Hello @SenhorDolas ,
Thanks for reaching out.
You will need both domain administrator and global administrator credentials for the cmdlet below.
New-AzureADSSOAuthenticationContext -CloudCredentials $CloudCred
Azure AD Global Admin
Update-AzureADSSOForest -OnPremCredentials $OnpremCred
Domain Admin on-premises
If you are not a domain admin and you were assigned permissions (Read, Write, reset password ,update password on the computer object AZUREADSSOACC) by the domain admin, you should call
Update-AzureADSSOForest -OnPremCredentials $creds -PreserveCustomPermissionsOnDesktopSsoAccount .To learn more about How can I roll over the Kerberos decryption key of the
AZUREADSSO computer account.
Unfortunately, there's no email notification by default but you could use
Send-MailMessage PowerShell cmdlet to sent notification. For more information, refer.
Hope this helps.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.