Using oauth2 flows of Azure Acite Directory (AAD), in API

Similar Messages

• [Exchange-Online][EWS-XML][JAVA][OAUTH2] Getting HTTP status code 500 when using OAUTH2 client credential grant flow as authorization method

  Hi,
  i'm working on enhancing a service to be able to use OAUTH2 as authentication protocol with client credential grant flow when talking to exchange online ( like described here:
  http://blogs.msdn.com/b/exchangedev/archive/2015/01/22/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx ). I gave my application the rights 
  Office 365 Exchange Online : Application Permissions: "Have full access via EWS to all mailboxes ....."
  Windows Azure Active AD: Application Permissions: "Read Directory data", Delegate Permissions: "Enable sign-on and read users_ profiles" 
  I receive a access token from log.windows.net:
  decoded token:
   typ: "JWT",
   alg: "RS256",
   x5t: "MnC_VZcATfM5pOYiJHMba9goEKY"
   aud: "https://outlook.office365.com/",
   iss: "https://sts.windows.net/<TENANT_ID>/",
   iat: 1426584502,
   nbf: 1426584502,
   exp: 1426588402,
   ver: "1.0",
   tid: "<TENANT_ID>",
   roles: [
    "full_access_as_app"
   oid: "1ddbdc11-b80d-4d1d-91b9-5b07a6b82659",
   sub: "1ddbdc11-b80d-4d1d-91b9-5b07a6b82659",
   idp: "https://sts.windows.net/TENANT_ID/",
   appid: "<APP_ID_IN_AZURE_AD>",
   appidacr: "2"
  <SIGNATURE>
  If i use that token then to send a EWS XML to exchange online i get a 500 HTTP status code back:
  With impersonation in the request:
  [http.wire ]: >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
  [http.wire ]: >> "Authorization: Bearer <MY_ACCESS_TOKEN>[\r][\n]"
  [http.wire ]: >> "SoapAction: "http://schemas.microsoft.com/exchange/services/2006/messages/GetFolder"[\r][\n]"
  [http.wire ]: >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
  [http.wire ]: >> "User-Agent: OpenScapeUC EWS HttpClient/3.0[\r][\n]"
  [http.wire ]: >> "client-request-id: 5b2c7e1a-656d-4f43-bd34-ea2d6290611f[\r][\n]"
  [http.wire ]: >> "Date: Tue, 17 Mar 2015 10:08:17 GMT[\r][\n]"
  [http.wire ]: >> "Content-Length: 1189[\r][\n]"
  [http.wire ]: >> "Host: outlook.office365.com[\r][\n]"
  [http.wire ]: >> "Connection: Keep-Alive[\r][\n]"
  [http.wire ]: >> "[\r][\n]"
  [http.wire ]: >> "<?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><ns2:ExchangeImpersonation xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types"
  xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages"><ns2:ConnectingSID><ns2:PrimarySmtpAddress><THE_MAILBOX_I_WANT_TO_ACCESS></ns2:PrimarySmtpAddress></ns2:ConnectingSID></ns2:ExchangeImpersonation><ns2:RequestServerVersion
  xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages" Version="Exchange2007_SP1"/></S:Header><S:Body><ns3:GetFolder xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types"
  xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages"><ns3:FolderShape><ns2:BaseShape>IdOnly</ns2:BaseShape><ns2:AdditionalProperties><ns2:FieldURI FieldURI="folder:FolderId"/></ns2:AdditionalProperties></ns3:FolderShape><ns3:FolderIds><ns2:DistinguishedFolderId
  Id="contacts"><ns2:Mailbox><ns2:EmailAddress><THE_MAILBOX_I_WANT_TO_ACCESS></ns2:EmailAddress></ns2:Mailbox></ns2:DistinguishedFolderId></ns3:FolderIds></ns3:GetFolder></S:Body></S:Envelope>"
  [http.wire ]: << "HTTP/1.1 500 Internal Server Error[\r][\n]"
  [http.wire ]: << "Cache-Control: private[\r][\n]"
  [http.wire ]: << "Content-Type: text/xml; charset=utf-8[\r][\n]"
  [http.wire ]: << "Server: Microsoft-IIS/8.0[\r][\n]"
  [http.wire ]: << "request-id: ec42b5c5-f8dc-498d-ae16-d851a852058c[\r][\n]"
  [http.wire ]: << "Set-Cookie: ClientId=<DELETED>; expires=Wed, 16-Mar-2016 10:08:17 GMT; path=/; secure; HttpOnly[\r][\n]"
  [http.wire ]: << "X-CalculatedBETarget: am2pr02mb0387.eurprd02.prod.outlook.com[\r][\n]"
  [http.wire ]: << "X-DiagInfo: AM2PR02MB0387[\r][\n]"
  [http.wire ]: << "X-BEServer: AM2PR02MB0387[\r][\n]"
  [http.wire ]: << "X-AspNet-Version: 4.0.30319[\r][\n]"
