Blog Post

ITOps Talk Blog
8 MIN READ

Step-By-Step: Implementing Azure AD Password Protection On-Premises

Daniele De Angelis's avatar
Daniele De Angelis
Icon for Microsoft rankMicrosoft
May 23, 2019
I travel a lot in Italy, and many times I see multiple customers that are asking for the same requests. One request is the possibility to block some specific passwords in Active Directory. Unfortunat...
Updated Jun 07, 2019
Version 10.0
azure
Daniele De Angelis
Windows Server
Daniele De Angelis's avatar
Daniele De Angelis
Icon for Microsoft rankMicrosoft
Jun 07, 2019

Hi 3dinfo,

what I mean in this part:

================================

"It is not necessary that all the DCs are able to comunicate with the Azure AD Password Protection Proxy Server if you have a very complex Active Directory environments. You can configure a minimum of one DC per domain and the other DCs will take the new policy from the Sysvol replication. "

================================

Is that at least one DC per domain need to be able to comunicate with the Azure AD Password Protection Proxy Service to take the new Password policy, but for sure you need to install the DC Agent on all DC in the domain if you want to secure the domain.

 

I have change a little the article based on your question :)

==================================

It is not necessary that all the DCs are able to comunicate with the Azure AD Password Protection Proxy Server, if you have a very complex Active Directory environments, you can configure a minimum of one DC per domain to be able to connect to the AAD Password Protection Proxy Servers, and the other DCs will take the new policy from the Sysvol replication.

==================================

 

Many thanks for the question 3DInfo ;)