1,213 questions with Active Directory Federation Services tags
Integrating Azure AD with On-premises AD, but without syncing users to Azure AD
We are looking to integrate Azure AD with On-premises AD, but without syncing users to Azure AD to save us the cost of having them stored on Azure with the licenses required. We need eventually to authenticate users through the on-premises AD and to…
Migrate settings from AD FS Win 2012R2 to Windows Server 2016
Hello everyone We currently have a Windows Server 2012R2 with the ADFS function in use which is connected to Azure. Due to problems that always occur with the WID and the old Windows Server version on the AD FS Server, I have installed a new Windows…
The User Profile Service service failed the sign-in. User Profile cannot be loaded
The User Profile Service service failed the sign-in. User Profile cannot be loaded
Migrating away from on prem ADFS to Entra ID still authenticating on prem.
Greetings, We are running an on prem ADFS (version 2019). One of the main activities we use ADFS for is acting as an STS for our API via service to service communication. Our clients (API consumers) are configured as trusted claim providers, in other…
Newly setup Hybrid Modern Authentication on on-prem Exchange, fails to authenticate with error 2002
Hello Team, Configured HMA on existing on-prem exchange server. Then to test it out when I use a Outlook on desktop, looks like I can see ADFS page, but past that I fail to authenticate, with this error.
How can I get the Owner and the 'Users and Group' assigned to the Enterprise Application or Service principal
Using PowerShell Microsoft Graph, how can I get/retrieve the list of Owners and the 'Users and Group' assigned to the Enterprise Application or Service principal? When I tried using the below cmdlet, it threw an error about the object cannot be…
ADFS Single signon issue with external idp - SAML 1.1 Assertion is missing ImmutableID of the user
I have office 365 + Onperm AD + ADFS for federation. I have configured Shibboleth as a second Claims provider (MFA enabled). When I tried to login to office 365, I get Windows AD and Shibboleth as options, when I click on Shibboleth, I get authenticated…
Set up synchronization between Active Directory and Google Workspace
Hello, First, happy new year to all! Let me set the scene quickly. I work for a company that uses a hybrid Azur Active Directory, but we've acquired a company using Google Workspace that we need to keep for operational reasons. Using Active Directory AND…
ADFS token-signing certificates and token-encryption certificates
1、The ADFS token-signing certificates are only used for the relying party?If yes,then why token-signing certificates are used when adding the claims provider? 2、The ADFS token-encryption certificates are only used for the claims provider?If yes,then why…
Request to Change Primary Domain of Azure AD for Transitioning SSO from Okta to Azure AD (Entra ID)
As the subject suggests, we are considering the transition of SSO functionality from Okta to Azure AD (Entra ID). However, there is an issue with the SSO configuration due to the discrepancy between the primary domain of Azure AD and the login ID of the…
Upgrading ADFS 2012R2 to ADFS 2019
Hello All, We are planning to upgrade our ADFS servers 2012R2 to 2019 WID. just wanted to know once we do all the required steps from the below Microsoft document, after raising the FBL to V4 will the federation metadata be changed? or do we need to get…
AD LDS Instance Issue (LDAP)
Have been setup LDAP using AD LDS (Active Directory Lightweight Directory Services) (LDAP Port is 389 and LDAPS port is 636). However didn't mark all the required LDIF files to import when setup. Tried to re-built Instance used LDAP default port but…
Replace service SQL service account with GMSA
Hi Everyone, Is it possible to replace SQL service accounts with GMSA?
ADFS couldn’t start service adfssrv under another gMSA error 1064, 220
I'm trying to start the ADFS service under a new gMSA and at about 10 seconds I get a 1064 error, unless I make a mistake while reading the internal WID database. I had this problem in a production environment, I get the same error in a lab environment.…
Creating 2nd ADFS farm in the same domain to be used for dev
We currently have an AD FS 2012 farm setup that it's working fine. We would like to setup a new AD FS 2016 Farm. Can we have two separate ADFS farms in the same Active Directory domain? Would it cause any issues? Should the second farm use different…
What are the configurations required to federate ADFS and Shibboleth Idp ?
Our IdP is Shibboleth, Devices are AD joined and Hybrid AAD Joined through AzureADSync, But Intune enrolment of the HybridEntraID Joined devices failed because Shibboleth doesn't support WS-Trust protocol. Now the solution is to implement an ADFS and…
Active directory integrated auth with hybrid environment not working
We have two domains. A .local domain and a .com domain. The environment is hybrid with PHS set up with AD sync. When I go into my entra ID portal, my users are showing as the .com domain which is expected. The on premises area shows synced to the .local…
How to call Graph API after logging in with AWS Cognito hosted UI
Hi, Our react application authenticates through SAML based federated Azure AD identity provider for AWS Cognito. So the application received Cognito ID and access tokens after login. I have a need to display the profile picture of the logged in user, for…
How to migrate users from on-prem environment to another on-prem environment?
Hello, I want to know how to migrate users from one on-prem environment to another on-prem environment? As in our scenarios we want to migrate lots of users from one on-prem environment to another on-prem environment. So can you please suggest and help…
How can I send all groups that a user is member of in the SAML assertion?
Hi guys, The SP provider sending the request to AWS that forward to ADFS - Microsoft ADFS responds with all information NameIP, UPN,evertyhting and is working. However, I am finding an issue to send groups of the USER is a member of. The groups are…