  [http.wire ]: << "Set-Cookie: exchangecookie=<DELETED>; expires=Thu, 17-Mar-2016 10:08:17 GMT; path=/; HttpOnly[\r][\n]"
  [http.wire ]: << "Set-Cookie: [email protected]=<DELETED>; expires=Thu, 16-Apr-2015 10:08:18 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
  [http.wire ]: << "Set-Cookie: [email protected]=<DELETED>; expires=Thu, 16-Apr-2015 10:08:18 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
  [http.wire ]: << "X-Powered-By: ASP.NET[\r][\n]"
  [http.wire ]: << "X-FEServer: DB5PR01CA0064[\r][\n]"
  [http.wire ]: << "Date: Tue, 17 Mar 2015 10:08:17 GMT[\r][\n]"
  [http.wire ]: << "Content-Length: 891[\r][\n]"
  [http.wire ]: << "Accept-Ranges: none[\r][\n]"
  [http.wire ]: << "Connection: keep-alive[\r][\n]"
  [http.wire ]: << "[\r][\n]"
  Without impersonation in the request:
  Request
  [http.wire ]: >> "POST /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
  [http.wire ]: >> "Authorization: Bearer <MY_ACCESS_TOKEN>[\r][\n]"
  [http.wire ]: >> "SoapAction: "http://schemas.microsoft.com/exchange/services/2006/messages/GetFolder"[\r][\n]"
  [http.wire ]: >> "Content-Type: text/xml; charset=utf-8[\r][\n]"
  [http.wire ]: >> "User-Agent: OpenScapeUC EWS HttpClient/3.0[\r][\n]"
  [http.wire ]: >> "client-request-id: 20bd722f-8276-4ebb-8d58-ce45d31f3ed4[\r][\n]"
  [http.wire ]: >> "Date: Tue, 17 Mar 2015 09:33:24 GMT[\r][\n]"
  [http.wire ]: >> "Content-Length: 871[\r][\n]"
  [http.wire ]: >> "Host: outlook.office365.com[\r][\n]"
  [http.wire ]: >> "Connection: Keep-Alive[\r][\n]"
  [http.wire ]: >> "[\r][\n]"
  [http.wire ]: >> "<?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Header><ns2:RequestServerVersion xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types"
  xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages" Version="Exchange2007_SP1"/></S:Header><S:Body><ns3:GetFolder xmlns:ns2="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ns3="http://schemas.microsoft.com/exchange/services/2006/messages"><ns3:FolderShape><ns2:BaseShape>IdOnly</ns2:BaseShape><ns2:AdditionalProperties><ns2:FieldURI
  FieldURI="folder:FolderId"/></ns2:AdditionalProperties></ns3:FolderShape><ns3:FolderIds><ns2:DistinguishedFolderId Id="contacts"><ns2:Mailbox><ns2:EmailAddress><THE_MAILBOX_I_WANT_TO_ACCESS></ns2:EmailAddress></ns2:Mailbox></ns2:DistinguishedFolderId></ns3:FolderIds></ns3:GetFolder></S:Body></S:Envelope>"
  Response:
  [http.wire ]: << "HTTP/1.1 500 Internal Server Error[\r][\n]"
  [http.wire ]: << "Cache-Control: private[\r][\n]"
  [http.wire ]: << "Content-Type: text/xml; charset=utf-8[\r][\n]"
  [http.wire ]: << "Server: Microsoft-IIS/8.0[\r][\n]"
  [http.wire ]: << "request-id: 923ba463-490f-4ac9-a496-993cd8a44115[\r][\n]"
  [http.wire ]: << "Set-Cookie: ClientId=<DELETED>; expires=Wed, 16-Mar-2016 09:33:24 GMT; path=/; secure; HttpOnly[\r][\n]"
  [http.wire ]: << "X-CalculatedBETarget: am2pr02mb0387.eurprd02.prod.outlook.com[\r][\n]"
  [http.wire ]: << "X-DiagInfo: AM2PR02MB0387[\r][\n]"
  [http.wire ]: << "X-BEServer: AM2PR02MB0387[\r][\n]"
  [http.wire ]: << "X-AspNet-Version: 4.0.30319[\r][\n]"
  [http.wire ]: << "Set-Cookie: exchangecookie=<DELETED>; expires=Thu, 17-Mar-2016 09:33:25 GMT; path=/; HttpOnly[\r][\n]"
  [http.wire ]: << "Set-Cookie: [email protected]=<DELETED>; expires=Thu, 16-Apr-2015 09:33:25 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
  [http.wire ]: << "Set-Cookie: [email protected]=<DELETED>; expires=Thu, 16-Apr-2015 09:33:25 GMT; path=/EWS; secure; HttpOnly[\r][\n]"
  [http.wire ]: << "X-Powered-By: ASP.NET[\r][\n]"
  [http.wire ]: << "X-FEServer: AM3PR07CA0038[\r][\n]"
  [http.wire ]: << "Date: Tue, 17 Mar 2015 09:33:24 GMT[\r][\n]"
  [http.wire ]: << "Content-Length: 799[\r][\n]"
  [http.wire ]: << "Accept-Ranges: none[\r][\n]"
  [http.wire ]: << "Connection: keep-alive[\r][\n]"
  If i use BASIC authentication and impersonation the request is successfully. 
  Has anyone an idea why i might get the error 500 in that scenario?

