Posts

Showing posts with the label Azure Active Directory

Azure Active Directory Domain Services Limitations

Image
I work with Azure Active Directory (AAD) and enabled the Domain Services (AAD DS) feature to manage all my virtual machines and user-accounts. Domain Services is basically a Windows Domain Controller (in fact there are two of them), which provides Domain Join, LDAP and Authentication for your cloud hosted network and machines.
As a result, all users in the AAD can login to the Windows machines by using their AAD-Account.
From the documentation (https://azure.microsoft.com/en-us/services/active-directory-ds/). Your domain controller as a service “Lift-and-shift” apps to Azure more easily than everUse LDAP, Active Directory domain join, NTLM, and Kerberos authenticationRely on a managed, highly-available serviceGet started in minutes, pay as you goDevelop and test with no identity worriesManage Azure virtual machines effectively using Group Policy I use the following setup, often referred as "cloud-only organizations"

Known Limitations While still in the preview phase, I would …

Deleting Azure Active Directory Users in C#

Image
Using the Azure Active Directory with the official client Libraries is straighforward. Just Install the required libraries in your C# Project
PM> Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory for authenticating yourself against the AD - and
PM> Install-Package Microsoft.Azure.ActiveDirectory.GraphClient for accessing the directoryCreate your application in the directoryGenerate a ClientSecret for the ApplicationGive permission to manager the AD to the ApplicationPut it all together See: http://justazure.com/azure-active-directory-part-5-graph-api/ for further assistance.
But When it comes to deletion of objects (Users, Groups, etc.) it will become less easy, because the application you created has not enough permissions to delete objects. You might see the error

"Insufficient privileges to complete the operation."
This is caused by the setup of the application in the AD itself and the missing membership to the "Company Administrator"-Role.

See…