Excluding specific Service Accounts OU when enabling the Azure AD Password Protection DC Agent Enforce policy ?

EnterpriseArchitect 4,741 Reputation points
2021-10-20T05:24:43.907+00:00

May I know what will be the impact when enabling the Azure AD Password Protection DC Agent using https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations#enable-on-premises-password-protection ?

I assume it must be installed in all Domain Controllers in the forest except RODC, not just ones with the FSMO role.

How to exclude specific Service Accounts OU?

I do not want to cause any outage or service account disturbance when I enable the mode to Enforce.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,858 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments