Cannot Create Windows Azure Active Directory Managment Agent... RRS feed

  • Question

  • Greetings,

    I'm having difficulty creating a Windows Azure Active Directory Management Agent. When I select Windows Azure Active Directory (Microsoft) and click Next, I receive the following error (screenshot attached):

    Unable to retrieve configuration parameters from the extension: Value does not fall within the expected range.

    Also, if I try to simply install an Extensible Connectivity 2.0 agent, select Microsoft.Azure.ActiveDirectory.Connector.dll, refresh the interface, and select Next, I receive:

    The extension could not be loaded.

    I'm suspecting that the .dll is bad, but I've downloaded and installed the AADConnector.msi twice, so I'm not sure my next move.

    Happy Holidays!

    Monday, December 22, 2014 4:55 PM

All replies

  •  bump - experiencing the same - have installed on another server successfully before.
    Thursday, April 16, 2015 4:07 PM
  • Hello,

    can not help on that specific error but keep in mind that using WAAD connector is not recommended for new implementations.

    You should try AADSync/Connect even if you have FIM already in your environment.
    So since there will be a lot of changes in the future to AzureAD those will possibly only supported on AADConnect, there are no more updates to the FIM AAD Connector.

    For example you can not enable user write-back, if you enable it in Azure AD you will not be able to use "older" sync solutions like DirSync/AADSync and WAAD Connector.
    (This is stated in the Release Notes of Preview 2 of AADConnect)

    I would only use WAAD connector if the scenario is currently not supported be either DirSync,AADSync,AADConnect like for example multi-tenant scenarios.


    Peter Stapf - ExpertCircle GmbH - My blog:

    Friday, April 17, 2015 3:15 PM
  • The main problem with having both FIM/MIM and DirSync/AADSync or even the new ADDConnect is that both are independent systems and work to their own synchronization schedule.

    I mean, if FIM/MIM is responsible for creating an AD account and DirSync (say) is responsible for synchronizing the AD with Azure AD, How can FIM/MIM *know* (without looking) that that AD account has successfully been synchronized and exists in Azure AD?

    All I want is the ability for FIM/MIM to read (import) Azure AD account attributes into a connector space.

    By the way, I hope this connector is available for MIM and MIM Sp1.

    Thursday, March 10, 2016 7:41 AM
  • The connector is still there but it's not the go forward solution. All of the engineering work is happening in AAD Connect.

    You can have AAD Connect write an attribute back to AD as a flag that the account has been synchronized to AAD and then read that in with FIM/MIM.


    Consulting | Blog | AD Book

    Thursday, March 10, 2016 5:22 PM
  • I agree with Brian, create a flag attribute with AADC, or if you dont want to do so, consider to use PowerShell Connector to just read wht Azure AD Objects, since PowerShell CMDLets will also reflect latest development in Azure AD.


    Peter Stapf - ExpertCircle GmbH - My blog:

    Thursday, March 10, 2016 5:27 PM
  • Thanks for the suggestions. 

    The DirSync/AADConnect AD flag approach sounds interesting.

    Saturday, March 12, 2016 11:06 AM