How to allow Window Azure AD users to login to my On Prem SharePoint 2013

Similar Messages

• How to allow only the specified users/groups to open my pdf files...

  Hi there,
  I'm looking for resources/documents describing how to allow only the specified users/groups to open my pdf files by the Java API...
  I've found a sample code creating a policy in the following document.
  http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/sdkHelp/wwhelp/wwhimpl/js/html/w whelp.htm?context=sdkHelp&topic=learn_lc_sdk_invokeremoting
  ( API Quick Starts (Code Examples) > Rights Management Service API Quick Starts > Quick Start: Creating a new policy using the Java API )
  But the sample code doesn't set recepients( users/groups ) who can open the pdf file.
  How can I make it ?
  Any samples ? or Does anybody can tell me which Java classes/methods I should use ??
  Policy#addPolicyEntry(PolicyEntry policyEntry) ??
  PolicyEntry#setPrincipal(Principal principal) ??
  or none of them ?
  Any hints are appreciated !
  Thanks.

  I'm not exactly sure what you are tying to do here, but typical approach when issuing one PDF par user/groups scenario goes like:
  1. Create policy for specific purpose and add principal (user/group)
  2. Apply policy on server side
  3. Deliver the file (via email etc...)
  If you are looking for sample codes, try quick start.
  http://livedocs.adobe.com/livecycle/8.2/programLC/programmer/help/wwhelp/wwhimpl/js/html/w whelp.htm?&accessible=true
  If you go "API Quick Start/Rights Management Service API Quick Starts", you might find something useful. I think you need "Creating Policies" or "Modifying Policies" for step 1 above, and "Applying Policies to PDF Documents" for step 2.
  Hope this helps.

• How to implement tooltip for the list items for the particular column in sharepoint 2013

  Hi,
  I had created a list, How to implement tooltip for the list items for the particular column in SharePoint 2013.
  Any help will be appreciated

  We can use JavaScript or JQuery to show the tooltips. Refer to the following similar thread.
  http://social.technet.microsoft.com/forums/en/sharepointdevelopmentprevious/thread/1dac3ae0-c9ce-419d-b6dd-08dd48284324
  http://stackoverflow.com/questions/3366515/small-description-window-on-mouse-hover-on-hyperlink
  http://spjsblog.com/2012/02/12/list-view-preview-item-on-hover-sharepoint-2010/

• How to allow only part of users in AD login sharepoint?

  We have a SP2013 farm using windows authentication. On the AD there are 10,000 user accounts and we have no edit permission on AD. (Hence, I cannot setup any group there) As the Sharepoint admin I only have a list of 1,000 users allowed to access. There
  is no existing group setup to indicate these 1,000 users.
  My question is, how can I allow these 1,000 user login Sharepoint while blocking the other 9,000? 
  My concern is these 9,000 users will get their My Site self-created when he browse the My Site web application. Another concern is when they access some page without authorization, they will get a form allow them asking for access. The site owner may grant
  access to them by mistake which I need to avoid.
  Thanks.

  Hello Mark,
  Regarding the second part of your question. You can uncheck the option 'Allow requests for Access', it is described how in the following thread:
  http://social.msdn.microsoft.com/Forums/sharepoint/en-US/d1e948cf-6289-48f9-9f25-81b57b292c40/how-to-hide-request-access
  - Dennis | Netherlands | Blog |
  Twitter

• How to get Windows Azure Powershell on a HDInsight VM?

  I've already searched MSDN and Bing and didn't find an answer to my question below -> So how do I install Windows Azure Powershell on my HDInsight cluster?
  Overall, I'm trying to execute the tutorial here:
  http://azure.microsoft.com/en-us/documentation/articles/hdinsight-analyze-twitter-data/
  1) I provisioned a single HDInsight cluster. I have a pre-existing storage account. I can use Azure Storage Explorer to browse around so I know it's ok.
  2) I am able to open a remote desktop connection to my cluster.
  3) To run any of the PowerShell scripts in the tutorial linked above I need "Windows Azure Powershell". Regular "Windows Powershell" doesn't seem to have some cmdlets.
  4) After I remote into my cluster I go to this page
  http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/ and launch the link that says "You can download and install the Azure PowerShell modules by running the
  Microsoft Web Platform Installer...".
  5) I choose that installer link.
  6) I choose "Run"
  7) It says "The system administrator has set policies to prevent this installation."
  So how do I install Windows Azure Powershell on my HDInsight cluster?
  Thanks in advance.

