Hi,
We are starting some discussions about different options to consolidate Active Directory through different companies. We are all the same company now (after some legal changes) but historically every one has been running their own Active Directory on premise (different location all over the US).
Currently there are two initiatives happening one is the migration to Office 365 from on Exchange on premise solutions the other one is basically AD consolidation and single sign on from all the different local markets across the US.
I know this is a broad question but I am just trying to get some input about different options to:
1.) Active Directory Consolidation - Maybe Active Directory Azure?
2.) Migration to Office 365
The goal is to be able to get single sign on and a simple way to manage all of the different on premise AD with a single AD account as well as to be able to logon to Office 365 with it.
Anyone?
↧
Active Directory Consolidation & Exchange 2010 Migration to O365
↧
Some issues with DirSync
I just reinstalled DirSync from the scratch to new server. I have also configured OU filtering to prevent DirSync syncing all of our users to Azure AD.
I have a little problem and I don't understand what is causing it. If I create totally new user to AD that is created after the new DirSync installation this user is synced to Azure, but DirSync is skipping accounts that are created before new DirSync installation. If I move user that won't sync to other OU in our AD and then move it immediataly back to original location and run DirSync then the user is synced.
↧
↧
CRM for Outlook won't connect to CRM Online with SSO
Hello,
I have the following problem.
I installed an ADFS Server, a DIRSYNC Server and an ADFS PROXY (Web Application Proxy), all of them on Windows Server 2012 R2.
I connected my domain to my Office 365. I also configured DIRSYNC, so all of my Active Directory Users were synchronized with my Office 365. Then I installed and configured the ADFS Server and the Web Application Proxy.
Now it is possible to connect to Office 365 and to CRM Online with Single-Sign-On within my browser.
I installed an Microsoft Dynamics CRM for Outlook on my client and I tried to connect to my CRM Online.
Unfortunately, it is not possible to connect:
I checked the error messages on eventviewer (ADFS Server). There were the following error messages:
Message 1, Event ID 364 AD FS:
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
urn:federation:MicrosoftOnline
Exception details:
Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.InvalidAuthenticationTypePolicyException: MSIS7102: Requested Authentication Method is not supported on the STS.
at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.EvaluatePolicy(IList`1 mappedRequestedAuthMethods, AccessLocation location, ProtocolContext context, HashSet`1 authMethodsInToken, Boolean& validAuthMethodsInToken)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.RetrieveFirstStageAuthenticationDomain(Boolean& validAuthMethodsInToken)
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Message 2, Event ID 364 AD FS:
The SSL certificate does not contain all UPN suffix values that exist in the enterprise. Users with UPN suffix values not represented in the certificate will not be able to Workplace-Join their devices. For more information, see http://go.microsoft.com/fwlink/?LinkId=311954.
Message 3, Event ID 168 AD FS:
The Federation Service encountered an error while retrieving the federation metadata document from '<XML URL>'. The monitoring for the following trusts failed:
Claims providers:
Relying parties:
Microsoft Office 365 Identity Platform
Additional Data
Exception details:
Unable to connect to the remote server
Additional details:
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond <IP>
User Action
Make sure federation metadata URL is accessible.
Verify your proxy server setting. For more information about how to verify your proxy server setting, see the AD FS Troubleshooting Guide (http://go.microsoft.com/fwlink/?LinkId=182180).
I can connect to CRM Online and Office 365 Portal with my Internet Explorer without any problems (with SSO), but the Outlook-Client won't connect. If I type in another CRM-Online instance and type in the credentials (so I use another user and I don't use Single Sign On), it is possible to connect the client to an CRM Online.
Any ideas?
Thank you in advance.
↧
enable XML files in O365 owa
Hi MS and community!
We are currently experiencing the problem of not getting xml files unblocked in our owa for O365.