  For EWS to work with App Token, you need to do two more things. One you already did: Set the impersonation header. Two is to set the X-AnchorMailbox http request header to the smtp address of the mailbox you want to access. This routes the request instantly
  to the right backend.
  Hope this helps.
  Thank you! Matthias

• Getting AADSTS50020 error on microsoft login page when using Azure Active Directory Authentication

  We have implemented Azure Ad single sign on using auto generated code from Visual studio 2013 with organization account authentication and its working fine.
  The problem is when user is logged in in azure management portal with his live account and in other tab he try to open our app, then he directly gets below error on Microsoft login page.
  Additional technical information:
  Correlation ID: 78e13474-6f92-40ec-b463-91e36a6dae84
  Timestamp: 2015-04-14 12:27:20Z
  AADSTS50020:
  User account '[email protected]' from external
  identity provider 'live.com' is not supported for application
  'https://xxxxx.onmicrosoft.com/xxxx'. The account needs to
  be added as an external user in the tenant. Please sign out and sign in
  again with an Azure Active Directory user account.
  It works fine if I log out from management portal. Is there any way to resolve this issue without forcing user to log out from live account(management portal)?

  I assume you created a web application using VS2013 which uses the WS-Federation protocol.
  The behavior that you are seeing is expected Single-sign-on because you are logged in using the live account in the management portal.
  For WS-Federation, there is no current way for a caller to specify they want to force a fresh login, so the behavior is always the equivalent of LoginBehavior.Normal.
  The user will need to either sign-out or use an in-private session in the browse.
  If you switch to openID connect(sample at
  https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet) and use the “prompt=login” query paramerter in the sign in request, this will force a fresh login.

• How to authenticate Username and password in MVC using Azure Active Directory

  Need a sample application where in need to authenticate user entered logindetails using Azure Active directory.

  Hi,
  Kindly go through beneath article which helpful to understand the procedure.
  How to Authenticate Web Users with Azure Active Directory Access Control
  http://azure.microsoft.com/en-in/documentation/articles/active-directory-dotnet-how-to-use-access-control/
  Developing ASP.NET Apps with Windows Azure Active Directory
  http://www.asp.net/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory
  Adding Sign-On to Your Web Application Using Azure AD
  https://msdn.microsoft.com/en-us/library/azure/dn151790.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Where do i find the Azure Active Directory tenant name?

