Active Directory
A set of directory-based technologies included in Windows Server.
6,039 questions
1,213 questions with Active Directory Federation Services tags
1 answer
Integrating Azure AD with On-premises AD, but without syncing users to Azure AD
We are looking to integrate Azure AD with On-premises AD, but without syncing users to Azure AD to save us the cost of having them stored on Azure with the licenses required. We need eventually to authenticate users through the on-premises AD and to…
asked 2024-01-11T20:56:36.0233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 54%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Mina Gobrial
0
Reputation points
commented 2024-02-02T06:13:12.9066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
15,251
Reputation points Microsoft Employee
1 answer
Migrate settings from AD FS Win 2012R2 to Windows Server 2016
Hello everyone We currently have a Windows Server 2012R2 with the ADFS function in use which is connected to Azure. Due to problems that always occur with the WID and the old Windows Server version on the AD FS Server, I have installed a new Windows…
asked 2024-01-31T09:16:42.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 89%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DeepDiveMessage
0
Reputation points
edited an answer 2024-02-01T23:05:24.8933333+00:00
JimmySalian-2011
41,946
Reputation points
2 answers
The User Profile Service service failed the sign-in. User Profile cannot be loaded
The User Profile Service service failed the sign-in. User Profile cannot be loaded
asked 2024-02-01T10:10:06.6433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 87%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Pawan Srivastava
0
Reputation points
edited the question 2024-02-01T21:07:23.3366667+00:00
JamesTran-MSFT
36,491
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Migrating away from on prem ADFS to Entra ID still authenticating on prem.
Greetings, We are running an on prem ADFS (version 2019). One of the main activities we use ADFS for is acting as an STS for our API via service to service communication. Our clients (API consumers) are configured as trusted claim providers, in other…
asked 2024-01-19T14:51:10.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 48%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Bjarki Björgúlfsson - RB
20
Reputation points
commented 2024-01-31T17:48:53.19+00:00
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA
27,351
Reputation points
1 answer
Newly setup Hybrid Modern Authentication on on-prem Exchange, fails to authenticate with error 2002
Hello Team, Configured HMA on existing on-prem exchange server. Then to test it out when I use a Outlook on desktop, looks like I can see ADFS page, but past that I fail to authenticate, with this error.
asked 2023-04-08T04:16:57.7133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 3%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Gautam Badveeti
0
Reputation points
answered 2024-01-31T08:52:15.6533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 59%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Dzmitry Khouryn
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How can I get the Owner and the 'Users and Group' assigned to the Enterprise Application or Service principal
Using PowerShell Microsoft Graph, how can I get/retrieve the list of Owners and the 'Users and Group' assigned to the Enterprise Application or Service principal? When I tried using the below cmdlet, it threw an error about the object cannot be…
asked 2024-01-30T06:26:30.63+00:00
EnterpriseArchitect
4,916
Reputation points
commented 2024-01-31T06:04:22.2+00:00
EnterpriseArchitect
4,916
Reputation points
2 answers
One of the answers was accepted by the question author.
ADFS Single signon issue with external idp - SAML 1.1 Assertion is missing ImmutableID of the user
I have office 365 + Onperm AD + ADFS for federation. I have configured Shibboleth as a second Claims provider (MFA enabled). When I tried to login to office 365, I get Windows AD and Shibboleth as options, when I click on Shibboleth, I get authenticated…
asked 2024-01-19T21:39:26.7266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 43%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
Dinesh Loganathan
25
Reputation points
accepted 2024-01-26T15:20:26.48+00:00
Dinesh Loganathan
25
Reputation points
1 answer
Set up synchronization between Active Directory and Google Workspace
Hello, First, happy new year to all! Let me set the scene quickly. I work for a company that uses a hybrid Azur Active Directory, but we've acquired a company using Google Workspace that we need to keep for operational reasons. Using Active Directory AND…
asked 2024-01-16T07:33:51.0433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 47%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELY%3C/text%3E%3C/svg%3E)
Lord Yorwan
5
Reputation points
commented 2024-01-25T21:14:09.0366667+00:00
JamesTran-MSFT
36,491
Reputation points Microsoft Employee
1 answer
ADFS token-signing certificates and token-encryption certificates
1、The ADFS token-signing certificates are only used for the relying party?If yes,then why token-signing certificates are used when adding the claims provider? 2、The ADFS token-encryption certificates are only used for the claims provider?If yes,then why…
asked 2023-12-30T13:39:24.0066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 15%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
宁 李
0
Reputation points
commented 2024-01-25T20:12:11.17+00:00
JamesTran-MSFT
36,491
Reputation points Microsoft Employee
1 answer
Request to Change Primary Domain of Azure AD for Transitioning SSO from Okta to Azure AD (Entra ID)
As the subject suggests, we are considering the transition of SSO functionality from Okta to Azure AD (Entra ID). However, there is an issue with the SSO configuration due to the discrepancy between the primary domain of Azure AD and the login ID of the…
asked 2023-08-22T06:07:48.7466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 76%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
AWANO Kyohei
10
Reputation points
commented 2024-01-25T04:42:19.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 61%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Chanroeun Pa (CID)
0
Reputation points
0 answers
Upgrading ADFS 2012R2 to ADFS 2019
Hello All, We are planning to upgrade our ADFS servers 2012R2 to 2019 WID. just wanted to know once we do all the required steps from the below Microsoft document, after raising the FBL to V4 will the federation metadata be changed? or do we need to get…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 14.000000000000002%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
0 answers
AD LDS Instance Issue (LDAP)
Have been setup LDAP using AD LDS (Active Directory Lightweight Directory Services) (LDAP Port is 389 and LDAPS port is 636). However didn't mark all the required LDIF files to import when setup. Tried to re-built Instance used LDAP default port but…
asked 2024-01-16T05:33:22.63+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 57.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Chen, Henry - AGI
0
Reputation points
asked 2024-01-16T05:33:22.63+00:00
Chen, Henry - AGI
0
Reputation points
4 answers
One of the answers was accepted by the question author.
