SharePoint Active Directory version support

Similar Messages

• SharePoint 2013 profile service account requirements when using "Use SharePoint Active Directory Import" option

  Hi All,
  I am trying to configure SharePoint Profile service. We would like a straightforward profile import from Active Directory.
  On the "Configure Synchronization Settings" page, we have chosen the option "Use SharePoint Active Directory Import" option.
  We have created a connection to the Active Directory using Configure Synchronization Connections page. We have specified the account that would be used for the import process.
  Question:
  I would like to confirm whether the account configured for the profile import need any special privileges when using "Use SharePoint Active Directory Import" option ?
  Thanks,
  Saurabh

  Grant Replicate Directory Changes permission on a domain
  To do this please follows below procedure
  On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
  On the first page of the Delegation of Control Wizard, click Next.
  On the Users or Groups page, click Add.
  Type the name of the synchronization account, and then click OK.
  Click Next.
  On the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
  On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then clickNext.
  On the Permissions page, in the Permissions box, select Replicating Directory Changes (select Replicate Directory Changes on
  Windows Server 2003), and then click Next.
  Click Finish.
  Thanks & Regards
  ShivaPrasad Pola
  SharePoint Developer 

• SharePoint/Active Directory Workflow

  I have been told at my School, that there is a workflow built that notifies a specific user or group of users when a person has been added to an active directory group. For example, in my scenario, when a new faculty member has been added into Active Directory,
  then the "New Person Checklist Workflow" sends an email to external affairs notifying them.
  Is this in Active Directory or in SharePoint designer?

  Hi Alex,
  Please try using "SharePoint 2013 workfow platform" workflow to send mail to AD security group with mail address, it worked for me.
  Thanks
  Daniel Yang
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• SharePoint, Active Directory and GMail

  Dears,
  I have SharePoint 2013 connected to Active Directory with <MyDomain> as domain name, i also have gmail domain <MyDomain> - same name-, we are creating users on our firm to have the same id and email address on both domains,
  my questions are:
  1- how can i sync this process automatically?
  2- SharePoint is not sending email to users on Gmail, knowing that i used the following code to send email from my sharepoint server and it's working fine,
  sing (SPSite site = new SPSite("http://onlinesrv/"))
                  using (SPWeb web = site.RootWeb)
                      bool sent = SPUtility.SendEmail(web, true, false, "user@<MyDomain>.com", "Test gmail", "From SharePoint Portal using gmail account as smtp");
                      Console.WriteLine(sent.ToString());
  Any help ??!

  Hi Omar,
  According to your description, my understanding is that you want to send email to users that have Gmail in AD.
  Whether you have installed SMTP. You need to install SMTP for using Gmail , more information, please refer to the link:
  Configuring Outgoing email settings in SharePoint with Gmail SMTP
  Also, you need to create a User Profile Service Application, then start a full sync to sync the user profile.
  More information, please take a look at:
  http://maxteo.wordpress.com/2013/01/16/configure-sharepoint-2013-outgoing-email-using-gmail-smtp-and-resolving-user-profile-synchronization/
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• Which domain and forest functional level is supportted for the "Active Directory Resource Pool Synchronization"?

  Hi all,
  I'd like to confirm which Domain/Forest functional levels of Active Directory is supported for "Active Directory Resource Pool Synchronization" in Project Server 2013.
  I guess that 2003 or later is supported, but my customer required reliable sources.
  I googled and searched article at TechNet, but I couldn't find.
  Could anyone inform me the article about that?
  Thank you in advance.
  Kaori.

  Hi Michael and all,
  Anyway I solved this issue.
  I couldn't find article that I desired, so I asked advice to my colleagues and they told that the functional level 2003 or later are supported in their experience.
  In addition, I found these articles about SharePoint sync limitations.
  Members of the domain local group cannot view a Microsoft Office SharePoint Server 2007 Web site
  http://support.microsoft.com/kb/932378/en-us
  SharePoint supportability of Read only Domain controllers
  http://support.microsoft.com/kb/970612

• OIM 9.1.0 Integration with Active Directory 2008 R2

  Hi,
  My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
  My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
  Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
  Any guidance is really appreciated.
  Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
  Is this a working and supported scenario by OIM v9.1.0 ?

