Hello, I'm trying to bind to Azure LDAPS with correct user creds.

I've generated a certificate on CertificateTools because Azure LDAP didn't want to accept a certificate that I tried to generate following by this article: https://docs.microsoft.com/en-in/azure/active-directory-domain-services/tutorial-configure-ldaps.

I configured my DNS's TXT and created an Azure domain. After that, my cert was accepted successfully.

I have one windows server 2016 and imported this certificate to it.

I can connect to Azure LDAPS via ldp.exe from WS2016, but can't make BIND working.

I've created the user in Azure AD, give membership in administrative groups, and applied for all roles in the domain.

When I trying to bind I get this:

0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
	{NtAuthIdentity: User='azure'; Pwd=<unavailable>; domain = 'example.link'}
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: 8009030C: LdapErr: DSID-0C090588, comment: AcceptSecurityContext error, data 52e, v2580
Error 0x8009030C The logon attempt failed

I've tried everything:

1) to bind with credentials, typing domain example.link anduser azure@example.link

2) to bind with credentials, typing domain example.link anduser azure

3) to bind with credentials, typing domain empty and user azure@example.link

4) to simple bind, typing user azure@example.link

5) to simple bind, typing user azure

When I trying to bind with simple bind method I receive this error:

-----------
res = ldap_simple_bind_s(ld, 'azure@example.link', <unavailable>); // v.3
Error <52>: ldap_simple_bind_s() failed: Unavailable
Server error: 8009030C: LdapErr: DSID-0C090588, comment: AcceptSecurityContext error, data 52e, v2580
Error 0x8009030C The logon attempt failed

And I'm sure that's credentials is right. Also I'm using free trial subscription.

Hi guys,

Recently a regular user received an email from msonlineservicesteam@microsoftonline.com.

The following user in your organization has requested a password reset be performed for their account: 

•actual@mailbox.adress
•First Name: actual name
•Last Name: actual lastname

Consider contacting this user to validate this request is authentic before continuing. 

If you have determined that this is a valid request, use your service's admin portal (Office 365, Windows Intune, Windows Azure, etc.) to reset the password for this user. 

Want to let you users reset their own passwords? Check out how you can enable password reset for users in your organization with just a few clicks. 

Sincerely, 
Actual Company Name

How I can change the contact email address for such requests.

Hi,

Since past 4-5 days, every time I press the 'Create a resource' button I get the below error. I am trying to create a virtual machine. I have an existing machine and that works fine. Please help!

===============================================================================

Experiencing authentication issues

The portal is having issues getting an authentication token. The experience rendered may be degraded.

 Additional information from the call to get a token:

Extension: Microsoft_Azure_Marketplace

Resource: createleadapi

Details: MSAL.Desktop.4.7.0.0.MsalServiceException:

             ErrorCode: invalid_resource

Microsoft.Identity.Client.MsalServiceException: AADSTS500014: Resource 'a0e1e353-1a3e-42cf-a8ea-3a9746eec58c' is disabled.

Trace ID: 92bf2465-2554-4f56-a70a-2d755dad3500

Correlation ID: a33d9da1-4bad-49f3-85e5-2da6141c57a0

Timestamp: 2020-04-14 18:51:40Z

   at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)

   at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext, Boolean addCorrelationId)

   at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__10`1.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__9.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendHttpMessageAsync>d__22.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendTokenRequestAsync>d__21.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.Internal.Requests.SilentRequest.<RefreshAccessTokenAsync>d__10.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.Internal.Requests.SilentRequest.<RefreshRtOrFailAsync>d__8.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.Internal.Requests.SilentRequest.<ExecuteAsync>d__6.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at Microsoft.Identity.Client.Internal.Requests.SilentRequest.<ExecuteAsync>d__6.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__14.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor.<ExecuteAsync>d__2.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)

   at Microsoft.StbPortal.Website.AadAuthentication.Providers.MsalContextWrapper.<AcquireTokenSilent>d__9.MoveNext() in X:\bt\1026867\repo\src\StbPortal\Website\AadAuthentication\Providers\MsalContextWrapper.cs:line 123

             StatusCode: 400

             ResponseBody: {"error":"invalid_resource","error_description":"AADSTS500014: Resource 'a0e1e353-1a3e-42cf-a8ea-3a9746eec58c' is disabled.\r\nTrace ID: 92bf2465-2554-4f56-a70a-2d755dad3500\r\nCorrelation ID: a33d9da1-4bad-49f3-85e5-2da6141c57a0\r\nTimestamp: 2020-04-14 18:51:40Z","error_codes":[500014],"timestamp":"2020-04-14 18:51:40Z","trace_id":"92bf2465-2554-4f56-a70a-2d755dad3500","correlation_id":"a33d9da1-4bad-49f3-85e5-2da6141c57a0"}

             Headers: Pragma: no-cache

Strict-Transport-Security: max-age=31536000; includeSubDomains

X-Content-Type-Options: nosniff

client-request-id: a33d9da1-4bad-49f3-85e5-2da6141c57a0

x-ms-request-id: 92bf2465-2554-4f56-a70a-2d755dad3500

x-ms-ests-server: 2.1.10369.13 - DUB2 ProdSlices

x-ms-clitelem: 1,500014,0,251787.2188,

Cache-Control: no-store, no-cache

P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"

Set-Cookie: fpc=AgP6WoOm1wRHk-anpy4lg1ll7EtBAQAAADz9J9YOAAAA; expires=Thu, 14-May-2020 18:51:40 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=prod; path=/; secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly

===============================================================================

Regards,

Rehan

Regards, Rehan Bhombal

I have an Azure Active Directory instance where I enabled MFA using Text Messages.

I tried logging-in using a user that has a phone number set in their profile, and was prompted with a dialog containing the user's phone number.

The problem is that this dialog enables the user to edit this number, instead for forcing them to use the one configured in the profile.

How can I make this dialog just use the user's phone number?

Just for clarification, the user's phone is already set in the profile and in the Authentication Methods sub-section:

https://i.stack.imgur.com/mGt4x.png

This is a brief of the login process

https://i.stack.imgur.com/NJzRm.png

Hi,

I'm using Azure B2C as Identity Provider in my application to authenticate users and return ID tokens. The web app then needs to validate the ID token. Web app uses the endpoint "https://{TenantName}.b2clogin.com/{TenantName}.onmicrosoft.com/v2.0/.well-known/openid-configuration?p={PolicyName}" to get signing key (among other things) and uses that signing key to validate the tokens.

I understand from Microsoft's documentation that the signing key can be rolled over at any point so the validating app must cater for change of signing key. Furthermore, there can be more than one signing keys at any time so validation should happen against all the available keys (not just one).

What I wanted to know is:

1) Currently when I get the signing key(s), only 1 key is returned. I'm guessing that multiple keys are only supplied when a rollover is in progress?

2) Is it possible for me to manually force a change of signing key (i.e. force Azure B2C to start using a new signing key and invalidate the previous key altogether)? I'd like to do this first to test that the validation library I use (Microsoft.Owin.Security.Jwt) automatically handles multiple signing keys. And also in case of a breach, can I just change the signing key to invalidate all existing keys and tokens?

Regards,

Syed

So I am trying to configure both SSO and Auto provisioning of Azure AD with Servicenow as an Enterprise Application, I was able to Successfully configure the SSO part but while enabling the auto provisioning of users in Azure AD, my provisioning goes into quarantine in the initial cycle itself, and the Quarantine details show this error, 'The remote server returned an error: (400) Bad Request.' The provisioning logs are also empty, I tried going through the docs but this specific error was not listed there. So kindly help me with this.