In our current development environment we have the developer accounts configured as deployment managers. We're running CRM as a separate CRM account.
When I create a new organization, using the MS Dynamics CRM Deployment Manager, running under my own account, the validation step gives me the following error:
The current user does not have required permissions (read/write)
for the following Active Directory group:
CN=/*rest of AD info*/
I don't get any errors when I either import an organization rather than create one, or run the tool as the CRM user.
Why can't CRM deployment managers create new organizations, yet have no problem importing one in our setup?
Related
I use Azure DevOps in order to make continuous integration (CI). I would like to push the binaries (artifacts) to a one drive sharepoint folder whose url is like this : https://foo.sharepoint.com/personal/bar/_layouts/15/onedrive.aspx .
Thank you very much for your help !
I make some research and i attempt to do it with microsoft graph. But i don't understand how to make url....
I see also that many of customers like me want to do this : https://developercommunity.visualstudio.com/t/onedrive-support-for-devops-pipeline-release/548731.
I saw that it is possible to do this with a powershell script. But i don't know at all how to manage all this mess !
I suppose that you could follow this document for Continuous Integration and Continuous deployment using Azure DevOps
After you create the artifacts, you could follow the steps below to publish it to share point in a Release Pipeline.
1.Adding a stage.
2.Install the Node.JS tool in your stage with node.js installer with the version 10.x.
If your project is based on SharePoint Framework version 1.7.1 or earlier, use version 8.X.
3.Installing the CLI for Microsoft 365.
Add a npm task, select a Custom command and type install -g #pnp/cli-microsoft365 in the Command and Arguments field. Learn more about the CLI for Microsoft 365
4.Connecting to SharePoint Online
Before using the App Catalog in your deployment environment, you first need to authenticate against the App Catalog of your tenant. To do so, add a Command Line task and paste in the following command into the script field m365 login -t password -u $(username) -p $(password).
note
If you are using CLI for Microsoft 365 to connect to your tenant for the first time, you need to perform an interactive logon with the account first. This is required to grant access to PnP Office 365 Management Shell application which is used by CLI for Microsoft 365 to access your tenant on the account's behalf. Your task will otherwise fail to logon non-interactively. Details available on CLI for Microsoft 365 User Guide.
5.Adding the Solution Package to the App Catalog
Upload the solution package to your App Catalog by adding another Command Line task and pasting the following command line in the Script field m365 spo app add -p $(System.DefaultWorkingDirectory)/SpFxDevOps/drop/SharePoint/solution/sp-fx-devops.sppkg --overwrite
The path of the package depends on your solution name (see your project configuration) as well as the Source Alias you defined earlier, make sure they match.
Note
You can upload a solution to a site collection app catalog by adding --appCatalogUrl https://$(tenant).sharepoint.com/$(catalogsite) --scope sitecollection
6.Deploying the Application
The final step in the setup is to deploy the application to the App Catalog to make it available to all site collections within the tenant as its latest version. Add another Command Line task and paste the following command line in the Script field m365 spo app deploy --name sp-fx-devops.sppkg
Note
You can deploy a solution from a site collection app catalog by adding --appCatalogUrl https://$(tenant).sharepoint.com/$(catalogsite) --scope sitecollection
I am setting up some simple Azure services for a company that does not have an IT team yet. My three goals are
The company has to use the Azure portal minimally. The owner is not tech-oriented.
The company can add billing information for the subscription themselves without having to give me all that information.
I can eventually transfer ownership of the azure entity (directory? tenant?) to an IT team.
I cannot find the answer online because all the documentation is oriented towards an IT that works for the company as opposed to freelancer. I am currently using my personal Microsoft account but am able to get a company Microsoft account if needed via their parent organization (which does have IT). Using my personal account, I've created a new tenant then switched to that directory. In that directory I've attempted to add a subscription but it switches me back to my default directory. If I switch to the new directory again, I get the error "In order to view your eligible offers, please click here to switch your directory to {my account}.onmicrosoft.com"
I would appreciate an in-depth answer as I am not familiar with the administration side of Azure.
