Develop Reference

Azure optional claim return object Id - need Group name

i have tried to get user group name as value in auth/me URL, but it returns only objectId of group.
How to get the group name instead of objectId.
In my manifest i have added
"groupMembershipClaims": "SecurityGroup"
optional claims also added
i don't have any onpremises AD connect
I need the manifest configuration to get the group name in auth/me url

I have tried this in my lab and it is working for me.
This option is available only if you select "groups assigned to the application" option.
If you select any other option apart from this, "cloud-only group display names (preview)" it will be greyed out.
Since this option is still in preview, there is some enhancements going on at backend.
For more information, you can also refer this documentation Configure group claims for applications.

I tried to reproduce the same in my environment:
Manifest:
"given_name": "kav",
"groups": [
"xxxf-94bc-xxxxxx7d",
"xxxx-2459exx5a"
],
The jwt cannot contain group name but it gets Id’s of the groups
You can customize group claim name following Configure group claims but it required Onpremise AD which you mentioned is not there as sAMAccountName option is the option present on Group objects synced from Active Directory.
Else You can check all the default properties using Microsoft graph Api Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph
https://graph.microsoft.com/v1.0/groups/<groupId>

Import User and Group with Powershell in AD from a csv file

I'm pretty new in Powershell.
I was working in a cloud environment creating an Active Directory with some users and groups and had to close the server in which I was working.
In order to reproduce and have a completely identical enviromment, I used this code
Get-ADUser -Filter * -Properties * | Export-Csv -Path ExportUsers.csv
and also
Get-ADGroup -Filter * -Properties * | Export-Csv -Path ExportGroups.csv
did with my code an export of ALL users and groups from the Active Directory using Powershell in order to export ALL info of the users and groups.
Now, I have create a VM with a new Active Directory in my laptop and at least I created the same domain name I had in the cloud (just to start in a closes as possible way).
I'm not able to import now all groups and all users WITH ALL PROPERTIES there are in the file. I saw in several threads that someone created some scripts inserting inside all params they need from the file. In reality, I'd like to have all info of the user so I'm trying the easier way to import all data without going to say exactly the fields I need (I need everything!)
The export was pretty simple so I hope the import should be the same.
The header columns of my csv file in regard to users is this:
AccountExpirationDate,"accountExpires","AccountLockoutTime","AccountNotDelegated","adminCount","AllowReversiblePasswordEncryption","BadLogonCount","badPasswordTime","badPwdCount","CannotChangePassword","CanonicalName","Certificates","City","CN","codePage","Company","Country","countryCode","Created","createTimeStamp","Deleted","Department","Description","DisplayName","DistinguishedName","Division","DoesNotRequirePreAuth","dSCorePropagationData","EmailAddress","EmployeeID","EmployeeNumber","Enabled","Fax","GivenName","HomeDirectory","HomedirRequired","HomeDrive","HomePage","HomePhone","Initials","instanceType","isCriticalSystemObject","isDeleted","LastBadPasswordAttempt","LastKnownParent","lastLogoff","lastLogon","LastLogonDate","lastLogonTimestamp","LockedOut","logonCount","logonHours","LogonWorkstations","Manager","MemberOf","MNSLogonAccount","MobilePhone","Modified","modifyTimeStamp","msDS-SupportedEncryptionTypes","msDS-User-Account-Control-Computed","Name","nTSecurityDescriptor","ObjectCategory","ObjectClass","ObjectGUID","objectSid","Office","OfficePhone","Organization","OtherName","PasswordExpired","PasswordLastSet","PasswordNeverExpires","PasswordNotRequired","POBox","PostalCode","PrimaryGroup","primaryGroupID","ProfilePath","ProtectedFromAccidentalDeletion","pwdLastSet","SamAccountName","sAMAccountType","ScriptPath","sDRightsEffective","ServicePrincipalNames","SID","SIDHistory","SmartcardLogonRequired","State","StreetAddress","Surname","Title","TrustedForDelegation","TrustedToAuthForDelegation","UseDESKeyOnly","userAccountControl","userCertificate","UserPrincipalName","uSNChanged","uSNCreated","whenChanged","whenCreated"
and this is just an entry of an user
,"9223372036854775807",,"False",,"False","0","0","0","True","mydomain.com/Users/Guest","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection",,"Guest","0",,,"0","3/21/2014 2:00:02 PM","3/21/2014 2:00:02 PM",,,"Built-in account for guest access to the computer/domain",,"CN=Guest,CN=Users,DC=mydomain,DC=com",,"False","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection",,,,"False",,,,"False",,,,,"4","True",,,,"0","0",,,"False","0",,,,"Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","False",,"3/21/2014 2:00:02 PM","3/21/2014 2:00:02 PM",,"0","Guest","System.DirectoryServices.ActiveDirectorySecurity","CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=com","user","b3cdb85f-aa85-41e8-a36a-1e9cabb03bf2","S-1-5-21-1277972300-3555916100-1183092696-501",,,,,"False",,"True","True",,,"CN=Domain Guests,CN=Users,DC=mydomain,DC=com","514",,"False","0","Guest","805306368",,"15","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","S-1-5-21-1277972300-3555916100-1183092696-501","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","False",,,,,"False","False","False","66082","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection",,"8197","8197","3/21/2014 2:00:02 PM","3/21/2014 2:00:02 PM"
and, in a similar way, I have exported all GROUPS, so that now I have a csv with these headers:
"adminCount,"CanonicalName","CN","Created","createTimeStamp","Deleted","Description","DisplayName","DistinguishedName","dSCorePropagationData","GroupCategory","GroupScope","groupType","HomePage","instanceType","isCriticalSystemObject","isDeleted","LastKnownParent","ManagedBy","member","MemberOf","Members","Modified","modifyTimeStamp","Name","nTSecurityDescriptor","ObjectCategory","ObjectClass","ObjectGUID","objectSid","ProtectedFromAccidentalDeletion","SamAccountName","sAMAccountType","sDRightsEffective","SID","SIDHistory","systemFlags","uSNChanged","uSNCreated","whenChanged","whenCreated"
And an example of an entry
1,"prestige.com/Builtin/Administrators","Administrators","3/21/2014 2:00:02 PM","3/21/2014 2:00:02 PM",,"Administrators have complete and unrestricted access to the computer/domain",,"CN=Administrators,CN=Builtin,DC=prestige,DC=com","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","Security","DomainLocal","-2147483643",,"4","True",,,,"Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","3/21/2014 2:18:22 PM","3/21/2014 2:18:22 PM","Administrators","System.DirectoryServices.ActiveDirectorySecurity","CN=Group,CN=Schema,CN=Configuration,DC=prestige,DC=com","group","729af9dd-25ee-448e-a63e-72fa546aa83e","S-1-5-32-544","False","Administrators","536870912","15","S-1-5-32-544","Microsoft.ActiveDirectory.Management.ADPropertyValueCollection","-1946157056","12711","8199","3/21/2014 2:18:22 PM","3/21/2014 2:00:02 PM"
What should be the best way to import ALL info, using maybe powershell again and that csv, in my new Active Directory? I need to have it as more similar as possible of the AD I had in the cloud.
Thanks everyone for your help: I'm not finding a good way to resolve :-(

