22 comments

Add a comment…

Sign in

prestine

Your name

Your email address

Check!

invalid email

(thinking…)

Reset

or sign in with

• 
• 

UserVoice password

Forgot password?

Create a password

I agree to the terms of service

Signed in as (Sign out)

Close

Close

Post comment Submitting...

• AdminAzure AD Team (Admin, Microsoft Azure) commented  ·  February 04, 2019 15:06  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Folks, I am sorry about the 'radio silence'. We left this open with no update for too long without communication. I sincerely apologize for this oversight.

  We made some significant changes to our plans in this area and Automation of Seamless SSO Kerberos decryption key rollover is now targeted for this summer. We will do an update to this thread in early April to update on our progress and get more specific on the date if possible.

  Keith

• NL commented  ·  February 03, 2019 15:10  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Can we please get an update on this one?

• David Meatty commented  ·  January 18, 2019 09:53  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Still nothing? I've found ways to do it with a Powershell scheduled task using an encrypted file to hold the password but it sill requires a service account with global admin on my tenant. Doing that with an account that has a non-expiring password is not something I want to do.

• Patrick Alphonso commented  ·  January 18, 2019 08:24  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Q1 2019 now, radio silence from MS on this. Any update???

• Anonymous commented  ·  January 09, 2019 00:26  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Already 2019, any update on this?

• Lee commented  ·  December 31, 2018 02:53  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Any update on this?

• D. van Boven commented  ·  December 27, 2018 06:52  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Is there any news regarding the Kerberos rollover?

• Josef Micka commented  ·  December 17, 2018 00:50  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  I also want to know what is that of this feature.
  Admin cannot every month manually roll over keys for all Azure connected domains, and storing credentials into scripts breaks security.

  If you want people to migrate to azure, you should not only provide seamless experience for end users, but also for administrators.

• MCS UK Infra commented  ·  December 14, 2018 09:11  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  is there any news on the kerberos rollover its getting tedious when it could ideally be automated

• Anonymous commented  ·  December 14, 2018 09:05  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Hi Azure AD Team,

  Any update on this?

• Patrick Elischer commented  ·  December 07, 2018 01:30  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  push, would be important..

• Brenton Crosby commented  ·  November 25, 2018 21:14  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Looking for an update on this please Azure AD Team!

• Anonymous commented  ·  November 20, 2018 01:26  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Hi, what's the latest update to this, has the key rollover process has been automated via Azure AD Connect or can this be done now via Azure AD portal?

• Anonymous commented  ·  October 18, 2018 08:07  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Any update?

• NL commented  ·  October 16, 2018 21:31  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Hi Azure AD Team, we're at the 3 month mark since your last post on this. Are we likely to see this feature in Azure AD portal soon?

• Alex Appleton commented  ·  August 10, 2018 12:07  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Please...

• Anonymous commented  ·  August 06, 2018 04:15  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Has this still not been fixed? Having to put Domain Admin credentials into a plain text file in order to automate this is deranged...

• chris commented  ·  August 03, 2018 03:33  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  It is possible to run this as a scheduled task

  #Connect to Azure and rollover SSO Decryption keys
  Import-Module 'C:\Program Files\Microsoft Azure Active Directory Connect\AzureADSSO.psd1'
  New-AzureADSSOAuthenticationContext -CloudCredentials $CloudCred

  #Report before
  Get-AzureADSSOStatus | Out-String -width 4096 | Out-File "C:\Scripts\AzureADSSOStatus\AzureADSSOStatus_Pre_$Date.txt"
  Get-AzureADSSOComputerAcccountInformation -OnPremCredentials $OnpremCred | Out-File "C:\Scripts\AzureADSSOStatus\AzureADSSOComputerAccountInfo_$Date.txt"

  #Rollover SSO Decryption keys
  Update-AzureADSSOForest -OnPremCredentials $OnpremCred

  #Report After
  Get-AzureADSSOStatus | Out-String -width 4096 | Out-File "C:\Scripts\AzureADSSOStatus\AzureADSSOStatus_Post_$Date.txt"

• Anonymous commented  ·  July 19, 2018 00:08  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Happy to hear you guys working on it :)

• Anonymous commented  ·  June 05, 2018 08:59  ·  Flag as inappropriateFlag as inappropriate  ·  Delete…

  Please include this process in Azure AD connect so we can avoid using plaintext credentials in scripts.