Enabling Password Hash Sync in Hybrid environment

Ward Anderson 11 Reputation points
2021-02-24T18:21:16.98+00:00

I have a bunch of InTune built AzureAD joined laptops right now. I don't have the ability to do offline domain join because I don't have 2016/2019 DCs just yet. So! My issue is with WIA / Kerberos websites and applications not always working due to the lack of Kerberos tickets on these machines over VPN. Was looking at this link: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync

I'm wondering if anyone has run the script in the link and if there's any possible negative impact like me locking out a bunch of users or something.

Appreciate any and all responses, I'm just a bit nervous and needed another set of eyes on it.

Thanks!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,692 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danny Zollner 9,531 Reputation points Microsoft Employee
    2021-02-24T21:33:20.567+00:00

    The doc you linked describes enabling AAD Connect Password Hash Sync's feature to push additional information used by the feature Azure AD Domain Services. That doc isn't relevant to the scenario you outlined (Azure AD Joined laptops having WIA/Kerberos auth issues) in any way that I can tell.

    I unfortunately don't have any background on the actual issue you've described, but I'm pretty confident the solution you're looking at will not help.