  Where do i find the Azure AD tenant name? Pretty basic question I know, but everyone seems to assume that the answer to this question is in no need of explaining. I am guessing it is the same as the default domain name of the active directory (xxxx.onmicrosoft.com
  e.g.).
  The following explanation of an AD tenant I found on the internet really worries me. I have only the vaguest idea of what is being discussed.
  Tenants and Subscriptions
  AAD tenants are cloud-based directory service instances and are only indirectly related to Azure subscriptions through identities. That is identities can belong to an AAD tenant and identities can be co-administrator(s) of Azure subscription.
  There is no direct relationship between the Azure subscription and the AAD tenant except the fact that they might share user identities. An example of an AAD tenant may be
  contoso.onmicrosoft.com. An identity in this AAD tenant the same as a user’s
  OrgID.
  Azure subscriptions are different than AAD tenants. Azure subscriptions have co-administrator(s) whose permissions are not related to permissions in an AAD tenant. An Azure subscription can include a number of Azure services and
  are managed using the Azure Portal. An AAD tenant can be one of those services managed using the Azure Portal.

  Directory / Tenant equals the same thing in essence, when someone is asking you your Tenant Name or Directory Name they are probably asking for the *.onmicrosoft.com domain name. This can be found under the 'Domains' Tab. 
  The Company ID or GUID is referring to as the Object ID of the Tenant. You can see this exposed in different areas i.e. Application EndPoints etc. Generally speaking, If you use the name *.onmicrosoft.com you will get a long fine. If your developing applications
  then sometimes they would require the GUID in which case you will most likely be exposed the EndPoint URL an dthe GUID piece in the middle is the Tenant / Directory GUID. 
  James.

• Cannot install Windows Azure Active Directory Sync tool on Server 2012 w/ SQL Server 2012

  I went to change a user password on the server today and after changing the password I logged into the SQL server to run “Import-module dirsync” & “Start-onlinecoexistencesync” in powershell in order to sync the new password with Exchange Online. After
  waiting ten minutes I tried setting up the email on the user’s PC but the new password was not being accepted. I logged into Office 365 and I got the following warning.
  "Warning: Last synced more than 3 days ago | Troubleshoot"
  So I pressed troubleshoot and the site installed a tool on the server to try and find out what the issue was. After the tool ran it told me that the version of dirsync.exe was out of date and that I should download the new one and install it. So I downloaded
  the new dirsync.exe (version 7020 I believe) and tried installing it. I kept getting error after error, different ones to boot.
  First it told me I wasn’t part of the FIMSyncAdmins group (so I added myself), then it told me that it could not connect to MIIS server,  so I tried starting it and windows said that there was a problem with the sign on used by the service so I had
  to reset the password for the local user named “AAD_bfd1d6f0cef7” which was being used by that service. The service started successfully and when I went to install it told me I could not and if the problem persisted I should uninstall the old version and reinstall.
  Looking in the log file, before I even install the software I see the following Information...
  Level: Information
  Date: 2015-03-24 12:49:17 PM
  Source: Directory Synchronization
  Event ID: 0
  Task Category: None
  "The current configuration of the Windows Azure Active Directory Sync tool is invalid. Please reinstall the Windows Azure Active Directory Sync tool."
  So I tried to reinstall (i even manually uninstalled the old version and removed the folder in C:\Program Files\ called "Windows Azure Active Directory Sync") and on reinstall I get as far as "Installing Components" and then after a little
  while it errors out with the error "The install was unable to setup a required component. Check the event logs for more information. Please try the installation again and if the error persists, contact Technical Support. "
  Looking at the log file there are a bunch of new entries, created by the installer. There's over 300 new entries and I can not post them all here due to character count restriction. you can find the log file here...
  www.clarkfreightways.com/wp-content/uploads/2015/03/dirsync_log.txt
  Can anyone tell me what is going on, I've been looking through the log files and I can see errors but I'm not sure what to do to fix it.

  Greetings!
  Wanted to know if you've hosted the DirSync tool (latest version) on a VM? Also, if this is deployed in a Production or Lab environment? If it's a lab setup, you may
  try installing the DirSync on a new VM / Server (suspecting that it could be some machine related issues).
  Here's a Support KB helping with different errors:
  http://support.microsoft.com/en-us/kb/2684395
  If its a production environment, would suggest to raise a
  Technical Support Ticket for assisting further with break-fix.
  Thank you,
  Arvind 

• AADSync and Azure Active Directory Device Registration Service

  Now I try to implement Azure Active Directory Device Registration Service with AADSync.
  According to step-by-step guide, it has to execute "Enable-MSOnlineObjectManagement" cmdlet.
  Step-by-Step Guide for On-premises Conditional Access using Azure Active Directory Device Registration Service
  https://msdn.microsoft.com/en-us/library/azure/dn788908.aspx
  Unfortunately, AADsync doestn't have "Enable-MSOnlineObjectManagement", and can't find similar cmdlet.
  I'm looking for cmdlet for device object synchronization.
   Does anyone know alternate cmdlet?