anonymous download request to azure storage blob service does not download pdf with user friendly name configured during upload

The requirement is to provide a friendly file name during pdf download, to our customers with whom we have shared the azure blob download urls(blobs without SAS token).I am working on this requirement using azure emulator in my local set up. I have set the content disposition property during upload of the file and am able to see the same in the blob properties(using storage explorer) after upload but it isn't returned in the response during download. Is this the expected behaviour?
I have already tried the following suggestion:
set the DefaultServiceVersion of blob service before setting containerAcl--have set it to 2017-11-09..but still the x-ms-version returned in the download response header shows 2009-09-19 and there is no content disposition returned in the response. Have checked the property in powershell too using Get-AzStorageServiceProperty -ServiceType Blob -Context $ctx
the defaultversion is set to 2017-11-09...
cases where content disposition works:
1.When i send x-ms-version in the request header, i am able to download the pdf with the name set in the content disposition parameter of the uploaded file.
2.While using SAS token too, the content disposition parameter is used and i am able to download the file with the desired name.
I need to get this working for anonymous request.
this is what i have as of now:(PHP):
$this->blobSvc = BlobRestProxy::createBlobService($this->connectionString);
$serviceProperties = $this->blobSvc->getServiceProperties();
$serviceProperties->getValue()->setDefaultServiceVersion('2017-11-09');
$this->blobSvc->setServiceProperties($serviceProperties->getValue());
the defaultserviceversion gets set correctly. But still x-ms-version is incorrect in the response and content disposition header isnt returned during download

azure Emulator seems to have the above issue. With an actual azure account , content disposition for anonymous request works as expected.Thanks for all help.

The requested URI does not represent any resource on the server

I am trying to host a website in Azure Blob Storage
as discussed here
I have had success with www.mysite.com.au which is redirecting to
( where mysite is not the real name )
http://docs.mysite.com.au/site/index.html ( not a real url )
where docs is a cname with the alias being the blob storage name.
The blob access policy is set to Container
The direct link in Azure is https://mysite.blob.core.windows.net/site/index.html (not the real name)
I am puzzled as to why I cannot go to http://docs.mysite.com.au/site/index.html directly
When I do this I get an error
The requested URI does not represent any resource on the server
I think the answer might be to do with working with blobs not files.
Similar to why "subfolders" cant be created in $root.
[Update]
I also ran into this problem when I deleted index.html and then re-uploaded it.
I can see the file in storage explorer.
I think I will need to revert to an app service.

For hosting static website on Azure Blob Storage, you could leverage the root container ($root) and store your files under the root path as follows:
https://brucchstorage.blob.core.windows.net/index.html
Custom domain: http://brucestorage.conforso.org/index.html
For script and css files, you could create another container (e.g. content), then put script files under content/script/ and css files under content/css/ or you could create each container for storing script and css files.
https://brucchstorage.blob.core.windows.net/content/css/bootstrap.min.css
https://brucchstorage.blob.core.windows.net/content/script/bootstrap.min.js
The requested URI does not represent any resource on the server
AFAIK, the blob in the root container cannot include a forward slash (/) in its name. If you upload blob into root container with the / in its name, then you would retrieve this error.

I think I must have had the custom name set incorrectly in Azure.
It should have been docs.mysite.com.au ( not the real name)

Interacting with USER OU in Powershell

User is not your typical OU in Active Directory and I am trying to interact with it to pull its information down. If I run
get-adorganizationlunit -filter 'name -eq "User"'
I receive no output which I guess I expected, but how can I interact with it? I am writing a script to create OU's from a CSV file and we need sub OUs to be added under User. Any ideas?

This is because Users is not an organizational unit, but rather a container. Try runnning Get-ADObject -Filter {Name -eq 'Users'} to get back the Users object; you'll see that it's ObjectClass is 'container', and not 'Organizational Unit.' You cannot create OU's under containers, such as Users. So you'll need to create these new OU's somewhere else.