You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/active-directory-ds-check-health.md
+5-5
Original file line number
Diff line number
Diff line change
@@ -29,7 +29,7 @@ Using the health page on your Azure portal, you are able to keep up-to-date on w
29
29
3. In the left-hand navigation pane, click **Health**.
30
30
31
31
The following picture illustrates a sample health page:
32
-
32
+
33
33
34
34
>[!NOTE]
35
35
> Your managed domain's health is evaluated every hour. After making changes to your managed domain, wait until the next evaluation cycle to view your managed domain's updated health. The "Last evaluated" timestamp in the top right corner shows when the health of your managed domain was last evaluated.
@@ -40,10 +40,10 @@ The status in the top right of your health page indicates the overall health of
40
40
41
41
| Status | Icon | Explanation |
42
42
| --- | :----: | --- |
43
-
| Running | <imgsrc= ".\media\active-directory-domain-services-alerts\running-icon.png"width = "15"> | Your managed domain is running smoothly and does not have any critical or warning alerts. This domain may have informational alerts. |
44
-
| Needs attention (Warning) | <imgsrc= ".\media\active-directory-domain-services-alerts\warning-icon.png"width = "15"> | There are no critical alerts on your managed domain, but there are one or more warning alerts that need to be addressed. |
45
-
| Needs attention (Critical) | <imgsrc= ".\media\active-directory-domain-services-alerts\critical-icon.png"width = "15"> | There are one or more critical alerts on your managed domain. You may also have warning and/or informational alerts. |
46
-
| Deploying | <imgsrc= ".\media\active-directory-domain-services-alerts\deploying-icon.png"width = "15"> | Your domain is in the process of being deployed. |
43
+
| Running | <imgsrc= "./media/active-directory-domain-services-alerts/running-icon.png"width = "15"> | Your managed domain is running smoothly and does not have any critical or warning alerts. This domain may have informational alerts. |
44
+
| Needs attention (Warning) | <imgsrc= "./media/active-directory-domain-services-alerts/warning-icon.png"width = "15"> | There are no critical alerts on your managed domain, but there are one or more warning alerts that need to be addressed. |
45
+
| Needs attention (Critical) | <imgsrc= "./media/active-directory-domain-services-alerts/critical-icon.png"width = "15"> | There are one or more critical alerts on your managed domain. You may also have warning and/or informational alerts. |
46
+
| Deploying | <imgsrc= "./media/active-directory-domain-services-alerts/deploying-icon.png"width = "15"> | Your domain is in the process of being deployed. |
47
47
48
48
## Monitors
49
49
Monitors are aspects of your managed domain that Azure AD Domain Services monitors on a regular basis. The best way to keep your monitors in a healthy state is to resolve any active alerts for your managed domain.
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/active-directory-ds-mismatched-tenant-error.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ ms.author: ergreenl
21
21
# Resolve mismatched directory errors for existing Azure AD Domain Services managed domains
22
22
You have an existing Azure AD Domain Services managed domain. When you navigate to the Azure portal and view the managed domain, you see the following error message:
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/active-directory-ds-networking.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -98,7 +98,7 @@ The following table illustrates a sample NSG you can configure for a virtual net
98
98
99
99
Additionally, the NSG also illustrates how to lock down secure LDAP access over the internet. Skip this rule if you have not enabled secure LDAP access to your managed domain over the internet. The NSG contains a set of rules that allow inbound LDAPS access over TCP port 636 only from a specified set of IP addresses. The NSG rule to allow LDAPS access over the internet from specified IP addresses has a higher priority than the DenyAll NSG rule.
100
100
101
-
101
+
102
102
103
103
**More information** - [Create a Network Security Group](../virtual-network/manage-network-security-group.md).
The email specifies the managed domain that the alert is present on, as well as giving the time of detection and a link to the Azure AD Domain Services health page in the Azure portal.
Copy file name to clipboardExpand all lines: articles/active-directory-domain-services/active-directory-ds-troubleshoot-nsg.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ Invalid NSG configurations are the most common cause of network errors for Azure
38
38
## Sample NSG
39
39
The following table depicts a sample NSG that would keep your managed domain secure while allowing Microsoft to monitor, manage, and update information.
> Azure AD Domain Services requires unrestricted outbound access from the virtual network. We recommend not to create any additional NSG rule that restricts outbound access for the virtual network.
For example, when we are attempting to add a directory on the **Connect your directories** screen, Azure AD Connect needs to verify this and expects to be able to communicate with a domain controller over port 389. If it cannot, we will see the error that is shown in the screenshot above.
### Understand the results of the troubleshooting task
44
44
The troubleshooting task performs the following checks:
@@ -55,27 +55,27 @@ The rest of this section describes specific results that are returned by the tas
55
55
### UPN Suffix is NOT verified with Azure AD Tenant
56
56
When UserPrincipalName (UPN)/Alternate Login ID suffix is not verified with the Azure AD Tenant, then Azure Active Directory replaces the UPN suffixes with the default domain name "onmicrosoft.com".
### Changing UPN Suffix from one federated domain to another federated domain
61
61
Azure Active Directory does not allow the synchronization of UserPrincipalName (UPN)/Alternate Login ID suffix change from one federated domain to another federated domain. This applies to domains, that are verified with the Azure AD Tenant and have the Authentication Type as Federated.