  I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
  -Bikash

• Call Manager 9.1 Active Directory Question(s)

  Hello All!
  Firstly let me establish that I am not an administrator of our VoIP system however I do manage the Server side of our network.  We are in the process of planning an Active Directory upgrade and I'm having some difficulty getting a question answered about the requirements for  Call Manager.  We are at version 9.1 of Call Manager currently with our Active Directory version at 2003 R2.  We are planning to upgrade to Active Directory version 2008 R2 (functional level) however we would like to use Server 2012 R2 as the OS for our AD servers.  From a Microsoft standpoint this is a valid solution, it's built into Active Directory that you can run at different "functional levels" of AD on higher server operating systems.  Any Call Manager applications that require a Windows operating system would run on whatever works for that (2003 or 2008 etc).  Can we use Server 2012 R2 as the Domain Controller operating system while running at 2008 R2 functional level for Active Directory and still retain our Cisco support?

  Hi Allen,
  This is from Cisco site (you already may have seen this), though it talk about the directory services but it is specifically mentioned 2008. 2012 may work and specially as you are saying with functional level set to 2008 shouldn't have any issues. But Cisco have not tested that and you may get into support issues (if any).
  Its completely tested and supported with CUCM 10.X
  Version 9:
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/9_0_1/ccmsys/CUCM_BK_CD2F83FA_00_cucm-system-guide-90/CUCM_BK_CD2F83FA_00_system-guide_chapter_010011.html#CUCM_TK_C4E65231_00
  Configure LDAP directory
  If you want to do so, you can add users from your corporate directory to the Cisco Unified Communications Manager database by synchronizing the user data to the database. Cisco Unified Communications Manager allows synchronization from the following directories to the database:
  Microsoft Active Directory 2000
  Microsoft Active Directory 2003
  Microsoft Active Directory 2008
  Microsoft Active Directory Application Mode 2003
  Microsoft Lightweight Directory Services 2008
  iPlanet Directory Server 5.1
  Sun ONE Directory Server 5.2
  Sun ONE Directory Server 6.x
  OpenLDAP 2.3.39
  OpenLDAP 2.4
  Terry

• Re: single log-on (SSO) using Windows 2000 and Active Directory

  Hi Honggo,
  Its possible to see all the Active Directory users in WLS6.1 by
  configuring the ldap realm.
  You can use any of the username/password in ldap but you still have to
  login again.
  However the concept of single sign on across operating system and WLS
  might not work in WLS6.1. WLS 7.0 allows you to write code that
  supports these kind of things better.
  honggo wrote:
  anybody know how to use windows 2k authentication
  (implemented by Active Directory)
  to support SSO in WebLogic Server?
  What I mean is I want to login once and only once
  in win2000 and somehow weblogic server know
  who is currently logon and impose some Access Control
  many regards in advance
  honggo

  Replying again because it didn´t seem to work last time.
  Could you be more specific? What code do I have to write to achive single sing on across Windows and WLS 8.1?
  Regards
  Mauricio Hurtado
  Banco de Mexicio

• AD Redesign / R​estructure / Tools which further Improve / Enhance Active Directory's USABILITY-CONSUMERIZATION

  Hello,
  This Study/Discussion can be beneficial for all of us,
  As we will be able to know or find out what all is best from the both Business as well as Technical aspects to
  in terms :
  AD as a Service.
  AD as an Application.
  Checking IPD for AD does provide details which for the most part are technical which is right as these details are more of best practices irrespective of the nature of function of any company.
  Still there are many tools/utilities/apps/solutions which an organization with
  1. Over 60,000 users/machines
  2. Over 100 Trust Relationships
  3.  Manufacturing sites/locations with equipment's/machinery whose operations-functionality must not be disturbed ever...
  These are few of Real and Practical scenarios Organizations has to manage and with AD once deployed you have to restrict or rather say live with it as this Directory-Service solution is not as Modular as some others are....
  This could be very exhaustive as it is purely an organizations decision.
  However with the help of this forum I want to know which are the best known and recommended tools/apps/solutions regarding the following: 
  1. User/Employee Type Differentiation- Attribute basis, Group-Membership basis more.. which are the known and recommended tools ?
           -  Tool 1
           -  Tool 2
           -  Tool 3
  2. Delegation Model -Delegation of Control/Management of AD objects (Dept./Role Specific) ?
           -  Tool 1
           -  Tool 2
           -  Tool 3
  3. Control Access Rights and Privileges so that resource is only accessible by the respective dept. - Security Policies - User Rights, App-locker/Software-Restriction, NTFS permissions-Claims Token which are other known tools and which all are recommended
  ones..?
           -  Tool 1
           -  Tool 2
           -  Tool 3
  Thanks!
  BR,
  An Extremist

