I regularly work with multiple Azure Active Directory and Office 365 tenants, recently I wanted to utilise a domain that was attached to a tenant that had expired in December 2015, but did not know how to recover it.
The various portals that you can utilise offer very little guidance.
Azure Active Directory was a little more than useless
but the new Office 365 portal offered hope, with an indication as to which tenant it was attached to.
So now what are my credentials?
Fortunately there is a link to reset your account details which were emailed to my @outlook.com email address which I added when creating the tenant.
So once I had recovered my credentials then I could access the portal and delete the domain.
If you get the message below, you have objects(users, groups or contacts) in the directory that still have the domain you are trying to delete associated to them.
The domain is now removed and can be utilised in another tenant.
Recently I faced an issue with Azure AD Connect.
A Windows Server 2012 R2 box with direct access to the internet with Azure AD Connect installed and running under the context of a service account.
As Azure AD Connect was running in the context of a service account, it wanted to utilise a proxy server to connect to the internet as it is WPAD aware.
The error message given was:
“An error occurred executing Configure AAD Sync task: user_realm_discovery_failed: User Realm Discovery Failed”
The trace log file also reported:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: user_realm_discovery_failed: User realm discovery failed —> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.
All the solutions (AADConnect Troubleshooting) I found on the internet pointed me at configuring the machine.config (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\config) with the required proxy server settings, but in my scenario I did not want to utilise a proxy server.
To resolve the issue I added the syntax below to the machine.config file which resolved the issue.
As always test in your environment before deploying into production.
AADConnect Troubleshooting – https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect-troubleshoot-connectivity/ (Accessed 16/05/2016)
Azure Active Directory Connect (AADConnect) is the tool that connects your on-premises Active Directory to Azure Active Directory.
At the end of the setup there is a rather unhelpful message asking you to run
Translated to English this means. (also see Update 20/07/2016)
- Open PowerShell and set your execution policy to unrestricted.
- Change directory to
C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep
- Supply values for the following parameters:
AdConnectorAccount: your AAD connector account.
AzureADCredentials: your credentials for Azure.
- If successful you should see
Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.Configuration Complete
- As good practice, set your execution policy back to restricted.
This must be run from a computer that has the Active Directory module for Windows PowerShell and the AD DS Snap-Ins and Command-Line Tools installed.
Failure to have both options installed will result in two errors:
The first error is obvious.
The second is not quite so obvious, a dsacls.exe error is generated as the command line tooling is not installed.