Recover a domain name from an expired trial Office 365/Azure Active Directory tenant.

I regularly work with multiple Azure Active Directory and Office 365 tenants, recently I wanted to utilise a domain that was attached to a tenant that had expired in December 2015, but did not know how to recover it.

The various portals that you can utilise offer very little guidance.

Azure Active Directory was a little more than useless

AAD Error

but the new Office 365 portal offered hope, with an indication as to which tenant it was attached to.

O365 Clue

So now what are my credentials?

Recover Account

Fortunately there is a link to reset your account details which were emailed to my @outlook.com email address which I added when creating the tenant.

So once I had recovered my credentials then I could access the portal and delete the domain.

Remove

If you get the message below, you have objects(users, groups or contacts) in the directory that still have the domain you are trying to delete associated to them.

progress

The domain is now removed and can be utilised in another tenant.

Gone

 

 

Azure AD Connect: User Realm Discovery Failed.

AADConnect

Recently I faced an issue with Azure AD Connect.

The scenario:

A Windows Server 2012 R2 box with direct access to the internet with Azure AD Connect installed and running under the context of a service account.

As Azure AD Connect was running in the context of a service account, it wanted to utilise a proxy server to connect to the internet as it is WPAD aware.

The error message given was:

An error occurred executing Configure AAD Sync task: user_realm_discovery_failed: User Realm Discovery Failed

The trace log file also reported:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: user_realm_discovery_failed: User realm discovery failed —> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.

All the solutions (AADConnect Troubleshooting) I found on the internet pointed me at configuring the machine.config (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config) with the required proxy server settings, but in my scenario I did not want to utilise a proxy server.

To resolve the issue I added the syntax below to the machine.config file which resolved the issue.

<system.net>
                <defaultProxy enabled=”false”></defaultProxy>
 </system.net>

As always test in your environment before deploying into production.

AADConnect Troubleshooting – https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect-troubleshoot-connectivity/ (Accessed 16/05/2016)

 

 

 

Azure AD Connect: Initialize-ADSyncDomainJoinedComputerSync

nitialize-ADSyncDomainJoinedComputerSync

Azure Active Directory Connect (AADConnect) is the tool that connects your on-premises Active Directory to Azure Active Directory.

At the end of the setup there is a rather unhelpful message asking you to run

AdSyncPrep:Initialize-ADSyncDomainJoinedComputerSync

Translated to English this means. (also see Update 20/07/2016)

  1. Open PowerShell and set your execution policy to unrestricted.
    set-executionpolicy unrestricted

  2. Change directory to
    C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep

  3. Then
    import-module .\AdSyncPrep.psm1

  4. Then
    Initialize-ADSyncDomainJoinedComputerSync

  5. Supply values for the following parameters:

    AdConnectorAccount: your AAD connector account.
    i.e.identitatem\svc_aadconnect@identityproject.co.uk

    AzureADCredentials: your credentials for Azure.
    logon@identityproject.co.uk

  6. If successful you should see
    Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.Configuration Complete

  7. As good practice, set  your execution policy back to restricted.
    set-executionpolicy restricted

Update 20/07/2016:

This must be run from a computer that has the Active Directory module for Windows PowerShell and the AD DS Snap-Ins and Command-Line Tools installed.

Tooling

Failure to have both options installed will result in two errors:

The first error is obvious.

ADSyncPrepError

The second is not quite so obvious, a dsacls.exe error is generated as the command line tooling is not installed.

DSAcls Error