As I found out it does not work with suggested blocked and allowed listings:
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default –AllowedMimeTypes @{Add = "text/xml", "application/xml”}
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -BlockedMimeTypes @{Remove = "text/xml", "application/xml”}
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AllowedFileTypes @{Add = ".xml"}
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -BlockedFileTypes @{Remove = ".xml"}
(I checked it via Get-OwaMailboxPolicy OwaMailboxPolicy-Default | select -ExpandProperty BlockedFileTypes and Get-OwaMailboxPolicy OwaMailboxPolicy-Default | select -ExpandProperty AllowedFileTypes which gives me correct configurations)
Later I found one of your Posts, is it still correct?
http://community.office365.com/en-us/f/613/t/209469.aspx
So what to do?
Regards,
Bent
↧
Student Profile Pictures
Is there anyway to either Stop,remove or disable the ability of our students to update there profile pictures, some students have already started to put up inappropriate pictures and i would really like to just disable this feature and remove any that are already there.
↧
↧
DirSync - Selectively change some objects from Synced to In Cloud
We would like to keep DirSync enabled for our User Accounts but would like to disable it for Distribution Groups and some other objects that are currently sync'd via DirSync so we can manage them directly in 365. Is there a way to disable DirSync on a per-object basis? If not, is there a way to change our Distribution Groups to 'In Cloud' without having to delete and re-create them?
↧
Install the Windows Azure Active Directory Module for Windows PowerShell - Where to install ?
Install the Windows Azure Active Directory Module for Windows PowerShell
Download the Windows Azure Active Directory Module for Windows PowerShell, which includes cmdlets to establish the trust relationship between your AD FS 2.0 server and Office 365 for each of your domains that use single sign-on.
I see this option in O365 portal, so this application has to be installed in ADFS server or DirSync Server or any machine as its just to manage it through powershell.
↧
DirSync stopped working
Hi,
My current set up is that we have exchange 2013 in hybrid mode for office 365. I am using DirSync for Active Directory Synchronization. Recently the dirsync fails to synchronize. Recently I changed the password of the user profile in which dirsync is installed.
My question is therefore does this cause the failure in sync because i was facing this after the password change.
Need some help
Thanks
↧
AADSync and New OnPremisses DC
Hi,
We have changed server (hardware) and install new AD. But my older DC have AADSync with Office 365 (run very well).
Now, AADSync doesn´t sync users (InvalidSoftmatch).
How can I syncs users without lost any user on Office 365/Azure?
Thanks.
Marcos
↧
↧
Directory Sync Setup Fails
Hi All,
Just trying to setup up Directory Sync and Single sign on. Followed all the steps with some head scratching and puzzlement. Ran DIRSYNC.EXE and then get the below error message:
I've not altered my password policies and the O365 admin account password meets the domain password policy.
I must have missed something somewhere . . has anybody got any ideas or seen this issue before?
thanks
Jon
↧
Dirsync uninstall & reinstallation issues
Folks, I am trying to uninstall Dirsync on test lab.
Did uninstall the software and later reinstalled.
However, while running the config wizard, it gives an error of cannot connect to Azure Active Directory.
I have removed the FIM groups from AD, still the same and again uninstall Dirsync.
Still no good.
I am looking at reinstall Dirsync as its not working properly.
However, not either getting completely removed, as it doesn't connects to Azure AD.
Already followed:
http://community.office365.com/en-us/f/613/t/261834.aspx
http://community.office365.com/en-us/f/613/t/290006.aspx
Any pointer will be of great help.
↧
Calendar sharing federation
Hi,
One of my customer is using Office 365 E3 plan for 150 users and another 400 users has been hosted on a service provider which provides exchange services and using exchange 2010.
Now my customer employees wants to share calendar within both the organization.
Please help us with the steps required and process to set it up.
thanx
↧
Single Global Admin account pending password reset, Dirsync not working...help
I have a micro-tenant for myself and my wife and our small business. E4 licenses for both of us.
At one time last fall, I had dirsync working to my on-prem domain, but the server fell over and I never resurrected it.
So dirsync has been down since 1/22/2015.
Now the last piece:
On Friday evening, I attempted to change my password through the portal. I went to Users>Jeff>Reset this User's Password. A small window popped-up, giving me the new temporary password that looked like this: Abc-1234
I highlighted that text, copied it, and -tragically- closed out, then went to sign into MSOL again through the browser. I inputted my UPN, then pasted in the password and was met with "Reset password" screen. It asked me for my old password, then asked me to type my new password twice.
