1,265 questions with Active Directory Federation Services tags
How to keep specific email address open in outlook on multiple windows devices that are used by mutiple users , using GPO?
Dears, I need your urgent support. I need to keep specific email address open in outlook on multiple windows devices that are used by mutiple users, using group policy in active directory? Forex: John and Sara using one device and each of them have an…
Increase Azure AD password policy and On-premises AD password expiry policy of 90 days to 365 days
We have enabled EnforceCloudPasswordPolicyForPasswordSyncedUsers feature and set almost all users azure policy to 'none' with the exception of a few accounts that are set to DisablePasswordExpiration. The default Azure AD password policy does match our…
Active Directory Password Policy: Changing [Must Change] Attribute
Hi all, Is there a resource that explains how to change the [Must Change] attribute in Active Directory? The goal is to modify this setting for specific users to enforce a password change on a particular date or within a certain number of days, which…
How can I make some fields required with social media like X (twitter) or google using Azure b2c custom policies
How can I make some fields required with social media like X (twitter) or google using Azure b2c custom policies? Hello, I have this problem: For example I have <InputClaim ClaimTypeReferenceId="legalCountry" Required="true" />…
MSIS7012 : The same client browser session has made '6' requests in the last '1' seconds. Contact your administrator for details
We have a .Net application which we implemented ADFS WSFED in it. Its working fine in local but when we deployed we are facing this error. For Dev in URL I see Realm is HTTPS but wreply is HTTP. But for local I see Realm is HTTPS but wreply is HTTPS.…
Windows Hello for Business Certificate Trust (on-Prem)
Hi! I have deployed Windows Hello for business environment (Certificate trust, On-Prem), Everything works OK. The domain user logs into the client machine and windows hello for business enrollment starts. However, After getting the PIN from user, windows…
Mailbox type is unable to change from user to office365 in the on-premises exchange portal.
Mailbox type is unable to change from user to office365 in the on-premises exchange portal. The mailbox type in Online Exchange Admin Center is user mailbox. though would like the mailbox type in the on-premises exchange portal to switch from user to…
Users get prompted for MFA and email
Hi, We have corp.local on prem domain and external.org for our emails. Before we flip from Exchange on prem to O365 we would like to get all SSO issues resolved. We currently have two problems. When users open Edge or Chrome browsers on their office…
AD B2C custom policy Get Key="ValidTokenIssuerPrefixes" URI from a rest endpoint
Hi All, I have a <ClaimProvider> in my AD B2C custom policy which allows some tenants to authenticate. Is it possible to get these URIs from a rest API endpoint and populate it? <item key="ValidTokenIssuerPrefixes">[URIs from an…
How to Restrict Domain Users Disjoining Computers from Domain?
Why domain users can disjoin on the AD domain?, How can I deny any one from dis joining or leave domain and back to work group by GPO or any other way?
Getting error on AD sync configuration.
Hello All, I m encountering an ADD sync error when attempting to connect my on-premises server to Azure Active Directory (AAD). Could someone please assist me in troubleshooting this…
How can I configure the AD FS federation service so that avatars of users synchronized with Azure AD Connect are displayed and Windows applications are automatically logged in?
Good day! Given: A server running Windows Server 2022 Datacenter, domain: chuc218.ru Is it necessary to: configure the AD Federation Service (AD FS) so that avatars of users synchronized with Azure AD Connect are displayed on client PCs running Windows…
How to remove the "hint" query parameter during AAD B2C password reset flow?
We have set up the password reset exchange as instructed in the docs and are trying to remove the hint query parameter that gets added to the URL when clicking the forgot password link. We do not want it as it is an info leak. Someone else asked a…
Unable to add second ADFS server to existing farm (MSSQL and gMSA)
Hello, My first Server 2019 ADFS server is working fine, but for HA purposes I wanted to add a second one. I already made sure that my GMSA, which is just named "ADFS-GMSA" works fine with my MSSQL server. I was following the instructions here:…
Microsoft Entra Hybrid Join – Devices Stuck in "Pending" Status
Hello Team, We are facing an issue with our on-premises Active Directory (AD) integrated with Active Directory Federation Services (AD FS). We have correctly configured Microsoft Entra hybrid join using Microsoft Entra Connect, following the official…
User ID prompt from AAD hybrid-joined computer
Hi, All of our users are getting prompted for User ID when navigating to portal.azure.com in the browser on the hybrid joined Windows 11 systems. Running dsregcmd /status on any computer on the corp network shows…
Supported SQL version for AD FS
We are running AD FS on a Windows Server 2019. Today our database is SQL 2016 on a separate server. Everything is on-prem. Is newer SQL version supported for our database, together with AD FS "2019"?
Are the ADFS Help tools still available?
This site has a tremendous amount of information and tools for help with ADFS. I understand that that some of the content is moving to the general ADFS troubleshooting page listed below, but I do not see the tools anywhere. Will they be available going…
Modifying the Protected Users group members with 'Account is sensitive and cannot be delegated' andAES encyptions?
I need some help and clarification on securing all of my Active Directory Enterprise and Domain Admin user accounts using the 'Protected Users' group and enabling these security attributes: Account is sensitive and cannot be delegated. This account…
I have disabled synchronization, now what?
I am taking our organization fully online and eliminating on-prem servers. Everything I could find on the subject (on and off Microsoft) said just to disabled Synchronization using this command: Set-ADSyncScheduler -SyncCycleEnabled $false then uninstall…