  Hi,
  With Active Directory installed, we have below tools to use to manage AD:
  Active Directory Users and Computers
  Active Directory Domains and Trusts
  Active Directory Sites and Services
  In addition, we also have below command tools:
  Dcdiag, repadmin, adsiedit, ntdsutil and so on
  Please also refer to the below link for Active Directory Management Support Tools
  http://technet.microsoft.com/en-us/library/cc738135(v=ws.10).aspx
  Regards,
  Yan Li
  Regards, Yan Li

• Fix: Active directory corrupted (NTDS ISAM Database Corruption errors in eventlog)

  It worked for me!
  Frank Keunen
  IT-Pro Evangelist :: Microsoft IT Infrastructure Engineer
  Follow the procedure below to fix Microsoft Active Directory database problems (corrupted Active Directory due to e.g memory issues/disk problems):
  1. Reboot the server and press F8. Choose Directory Services Restore Mode from the Menu.
  2. Check the physical location of the Winnt\NTDS\ folder.
  3. Check the permissions on the \Winnt\NTDS folder. The default permissions are: Administrators – Full Control System – Full Control
  4. Check the Winnt\Sysvol\Sysvol folder to make sure it is shared.
  5. Check the permissions on the Winnt\Sysvol\Sysvol share. The default permissions are: Share Permissions: —————— Administrators – Full Control Authenticated Users – Full Control Everyone – Read NTFS Permissions: —————– Administrators – Full Control Authenticated
  Users – Read & Execute, List Folder Contents, Read Creator Owner – none Server Operators – Read & Execute, List Folder Contents, Read System – Full Control Note: You may not be able to change the permissions on these folders if the Active Directory
  database is unavailable because it is damaged, however it is best to know if the permissions are set correctly before you start the recovery process, as it may not be the database that is the problem.
  6. Make sure there is a folder in the Sysvol share labeled with the correct name for their domain.
  7. Open a command prompt and run NTDSUTIL to verify the paths for the NTDS.dit file. These should match the physical structure from Step 2. To check the file paths type the following commands: Start a command prompt NTDSUTIL Files Info The output should
  look similar to: Drive Information: C:\ NTFS (Fixed Drive) free (2.9 Gb) total (3.9 Gb) D:\ NTFS (Fixed Drive) free (3.6 Gb) total (3.9 Gb) DS Path Information: Database : C:\WINNT\NTDS\ntds.dit – 10.1 Mb Backup dir: C:\WINNT\NTDS\dsadata.bak Working dir:
  C:\WINNT\NTDS Log dir : C:\WINNT\NTDS – 30.0 Mb total res2.log – 10.0 Mb res1.log – 10.0 Mb edb.log – 10.0 Mb This information is pulled directly from the registry and mismatched paths will cause Active Directory not to start. Type Quit to end the NTDSUTIL
  session.
  8. Rename the edb.chk file and try to boot to Normal mode. If that fails, proceed with the next steps.
  9. Reboot into Directory Services Restore mode again. At the command prompt, use the ESENTUTL to check the integrity of the database. NOTE: You can use NTDSUTIL to check the Integrity, however esentutl is usually more reliable. Type the following command:
  ESENTUTL /g “\NTDS.dit” /!10240 /8 /v /x /o (Note: Type the path without the quotes). Note: The default path would be C:\Winnt\NTDS\ntds.dit; however it may be different in some cases. The output will tell you if the database is inconsistent and may produce
  a jet_error 1206 stating that the database is corrupt. If the database is inconsistent or corrupt it will need to be recovered or repaired . To recover the database type the following at the command prompt: NTDSUTIL Files Recover If this fails with an error,
  type quit until back at the command prompt and repair the database using ESENTUTL by typing the following: ESENTUTL /p “\NTDS.dit” /!10240 /8 /v /x /o (Note: Type the path without the quotes). Note: If you do not put the switches at the end of the command
  you will most likely get a Jet_error 1213 “Page size mismatch” error.
  10. Delete the log files in the NTDS directory, but do not delete or move the ntds.dit file.
  11. The NTDSUTIL tool needs to be run again to check the Integrity of the database and to perform a Semantic Database analysis. To check the integrity, at the command prompt type: NTDSUTIL Files Integrity The output should tell you that the integrity check
  completed successfully and prompt that you should perform a Semantic Database Analysis. Type quit. To perform the Semantic Database Analysis type the following at the NTDSUTIL Prompt type: Semantic Database Analysis Go The output will tell you that the Analysis
  completed successfully. Type quit and closes the command prompt. NOTE: If you get errors running the Analysis then type the following at the semantic checker prompt: semantic checker: go fix This puts the checker in Fixup mode, which should fix whatever errors
  there were.
  12. Reboot the server to Normal Mode. If any of these steps fail to recover the database the only alternative is to perform an Authoritative System State restore from backup in Directory Services Restore mode. For more information, please refer to the following
  articles: 315136 HOW TO: Complete a Semantic Database Analysis for the Active Directory http://support.microsoft.com/?id=315136 265706 DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation http://support.microsoft.com/?id=265706 258007
  Error Message: Lsass.exe – System Error : Security Accounts Manager http://support.microsoft.com/?id=258007 265089 Event 1168: Windows 2000 DCs Unable to Boot into Active Directory http://support.microsoft.com/?id=265089 315131 HOW TO: Use Ntdsutil to Manage
  Active Directory Files from the Command http://support.microsoft.com/?id=315131 BR – Frank

