1,226 questions with Active Directory Federation Services tags
Should the custom health probe (/adfs/probe) on the Azure Application Gateway be configured to use HTTP or HTTPS?
We are hosting an ADFS farm on Azure, including an external Application Gateway configured with two WAP servers in its backend pool. Currently, the health probe uses the HTTP protocol with the path /adfs/probe, as recommended by Microsoft. However, we…
ADFS application sync issue
Installed AD HealthADFS Agent in AD FS servers but the apps are not listed in usage & Insights section
Single Sign On to different O365 tenants
Hi everybody, I have the following situation: Single Active Directory domain (domain.local) 2 Office 365 tenants (domain1.com, domain2.com) 2 ADFS Servers one of them syncing users from one OU1 to domain1.com and handling SSO. Users have UPN…
Microsoft Single Sign On 1.0.8 Google Chrome extension for Linux/Ubuntu ?
Hello, we use SSO in our intranet for various applications. The web browser MS SSO extension is available for Windows and Mac OS. Linux is important platform in our ecosystem but this extension is missing. Could Linux be supported as well? Or is there…
Computer GPO blocking Yubico PIV management in offline AD domain
Hello! I manage a small Windows Server 2022 AD on premise domain, which is completely detached from the outside network since March. I set up PIV logon to be required by all users in the domain, using user personal and root certificates residing in a…
ADFS retrieving claims using native client application
Hi, We are currently attempting to write a test application in C#, which needs to retrieve certain claims upon authorization. No matter what we have tried, it seems we only receive the same 10 claims from the ADFS server (see image for the received…
Token Signing Certificate Update Sharepoint
I need to update the sharepoint farm with the new token signing certificate. Can someone point me to the right procedure? It seems this is something that has to be done via sharepoint powershell and not cmc. There are two app servers in the farm and…
What is the difference between FBL 3 and FBL 4 in ADFS
Hi Team, I am currently running on ADFS 4.0 on windows 2016 with Farm Behaviour Level 3. planning to move to windows 2022 , FBL 4. Can you let me know the difference between FBL 3 and FBL 4. I do not see any detailed document on this. Thanks, …
Failed to create AzureadKerberos (Cloud Kerberos Trust)
We are trying to establish cloud Kerberos trust to enable WHFB in our environment. However, it is giving below error. It gives error at command Set-AzureADKerberosServer. Any advise and suggestion will be highly appreciated. We have followed below…
AD CS Web Enrollment: Invalid pointer 0x80004003 (-2147467261 E_POINTER)
I have a Windows 2019 server set up as a CA in my environment. It's tied to my DC. I have IIS installed and certificate web enrollment is in use. I can browse to my https://CA/certsrv no problem. The websites certificate is valid and trusted. I can log…
Active Directory - Add or remove multiple members from a security Group
What's the maximum limit to add/remove users to a security group in On-Prem AD? Also, is there a limit to the sync process between On-Prem & AZURE Sync for such additions? e.g. can I add 100K users to an AD Group using PowerShell script in a single…
Changing the ADFS service account options "this account supports kerberos AES ... "
We are trying to join windows 2022 to 2012 R2 farm with WID and are encountering issues during pre-requisite checks. One option that we are thinking of trying is to enable "this account supports Keberos AES 128 bit encryption" and "this…
Domain user getting: The sign-in method you’re trying to use isn’t allowed
Domain user getting: The sign-in method you’re trying to use isn’t allowed I'm troubleshooting a problem with a domain user who when trying to log in to his domain account gets the message "The login method you are trying to use is not…
Can we change the access token lifetime in AD
Can we change the access token lifetime in AD?
Create custom CloudAP plugin to authenticate to windows machine which is entra Joined?
My domain is federated with custom inhouse IDP and when the user tries to login in the entra joined machine as IDP CloudAP authenticates the user right? Is it possible to create custom CloudAP Plugin so after user enters the password our idp can enforce…
Prompt for credentials when different user tries to login with Microsoft Single Sign On using SAML
We have a below mentioned requirement on our login screen. User enters emailId in our application and selects Microsoft to login with that email Id. User logs in to our platform with Microsoft SSO using SAML. User then logs out from our application,…
having an error reactivating Access to Azure Active Directory subscription
failed reactivate Access to Azure Active Directory subscription
When attempting to modify files within the Netlogon folder in Active Directory, I've encountered instances where files are use and cannot be change
Dear Experts, I'm seeking assistance with aspects of Active Directory (AD) management and troubleshooting. Specifically, I am encountering a error that the files are in use and cannot be change in the Netlogon folder. When attempting to modify files…
DNS Zone Locks and Propagation Delay in Active Directory
Dear Experts, I'm seeking assistance with aspects of Active Directory (AD) management and troubleshooting. Specifically, I am encountering a DNS zone lock and propagation delay issue within the Active Directory environment. When I trying to make changes…
How to connect to on-premises SharePoint using ADFS authentication in a .NET 8 application
Since OfficeDevPnP.Core is not supported in .NET 8, are there alternative libraries or approaches to connect to on-premises SharePoint using ADFS authentication in a .NET 8 application? Current Situation: Existing applications written in .NET Framework…