Enabling Password Hash Sync in Hybrid environment

Ward Anderson 6 Reputation points

I have a bunch of InTune built AzureAD joined laptops right now. I don't have the ability to do offline domain join because I don't have 2016/2019 DCs just yet. So! My issue is with WIA / Kerberos websites and applications not always working due to the lack of Kerberos tickets on these machines over VPN. Was looking at this link: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync

I'm wondering if anyone has run the script in the link and if there's any possible negative impact like me locking out a bunch of users or something.

Appreciate any and all responses, I'm just a bit nervous and needed another set of eyes on it.


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,884 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Danny Zollner 7,016 Reputation points Microsoft Employee

    The doc you linked describes enabling AAD Connect Password Hash Sync's feature to push additional information used by the feature Azure AD Domain Services. That doc isn't relevant to the scenario you outlined (Azure AD Joined laptops having WIA/Kerberos auth issues) in any way that I can tell.

    I unfortunately don't have any background on the actual issue you've described, but I'm pretty confident the solution you're looking at will not help.