Nothing I do here -whether I paste in the temp password or type my old password- works. I cannot get past this screen and I'm effectively locked out of Office 365. My mail has stopped flowing, Lync is offline, and OneDrive for Busienss is prompting me constantly.
Using powershell from a non-Global Admin account, I see that my user account is in "PendingInput" in Overall Provisioning Status. My alternate email address is present, but I can't seem to generate a reset message for myself.
Worst of all, when I try to build a new dirsync server, I learn that I need a Global Admin account in office 365, which of course I have, but it's Pending Input.
Any help would be appreciated .
↧
↧
Remove ADSF and Single Sign On
Dear all,
Our company will be dissolved soon.
We need prepare the Office 365 after the company dissolved.
We will only keep two Office 365 license only and all local servers will be erased.
We are using ADSF and single sign on right now.
If all local servers will be erased, how can we configure the Office 365 so that it will not use ADSF and single sign on?
Please help.
Ivan
↧
dirsync: Stopped server down
Hi,
Since this night we are receiving notifications in dirsync: Stopped-server-down
when i check in eventviewer following message appears:
Microsoft.Online.Coexistence.ProvisionRetryException: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: e1a4c6cd-ea6b-4348-8f29-8108b568dc0c See the event log for more details. ---> System.ServiceModel.ServerTooBusyException: The HTTP service located at https://adminwebservice.microsoftonline.com/provisioningservice.svc is unavailable. This could be because the service is too busy or because no endpoint was found listening at the specified address. Please ensure that the address is correct and try accessing the service again later. ---> System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
↧
Failure to sync
Since re-installing Windows 8 and 8.1 on my laptop the one drive for business will not sync. Tried all troubleshooting methods but no success. Help on this please. Cheers, James
↧
ADFS Integrated - OWA prompts
Team,
I have setup Hybrid Exchange 2010 SP3 with O365.
Everything is working fine mail flow, mailbox movement, outlook connectivity to O365,owa.
Only thing is I get a prompt in OWA(when it redirects to Internal AD) of ADFS once I enter AD username password I am able to access the OWA.
I get a windows prompt, is it a normal phenomena ?
↧
↧
OWA - AutoLogin via PortalFour not working today
Good Morning,
We've been using the autologin (portalfour) to OWA for a while and today it seems to have stopped working and just gives us this error: The remote server returned an error: (404) Not Found.
Is this linked to the Azure DNS issues at all or would this be seperate?
Many thanks,
Steve
↧
ADFS Issue
Dear Support,
We are issue with our ADFS server, below is our current setup for ADFS
ADFS01-Internal LAN
ADFS01-Internal LAN
ADFS-virtual name (NLB)
ADFSPROXY01- DMZ
ADFSPROXY02-DMZ
Till yesterday telnet was working fine with internal ADFS server from DMZ on port 443 but since today morning we are facing issue with one of the internal node i.e. adfs01 as we are not able telnet from proxy on 443 if this system is online but as soon as we shutdown this system telnet is working fine with other node.
I checked all the logs from my end but couldn't find anything, I request you regarding this and provide us the solution ASAP.
Regards,
Hakim. B
↧
AD Domain different from SMTP address
Team,
I have a domain called CONTOSOINTRA.LOCAL and all the users login to this domain and Netbios as CONTOSOINTRA\USERNAME.
And have multiple SMTP address in Exchange 2010 SP3 as findomain.com, foxdomain.net, mktgnetworks.org, but AD remains the same and login through CONTOSOINTRA only.
I have a challenge that CONTOSOINTRA cannot be published in the internet domain as some one else in the internet is already a registered user/organisation.
I can't add UPN suffixes as users are used to login using CONTOSOINTRA and I cannot ask them to change it suddenly as there are about 5000+ users.
What is the best way out in this as ADFS cannot be implemented due to domain publishing restriction.
Can I just go ahead with only Dir Sync to proceed, can you suggest the various pros and cons of Dir Sync and any other work around....Many Thanks in advance.
↧