I have installed sharepoint server 2010 and created many sites , added about 500 users in the AD , given the appropriate permissions to the groups, everyone is normally loging in using his credentials.
The wird thing i cannot understand is that whenever i try to start the "User Profile Synchronization Service" is freezes for a long time to "STARTING" mode.
After that it is "STOPPED" again.
Also.
1)my AD users have emails stored, but sharepoint is not able to see these email. Whenever i try to create an alert it says that there is no email address.
2)using the server (This machine) noone else except for the Administrator (account) can login. NO ONE
If i logged in over the internet or my lan, anyone can login using his credentials, as i mentioned before.
User Profile Service is working ok.
When entering (CA) Profile Service Application , i get this
Profiles
Number of User Profiles
6
Number of User Properties
68
Number of Organization Profiles
1
Number of Organization Properties
15
Audiences
Number of Audiences
1
Uncompiled Audiences
0
Audience Compilation Status
Idle
Audience Compilation Schedule
Every Saturday at 01:00 AM
Last Compilation Time
Ended at 3/24/2012 1:00
Profile Synchronization Settings
User Profile Sync is not currently
Synchronization Schedule (Incremental)
Every day at 01:00 AM
When entering the "CA">"User Profile Synch Service", in the "select User Profile Application" dropdown box , there is nothing.
after that is an account named "dbaccess" , for which i have to enter the credentials. I have made this account an AD administrator.
I am available to provide you ANY other information, screenshot or even access to the machine , in order to help me with this issue.
It is the most difficult issue i have faced, since i first started my sharepoint project.
Looking forward to ANY help...
If you have 500 users in AD and the Number of profiles you see in the UPSA is just 6 then you may not be pointing to the right Ad OU in your connection
Related
Every 3 months, we have a requirement to force a user to an app to update their contact info (this is an in-house app, and we also will have situation that is an app to update emergency alert phone and email addresses) before they can access any other apps on the onelogin dashboard. Once a user has updated their info, then they can access the onelogin dashboard as usual. Do you have any examples or provide any ideas of how this could be done?
An account administrator can log into their companies onelogin portal.
In the upper right hand corner there is link Administration click it.
In the administration panel hover over the Security tab and select Policies when it appears.
Start a new policy. On the left side there is a tab Password. This allows you to enforce the password age policy.
Once the policy has been configured, it just needs to be applied to the users.
We are creating a flow to add a guest user to Azure AD.
Reference Article
https://www.timlinenterprises.com/how-to-invite-external-users-using-microsoft-flow-and-microsoft-graph-api/
Followed the steps in the article and got the error as shown below while executing the flow
Insufficient privileges to perform requested operation by the application '00000003-0000-0000-c000-000000000000'. ControllerName=MSGraphInviteAPI, ActionName=CreateInvite, URL absolute path=/api/a65449db-d753-4811-b4e1-846b9be25a50/invites
Below is the screenshot of the HTTP Request from Flow
HTTP Request in Flow
HTTP Request in Flow 2
Below is the screenshot of the API Permissions on Azure
Azure API Permissions
As soon as I replace .onmicrosoft.com with the Tenant ID ,the flow executes without any issues and the guest user receives the invitation. The user gets added to Azure AD however their profiles do not show up on office 365 Guest users nor under SharePoint User Profile even after waiting for 24 hours.
Whenever I invite a guest user using graph explorer , the guest is added successfully to Azure , Office 365 and SharePoint
Graph Invitations Execution
Response to Post Request
This is a Global Admin account with all the privileges and E3 license assigned.
All the articles online show you how to add guests on Azure AD , However there is no info if the user would show up on Office 365 Guest List.
Please let me know if anyone is aware of this and can help me the steps to get this resolved , also let me know if any other details are needed from my end.
EDIT
There was a small confusion , I confused Tenant ID with Client ID , after entering the Tenant ID the flow works without any issues as show below
enter image description here
As soon as I enter .onmicrosoft.com under the tenant section , the flow fails
We have just 1 tenant where Azure Application is created
Please let me know if anything else needs to be checked
Thanks in advance.
As soon as I replace .onmicrosoft.com with the client ID ,the flow
executes without any issues
It's impossible. You can only put tenant ID or domain name here. "client id" doesn't work.
In your case, a65449db-d753-4811-b4e1-846b9be25a50 should be the tenant id which you are trying to invite guest into.
Since the application permissions User.Invite.All and Directory.ReadWrite.All are correct, the reason why you get this issue is probably that you put a wrong tenant name here. The Azure AD app you registered is not in this tenant a65449db-d753-4811-b4e1-846b9be25a50. Please have a check.