  Hi,
  Thanks for your post.
  You need to use the command import-module DirSync in PowerShell, then running the command "get-command -m Microsoft.Online.Conexistence.PS.config", you will find the cmdlet "Enable-MSOnlineObjectManagement"
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to purchase Azure Active Directory Premium?

  How do you purchase Azure Active Directory Premium?
  I have had a trial, which has expired. I get an email saying to go to the Intune (?) portal:
  Follow these easy steps to purchase a subscription: 
  1)   Sign in to the Microsoft Intune Account Portal, with your User ID
  2)   On the Admin page, on the left pane, under Subscriptions, click Manage.
  3)   Find Microsoft Azure Active Directory Premium trial, and click on it.
  4)   On the Subscription details page click Buy now.
  5)   Follow the steps in the purchasing wizard to complete the purchase process.
  There is no trial subscription and no way to purchase. There has been some discussion that you require an Enterprise Agreement to purchase it:
  http://azure.microsoft.com/en-us/pricing/details/active-directory/

  Hi, 
  If you login to portal.office.com with your username and password and then click on 'Purchase Services' on the left hand side you should be able to go ahead and directly purchase AAD Premium. http://www.edutech.me.uk/active-directory/azure-ad-premium-now-available-via-direct-purchase/
  Thanks, 
  James.

• Windows Azure Active Directory Sync Setup

  Hi,
  Currently trying to install Windows Azure Active Directory Sync tool for use with Office 365.
  After five attempts to install the Sync Tool, I finally had some luck, now I am configuring the Sync tool and have been given the following error "A constraint violation occurred"
  In looking at the event logs this is the information I get:
  System.Management.Automation.CmdletInvocationException: A constraint violation occurred. ---> System.DirectoryServices.DirectoryServicesCOMException: A constraint violation occurred. at System.DirectoryServices.DirectoryEntry.CommitChanges() at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.DirectoryEntry.CommitChanges()
  at Microsoft.Online.Coexistence.PS.Config.EnableMSOnlineRichCoexistence.GrantWritePropertyPermission(SecurityIdentifier securityIdentifier, String groupDn) at Microsoft.Online.Coexistence.PS.Config.MSOnlineRichCoexistenceBase.GrantPermission(Action`2 grantPermissionAction)
  at Microsoft.Online.Coexistence.PS.Config.EnableMSOnlineRichCoexistence.InternalBeginProcessing() at Microsoft.Online.Coexistence.PS.Config.MSOnlineConfigCmdlet.BeginProcessing() at System.Management.Automation.Cmdlet.DoBeginProcessing() at System.Management.Automation.CommandProcessorBase.DoBegin()
  --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at Microsoft.Online.DirSync.PowerShellAdapter.PowerShellCommand.ExecuteCommand(Command command, Boolean refreshPath)
  Suggestions?
  Thanks

  Hi,
  According to your description, it seems that you have installed Azure Active Directory Sync tool successfully, right? What configuration have you done when you got that error message?
  Firstly, I recommend you to check the event logs for more detailed information about this issue.
  In general, it is recommended to install the Directory Sync tool on a member server rather than a Domain Controller. If you installed Azure Active Directory Sync Tool on a Domain Controller, please uncheck “Start Configuration Wizard now”
  checkbox and then log off and log in again to configure the Azure Active Directory Sync Tool Configuration Wizard. If you forget to follow the above process, the Configuration Wizard will return an error "Constraint Violation Error".
  Besides, please also check the permission of the system account. You can add it into the built-in Administrators group in your on-premise domain to see if the issue persists.
  More information:
  HowTo: Install the Windows Azure Active Directory Sync Tool
  Best regards,
  Susie

• New Version of the Azure Active Directory Module and PowerShell 2.0

  Since the last upgrade of the Azure Active Directory Module for Windows PowerShell (64-bit version), we are no longer able to load it in an application targeting .NET Framework 3.5 SP1. The error message that we receive is:
  Could not load file or assembly 'file:///C:\Windows\system32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll' or one of its dependencies. This assembly is built by a runtime newer
  than the currently loaded runtime and cannot be loaded.
  Our application loads and uses the Azure AD PowerShell Module for Azure AD management. The previous version of the module available until September worked well, however, we cannot use the new version because it is built using the .NET Framework 4.0 runtime,
  and our application targets .NET Framework 3.5 SP1.
  The link for the old version of the module was removed, and since the EULA for the module restricts us from making the old version available on our web site, we need a solution that would enable us
  to load the module in our application because we cannot retarget the application to a newer Framework version. In particular,
  we need a link that our customers can use to download the old version of the module.
  Is there a URL to the old version of the Azure Active Directory Module that we can download the old version from? Can someone help?

