Questions tagged as ['azure-active-directory']

Azure Active Directory is a Microsoft platform for handling identity and authorization requirements for cloud applications.
Score: 0
sintezators avatar
Do I need second domain controller when we use AzureAD hybrid setup?
bz flag

The subject wraps up my story pretty straight - Do I need second domain controller when we use AzureAD hybrid setup? We have one domain with only one domain controller what is on-prem, and its AD is synced to AzureAD service. As what as I know from my experience for best practice is to use at least two domain controllers so the question is - if we use AzureAD, is it worth looking at second DC? What I me ...

Score: 0
Provision groups from two AD forests to AzureAD
cn flag

We have two AD forests "" and "". All users are in both of those forests - they are duplicated. There is no trust between the domains.

In both forests, the users are members of security groups.

We synchronize security groups with AzureADConnect from to an AzureAD tenant. This works as it's supposed to.

When we synchronize security groups from to the same AzureAD tena ...

Score: 3
restlessmodem avatar
How to simulate external azure active directory / create testing environment?
cn flag

We regularly face the situation where access to internal applications (e.g. PowerBI) by external users (guest users in our AAD) need to be troubleshooted (errors in application specific configs). Currently we can only reproduce these issues by having the external users themselves present and repeating what they did.

What would be the best way to create a test environment to simulate users which a ...

Score: 0
user3067168 avatar
Local administrator tagged "must change password" when domain user joins azureAD using OOBE
mx flag

Hi all thanks in advance and sorry if my question is not properly structured, first time I ask instead of just lurk:

  • I have a hybrid on-prem/azureAd environment using dirsync
  • Laptops are imaged with a local administrator account with psswd set to "never expire"
  • Users go through OOBE and join azureAD

After this, the "Administrator" account is disabled - Default windows10 behaviour, OK.


Score: 1
Sparky BearBomb avatar
Disable the Windows 10 Password login option when FIDO in use
de flag

Hello Collective intelligence,

I have a question that is bugging me,

I have a Yubikey 5C setup in Azure AD with passwordless auth and registered to my account, I can log into the PC using the FIDO key and PIN and have managed to get Windows 10 to lock when the key is removed.

What I am trying to do is remove the sign-in options specifically for the password and only allow FIDO logins.

I have read through  ...

Score: 0
Hong Ooi avatar
Pros/cons of service account and service principal in AAD
cn flag

The official Microsoft docs strongly discourage the practice of user accounts employed as service accounts. Instead, they recommend using service principals or managed identities.

Leaving aside MI's for the time being, I just had a question about this. Why is there such a strong recommendation against user accounts as service accounts in AAD? Consider the alternative of a service principal:

  • Both requir ...

Score: 0
SilverZippo avatar
Can I use my O365 Custom domain name as my Azure AD Domain Services domain name?
cn flag

I have an existing O365 tenant with a custom domain name.

I also have a couple of VM's running in Azure and for all sorts of reasons I would like to add Azure Active Directory Domain Services.

Where it comes to chosing the domain name, the Azure Portal UI is defaulting to the existing O365 custom domain name.

I am a little unlcear as to whether I should choose this option, or change it to some other do ...

Score: 0
erotavlas avatar
Sync error between windows server AD and Azure AD
fr flag

I have windows server 2019 OS with AD synced to Azure AD via Azure AD connect sync.

I recently changed my domain @mydomain for some of my old users. Unfortunately, I also erroneously changed the domain for the user that synchronises between AD and Azure AD. Later, I reverted back the change from @mydomain to On office365 (Azure AD) control panel the sync status of passwo ...

Score: 1
NiBE avatar
Azure storage file share with AD and MacOS
ng flag

My actual simple infrastructure is composed by a VNET with inside these machines:

  • Windows Server 2019 that acts as AD controller and DNS server, sync with Azure AD.
  • Windows Server 2019 stand alone, not joined to the AD
  • A file share storage configured to use the AD for granular permission with a private end point
  • Linux box with OpenVPN server

From the AD server I mount the file share and add the righ ...

