SS Technology Forum

SS Technology Forum

Computer Migration - Things to Consider

Here are a few points which you can consider while doing computer migration. These points are applicable to all migrations irrespective of the migration tool (ADMT, NetIQ, Quest etc)

Active Directory User Migration

Here is a graphical representation of the high level steps involved in an Active Directory migration using ADMT

User Migration and Merging Using Quest Migration Manager

Pre-creating user account in the target domain is a common scenario these days due to single-sign-on solution, HR management procedure etc

Microsoft Right Management Service (RMS)

Rights Management Service (RMS) is an add-on to many RMS aware applications. In this article my main focus is to explain how we can utilize RMS technology with Exchange 2003 and how we can take advantage of RMS technology to increase the email security

Microsoft ISA Server

I am sure we have all either encountered or heard of this "problem" one time or another if the ISA Server is part of the Active Directory Domain. Is it a problem?

Tuesday, May 17, 2016

Azure – Custom NameId Support in SAML Attribute

Now Azure supports extension attributes (1-15) as Name Identifier (nameid) in SAML token.  This option is available for both Gallery and Custom applications. 


Using the Claims Editor, now you can select, Extension Attributes 1 –10 as the unique identifier. 


Previously, we had only a few attribute options (user.mail , user.onpremisessamaccountname , user.userprinciplenae and ExtractMailPrefix() fuciton) as name identifier.  We couldn’t use any custom values using extension attribute. 


Tuesday, May 3, 2016

Azure MFA–Directory Integration Filter

Here are a few options which you can use to filter objects from Active Directory when using  Directory Integration with Azure MFA.  The Azure on-premises MFA  server supports standard LDAP filter.  You can this filter in Directory Integration –> Synchronization –> User Filter:


For example,

if you want to filter or include users based on a group membership, you can use the memberOf attribute with distributedName of the security group as shown below:



If you want filter or include users based on an attribute value, you can use (attributename=value) format as shown below:



You can also use standard logical operator to combine your filter statement:



Thursday, April 28, 2016

Azure MFA - ADFS Adaptor and pfsvcclientclr.dll Error

Problem Statement:

When using 7.0 version of Azure on-premises MFA server, you may receive an event ID 364 with “Could not load file or assembly 'pfsvcclientclr.dll' or one of its dependencies. The specified module could not be found” error message. 

Complete Error Message

System.IO.FileNotFoundException: Could not load file or assembly 'pfsvcclientclr.dll' or one of its dependencies. The specified module could not be found.

File name: 'pfsvcclientclr.dll'

   at pfadfs.AuthenticationAdapter.IsAvailableForUser(Claim identityClaim, IAuthenticationContext context)

   at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.IsAvailableForUser(Claim identityClaim, IAuthenticationContext authContext)

   at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.ProcessContext(ProtocolContext context, IAuthenticationContext authContext, IAccountStoreUserData userData)

   at Microsoft.IdentityServer.Web.Authentication.External.ExternalAuthenticationHandler.Process(ProtocolContext context)

   at Microsoft.IdentityServer.Web.Authentication.AuthenticationOptionsHandler.Process(ProtocolContext context)

   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)



  1. Visual C++ Redistributable x64 and x86 ( )
  2. KB2919355 installed If you are using Windows Server 2012R2 (

Tuesday, February 9, 2016

Azure Authenticator–Unable to add the account


During activation Azure Authenticator application generates the following error message on Android device. This URL and code works on Apple and Microsoft mobile devices.

Unable to add the account.  We couldn’t add the account as your device does not trust the activation URL.  Please contact your IT administrator


Troubleshooting steps:

  1. Try to activate the account using Apple or Microsoft device
  2. Verify the URL publishing configuration.  Are you publishing the Microsoft MFA Mobile App using Windows Application Proxy?

Solution / Workaround:

The issue is not really related to MFA or certificate configuration.  The issues is more related to how you publish the Mobile App URL to the internet.   If you are using Web Application Proxy for publishing the URL (, there is an issue with  Server Name Indication (SNI) certifies and Android devices. You can try one of the workaround mentioned in that article.

