Forum Discussion
Phillip_from_the_block
Jul 19, 2022Copper Contributor
AZURE AD Password Protection Requirements
As we prepare to install the Azure AD Password Protection DC Agent. We have three windows 2008 servers which are not compatible as per the notes below but we are building a 2016 DC. - Do we ...
Kidd_Ip
Oct 02, 2025MVP
The answer is Yes, to ensure consistent enforcement of password policies across your domain, you must install the Azure AD Password Protection DC Agent on every domain controller (DC):
• The DC Agent only validates passwords on the DC where it's installed.
• Windows clients don’t target specific DCs for password changes, so if a password change hits a DC without the agent, the policy won’t be enforced.
• Partial deployment is only recommended for testing, not production use.