC and we will be in a position to develop complete and release it as a feature of our product.

Also is there any way to fetch all users of Azure AD through API ?

Thanks 

Dinesh Radadiya


1 user, 2 different roles, 1 email address... and a question about SSO

November 25, 2019, 10:42 am
$
0
0

ill try to keep this as short as possible.

If i have a user that currently has 2 roles(example: and employee and a volunteer). This user needs to do different trainings for these roles, but some trainings would be doubled up due to standard corporate trainings. User reports to 2 managers, so each manager needs to see only the trainings that pertain to their department.

Now we add that we are setting up SSO for the entire enterprise(using O365/Azure sso) to the training portal(3rd party). Is it possible for a single user, and single email account to have 2 separate logins without having 2 emails? Like an alias?

i don't think its possible, but im being tasked with confirming.

Grant OneDrive for Business for guest user

November 20, 2019, 6:22 am
$
0
0

I have added guest user, and microsoft created @company.onmicrosoft.com mail. I have granted all possible roles, and I have added licence to @company.onmicrosoft.com account.

I also added guest users email to Sharepoint, and it is working - I am able to access to documents and edit ones.

I am unable to access anything regarding Office with this account. What I need to do is to create and edit notes in OneNote.

If you need me to provide any more information, please let me know.

Thanks,

Namik


Azure Privilege Identity Management

November 25, 2019, 10:35 am
$
0
0

I have a case where Privilege Identity management is configured for the organisation.  Each new project is given its own sets of subscriptions and AAD groups and then then the privilege identity management is applied on top controlling owner/contributor/reader access.

At the moment this is all done via the GUI however this is a long process take around 45mins per project. There are no powershell modules for this however is there a programmatic way to apply the settings we want? It would save a lot of time.

Search

user sign in activity incorrect

November 25, 2019, 11:11 am
$
0
0
I am an admin to our Office365 portal and my O365 users are complaining that their Teams status is showing as Online on odd hours where they are not online. They are afraid someone has access to their account. When I check the sign in activity on Azure AD there is sign in activity for those 'odd' times. How do I explain this? The user is not actually signing in on the times Azure AD is logging a sign in on.

MeToo_

user sign in activity incorrect - MS Teams

November 25, 2019, 11:11 am
$
0
0
I am an admin to our Office365 portal and my O365 users are complaining that their Teams status is showing as Online on odd hours where they are not online. They are afraid someone has access to their account. When I check the sign in activity on Azure AD there is sign in activity for those 'odd' times. How do I explain this? The user is not actually signing in on the times Azure AD is logging a sign in on.

MeToo_


Azure AD is not working in China network

November 24, 2019, 9:42 pm
$
0
0

Hi,

I am working on Mobile Application, 

Why Azure AD login screen is not be shown in China network, I am getting error shown below.

  • AuthenticationAgentContinuationHelper.SetAuthenticationAgentContinuationEventArgs (System.Int32 requestCode, Android.App.Result resultCode, Android.Content.Intent data)
  • MainActivity.OnActivityResult (System.Int32 requestCode, Android.App.Result resultCode, Android.Content.Intent data)
  • Activity.n_OnActivityResult_IILandroid_content_Intent_ (System.IntPtr jnienv, System.IntPtr native__this, System.Int32 requestCode, System.Int32 native_resultCode, System.IntPtr native_data)

(wrapper dynamic-method) Android.Runtime.DynamicMethodNameCounter.6(intptr,intptr,int,int,intptr)

Do I need to change Azure portal configuration fo china network? Please help me with this


Azure Active Directory

November 24, 2019, 10:07 pm
$
0
0
I am working on a POC for SSO integration with Azure AD for our product(SAAS Based).
I am stuck at SSO integration with our system, where we want to allow our customers to login in our application via SSO with Azure AD.

Here we have configured as required, and able to make the Login request, and get the response back, but as the response is Encrypted, we are not able to parse and proceed further. Our application is developed in JAVA. Here your little technical help will complete our POC and we will be in a position to develop complete and release it as a feature of our product.

Also is there any way to fetch all users of Azure AD through API ?

Thanks 

Dinesh Radadiya


Azure AD DS Questions

November 25, 2019, 1:29 pm
$
0
0

Hello all. I am learning quickly about Azure AD DS but am lacking on some needed information and was hoping someone could help.

We manage a customer that has 5 locations, all in a workgroup environment. They use Office 365 and I understand this means they use Azure AD (not-AD DS) on the back end. 

We would like to setup Azure AD DS for this customer but I am not sure I am really understanding what is available. Most of the guides show the setup, which I understand, and then they show someone setting up an Azure VM and joining the Azure AD DS domain. I can't find a clear answer on the following...

Can we setup Azure AD DS and join remote computers to this Azure AD DS hosted domain and apply group policies to these computers, all without an on-premise AD server? It seems like each of these tasks can be completed seperately, but can they all be completed together. 

Also, if so, each site is running off sub-domains for Office 365. Meaning site 1 uses user@site1.customer.com and site 2 uses user@site2.customer.com. We have delegated access to the subdomains but not the customer.com domain. What is the best way to approach this when setting up Azure AD DS?

The end result we would prefer is to join computers in site 1 to the Azure AD DS domain, have users log in with their site specific sub-domain on their Azure AD DS domain joined PCs, have those accounts sync with Office 365, and apply some group policy settings such as password policies. Is this possible using only the infrastructure I have mentioned?

Thank you!

Viewing all 16000 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>