Other option is to publish the Mobile app URL using some other method as mentioned here -

Tuesday, January 12, 2016

SharePoint 2013 Products Preparation Tool–Stuck in Configuration Application Server Role, Web Server (IIS) Role


SharePoint 2013 Products Preparation Tools stuck during the “Now Installing Prerequisites” stage with Configuration Application Server Role.  web Server (IIS) Role as show below:


Solution / Workaround

The Server Manger is causing the issue here.  Make sure Server Manger is not running in the background.  Closing Server Manager application will complete the pre-requisite installation successfully.  

Thursday, January 7, 2016

Azure MFA–Publishing MFA Portals using Web Applicaion Proxy


The goal is to publish on premises Microsoft Multi Factor Authentication (MFA) server portals using Web Application Proxy Service (not Azure Application Proxy!) The Microsoft MFA has the following 3 portals:

1. User Portal - The User Portal section allows the administrator to install and configure the Multi-Factor Authentication User Portal.

2. Web Service SDK - The Web Service SDK section allows the administrator to install the Multi-Factor Authentication Web Service SDK.

3. Mobile App - The Mobile App section allows the administrator to configure settings for the Mobile App.  There is also a Mobile App Web Service which needs to be installed to support mobile app activations.

At the end of the configuration, my goal is to provide a single direction URL for User Portal, Web Service SDK and Mobile App shown below:



Tuesday, January 5, 2016

Azure–Add an Application from the Gallery


As shown below, you have the following three options when integrating an application in Azure (of course it is based on your application type). 


When adding a Custom application from the Gallery, you supposed to see the following configuration screen for the application integration:


Custom application is part of the Azure AD Premium offering. If you don’t have a premium license,  instead of the above screen, you will see a link Add an unlisted application your organization is using which points to the URL as shown below:


This issue can be resolved by assigning the premium license to the respective Azure Directory. If you don’t have premium license, you can obtain a trial license from here.

Monday, January 4, 2016

SharePoint 2013 Product Preparation tool–There was an error during installation


The SharePoint 2013 Product Preparation tool failed with following error message:

There was an error during installation.  The tool was unable to install application server Roles, Web Server (IIS) Roles. 




By default, the installation process is looking for ServerManagerCMD.exe to execute these task.  Verify that the ServerManagerCMD.exe exist in C:\Windows\System32\ folder.  The ServerManagerCMD.exe command is available only on servers that are running Windows Server 2008 or Windows Server 2008 R2. The Servermanagercmd.exe command has been deprecated, and is not available in Windows Server 2012.  Recommended option is to use Windows PowerShell cmdlets.  In Windows Server 2012, ServerManager.exe file exist in C:\Windows\System32\ folder.  As a workaround, you can copy the ServerManager.exe to ServerManagerCMD.exe to complete the pre-requisite installation. 

Addition info:


Friday, January 1, 2016

Microsoft Most Valuable Professional (MVP) Award


Microsoft Most Valuable Professional (MVP) Award – Enterprise Mobility

Perfect start to my 2016.  Received the Microsoft Most Valuable Professional (MVP) award for the 6th time.

Received the following good news this morning.


Dear Santhosh Sivarajan,
Congratulations! We are pleased to present you with the 2016 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Enterprise Mobility technical communities during the past year.
Also in this email:

  • About your MVP Award Gift
  • How to claim your award benefits
  • Your MVP Identification Number
  • MVP Award Program Code of Conduct

The Microsoft MVP Award provides us the unique opportunity to celebrate and honor your significant contributions and say "Thank you for your technical leadership."

Patrick Malone
Community & Advocacy Programs

Tuesday, November 17, 2015

AADSync to AADConnect Upgrade and Enterprise Admins group Error

The AADSync to AADCOnnect upgrade process is well documented in the article.

However, you may receive an error message “user is not part of the Enterprise Admins group” during the upgrade process, if you select the Express install option.  It seems like there is an issue using Express option during the upgrade process.  The workaround for this issue is to use Customize option and complete the upgrade/installation process.

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More