  Hi CraigGu,
  User won't get admin access on HDInsight cluster so that's the reason you were getting the error.
  It's not recommended to install any software/do any customization(via rdp) on headnode of HDInsight cluster. The reason is that changes will not be preserved due to cluster reimage process.
  To answer your question please install and configure PowerShell on your desktop/laptop and submit jobs.
  Thank you for choosing Microsoft HDInsight
  Thanks and Regards,
  Please marked it as answered if it answer your question.  
  Sudhir Rawat

• How to unlock an Azure AD user account?

  Hi Team,
  We have Azure AD hosted on Azure and we want to test the security of our Aazure AD. The requirement is if at all any intruder enters 10 times wrong password & "10 successful Captcha & Wrong password combination" with azure AD user;
  The azure ad user account shall be lockedout. So if it is locked out what is the idle duration to auto unlock. And is there any way to unlock the account on demand through Azure Management portal or powershell? If it is doable through either of these;
  how we can unlock the account; I couldn't find any answers.
  Your faster response is much appreciated in extending our business onto Azure. Thank You.
  Regards,
  Subhash
  Regards, Subhash Konduru

  Hi Team,
  We have Azure AD hosted on Azure and we want to test the security of our Aazure AD. The requirement is if at all any intruder enters 10 times wrong password & "10 successful Captcha & Wrong password combination" with azure AD user; The
  azure ad user account shall be lockedout. So if it is locked out what is the idle duration to auto unlock. And is there any way to unlock the account on demand through Azure Management portal or powershell? If it is doable through either of these;
  how we can unlock the account; I couldn't find any answers.
  Your faster response is much appreciated in extending our business onto Azure. Thank You.
  Regards, Subhash Konduru

• How to stop ACS intergated AD users to login in AAA clients(network device)

  I have ACS 4.2 Appliance which is integrated with Active directory.
  AD users are able to login in network devices. Is there any so that I can stop AD user and other local users to login in AAA clinets (network devices).

  These types of configurations are a two-way street. ACS must be configured to actually perform the authentication/authorization, and the AAA clients must also be configured for authentication/authorization. I would look at the AAA client configurations, first.
  What kind of AAA clients are we talking about? Cisco switches, Cisco WLC's? Swicthing gear from other companies?
  For Cisco switches, lines like the following will tell them to use your ACS server for administrative user auth (RADIUS ro TACACS+, respectively):
  aaa group server radius rad_admin
  server xxx.xxx.xxx.xxx
  aaa group server tacacs+ tac_admin
  server xxx.xxx.xxx.xxx
  If your AAA client is a WLC, then you need to uncheck the "Management" box where the RADIUS server is defined for authentication (Security -> AAA -> RADIUS -> Auth).

• Third Party Solution that allows Azure AD Group Augmentation and People Picker query in SharePoint 2013

  Hi Guys,
  It would be very helpful to me if anyone can share any 3rd party solution for the above feature?
  I found a solution http://azurecp.codeplex.com/ which is really a very good solution and does what I want. As this is a critical requirement to my SharePoint, there needs a certain level of support (or call it Official Support) which is more justifiable
  at management level. Hence, please share if you happen to know one please.
  Cheng

  Hi,
  As you said, AzureCP is third party solution, this is third party tools.
  https://azurecp.codeplex.com/releases/view/125008
  Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding
  this product's performance or reliability.
  Please refer to the following articles about intergrating sharepoint 2013 with Azure Active Directory:
  Integrating SharePoint 2013 with Azure Active Directory – Part 1 Configuration
  http://blogs.technet.com/b/speschka/archive/2013/05/10/integrating-sharepoint-2013-with-azure-active-directory-part-1-configuration.aspx
  Using Microsoft Azure Active Directory for SharePoint 2013 authentication
  http://technet.microsoft.com/en-us/library/dn635311(v=office.15).aspx
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How can I use the Outlook 2010 social connector to connect to a Sharepoint 2013 mysite?