Score: 0
Trying to make azure saml work with zendesk idP initiated
au flag

We are trying to setup SAML with Azure AD for zendesk when SAML is not the primary (can be JWT and SAML at the same time, we need JWT to be the primary).

We basically followed the instruction here:

We are using the direct link from azure to initiate the login, login seque ...

Score: 0
NiBE avatar
Azure file sharing and AD how to
ng flag

I work for a small company, 5 users with Office365 standard license + email with custom domain. We have an Azure account with a couple on VM for some legacy software. We would like to set up a file share system like Windows server file share with permission on files and folder, we don't want to use OneDrive, moreover I 'd like to a have a proper AD to manage credentials, single sign on and so on. At the ...

Score: 0
Saku avatar
Register Mac to Azure AD without enrolling in Intune
mf flag

I am looking to find out if Mac devices can be registered (not joined) to Azure AD. I've tried to research on both Google and this site, but all information I was able to find pertained to joining Azure AD and/or enrolling the device in Intune. Note that we don't need the users to be able to sign into the device with Azure AD credentials. We just need the device to show up registered in Azure AD. ...

Score: 0
LDAP bind to Azure Domain Services
sx flag

I'm testing Azure AD and Azure AD DS and I have some issues to bind to Azure DS using LDAP. I used the default AD tenant in my subscription, so i get a domain Then I create a ADDS synchronized with this directory.

From a Linux VM, I tried to bind to the AD using ldapsearch and I got "invalid credentials" with the following command

ldapsearch -h <ip> -p 389 -b "dc=foo,dc=onmicr ...

Score: 0
JakeUT avatar
Can I run an on-premise domain with only Azure AD?
ky flag

I am looking to upgrade some of the systems for my church and wanted to run some questions. We currently are running on an antiquated version of Windows Server 2008 R2. This server has AD, DNS, users, PCs, etc. As we make upgrades I am curious to know if I can run the domain completely out of the Microsoft cloud. So, can I have AD running purely from Azure and then users with O365 subscriptions that are ...

Score: 0
Hostel avatar
How to use Azure AD in SaaS multi-tenant application
cn flag

I have an issue how to use Azure AD in context of my SaaS application. I have a feeling that Azure AD multi-tenant is a different term than SaaS multi-tenant. If I'm wrong, then I hope somebody will show my misinterpretation.

What is SaaS multi-tenant (IMO): separation of data and users in one application. In my case it is an application which works for many small companies. Application stores da ...

Score: 1
Dan B avatar
Google Federated Azure users can't log in to Windows 10
in flag

We've just set up Azure AD and federated it with our G Suite system. I see the provisioned users from G Suite and can log in to Azure and Office with them, no problem.

I also have a Windows 10 Pro PC and have joined it to Azure. Users on our domain can log in to the computer without a problem. Federated users on our real domain, as imported from Google, cannot. It just says, "The  ...

Score: -2
DevOps Guy avatar
How to restrict users from uploading files from Azure Virtual Desktop(AVD) to personal or public sites?
jp flag

How to restrict users from uploading files from Azure Virtual Desktop(AVD) to personal or public sites like gmail, google drive, personal onedrive, personal office365 account, dropbox, box, github, gitlab, bitbucket, azure git, etc. such site. Basically we want to restrict users from uploading files to any websites via browser or cli. Only exception should be to the sites which we want to allow. How to  ...

Score: 0
BigNik avatar
Trying to improve Azure AD role assignments without breaking everything
gh flag

I'm trying to remove most users from the Azure AD Global Admin role in favor of dedicated admin accounts and/or use something like PIM.

My question is; If a user granted permissions for an Enterprise App, created a security token for app registrations, or some other process that required the admin privilege they had at that time, will removing them as a global admin and leaving them a normal user br ...

Score: 0
Stefan avatar
Azure File Share mount with AAD Credentials
mx flag

How can I log in to an Azure File Share (Azure Storage account with file sharing) with Azure AD credentials?

I would not like to deploy an Azure Domain Service.

