deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update hello-hybrid-cloud-kerberos-trust.md

Browse Source 
"Denied RODC Password Replication Group"
This commit is contained in:
Nagappan Veerappan 2023-05-16 10:34:43 -04:00 committed by GitHub
parent f62d2aa976
commit 33d698f652
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
View File

@ -36,6 +36,7 @@ When Azure AD Kerberos is enabled in an Active Directory domain, an *Azure AD Ke
- Appears as a Read Only Domain Controller (RODC) object, but isn't associated with any physical servers
- Is only used by Azure AD to generate TGTs for the Active Directory domain. The same rules and restrictions used for RODCs apply to the Azure AD Kerberos Server object
- For Example, if the users belongs to local AD built-in groups that is part of "Denied RODC Password Replication Group". they won't be able to use Cloud trust deployment.
:::image type="content" source="images/azuread-kerberos-object.png" alt-text="Active Directory Users and Computers console, showing the computer object representing the Azure AD Kerberos server ":::