Entra ID Connect cloud sync: User and group sync is quarantined
Hi, I connected our on-premise AD with Entra ID with Azure AD Connect Cloud Sync. Agents are active, but User and group sync is quarantined with the following error. Error code: HybridSynchronizationContainerStateEnumerationFailed Error message: We were unable to process this request at this point. If this issue persists, please contact support and provide the following job identifier: AD2AADProvisioning.... Additional details: Encountered an error while enumerating container changes in the provisioning agent. Please make sure you are running the latest version of the agent. Contact support if the issue persists. Additional Error Details: UnwillingToPerform: The server cannot handle directory requests.. ResultCode: UnwillingToPerform, HResult: -2146233088, responseType: System.DirectoryServices.Protocols.SearchResponse, serializedResponse: {"MatchedDN":"","Controls":[],"ResultCode":53,"ErrorMessage":"error in module dsdb_paged_results: Unwilling to perform during LDB_SEARCH (53)","Referral":[],"References":[],"Entries":[],"RequestId":null}. I use SaMBa servers (4.19.4) as DCs. Agents are installed on Windows 2019 servers. How can I resolve the problem?Introducing the Azure Roadmap
We launched the Azure Roadmap on Azure.com in June of this year and have received a tremendous response from our customers. For the first time in one place, customers can see what we are working on for future releases, see related feedback, and subscribe to updates. The Roadmap is also integrated with Azure Updates so that customers can see how we are delivering against our plans. We are excited to start working with the Microsoft Tech Community to further reach customers. You can now find the link to the Azure Roadmap under More Resources in the community. We are always looking to improve and would love to hear from you. Please e-mail azroadmapfeedback@microsoft.com with your comments and questions. Below are FAQs to help you get started exploring the roadmap! What is the Azure Roadmap? The Azure roadmap provides a central place where Azure customers can see what’s new and what’s coming next for Azure Where is the public Azure Roadmap? You can find it under More Resources in the community or you can go directly to https://azure.microsoft.com/en-us/roadmap/ or http://aka.ms/azureroadmap What kind of posts can I expect on the Azure Roadmap? The posts you will see on the Azure Roadmap are the key features and services that have launched or are coming soon. For details on incremental updates and/or improvements to features and services, please visit Azure Updates - https://azure.microsoft.com/en-us/updates/ How do I find a specific post on the Azure Roadmap? The Azure Roadmap page provides filters (by Product Category and/or Status), tags, and search functionality to help you quickly navigate to your area of interest. What do the different Statuses (In development, In preview, Now available) mean? In development – updates that are currently in development and testing In preview – preview; updates in preview that may not be available broadly and to all customers Now available – generally available; fully released updates How can I learn about changes in the Azure Roadmap? You can subscribe to notifications so you’ll always be in the know. Where can I find service availability by region? On the right navigation menu under “Explore” there is a link to “Check product availability in your region.” You may also find this detail by visiting: https://azure.microsoft.com/en-us/regions/
Am trying to create group with dynamic user membership using attribute "Employee Type"
Am trying to create group with dynamic user membership using attribute "Employee Type", tried to get details from Extension attribute but didn't find any option, Did anyone tried this and able to do ? I found a posting where it said to create a custom attribute that would be populated by the 'employee Type' field. That just seems a little strange to me to to create an attribute to be exactly like the one that is already there.Azure AD Dynamic Security Groups creation with inclusion and exclusion.
Hi All, I have a query regarding Azure AD Dynamic Security Group creation and would like to get some advise from this forum. I want to create an Azure AD Dynamic Security Group which should include all the members in the tenant and at the same time it should also exclude the members from a specific Azure AD security group in the tenant from becoming a member of that Dynamic Security Group . So, basically it has to do inclusion as well as exclusion at the same time and I'm not able to come up with the right syntax to do this. Could you please check and let me know how this can be achieved .
How to exclude security group members using dynamic query
Hi, I'm trying to build a dynamic query for a security group and want to exclude members of a certain group in this. Example- Let's say there's a security group A and I'm building a new security group B and I want to exclude members of group A to be added to this group B. I'm struggling to find the right query for this. Any ideas?
Dynamic AD group
Hi Experts I am using exchange hybrid environment, all my users are created on onprem and migrated to cloud. for example i have user1 whose department number is 100, every user has department number in AD attribute. i have another user whose department number is 101. my requirement is to add these users to office365 unified group dynamically, i.e user whose department number is 100 or 101 should be added to this office365 group dynamically and if tomorrow employee leaves the company it should be removed automatically,or is it possible to create a dynamic group in Azure AD to pull the members of department 100 and 101 and add this group to office365 unified group. Experts guide me on this.
employeeType attribute for Dynamic Group features
Dear Microsoft, I would like to suggest the feature of Dynamic Groups to support the employeeType attribute. As dynamic groups are used by features like Identity Governance Auto-Assignment policies and could be the base for Conditional Access Policies, this feature would be aligned with the Secure Futures Initiatives and the Conditional Access Policy Architecture implementation recommendation using various personas (Conditional Access architecture and personas - Azure Architecture Center | Microsoft Learn) as well as the Microsoft Recommendation not to use extensionAttributes for purposes other than a Hybrid Exchange deployment, as well as having Named Attributes for such important security configurations and Entitlement Management. Thanks, B
Dynamic group membership rules stopped working
We've been using the following the following dynamic membership rule to check if a user is a member of another group: user.memberOf -any (group.objectId -in ['2b930be6-f46a-4a70-b1b5-3e4e0c483fbf']) The group is an Active Directory group that is represented in Entra with the stated Entra group object Id. The validation fails for every user and looks like this: It seems that all out dynamic groups are affected and stopped working. Have you seen this before? Thanks.Fido passkeys blocked by policy
Hi all I'm helping out a customer with deploying physical passkeys and I'm running into a weird error. I've activated the sign in method and selected the two AAGuids for the Authenticator app and I've added the right AAGuid for the brand and model of passkey we are using. We can select the authentication method and enroll the security correctly but when trying to sign in using it we get the error as displayed in the attached picture. When checking the sign in logs i get this error message FIDO sign-in is disabled via policy and the error code is: 135016 I've not been able to track down any policy that would be blocking passkeys. anyone got any ideas?