  Hello Forumfriends!
  We have recently (like, last Weekend) migrated our Sharepoint 2010 Farm to SharePoint 2013 and we have started using mysites.
  Now, there is a nice featur in Outlook 2010, the social connector. This connector connects nicely to SharePoint 2010 mysite (it does, I have tested myself).
  Unfortunately, I seem to be unable to connect to my new SharePoint 2013 mysite with my Outlook 2010 Client.
  Can anyone help me with this?
  In SharePoint 2010 I configured the social connector using the URL
  http://mysitehost/my. When I do the same with my SharePoint 2013 mysite it says "Could not connect to Server"
  We are not using Office 365 and no, we will not rollout Outlook 2013.
  Regards,
  Jack

  Hi Jack,
  According to your description, my understanding is that you could use Outlook 2010 social connector to connect a SharePoint 2013 MySite.
  The OSC makes Outlook 2010 a social networking tool by connecting to the new social experiences in SharePoint 2010. That connection allows the OSC to download activity feeds for colleagues and display them inside the new People Pane.
  When using Outlook 2013 Social Connector connecting to SharePoint 2013, Outlook calls /_layouts/15/ActivityFeed.aspx with parameter (destination user email) to sync updates. However, it is likely that Outlook 2010 cannot recognize SharePoint 2013 newsfeed.
  So, for solving your issue, I suggest you use Outlook 2013 Social Connector to connect a SharePoint 2013 MySite.
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• How to allow more than two users on remote desktop on windows server 2012 foundation?

  i have a dell server power edge T300 with windows server 2012 foundation. I am unable to connect more than two remote desktop at once.

  Hi,
  Add to Brain, you cannot have more than 15 user accounts in Windows Server 2012 Foundation.
  In order to access a hosted application, such as Microsoft® Office, a license for Windows Server 2012 Remote Desktop Services is required for each user account (not to exceed 15 user
  accounts) that directly or indirectly uses RD Gateway to host a graphical user interface, including using Remote Desktop Connection (RDC) client. When using Remote Desktop Services, you may not install or use Remote Desktop Connection Broker or Remote
  Desktop Virtualization Host role services. For more information about Remote Desktop CALs , see http://go.microsoft.com/fwlink/?LinkId=140238.
  http://technet.microsoft.com/en-us/library/jj679892.aspx
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Allow Windows AD domain user to access and manage objects in Oracle 11g

  Hi,
  I'm using Oracle 11g on Windows environments, XP, server 2003 etc.
  If I use a domain user (user1) maintained on domain server (adsvr.company.com) to manage Oracle objects in DB server (dbsvr), do I have to assign user1 as member of administrator on DB server (dbsvr)?
  I'm asking this because my software vendor requires for it but our security policy doesn't allow us to assign normal domain user (user1) to administrator group on local machine (dbsvr).
  If I have to assign user1 to administrator group on dbsvr, please point me which document says so.
  Thank you in advance.
  Jeffrey

  Looks like some left-over processes keeping a hold on configuration files.
  Manually kill the left-over processes and start the DB Console.
  Refer:
  How To Identify and Remove an Agent or DBConsole Processes From a Windows Server (Note 785772.1)
  Refer this as well:
  EMCA Troubleshooting Tips
  http://docs.oracle.com/cd/E11882_01/server.112/e25494/dbcontrol.htm#ADMIN13444
  HTH
  Mani

• Please let me figure out how to allow windows 7 to see my ipad and for itunes to work.  It is looking for a digital signature!!

  How to get my ipad to sync with windows 7 when itunes does not see it and in device manager it says that it needs a digital signature and when I look at devices it says apple camera not ipad and it's not working.
  Any ideas?

  You need a third-party program. The following includes listing such programs. It also included instructions form making this computer your syncing computer
  Syncing to a "New" Computer or replacing a "crashed" Hard Drive: Apple Support Communities

• How authentify a windows nt/2k user from java

  Hello, I'm trying to authentify windows 2000 users from a java program, the application have to run in a unix based system (solaris) or if it's necessary, in a windows 2000 machine, Help me please.
  Thanks for everything
  Guillermo Mora
  [email protected]

  Look at http://jcifs.samba.org/ -it's almost full implementation of microsoft SMB networking

• How to disable sending email to manager while deletion of my site in SharePoint 2013?

  I believe there is a cleaning job is for disabled and employee who are left i want to disable the alert which is sending to their manager for the deletion of the site that site will be deleted in 3 days. How can we disable this email alert.