I'm in a bind with Azure login account. I've forgotten my password for my account that I use for a client's DevOps. It wasn't until I ended up created another account today to troubleshoot the problem that I might understand the issue, but still can't fix it.
About a year ago, my client added me as a Guest in their Active Directory. I did not have an active directory myself. I got the notice from Microsoft in an invite email to get started, which created an account to get access to their Azure Portal and DevOps. I've been logged in for a year, but was trying test a feature which required me to login to DevOps during the process. I tried what I thought was my password, but that didn't work. No problem, I'll just click on the reset password feature. That ended up informing me that "password reset isn't properly set up for your organization." Knowing who setup my account up, I ask them to reset my password. The response was we do not have control to reset your password because you're a guest.
Through several discussions, and seeing what was available to them, and how a Guest was set up, it was suggested to setup an account within Microsoft for the email. I did that, and when I went back to try and login to their portal, I was presented with two options after I entered my email address. There was a work account and a personal account. Both with the same email address. The work account indicated it was created by "your IT department". Which we did not create this, it was a result of the client adding us as a guest, then finishing the process to gain access. So I can only assume, either an active directory was created for my domain, or I was added to a generic active directory.
In either case, I still can't change the password for the work account, and researching has not helped, as it keeps resetting my personal account.
Does anyone have any suggestions on how to resolve this issue?
Here is what I'm currently seeing.
Thank you,
Marc
You don't have an AAD tenant. So I assume that your account is an Microsoft personal account.
Although you are added as the guest user in your client's tenant, the password management is not handled by that tenant. It is still handled by Microsoft personal account.
You can reset your password here: click on Sign In, enter your account and click on Forgot password?.
I am doing SAML SSO in my project , the scenario is I am preparing SAML Auth Request URL ,there is a login page where 2 radio buttons are there for Internal/External User ,In both radio case I have to prepare SAML Auth with the IDP Urls provided to me , I was able to prepare and it redirected me to Microsoft login page ,I been given credentials in that domain to login ,the issue is one person sitting in US tries to login with the credentials was successfully able to login ,got the SAML Response and it redirected him to Redirect URL ,when I took the same credentials of him ,tries to login from my machine ,I got error like you are not authorized ,I been confused what does happen ,we are using the same credentials but machine is different ,Is there any settings in Azure Active Directory which checks NETWORK/Machine/IP as well ?
Yes, they do sign-in risk detection based on many factors.
Location is one of them.
The one you probably hit is this one: https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events#impossible-travel-to-atypical-locations.
It is impossible for this user to have traveled that large of a distance in such a short time,
so it gets flagged as suspicious and blocked.
I've had this happen as well when I signed in to an account through a VM in another continent.
It does learn typical locations over time though, so it might start working later.
The algorithm ignores obvious "false positives" contributing to the impossible travel conditions, such as VPNs and locations regularly used by other users in the organization. The system has an initial learning period of 14 days during which it learns a new user’s sign-in behavior.
You should have your own user id :)
We have a Kentico 10 website using custom WIF authentication. That is all working fine. I can see that the authenticated user details match what is expected.
I tried enabling the online marketing - contact tracking and then discovered that even though I had logged out with one account and then logged in with another account the new user's activity was being logged as if the first user had performed it.
The only that works reliably is using a delete cookie plugin in chrome which isn't a good solution for production.
I tried expiring the existing cookies for the domain and then found after logging out and back in again with a new user that all the new activity was being logged as public anonymous user.
Is there anything I can add to signout or login to ensure that the correct Contact is being tracked against. Different users should be able to use the same browser logging out and back in again without this contact activity going against the wrong person.
The contact cookie is stored per user account on a computer. So if you're simply logging in and out of Kentico this activity will not change your contact cookie. Kentico sees you as the same contact even though you are authenticating with a different user account.
Kentico Contacts and Users are not synonymous although they can have a link to one another. So I'd expect if the user account with linked with a contact you may see different activity for that particular contact. The only way a contact is linked to a user account is if one of the 3 activities happen:
Registers on a website
Signs in with a user account
Fill in customer data while making a purchase
So even though you're doing #2, I'm guessing something unique is happening since you're doing some testing on the local machine. Check out the documentation about contacts and linking to user accounts. To test or see if a user is linked to a contact, go to Contact Management, manage a contact and click on the Membership>Users tab. If see a user account linked to the contact then that contact is linked. If you don't see one then that particular contact is not linked and you'll experience the issues you're explaining.