Posts: 9
Threads: 2
Joined: May 2018
I have a small question that I was hoping you could assist with.
Here's the scenario as we see it:
We're considering creating an Azure SQL database on domain YYYY's Azure tenant, but on our local PC's are logged into domain XXXX.
We've tested with the following:
- Integrated Windows authentication (We did not expect this to work and it didn't)
- Reading over the Forums, we found that the suggestion is often to set up a Full Trust between the two domains, but that will NEVER be an option for us.
- RunAs does not work either
However, we are wondering if we can use Azure AD to authentication our users with?
Looking over some other tools, we've seen that it works with those.
Any help would be greatly appreciated.
Posts: 11,234
Threads: 102
Joined: Aug 2006
You should try to use the latest patch (ASGRD 2018 Patch4) - untrusted domain login is supported with that version...
Posts: 9
Threads: 2
Joined: May 2018
Hi Oliver,
Thank you for the reply.
I just installed it now, however I'm having a bit of a hard time seeing how it can solve our issue.
Is there any doumentation on the topic?
As mentioned we're using an Azure SQL server and I guess we ultimately want to authenticate the users against our Azure AD.
Perhaps we're going about it wrong.
Posts: 11,234
Threads: 102
Joined: Aug 2006
Did the AZURE SQL database is running and is working? If yes use the login dialog of ASGRD - uncheck Integrated and use an ActiveDirectoy-Account from your Azure AD - that should work (version 2018 Patch4) - if not what error do you get? Or what is not working as expected? In ASGRD you should be able to add the AZURE AD in Settings=>Domains so you can also browse this AD in the application, add users in permissions and so on...
Posts: 9
Threads: 2
Joined: May 2018
(29-05-2018, 03:31 PM)DevOma Wrote: Did the AZURE SQL database is running and is working? If yes use the login dialog of ASGRD - uncheck Integrated and use an ActiveDirectoy-Account from your Azure AD - that should work (version 2018 Patch4) - if not what error do you get? Or what is not working as expected? In ASGRD you should be able to add the AZURE AD in Settings=>Domains so you can also browse this AD in the application, add users in permissions and so on...
The Azure SQL DB is up and running.
I've managed to log-in with both the SQL Server admin account as well as the accounts that are assigned as Active Directory Admins.
What doesnt seem to work is that if a password is reset on the AD Admin account, ASGRD still expects the old PW. I have not added the admin account on the DB or anything, so I'm intrigued as to where the PW is coming from in the first place.
Perhaps the step you mentioned regarding adding Azure AD in Settings => Domains is what I'm missing. You mentioned that i should be able to browse the AD in the application, add users in permissions and such, however I can't quite get that integration to work  Any documentation on that?
Also, I do apologize for the limited tech-talk and I appreciate your help
Posts: 11,234
Threads: 102
Joined: Aug 2006
Yes, first you need to add the AD to "Domains" in Settings - quite easy, server, username and password! Then this AD is shown in any AD-Browse dialog - so I don't know which documentation you are looking for? If you have trouble in any dialog in the program just press F1 :-)
The problem with password reset I have no idea - perhaps it will be synced in AZUE AD to a second instance?!? We use a LDAP query when trying to login via untrusted domain - so there is nothing cached.
Posts: 9
Threads: 2
Joined: May 2018
Hi Oliver,
I'll give it all a go and see how far i can get before I need to bother you again
Thank you very much for your help.
Posts: 9
Threads: 2
Joined: May 2018
Hi Oliver,
After some tinkering I resolved the issues i was having. Main issue was our VPN connection, which leads me to a new question.
We require the VPN to connect to our AD since its hosted in Azure, however that creates some problems for users that may need an offline mode.
User is at a customer with no access to internet - only LAN.
The user wants to be able to start the program and be able to access the customers machines.
Currently I have enabled the offline mode and such, however I cannot login once the internet access is cut.
Posts: 11,234
Threads: 102
Joined: Aug 2006
What kind of error message do you get? Your scenario should work... All data is saved to an offline file and can be used without access to the database...
Posts: 9
Threads: 2
Joined: May 2018
Hi Oliver,
I get the following:
Login failed. Please veridy user name and password!
The server is not operational.
I fully agree with what you said regarding the offline file and such, which is why I'm confused as to why this is happening :O
Posts: 11,234
Threads: 102
Joined: Aug 2006
Ok - will check that...
Posts: 11,234
Threads: 102
Joined: Aug 2006
One question - do you have access to the ActiveDirectory when trying to start in offline mode? If not I think that might be the problem...
Posts: 11,234
Threads: 102
Joined: Aug 2006
I think that's it - then I get the same error message (tried on offline VM and tried to logon to my untrusted domain account) - so we will try to find a solution for that...
Posts: 9
Threads: 2
Joined: May 2018
Hi Oliver,
Your findings are spot on! 
Thanks for the help.
Posts: 11,234
Threads: 102
Joined: Aug 2006
If you enable Private Messages I could send you a link for a Preview version where this issue is already fixed...
Posts: 9
Threads: 2
Joined: May 2018
(06-06-2018, 01:26 PM)DevOma Wrote: If you enable Private Messages I could send you a link for a Preview version where this issue is already fixed...
Hi Oliver,
I apologize for missing your last message regarding the link for a preview option and replying so late.
I have enabled PMs now, so I was wondering if you could perhaps send me the link?
Posts: 1
Threads: 0
Joined: Dec 2015
I'm facing the exact same issue, can we confirm if a cause was found?
Posts: 11,234
Threads: 102
Joined: Aug 2006
Yes it will be fixed in the next patch - comming soon...