From 6b02e76dba358ea2b39bcafec7bd9ea487545491 Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Fri, 15 May 2020 13:21:19 -0700 Subject: [PATCH] LAB repro for Multiple domains with WHFB HKT sync LAB repro for Multiple domains with WHFB HKT sync account --- .../hello-hybrid-cert-whfb-settings-dir-sync.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 16c17aa3f9..b9c99d4bae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -21,7 +21,7 @@ ms.reviewer: **Applies to** - Windows 10, version 1703 or later - Hybrid deployment -- Certificate trust +- Key trust ## Directory Synchronization @@ -61,6 +61,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account. Click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. +Note: if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest. + ### Section Review > [!div class="checklist"]