### Azure AD Tenant DirSync Feature ‘SynchronizeUpnForManagedUsers’ is disabled
66
66
When the Azure AD Tenant DirSync Feature ‘SynchronizeUpnForManagedUsers’ is disabled, Azure Active Directory does not allow synchronization updates to UserPrincipalName/Alternate Login ID for licensed user accounts with managed authentication.
Object is out of scope due to domain not being configured. In the example below, the object is out of sync scope as the domain that it belongs to is filtered from synchronization.
### Domain is configured to sync but is missing run profiles/run steps
77
77
Object is out of scope as the domain is missing run profiles/run steps. In the example below, the object is out of sync scope as the domain that it belongs to is missing run steps for the Full Import run profile.
The object is out of sync scope due to OU filtering configuration. In the example below, the object belongs to OU=NoSync,DC=bvtadwbackdc,DC=com. This OU is not included in sync scope.</br>
@@ -94,7 +94,7 @@ Due to various differences between on-premises Active Directory and Azure Active
94
94
## HTML Report
95
95
In addition to analyzing the object, the troubleshooting task also generates an HTML report that has everything known about the object. This HTML report can be shared with support team to do further troubleshooting, if needed.
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/sharepoint-on-premises-tutorial.md
+15-15
Original file line number
Diff line number
Diff line change
@@ -72,7 +72,7 @@ To configure the integration of SharePoint on-premises into Azure AD, you need t
72
72
73
73
4. In the search box, type **SharePoint on-premises**, select **SharePoint on-premises** from result panel then click **Add** button to add the application.
74
74
75
-
75
+
76
76
77
77
## Configure and test Azure AD single sign-on
78
78
@@ -100,11 +100,11 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
100
100
101
101
2. On the **Single sign-on** dialog, select **Mode** as **SAML-based Sign-on** to enable single sign-on.
> Please note down the file path to which you have downloaded the certificate file, as you need to use it later in the PowerShell script for configuration.
121
121
122
122
5. Click **Save** button.
123
123
124
-
124
+
125
125
126
126
6. On the **SharePoint on-premises Configuration** section, click **Configure SharePoint on-premises** to open **Configure sign-on** window. Copy the **SAML Entity ID** from the **Quick Reference section.** For **Single Sign-On Service URL**, use a value of the following pattern: `https://login.microsoftonline.com/_my_directory_id_/wsfed`
127
127
128
128
> [!Note]
129
129
> _my_directory_id_ is the tenant id of Azure Ad subscription.
> Sharepoint On-Premises application uses SAML 1.1 token, so Azure AD expects WS Fed request from SharePoint server and after authentication, it issues the SAML 1.1. token.
@@ -167,7 +167,7 @@ In this section, you enable Azure AD single sign-on in the Azure portal and conf
167
167
168
168
e. Click **OK**.
169
169
170
-
170
+
171
171
172
172
> [!NOTE]
173
173
> Some of the external users will not able to use this single sign-on integration as their UPN will have mangled value something like `MYEMAIL_outlook.com#ext#@TENANT.onmicrosoft.com`. Soon we will allow customers app config on how to handle the UPN depending on the user type. After that all your guest users should be able to use SSO seamlessly as the organization employees.
@@ -182,19 +182,19 @@ The objective of this section is to create a test user in the Azure portal calle
182
182
183
183
1. In the Azure portal, in the left pane, click the **Azure Active Directory** button.
184
184
185
-
185
+
186
186
187
187
2. To display the list of users, go to **Users and groups**, and then click **All users**.
188
188
189
-
189
+
190
190
191
191
3. To open the **User** dialog box, click **Add** at the top of the **All Users** dialog box.
4. In the **User** dialog box, perform the following steps:
196
196
197
-
197
+
198
198
199
199
a. In the **Name** box, type **BrittaSimon**.
200
200
@@ -216,7 +216,7 @@ The users who will log into Azure AD and access SharePoint must be granted acces
216
216
217
217
4. In Policy for Web Application, click **Add Users**.
218
218
219
-
219
+
220
220
221
221
5. In the **Add Users** dialog box, click the appropriate zone in **Zones**, and then click **Next**.
222
222
@@ -228,7 +228,7 @@ The users who will log into Azure AD and access SharePoint must be granted acces
228
228
229
229
9. In Permissions, click **Full Control**.
230
230
231
-
231
+
232
232
233
233
10. Click **Finish**, and then click **OK**.
234
234
@@ -259,7 +259,7 @@ The configuration works for a single web application, but needs additional confi
259
259
260
260
Users can now log into SharePoint 2016 using identities from Azure AD, but there are still opportunities for improvement to the user experience. For instance, searching for a user presents multiple search results in the people picker. There is a search result for each of the 3 claim types that were created in the claim mapping. To choose a user using the people picker, you must type their user name exactly and choose the **name** claim result.
There is no validation on the values you search for, which can lead to misspellings or users accidentally choosing the wrong claim type to assign such as the **SurName** claim. This can prevent users from successfully accessing resources.
265
265
@@ -279,7 +279,7 @@ In this section, you enable Britta Simon to use Azure single sign-on by granting
279
279
280
280
2. In the applications list, select **SharePoint on-premises**.
281
281
282
-
282
+
283
283
284
284
3. In the menu on the left, click **Users and groups**.
0 commit comments