  The job you are looking for is called the MySite Cleanup Job.  It is a timer job, so you can disable the whole thing.  But that would disable processing of MySites for deleted users entirely, not just the email alert.  Unfortunately, there
  is no way to disable just the alert.  So you either need to disable the whole timer job or let the alert be sent.
  Also, just to clarify.  By default the timer job deletes mysites after 14 days (not 3) and only does this for users missing from a profile import ( which is normally only users deleted from AD not user disabled in AD).  You can filter out disabled
  users also, but it requires adding a filter to the profile import connection.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Issue in mapping custom user profile property with AD field in SharePoint 2013

  Hello,
  I am trying to map a custom user profile property i created "ADSecurityGroups", type - String, Multivalue with the AD propoerty named "memberOf" via powershell.
  UserProfile Service is up and running, and so is the Synchronization Service. User executing the powershell has full control on the User Profile Service and is the farm administrator.
  Following is the code snippet i grabbed from the internet which i am trying to execute.
  Add-PSSnapin Microsoft.SharePoint.Powershell -ErrorAction "SilentlyContinue" 
  $url = "http://<servername:port>/" #URL of any site collection that is associated to the user profile service application. 
  $spsProperty = "ADSecurityGroups" #Internal name of the SharePoint user profile property 
  $fimProperty = "memberOf" #Name of the attribute in FIM/LDAP source 
  $connectionName = "UserProfileSyncConnection" #Name of the SharePoint synchronization connection
  $site = Get-SPSite $url
  if ($site) 
      Write-Host "Successfully obtained site reference!"
  else 
      Write-Host "Failed to obtain site reference"
  $serviceContext = Get-SPServiceContext($site)
  if ($serviceContext) 
      Write-Host "Successfully obtained service context!"
  else 
      Write-Host "Failed to obtain service context"
  $upManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($serviceContext)
  if ($upManager) 
      Write-Host "Successfully obtained user profile manager!"
  else 
      Write-Host "Failed to obtain user profile manager"
  $synchConnection = $upManager.ConnectionManager[$connectionName]
  if ($synchConnection) 
      Write-Host "Successfully obtained synchronization connection!"
  else 
      Write-Host "Failed to obtain user synchronization connection!"
  Write-Host "Adding the attribute mapping..." 
  $synchConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User, $spsProperty, $fimProperty) 
  Write-Host "Done!"
  The script is failing with the following error - 
  new-object : Exception calling ".ctor" with "1" argument(s): "UserProfileApplicationNotAvailableException_Logging :: 
  UserProfileApplicationProxy.ApplicationProperties ProfilePropertyCache does not have 2f9bece3-f39a-498d-874f-145b1470e49c"
  At E:\ADSync.ps1:29 char:14
  + $upManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileConfigMa ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
      + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
  Please let me know if i am missing anything.
  Also advise if this is the correct way to map user profile attribute in SP 2013 ?
  Thanks -
  Girish

  ok no worry,
  try to run the below as it is, i m just copying code from your post.
  Add-PSSnapin Microsoft.Sharepoint.Powershell
  [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
  [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")
  #Function to get servicecontextfunction Get-SPServiceContext([Microsoft.SharePoint.Administration.SPServiceApplication]
  $profileApp)
  $profileApp = @(Get-SPServiceApplication | ?
  {$_.TypeName -eq "MR_DEV_UserProfileServiceApplication"})[0]
  return [Microsoft.SharePoint.SPServiceContext]::GetContext
  ($profileApp.ServiceApplicationProxyGroup,
  [Microsoft.SharePoint.SPSiteSubscriptionIdentifier]::Default)
  $url = "http://sp-appdev:2013" #URL of any site collection that is associated to the user profile service application.
  $spsProperty = "RoomNumber" #Internal name of the SharePoint user profile property
  $fimProperty = "extensionAttribute2" #Name of the attribute in FIM/LDAP source
  $connectionName = "LDAP Sync" #Name of the SharePoint synchronization connection
  #Get UserProfileManager
  $serviceContext = Get-SPServiceContext
  if ($serviceContext)
  {Write-Host "Successfully obtained service context!"}
  else
  {Write-Host "Failed to obtain service context"}
  $upManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileConfigManager($serviceContext)
  if ($upManager)
  {Write-Host "Successfully obtained user profile manager!"}
  else
  {Write-Host "Failed to obtain user profile manager"}
  $synchConnection = $upManager.ConnectionManager[$connectionName]
  if ($synchConnection)
  {Write-Host "Successfully obtained synchronization connection!"}
  else
  {Write-Host "Failed to obtain user synchronization connection!"}
  Write-Host "Adding the attribute mapping..."
  $synchConnection.PropertyMapping.AddNewMapping([Microsoft.Office.Server.UserProfiles.ProfileType]::User, $spsProperty, $fimProperty)
  Write-Host "Done!"
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog