1,219 questions with Active Directory Federation Services tags
About exchnage schema extention in AD
Mailnickname attribute is absent in my AD which I need for AADC sync so I install Exchnage server 2019 in AD and run setup command which continuosly giving me error First of all I want to ask is my method is correct? or Can we extent Exchnage schema…
About sharepoint schema extention in AD
I want to ask the method for Sharepoint Schema extention in AD I have searched but not found any document which satisfy my need Is there anyone who knows how to do it? Or any usefull docs??
Unable to add second ADFS server to existing farm (MSSQL and gMSA)
Hello, My first Server 2019 ADFS server is working fine, but for HA purposes I wanted to add a second one. I already made sure that my GMSA, which is just named "ADFS-GMSA" works fine with my MSSQL server. I was following the instructions here:…
MailNickname attribute is missing from Attribute Editor
In My case the mailnickname attribute is missing from AD and I want to modify the nick name Can anyine tell why this is happening to my ad I want to modify the nickname from GUI rather the PS Thank you
How to federate multiple AzureAD Enterprise Applications with same on-premise ADFS Farm?
Hi there We have Enterprise Application in Azure AD tenant that federates with an on-premise ADFS farm. In the SAML config, we specify the identifier URL for the ADFS farm, and this works okay. We want to create a second Enterprise…
Questions regarding on-prem MFA integrated with on-prem Azure and credentials
I need to change the credentials used by MFA ADFS Adapter on my on-prem ADFS farm. The farm consists of 3 Windows Server 2016 systems using a WID database. Would it just be a matter of updating the relevant config file and running the registration cmdlet…
Integrating Azure AD with On-premises AD, but without syncing users to Azure AD
We are looking to integrate Azure AD with On-premises AD, but without syncing users to Azure AD to save us the cost of having them stored on Azure with the licenses required. We need eventually to authenticate users through the on-premises AD and to…
Migrate settings from AD FS Win 2012R2 to Windows Server 2016
Hello everyone We currently have a Windows Server 2012R2 with the ADFS function in use which is connected to Azure. Due to problems that always occur with the WID and the old Windows Server version on the AD FS Server, I have installed a new Windows…
![](https://techprofile.blob.core.windows.net/images/EcUT6BcZAQAAAAAAAAAAAA.png?8DA860)
The User Profile Service service failed the sign-in. User Profile cannot be loaded
The User Profile Service service failed the sign-in. User Profile cannot be loaded
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Migrating away from on prem ADFS to Entra ID still authenticating on prem.
Greetings, We are running an on prem ADFS (version 2019). One of the main activities we use ADFS for is acting as an STS for our API via service to service communication. Our clients (API consumers) are configured as trusted claim providers, in other…
![](https://techprofile.blob.core.windows.net/images/ZmCqtj76I02bBVBh5r7-eQ.png?8D81C8)
Newly setup Hybrid Modern Authentication on on-prem Exchange, fails to authenticate with error 2002
Hello Team, Configured HMA on existing on-prem exchange server. Then to test it out when I use a Outlook on desktop, looks like I can see ADFS page, but past that I fail to authenticate, with this error.
How can I get the Owner and the 'Users and Group' assigned to the Enterprise Application or Service principal
Using PowerShell Microsoft Graph, how can I get/retrieve the list of Owners and the 'Users and Group' assigned to the Enterprise Application or Service principal? When I tried using the below cmdlet, it threw an error about the object cannot be…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
ADFS Single signon issue with external idp - SAML 1.1 Assertion is missing ImmutableID of the user
I have office 365 + Onperm AD + ADFS for federation. I have configured Shibboleth as a second Claims provider (MFA enabled). When I tried to login to office 365, I get Windows AD and Shibboleth as options, when I click on Shibboleth, I get authenticated…
Set up synchronization between Active Directory and Google Workspace
Hello, First, happy new year to all! Let me set the scene quickly. I work for a company that uses a hybrid Azur Active Directory, but we've acquired a company using Google Workspace that we need to keep for operational reasons. Using Active Directory AND…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
ADFS token-signing certificates and token-encryption certificates
1、The ADFS token-signing certificates are only used for the relying party?If yes,then why token-signing certificates are used when adding the claims provider? 2、The ADFS token-encryption certificates are only used for the claims provider?If yes,then why…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Request to Change Primary Domain of Azure AD for Transitioning SSO from Okta to Azure AD (Entra ID)
As the subject suggests, we are considering the transition of SSO functionality from Okta to Azure AD (Entra ID). However, there is an issue with the SSO configuration due to the discrepancy between the primary domain of Azure AD and the login ID of the…
Upgrading ADFS 2012R2 to ADFS 2019
Hello All, We are planning to upgrade our ADFS servers 2012R2 to 2019 WID. just wanted to know once we do all the required steps from the below Microsoft document, after raising the FBL to V4 will the federation metadata be changed? or do we need to get…
AD LDS Instance Issue (LDAP)
Have been setup LDAP using AD LDS (Active Directory Lightweight Directory Services) (LDAP Port is 389 and LDAPS port is 636). However didn't mark all the required LDIF files to import when setup. Tried to re-built Instance used LDAP default port but…
Replace service SQL service account with GMSA
Hi Everyone, Is it possible to replace SQL service accounts with GMSA?
![](https://techprofile.blob.core.windows.net/images/PAxjl2BhAQAAAAAAAAAAAA.png?8DA620)
ADFS couldn’t start service adfssrv under another gMSA error 1064, 220
I'm trying to start the ADFS service under a new gMSA and at about 10 seconds I get a 1064 error, unless I make a mistake while reading the internal WID database. I had this problem in a production environment, I get the same error in a lab environment.…