  Hi Vladimir,
  Since I'm not familiar with AZure AD, to get the old version of Azure AD Module, I also recommend you can post in Azure AD forum for more effective support:
  http://social.msdn.microsoft.com/forums/azure/en-US/home?forum=WindowsAzureAD
  However, for the error you posted, as you said, this is related to .NET version.
  I found a similar error, which was solved by upgrading the Powershell version 3.0 on Server 2008 R2 sp1, which also need to update the .NET version on server.
  Active Directory Single sign-on Office 365 Powershell Error
  If there is anything else regarding the powershell, please feel free to post back.
  Best Regards,
  Anna Wang
  Anna, yep upgrading to version 3.0 simple solve the issue. But WMF 3.0 is not compatible with few things like
  SharePoint 2010, Exchange 2007 , SCCM etc.
  WMF 3.0 has the same .NET version so how about making a configuration file in version 2.0
  I am not really sure if Azure support this but its worth to make your configuration file to support .NET 4.0
  $PShome\PowerShell_ISE.CONFIG and $PSHOME\PowerShell.exe.config will be not existing.
  So you can make an entry in configuration to support .NET framework 4.0
  like shown below
  $config_text = @"
  <?xml version="1.0"?>
  <configuration>
  <startup useLegacyV2RuntimeActivationPolicy="true">
  <supportedRuntime version="v4.0.30319"/>
  <supportedRuntime version="v2.0.50727"/>
  </startup>
  </configuration>
  $config_text| Out-File $pshome\powershell.exe.config
  $config_text| Out-File $pshome\powershell_ise.exe.config
  Close PowerShell Console and open as administrator.
  Try loading the modules back and let me know.
  Regards Chen V [MCTS SharePoint 2010]

• Windows Azure Active Directory MA - Maximum number of items that can be serialized or deserialized in an object graph is '500000'. Change the object graph or increase the MaxItemsInObjectGraph quota.