  Frank: This procedure (with some variations required for my environment) worked
  perfectly. Thank you very much.
  To other readers: The procedure works, but it is a loaded gun. Be careful and methodical.
  The specifics of my situation, which I offer as additional information, are:
  Windows Server 2003 R2 Standard Edition SP2 with all updates.
  One server, 20 clients; of course the server is the domain controller.
  I suggest running the command prompt window at an elevated security level ("run as:", followed by unchecking the "restricted" box).
  I also suggest changing directories to C:\WINNT\NTDS or C:\WINDOWS\NTDS, as appropriate.
  Variations:
  The location of the NTDS folder is C:\WINDOWS\NTDS for an install that is not an upgrade from Server 2000.
  Step 9 -- the parameters for ESENTUTL are different. For the integrity check I used "ESENTUTL /g NTDS.DIT /8" as the other parameters are not available.
  Also in step 9 -- For the repair step that was required I used "ESENTUTL /p NTDS.DIT /8". There was a window warning of a possible data loss, which clicking OK cleared.
  Step 11 -- NTDSUTIL FILES INTEGRITY works properly without change. However, the Semantic Database Analysis check cannot be run in a single command. I used "NTDSUTIL SEMANTIC DATABASE ANALYSIS" followed by "GO" at the next prompt. The database analysis does
  not report a positive result, but if there is no warning the database passes the analysis. To be certain I ran the "GO FIX" step anyway, which gave identical output.
  After this procedure the system started perfectly. I recommend this procedure as the answer to the problem.
    -- E. R. Quinones

• Difference between Windows NT domain registry and Active Directory registry

  What are the difference(s) ?

  Frank, thanks for your response :)
  I want WebSphere Application Server to take advantage of a directory service. There are multiple options available for a directory service. 
  In my configuration the requirement is to make WebSphere Application server to use Microsoft's Active Directory. 
  While I was going through (WebSphere) documentation, I see following note.
  " With Windows NT domain registry support for Windows 2000 and 2003 domain
  controllers, WebSphere Application Server only supports Global groups that are the Security type. It is recommended that you use the Active Directory registry support rather than a Windows NT domain registry if you use Windows 2000 and 2003 domain controllers
  because the Active Directory supports all group scopes and types. The Active Directory also supports a nested group that is not support by Windows NT domain registry. The Active Directory is a centralized control registry."
  You can find the above note in this link (somewhere after 7th line)
  http://www-01.ibm.com/support/knowledgecenter/SSAW57_7.0.0/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/csec_localos.html?cp=SSAW57_7.0.0%2F3-11-5-1-0-0
  Does it mean that they are recommending to use Active Directory over Windows NT (which is an older approach) with windows server 2000 or windows server 2003 because Active directory is
  advanced ?
  I was under the impression that, Active Directory was started with Microsoft Windows Server 2003 and Windows NT registry was used till Windows 2000 server.
  After going through above links, 
  Windows NT registry in an old method. However, it is compatible with Windows Server 2000 and Windows server 2003 but it is recommended to use Active directory with Windows Serve 2003 as it is more advanced. And the same is recommended in WebSphere documentation
  (I am aware that support for Windows Server 2000 is over and only extended support is available for Windows Server 2003 however this is to clear doubt). Is my understanding correct ? And does windows server 2000 also support both i.e we can use either Windows
  NT registry or Active directory and similarly, Either of them (Windows NT or Active Directory) could be used with Windows Server 2003 ?
  And if I got it correct, Is Windows NT and Active Directory, both directory service offering from Microsoft? While NT being an old method and Active Directory being a new/advanced approach ?

