question

EnterpriseArchitect avatar image
1 Vote"
EnterpriseArchitect asked

Excluding specific Service Accounts OU when enabling the Azure AD Password Protection DC Agent Enforce policy ?

May I know what will be the impact when enabling the Azure AD Password Protection DC Agent using https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations#enable-on-premises-password-protection ?


I assume it must be installed in all Domain Controllers in the forest except RODC, not just ones with the FSMO role.

How to exclude specific Service Accounts OU?

I do not want to cause any outage or service account disturbance when I enable the mode to Enforce.


azure-active-directorywindows-active-directoryazure-ad-domain-servicesazure-ad-hybrid-identityazure-ad-identity-governance
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers