Monthly Archives: July 2017

[Tutorial] Configuring an Azure Acitve Directory (AAD) Application to leverage multiple Reply URLs

Use Case:

I was recently asked if it is possible to configure multiple Sign-On URLs for a SalesForce application by a customer.  Per the customer, the Sign on URL and the Identifier URL are how Salesforce HR agents log in, in addition to the forms filled out via the web application. When multiple Reply URLs are configured, SSO is possible between both the agent and web application.  Without configuring multiple URLs, you will receive an error stating that the Reply URL is incorrect via the Agent or Web Application.

In this case, this tutorial will cover how to configure multiple Reply URLs for a single Azure AD Application; whether created from the Azure AD Marketplace or custom.

Here is a link to a customer on SalesForce’s forums asking a very similar question as well: https://developer.salesforce.com/forums/?id=9060G000000ICYYQA4

Configure Multiple Reply URLs in Azure AD

  1. Login to https://portal.azure.com and select Azure Active Directory
  2. Select App Registrations (even though an application may be an Enterprise application, please proceed with App registrations)
  3. Select your application from the list
  4. Select Reply URLs on the right side of the blade
  5. Add/Remove the URLs to the desired configuration and then click Save

Please note that if you do browse back to Enterprise Applications, today the portal will only reflect one-URL as of 7/24/2017.

List of schema versions for Windows Server Active Directory

Here’s the current list of Schema Versions for Active Directory on Windows Server.

OS Schema Version
Windows 2000 Server 13
Windows Server 2003 30
Windows Server 2003 R2 31
Windows Server 2008 44
Windows Server 2008 R2 47
Windows Server 2012 56
Windows Server 2012 R2 69
Windows Server 2016 87

 

You can validate the current schema version you have in your environment via PowerShell or Registry Editor.

Validate schema version via PowerShell:

Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion

In this screenshot, I have ObjectVersion equal to 69, denoting the schema has been extended for AD on Windows Server 2012 R2.

Validate schema version via Registry Editor:

  1. Click Start and search for
  2. regedit
    regedit
  3. Open up regedit and navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters
  4. In this screenshot, I have Schema Version equal to 69, denoting the schema has been extended for AD on Windows Server 2012 R2.
    regedit - schema version