• SBS 2008 - Microsoft Azure Active Directory Module for Windows PowerShell - is not supported by your version

  Hi,
  I was following the artigle (http://www.messageops.com/resources/office-365-documentation/ad-fs-with-office-365-step-by-step-guide/) but
  when try to install the 'Office 365 PowerShell Module' shows a msg saying that 'windows azure active directory module for windows powershell is not supported by your version'.
  And according to the blog (http://blogs.office.com/2014/04/15/synchronizing-your-directory-with-office-365-is-easy/) "DirSync can be
  installed on an existing domain controller"
  >>>> Any help is appreciated.
  * Similar issue: http://www.adaxes.com/forum/post7398.html

  Ok Vasil tks for reply, but this server is 64x. I dont get the point.
  Microsoft Windows [Version 6.0.6002]
  C:\Users\Administrator>set
  ALLUSERSPROFILE=C:\ProgramData
  APPDATA=C:\Users\Administrator\AppData\Roaming
  CLIENTNAME=ANJOTEC_NOTE01
  CommonProgramFiles=C:\Program Files\Common Files
  CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
  COMPUTERNAME=COMPANYBR-SERVER
  ComSpec=C:\Windows\system32\cmd.exe
  FP_NO_HOST_CHECK=NO
  HOMEDRIVE=C:
  HOMEPATH=\Users\Administrator
  lib=C:\Program Files\SQLXML 4.0\bin\
  LOCALAPPDATA=C:\Users\Administrator\AppData\Local
  LOGONSERVER=\\COMPANYBR-SERVER
  NUMBER_OF_PROCESSORS=4
  OS=Windows_NT
  Path=C:\ProgramData\Oracle\Java\javapath;C:\Program Files\HP\NCU;C:\Windows\sys
  em32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\
  1.0\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program File
  (x86)\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Serve
  \90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program F
  les (x86)\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files (x86)\Microsoft SQ
  Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft Vis
  al Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\ExchangeMapi\
  C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x
  6)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Rox
  o Shared\9.0\DLLShared\;C:\Program Files\Microsoft\Exchange Server\bin;C:\Progr
  m Files\Microsoft\Exchange Server\Scripts
  PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
  PROCESSOR_ARCHITECTURE=AMD64
  PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
  PROCESSOR_LEVEL=6
  PROCESSOR_REVISION=1e05
  ProgramData=C:\ProgramData
  ProgramFiles=C:\Program Files
  ProgramFiles(x86)=C:\Program Files (x86)
  PROMPT=$P$G
  PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
  PUBLIC=C:\Users\Public
  RoxioCentral=C:\Program Files (x86)\Common Files\Roxio Shared\9.0\Roxio Central
  3\
  SESSIONNAME=RDP-Tcp#0
  SystemDrive=C:
  SystemRoot=C:\Windows
  TEMP=C:\Users\Administrator\AppData\Local\Temp\2
  TMP=C:\Users\Administrator\AppData\Local\Temp\2
  USERDNSDOMAIN=COMPANYBR.LOCAL
  USERDOMAIN=COMPANYBR
  USERNAME=administrator
  USERPROFILE=C:\Users\Administrator
  windir=C:\Windows
  C:\Users\Administrator>

