Blog Post

ITOps Talk Blog
8 MIN READ

Step-By-Step: Implementing Azure AD Password Protection On-Premises

Daniele De Angelis's avatar
Daniele De Angelis
Icon for Microsoft rankMicrosoft
May 23, 2019
I travel a lot in Italy, and many times I see multiple customers that are asking for the same requests. One request is the possibility to block some specific passwords in Active Directory. Unfortunat...
Updated Jun 07, 2019
Version 10.0
azure
Daniele De Angelis
Windows Server
Daniele De Angelis's avatar
Daniele De Angelis
Icon for Microsoft rankMicrosoft
Jun 09, 2019

Hi gqcars

 

So if I understand well you don't have an HTTP proxy Server in your environment , so you don't need to change anything inside of the AzureADPasswordProtectionProxy.exe.config file, you need to modify this file only if you want that your Azure Ad Password Protection Proxy Service is able to go to the internet and reach Azure via an HTTP Proxy Server ;).

 

This event that you receive, came from the DC Agent:
============================================

One or more Azure AD Password Protection Proxy servers were found in the forest but this machine was unable to establish network connectivity to any of them.

============================================

This is due to a network connectivity issue from the DC Agent to the Azure AD Password Protection Proxy Service.

On your Proxy server you should be able to view this to inbound Windows Firewall rules::

This rules are automatically created by the installation of the Proxy Service, one is for the Endpoint Mapper on port 135 TCP, and the other is for the Dynamic Port Range by default from 49152 to 65535 TCP. If this two rules are enabled on the Windows Firewall you need to check if there is something else that act as a firewall (Example: firewall appliance on the network, or may be the Antivirus on the DC or on the Proxy).

 

I hope to help you ;)

Ciao :)