Possible causes of Authentications failures for federated users in Office 365.

Here I’m assuming that we are using ADFS, for SSO to O365 services: Below I have tried to list, a flow for Troubleshooting, authentication issues for a federated user in Azure AD / O365 1.   Access https://login.microsoftonline.com/ and in the Login Form, enter the federated user’s login name like someone@example.com, once you hit tab to focus…


Ask The Expert session – Azure Active Directory Your Identity Management Solution for the Cloud

Hi Folks Sharing one of my videos providing an overview of Azure Active Directory (as on April 2015). Ask The Expert session – Azure Active Directory Your Identity Management Solution for the Cloud http://www.bing.com/videos/watch/video/ask-the-expert-session-azure-active-directory-your-identity-management-solution/qmt7sz0b http://www.microsoft.com/en-us/showcase/details.aspx?uuid=e33047c1-3b55-4b14-88bb-60594403b575 happy learning Abizer


ADFS 2.0 Troubleshooting Document

Hi Mates I have been working with ADFS since the last few years and have tried to list most of the troubleshooting steps related to ADFS 2.0, categorized under 5 public articles. I suggest you go through these to narrow down the cause of any issues with ADFS 2.0 and resolve them. Connectivity problems (KB…


ADFS on Azure VMs

Updated 11/2014 after some new feature releases in Azure VM space:   Hi folks   While recently working on some ADFS deployments on Azure, I learned a lot of stuff. Thought of sharing my learnings with all, some of it documented already, some not documented clearly.   Possible Deployments of ADFS on Azure:   All…


More information about SSO experience when authenticating via ADFS

Common understanding about SSO: Which may mean user enters username/password once, and does not need to reenter again during the same session. It may also mean that when accessing different application/resources, we need not enter different credentials, but enter the same ones.   AD FS 2.0 enables identity federation, extending the notion of above centralized…


Information about Email addresses assigned to a licensed user in O365

  The Onmicrosoft.com email address gets stamped the time an Exchange license is assigned to the user. When creating the Onmicrosoft.com email address for the user, we look at the mailNickname attribute value for this user on the cloud.The mailNickName value is derived from 3 places:   o   From AD, if the mailNickName attribute is…


SupportMultipleDomain switch, when managing SSO to Office 365

Use of SupportMultipleDomain switch, when managing SSO to Office 365 using ADFS   When a SSO is enabled for O365 via ADFS, you should see the Relying Party (RP) trust created for O365.      Commands that would create the RP trust for O365 are below: New-MsolFederatedDomain -DomainName<domain> OR Convert-MsolDomainToFederated -DomainName <domain> OR Update-MSOLFederatedDomain -DomainName…


Kerberos Error KDC_ERR_POLICY while trying to access a resource in the Trusted forest (Forest Trust)

Symptoms Forest1 = 2003dom.local Forest2 = 2008dom.local 2-way Forest Trust created between them, with forest level authentication. **User from Forest2 access a server in Trusted Forest1 i.e. \\2003-dc1.2003dom.local Here is what I see in the network capture on the source machine in Forest2 2008-dc1.2008dom.local 2003-dc1.2003dom.local KerberosV5:TGS Request Realm: 2003DOM.LOCAL Sname: cifs/2003-dc1.2003dom.local 2003-dc1.2003dom.local 2008-dc1.2008dom.local KerberosV5 KerberosV5:KRB_ERROR…


Tracing down user and computer account deletion in Active Directory

  In order to find out about user and computer account deletion, you must keep the “Account Management” auditing enabled, beforehand. The Account Management auditing needs to be enabled as follows: At Domain Controller OU level, edit the “Default Domain Controller” policy to enable auditing: Computer configuration > Windows settings > Security settings > Local…