• New Version of the Azure Active Directory Module and PowerShell 2.0

  Since the last upgrade of the Azure Active Directory Module for Windows PowerShell (64-bit version), we are no longer able to load it in an application targeting .NET Framework 3.5 SP1. The error message that we receive is:
  Could not load file or assembly 'file:///C:\Windows\system32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll' or one of its dependencies. This assembly is built by a runtime newer
  than the currently loaded runtime and cannot be loaded.
  Our application loads and uses the Azure AD PowerShell Module for Azure AD management. The previous version of the module available until September worked well, however, we cannot use the new version because it is built using the .NET Framework 4.0 runtime,
  and our application targets .NET Framework 3.5 SP1.
  The link for the old version of the module was removed, and since the EULA for the module restricts us from making the old version available on our web site, we need a solution that would enable us
  to load the module in our application because we cannot retarget the application to a newer Framework version. In particular,
  we need a link that our customers can use to download the old version of the module.
  Is there a URL to the old version of the Azure Active Directory Module that we can download the old version from? Can someone help?

  Hi Vladimir,
  Since I'm not familiar with AZure AD, to get the old version of Azure AD Module, I also recommend you can post in Azure AD forum for more effective support:
  http://social.msdn.microsoft.com/forums/azure/en-US/home?forum=WindowsAzureAD
  However, for the error you posted, as you said, this is related to .NET version.
  I found a similar error, which was solved by upgrading the Powershell version 3.0 on Server 2008 R2 sp1, which also need to update the .NET version on server.
  Active Directory Single sign-on Office 365 Powershell Error
  If there is anything else regarding the powershell, please feel free to post back.
  Best Regards,
  Anna Wang
  Anna, yep upgrading to version 3.0 simple solve the issue. But WMF 3.0 is not compatible with few things like
  SharePoint 2010, Exchange 2007 , SCCM etc.
  WMF 3.0 has the same .NET version so how about making a configuration file in version 2.0
  I am not really sure if Azure support this but its worth to make your configuration file to support .NET 4.0
  $PShome\PowerShell_ISE.CONFIG and $PSHOME\PowerShell.exe.config will be not existing.
  So you can make an entry in configuration to support .NET framework 4.0
  like shown below
  $config_text = @"
  <?xml version="1.0"?>
  <configuration>
  <startup useLegacyV2RuntimeActivationPolicy="true">
  <supportedRuntime version="v4.0.30319"/>
  <supportedRuntime version="v2.0.50727"/>
  </startup>
  </configuration>
  $config_text| Out-File $pshome\powershell.exe.config
  $config_text| Out-File $pshome\powershell_ise.exe.config
  Close PowerShell Console and open as administrator.
  Try loading the modules back and let me know.
  Regards Chen V [MCTS SharePoint 2010]

• SharePoint 2013 Active Directory Groups represented as c:0+.w| SID in UserInformation list instead of c:0+.w|Domain\Groupname

  Hi
  We are running on SharePoint Server 2013.When we add AD groups as permissions, we see that the group name is being displayed properly in the permissions. Whereas when I click on the groupname I see the SID with the Sharepoint specific claims characters,
  instead of domain\groupname. I understand that the claims characters are because of claims mode. But I expected domain\groupname instead of SID. Is this the right behaviour.
  When I call SiteData.GetContent web service, I get the SID of the group name instead of the domain\groupname.
  Can someone please clarify?
  Thanks
  Naga

  Hi,
  Yes, the identity claim for an AD group is based on the SID of the group. The claim encoding for an Active Directory group consists of the following sections:
  c:0+.w|<SID>
  •"c" for a claim other than identity
  •"+" for a group SID
  •"." for a string
  •"w" for a Windows claim
  More information:
  http://www.sharepointfire.com/MyBlog/2013/11/get-ad-group-identity-claim-in-sharepoint-2013/
  Thanks,
  Dennis Guo
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Dennis Guo
  TechNet Community Support

• Active Directory SSO Sharepoint with External sources

  I hope someone can advise me.  We use Active Directory (AD FS 2.0 SAML) for authorization/authentication for SSO.  Our new library platform that is hosted by a 3rd party complies with CAS 3 (SAML is only supported with CAS 4) they have no plans
  to update to CAS 4 anytime soon.
  How can I achieve a SSO solution from our SharePoint for users to have seamless access to their respective libraries using the attributes in AD??

  where did you see this error ? is there anymore details.
  i think the account you are using for Sync does not have Replicate Directory Changes permission in AD. follow below article and give Replicate directory changes permission.
  http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
  Thanks, Noddy