Regards Stefan

Score: 0
Stefan avatar
log into a VM in Azure using my Azure AD credentials via RDP
mx flag

I would like to be able to log into a VM in Azure using my Azure AD credentials via RDP. The login should be done over the internet from MAC and Linux clients (clients are not members in Azure AD). For security I use Just in Time Access. MFA is not activated Is this possible? How can I implement the project?

When I set it up, I get this message Error

Thanks for the support


Score: 0
RTD avatar
Creating VMs in other CSP AAD Tenancies from my VM Images in Azure
jp flag

I am sorry if the question isn't so sharp or accurate but I am new to Azure, so feel free to ask for clarifications if needed.

I want to share a VM Image with other customers outside my organisation and AD. More precisely, we have a reseller relationship with them through CSP and I don't want to manually create the VM there every time, which entails installing and configuring a suite of applicati ...

Score: 0
Senior Systems Engineer avatar
Deploying Windows Server AD DS as IaaS (VM) in Azure?
pk flag

I'm currently seeking some advice and guidance whether deploying additional Windows Server 2019 VM in Azure to run Active Directory Domain Controller / Global Catalog in separate AD sites called 'Azure' is really have any benefits or not?

At the moment my AD domain is just single forest AD, spread across multiple geographical locations throughout Asia Pacific.

Azure AD Connect runs Password Hash Syn ...

Score: 0
Senior Systems Engineer avatar
Disabling the Azure AD cloud only account?
pk flag


I wonder what's the command or the steps in Azure Portal to disable not deleting Azure AD Cloud only account?

Because so far I can only delete the account and resetting the password, but not disabling the Azure AD account like in the OnPremise.

Thanks in advance.

Score: 0
Sunny J. avatar
Create trust relationship b/w Google Managed AD and O365 Active Directory service
jp flag

@ServerFault Community - I have a straight forward question. Does anyone know if it is possible to create a trust relationship between a Google Managed AD and [O365 Active Directory Service] Azure Active Directory Domain Service2

Score: 1
Chris avatar
Azure Active Directory Domain Services (AD DS) change permissions on ADSI Containers without Enterprise / Domain Admin Rights
cn flag

I need to modify access rights in Azure Active Directory Domain Services (AD DS) for a specific container in ADSI.

Usually in an on-prem Active Directory this is possible with having the correct access rights on an object and changing the Control Access Right (ACE) in the Access Control Lists (ACL) of the object. This usually means I need Enterprise / Domain Admin Rights in the first palace to mo ...

Score: 1
Map on premises domain.local to custom domain on azure AD
in flag

Our on premises windows domain is not public, it is myDomain.local. In Azure Active directory we have created a custom public domain and we have the legacy domain We want to sync users from myDomain.local to but they are created inside

According to Microsoft support the only way to achieve this goal is to re-ins ...

Score: 0
Starspiker avatar
Hybrid AAD Network - Network Share Problems
in flag

My work is currently migrating from a fully on-prem environment to Microsoft 365 and SharePoint. However, due to various reasons, we've had to keep our on-prem domain active. Our domain controller runs on Windows SBS 2011 (Yes, I am aware that this is very, very old software, but the budget hasn't been there to upgrade it). Therefore, we have a virtual machine running Server 2012 that runs AD Sync. We h ...

Score: 0
user3827608 avatar
The rights of an Azure AD admin on a machine enrolled in organization
in flag

The question is short, what can the Azure administrator (with active directory) do in my machine? Is the same answer for an OSX machine?

I work for a company that wants to make our computers fully managed. We work remotely and suddenly I have questions in terms of privacy. From what I understand the admin can run commands as root, so potentially do whatever he wants. Is it true ? If so I will jus ...

Score: 0
Quarantine status in Azure Active Directory sync
in flag

In January I installed AAD Cloud Sync Agent and it worked till the end of July. Checking Azure AD in the cloud the domain is in quarantine status and the installed agents list reports none. First question: was my agent, which worked for months, automatically removed from the list ?

Executing AAD Cloud Sync Agent Wizard again it reports the following error:

PowerShell: System.Net.WebException: Remote ...