  Trying to use WAAD with FIM 2010 R2 SP1 (4.1.3496.0) and during export several objects cause a warning/info with:
  Maximum number of items that can be serialized or deserialized in an object graph is '500000'. Change the object graph or increase the MaxItemsInObjectGraph quota.
  I looked, this appears hard coded into the MA, anyone know what causes this? My best guess is something like a large group membership? Does anyone know what the limits around the WAAD MA are?
  Here is the indepth error logged during the failure:
  ProvisioningServiceAdapter::ExecuteWithRetry: Action: Export, Attempt: 0, Exception: Microsoft.Online.Coexistence.ProvisionRetryException: Unable to communicate with the Windows Azure Active Directory service. Tracking ID: e94e6020-8434-4aa7-9a29-b2edf7fe6b2e
  See the event log for more details. ---> System.ServiceModel.CommunicationException: There was an error while trying to serialize parameter http://schemas.microsoft.com/online/aws/change/2010/01:syncObjects. The InnerException message was 'Maximum number
  of items that can be serialized or deserialized in an object graph is '500000'. Change the object graph or increase the MaxItemsInObjectGraph quota. '.  Please see InnerException for more details. ---> System.Runtime.Serialization.SerializationException:
  Maximum number of items that can be serialized or deserialized in an object graph is '500000'. Change the object graph or increase the MaxItemsInObjectGraph quota.
     at System.Runtime.Serialization.XmlObjectSerializerContext.IncrementItemCount(Int32 count)
     at WriteArrayOfstringToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , CollectionDataContract )
     at System.Runtime.Serialization.CollectionDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeAndVerifyType(DataContract dataContract, XmlWriterDelegator xmlWriter, Object obj, Boolean verifyKnownType, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeWithXsiType(XmlWriterDelegator xmlWriter, Object obj, RuntimeTypeHandle objectTypeHandle, Type objectType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle, Type
  declaredType)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerialize(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerializeReference(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
     at WriteSyncObjectGroupToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , ClassDataContract )
     at System.Runtime.Serialization.ClassDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeAndVerifyType(DataContract dataContract, XmlWriterDelegator xmlWriter, Object obj, Boolean verifyKnownType, RuntimeTypeHandle declaredTypeHandle, Type declaredType)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.SerializeWithXsiType(XmlWriterDelegator xmlWriter, Object obj, RuntimeTypeHandle objectTypeHandle, Type objectType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle, Type
  declaredType)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerialize(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
     at System.Runtime.Serialization.XmlObjectSerializerWriteContext.InternalSerializeReference(XmlWriterDelegator xmlWriter, Object obj, Boolean isDeclaredType, Boolean writeXsiType, Int32 declaredTypeID, RuntimeTypeHandle declaredTypeHandle)
     at WriteArrayOfSyncObjectToXml(XmlWriterDelegator , Object , XmlObjectSerializerWriteContext , CollectionDataContract )
     at System.Runtime.Serialization.CollectionDataContract.WriteXmlValue(XmlWriterDelegator xmlWriter, Object obj, XmlObjectSerializerWriteContext context)
     at System.Runtime.Serialization.DataContractSerializer.InternalWriteObjectContent(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
     at System.Runtime.Serialization.DataContractSerializer.InternalWriteObject(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
     at System.Runtime.Serialization.XmlObjectSerializer.WriteObjectHandleExceptions(XmlWriterDelegator writer, Object graph, DataContractResolver dataContractResolver)
     at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameterPart(XmlDictionaryWriter writer, PartInfo part, Object graph)
     --- End of inner exception stack trace ---
  Server stack trace:
     at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameterPart(XmlDictionaryWriter writer, PartInfo part, Object graph)
     at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameter(XmlDictionaryWriter writer, PartInfo part, Object graph)
     at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeParameters(XmlDictionaryWriter writer, PartInfo[] parts, Object[] parameters)
     at System.ServiceModel.Dispatcher.DataContractSerializerOperationFormatter.SerializeBody(XmlDictionaryWriter writer, MessageVersion version, String action, MessageDescription messageDescription, Object returnValue, Object[] parameters, Boolean
  isRequest)
     at System.ServiceModel.Dispatcher.OperationFormatter.OperationFormatterMessage.OperationFormatterBodyWriter.OnWriteBodyContents(XmlDictionaryWriter writer)
     at System.ServiceModel.Channels.Message.OnWriteMessage(XmlDictionaryWriter writer)
     at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
     at System.ServiceModel.Channels.BinaryMessageEncoderFactory.BinaryMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
     at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
     at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  Exception rethrown at [0]:
     at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
     at Microsoft.Online.Coexistence.Schema.IProvisioningWebService.Provision(SyncObject[] syncObjects)
     at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
     --- End of inner exception stack trace ---
     at Microsoft.Online.Coexistence.ProvisionHelper.CommunicationExceptionHandler(CommunicationException ex)
     at Microsoft.Online.Coexistence.ProvisionHelper.InvokeAwsAPI[T](Func`1 awsOperation, String opsLabel)
     at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.<>c__DisplayClass1.<Export>b__0()
     at Microsoft.Azure.ActiveDirectory.Connector.ProvisioningServiceAdapter.ExecuteWithRetry(String actionName, Action action).

  Hi gdedshg,
  >>Maximum number of items that can be serialized or deserialized in an object graph is '65536'. Change the object graph or increase the MaxItemsInObjectGraph quota
  When meet the above exception, please try to do the following configuration:
  On the server side:
  Add the following to the server's config file:
  <behaviors>
  <serviceBehaviors>
  <behavior name="MyServiceBehavior">
  <dataContractSerializer
  maxItemsInObjectGraph="2147483647" />
  </behavior>
  </serviceBehaviors>
  </behaviors>
  And reference it in the service using the following code:
  <services>
  <service
  behaviorConfiguration="MyServiceBehavior"
  name="serviceName">……
  On the client side:
  Add the following: 
  <behaviors>
  <endpointBehaviors>
  <behavior name="MyClientbehavior">
  <dataContractSerializer
  maxItemsInObjectGraph="2147483647"/>
  </behavior>
  </endpointBehaviors>
  </behaviors>
   And reference it in the endpoint using the following code:
  <endpoint address="serviceAddress"
  behaviorConfiguration="MyClientbehavior"
  For more information, please try to refer to the following article:
  http://blog.aggregatedintelligence.com/2011/01/wcf-maxitemsinobjectgraph-error.html .
  Best Regards,
  Amy Peng
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Exchange and EOP and "Windows Azure Active Directory Sync tool".

