Blog Post

ITOps Talk Blog
8 MIN READ

Step-By-Step: Implementing Azure AD Password Protection On-Premises

Daniele De Angelis's avatar
Daniele De Angelis
Icon for Microsoft rankMicrosoft
May 23, 2019
I travel a lot in Italy, and many times I see multiple customers that are asking for the same requests. One request is the possibility to block some specific passwords in Active Directory. Unfortunat...
Updated Jun 07, 2019
Version 10.0
azure
Daniele De Angelis
Windows Server
Eric Bridié's avatar
Eric Bridié
Copper Contributor
Jun 28, 2022

All,

 

We have an Tiered AD environment and implementing the “Azure AD Password Protection for Active Directory Domain Services”. For this to work we need to install the “Azure AD Password Protection Proxy service”. The Microsoft documentation stated”:

 

All the services of the Azure AD Password Protection (Proxy Service and DC Agent) do not require any specific user to work, they use the  LOCAL SYSTEM account, but you will need a Global Admin of your tenant and a Domain Admins to register the Proxy Services and the Forest, but only one time.

So the question is:

Do we really need the domain administrator permissions to get the proxy services to work or is there a possibility to get this server configured with delegated permissions so we can position this proxy server in Tier 1?

 

Thanks in advanced,

Eric