Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC

Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.

This is obviously not ideal. We currently having to perform the rollover task manually each month.

Please look at how this process could be improved for automation.

856 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

NL shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
started  ·  Azure AD Team responded  · 

Hi everyone,
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!

Jairo Cadena
Principal Program Manager
Microsoft Identity

Show previous admin responses (2)

132 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Marcelo commented  ·   ·  Flag as inappropriate

    What is the go with this? Cant believe it still in the Pipeline? waiting for what?

  • MARSOLIER Benoit commented  ·   ·  Flag as inappropriate

    Here is a part of my script i used each month on my AD Connect Server

    $log = "C:\Scripts\SSO-log.txt"
    Remove-Item $log -Force
    "Kerberos Key sync`n" |out-file $log
    #Credential
    $Cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList Domain\$DomainAdmin, (Get-Content $Pwd | ConvertTo-SecureString -Key (Get-Content $VarPath\onprem.key))
    $CredCloud = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $CloudAdmin, (Get-Content $PwdO365 | ConvertTo-SecureString -Key (Get-Content $VarPath\O365.key))

    #Connect to O365
    cd 'C:\Program Files\Microsoft Azure Active Directory Connect'
    Import-Module .\AzureADSSO.psd1
    New-AzureADSSOAuthenticationContext -CloudCredentials $CredCloud

    #Sync Keyberos Decryption Key
    Update-AzureADSSOForest -OnPremCredentials $cred

    #Check
    Get-AzureADSSOStatus | ConvertFrom-Json -OutVariable Out
    $Out |out-file $log -Append

  • Christian P. Gyssels commented  ·   ·  Flag as inappropriate

    COME ON MICROSFT - WE NEED A LITTLE AUTOMATION WITH THIS!!!!
    What's the ETA for this?
    Any Update? This is getting Embarrassing...

  • David Leppelmeier commented  ·   ·  Flag as inappropriate

    My luck, we had a monthly reminder setup to manually do this and the reminder expired.....so stinking busy no one thought of it without the reminder, until we started having session authentication problems..took three days to figure out this was the cause of our woes.
    COME ON MICROSFT - WE NEED A LITTLE AUTOMATION WITH THIS!!!! I think we've waited long enough for this, let's get a solution!!

  • Diego commented  ·   ·  Flag as inappropriate

    When will this feature be available? Changing something every month as a routine job is a bit annoying.

← Previous 1 3 4 5 6 7

Azure Active Directory: Azure AD Connect

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice