Share via

Rolling over the Kerberos decryption key

jelloland 51 Reputation points
2022-05-20T18:01:43.057+00:00

I was looking to implement this based on this article:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-faq

Under the How can I roll over the Kerberos decryption key of the AZUREADSSO computer account? section it says to use Azure AD PowerShell to accomplish this using these functions:

New-AzureADSSOAuthenticationContext
Get-AzureADSSOStatus
Update-AzureADSSOForest

But when I went to install Azure AD PowerShell I get the message saying it's being deprecated and I should use Graph. I searched for SSO in the Graph commands but couldn't seem to find functions that would accomplish this.

I just wanted to know if the Graph module has this capability and what the new commands would be, or otherwise leave this as a message that they may need to be migrated if the Azure AD PowerShell module is going to go away.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

Answer accepted by question author

Cristian SPIRIDON 4,486 Reputation points Volunteer Moderator
2022-05-22T18:49:20.207+00:00

Hi,

The powershell module is deprecated but Graph is not an alternative for rotating AZUREADSSO kerberos key because Graph is taking only to Azure AD and not to onprem servers.

From what I see on different blogs you might not need the full powershell module from msft docs but only AzureADSSO.psd1:

https://www.korkscrewgaming.com/roll-over-kerberos-decryption-key-for-seamless-sso-computer-account/

Hope this helps!

Was this answer helpful?

1 person found this answer helpful.
0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.