Replace service SQL service account with GMSA
Hi Everyone, Is it possible to replace SQL service accounts with GMSA?
asked 2024-01-13T13:07:48.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 69%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERY%3C/text%3E%3C/svg%3E)
Richard Y
486
Reputation points
answered 2024-01-15T18:12:31.7666667+00:00
Javier Villegas
900
Reputation points MVP
2 answers
ADFS couldn’t start service adfssrv under another gMSA error 1064, 220
I'm trying to start the ADFS service under a new gMSA and at about 10 seconds I get a 1064 error, unless I make a mistake while reading the internal WID database. I had this problem in a production environment, I get the same error in a lab environment.…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 66%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Creating 2nd ADFS farm in the same domain to be used for dev
We currently have an AD FS 2012 farm setup that it's working fine. We would like to setup a new AD FS 2016 Farm. Can we have two separate ADFS farms in the same Active Directory domain? Would it cause any issues? Should the second farm use different…
asked 2021-04-29T12:06:18.013+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 63%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWC%3C/text%3E%3C/svg%3E)
Wilson Caetano
21
Reputation points
commented 2024-01-12T08:07:07.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 0%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJQ%3C/text%3E%3C/svg%3E)
Jelly Quater
0
Reputation points
0 answers
What are the configurations required to federate ADFS and Shibboleth Idp ?
Our IdP is Shibboleth, Devices are AD joined and Hybrid AAD Joined through AzureADSync, But Intune enrolment of the HybridEntraID Joined devices failed because Shibboleth doesn't support WS-Trust protocol. Now the solution is to implement an ADFS and…
asked 2024-01-11T12:12:45.77+00:00
Dinesh Loganathan
25
Reputation points
asked 2024-01-11T12:12:45.77+00:00
Dinesh Loganathan
25
Reputation points
0 answers
Active directory integrated auth with hybrid environment not working
We have two domains. A .local domain and a .com domain. The environment is hybrid with PHS set up with AD sync. When I go into my entra ID portal, my users are showing as the .com domain which is expected. The on premises area shows synced to the .local…
asked 2024-01-09T15:17:15.52+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 86%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
David Newland
0
Reputation points
commented 2024-01-11T03:30:03.08+00:00
Sandeep G-MSFT
15,251
Reputation points Microsoft Employee
1 answer
How to call Graph API after logging in with AWS Cognito hosted UI
Hi, Our react application authenticates through SAML based federated Azure AD identity provider for AWS Cognito. So the application received Cognito ID and access tokens after login. I have a need to display the profile picture of the logged in user, for…
asked 2024-01-05T07:29:40.0433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 96%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Adusumalli, Haripriya
1
Reputation point
edited a comment 2024-01-09T05:33:35.1766667+00:00
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA
27,351
Reputation points
2 answers
How to migrate users from on-prem environment to another on-prem environment?
Hello, I want to know how to migrate users from one on-prem environment to another on-prem environment? As in our scenarios we want to migrate lots of users from one on-prem environment to another on-prem environment. So can you please suggest and help…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 53%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
0 answers
How can I send all groups that a user is member of in the SAML assertion?
Hi guys, The SP provider sending the request to AWS that forward to ADFS - Microsoft ADFS responds with all information NameIP, UPN,evertyhting and is working. However, I am finding an issue to send groups of the USER is a member of. The groups are…
asked 2024-01-08T17:18:54.9566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 96%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Jaime Diegues
0
Reputation points
asked 2024-01-08T17:18:54.9566667+00:00
Jaime Diegues
0
Reputation points