I need to add a colleague to my development environment (specifically VisualStudioOnline - TFS) and the doc I've read about how to do this shows differently than what I see when I try.
I am the only user of Visual Studio 2012 in my small company. I am using Visual Studio Online for Source Control (as I understand it, this exposes Microsoft Visual Studio Team Foundation Service - Version 15.115.26417.0 as a "service" (i.e. this is the cloud...there is no on-premise TFS installed). Currently, I am using a LOCAL workspace (the default) and TFVC (not GIT).
I added my NewUserA to the Administrators group on the dev server. When click menu item Team to Connect to TFS, I am prompted to sign-in with my "Microsoft" account.
However, when I try to add NewUserA to my TFS, the dialog below seems unable to search for the existence of NewUserA:
It seems to want an "identity" of NewUserA (which suggests an email address too) so it sort of makes sense that this prompt does not look for locally added Windows users.
I am quite confused and would appreciate being helped thru this.
If your VSTS account isn't connected to Azure Active Directory and you're not synchronizing your on-premises AD to AAD, then of course it won't be able to find users from your on-prem domain. If that's the case, you can add users by email address and they'll be prompted to sign up for a Microsoft account (if they don't already have one) using that address. This is different than an organizational account, which is what you'd use if you were connected to Azure AD.
I have two additional AD I have created in addition to the one which is associated to the subscription. I want to delete those but my attempt fails with the message "Directory has one or more applications that were added by a user or administrator"
I can see below two common application in both directories, where I don't see a delete button.
Office 365 management apis
Visual Studio Team Services
How can I delete this AD?
Thanks,
Shiju
I ran into the same issue. The only solution I was able to find was to step into PowerShell and get it done. You can find the steps in these two posts:
https://social.msdn.microsoft.com/Forums/en-US/afbfb7b3-92c9-4af6-9128-ba96795de5a6/not-able-to-delete-b2c-tenant
https://social.msdn.microsoft.com/Forums/en-US/e041555c-aa36-4369-bbb9-1f23ae317304/how-to-remove-active-directory-from-windows-azure
The main gist is that you need to have a global admin account which is a direct member of the directory. You can't use your Microsoft/subscription account even though it may have been granted global admin permissions. You then connect using these credentials in PowerShell, find the Service Principals (aka Applications) which exist, and remove them. You can then drop the Admin account for the directory and delete the directory itself.
I also wrote a blog page on how to delete an active directory tenant. I have updated the process to use the new portal and the newer AzureAD PowerShell cmdlets.
https://blog.nicholasrogoff.com/2017/01/20/how-to-delete-an-azure-active-directory-add-tenant/
Both TFS 2015 and Sharepoint 2013 Foundation are on-premise installations. They are on separate servers. Sharepoint is being configured post TFS installation - although I am not currently updating any existing projects.
Account being used to access the sharepoint site is a full admin on both sharepoint collection as well as TFS too.
TFS Extensions are installed, and configured on the Sharepoint server.
Can successfully create a new TFS 2015 project, and see it create the Sharepoint site - however upon accessing the Sharepoint portal site I see a number of TF30063: You are not authorized to access http://app-p-tfs01:8080/tfs errors.
I note that the collection is not listed on the url; I am looking to use the root web application of the sharepoint site as the root location.
Nothing appearing in Security event logs nor the TFS _oi audit.
Any pointers on where to look next?
The "TF30063" error message indicates that your account doesn't have permission to access TFS. As this blog described, it is caused when some permissions are denied somewhere because deny takes precedence over any other permission.
So, you can run the tfssecurity /imx command to check which group the account belongs to. Then check these group one by one to see the required permissions are not denied.
For the reporting service error, seems that the report doesn't run correctly. Firstly, go to the report server and ensure the data source can be connected successfully.
After discussing this with Microsoft Support today, it transpired the account Sharepoint was running under (which oddly is the same as TFS), did not have the relevant access - even though it WAS listed under the relevant Services group.
This was added to the Administrators group and all was well.
Very strange.