  Hi,
  Since we are using our on-premises Exchange server and Microsoft EOP only for spam filter, and
  we are not using the EOP created domain "XXXX.onmicrosoft.com" for anything.
  Technically speaking, do we require
  "Windows Azure Active Directory Sync tool" to be installed and synchronizing all our AD to the EOP!
  Thanks,

  The Windows Azure Active Directory Sync Tool allows you to filter mail in EOP for nonexistent recipients.  This is a pretty useful antispam feature that you'll be forgoing if you choose not to deploy the tool.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• PS CS6 has a different set of installed fonts than my old PS CS4.  How do I get my old fonts back?  Don't like most of the CS6 fonts.  Dell Precision, Windows 7.  Does PS use the fonts in the Windows directory or does it use its own?  A lot of my preferre

  PS CS6 has a different set of installed fonts than my old PS CS4.  How do I get my old fonts back?  Don't like most of the newer CS6 fonts.  Dell Precision, Windows 7.  Does PS use the fonts in the Windows directory or does it use its own?  If so, where are they in the directory?  A lot of my preferred fonts show in the Windows directory but not in Photoshop, which does not display them within the program.  Please help.  If I get free fonts (NOT CC fonts) from elsewhere, where do I put them for Photoshop[ CS6 to use them?  Thanks.

  All versions of Photoshop get their fonts from your OS.  Just install any missing font wherever Windows keeps fonts.
  I don't do windows myself.

• ADF Task Flow: Using Task Flow Call as Application Entry Point

  In our product we have a task flow structure very similar to the Fusion Order Demo application, but we are having serious trouble reproducing the documented functionality of ADF Task Flows.
  Specifically, we cannot use a task flow call as an entry point for our application, which is very important for us to achieve.
  The [Developer s Guide|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/taskflows.htm#ADFFD1634] states about the [demo application|http://www.oracle.com/technology/products/jdev/samples/fod/index.html] :
  "A Fusion web application always contains an ADF unbounded task flow, which contains the entry point or points to the application. Figure 14-3 displays the diagram for the unbounded task flow from the Fusion Order Demo Application. This task flow contains the Home, *MyOrders*, *checkout*, registerUser, and updateUserInfo *view activities, which are all entry points to the application*."
  "The checkout-task-flow activity in Figure 14-3 is a call to an ADF bounded task flow."
  When we run the Fusion Demo Application, we are only able to use home, updateUserInfo and register as entry points.
  We cannot enter the application through any of the task flow call activities (MyOrders and checkout) as the documentation suggests.
  What are the reasons for this and how do we fix it, so we can use task flow call activities as application entry points?
  Thanks.
  Edited by: Rune Glerup on Oct 9, 2009 2:51 AM
  The forum did not display the link to "Developer's Guide" because the link contained the single quote char '. Single quote char removed.

  Is what you mention here the case in the Fusion Order Demo application?
  If the task flow call activities cannot be used as entry points, why is it stated in the documentation?
  How do we solve this, so that the task flow call activities (including parameter bindings) can be used as entry points, like the documentation suggests?

• N:1 Transfomation using I-flows is it possible ?

  Dear Experts,
  We have a Requirement which have same sender structure for the  5 legacy systems.
  Can we have N:1 Transformation using I-flows  where it should create single ICO. ( It is known that we cant create multiple sender using ICO, but i want to know is there any option where we can achive thie type of requirement in PO 7.4 )
  I have searched and tried the options avaiable in NWDS for N:1 .
  Let me know if any one have come accross this type of requirement.
  Note : we are using PO 7.4 single stack,SP10, NWDS 7.3,EHP1 SP14
  Regards
  Sudheer R

  Sudheer
  AFAIK, this is not possible. At the moment, ICO does not allow wild card * in the sender system, and since iFlow is just a front end that generates ICOs, you cannot do that in iFlow too.
  The request for this has already been submitted at Ideas place.
  Being able to define more than one sender for an ICO / IFlow : View Idea
  You can go and vote for it, but if you want something immediate, you will have to use multiple iFlows/ICOs.
  Rgds
  Eng Swee