FAQs: Passwords & Replicated Accts, Guest Access to Azure Service, Deployment Status for Azure Stack Dev Kit

Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.

Read through the FAQ archives, or send him your questions via email.

In this group of FAQs we look at accounts replicated to Azure AD and some behaviors related to Azure AD replicated accounts.

Q. I am replicating accounts from AD to Azure AD however when the password expires in AD the user is not prompted to change via Azure AD, why?
Q. How can I enable an outside user to be granted access to resources in my Azure service?
Q. How can I check the deployment progress of Azure Stack Developer Kit?

———-

Q. I am replicating accounts from AD to Azure AD however when the password expires in AD the user is not prompted to change via Azure AD, why?
Dept – Azure

A. There are multiple ways to handle authentication in Azure AD. One option is to send a hash of the users on-premises AD password hash which is then used to locally authenticate the user logging on to Azure AD. In this scenario the synchronized passwords do not expire in the cloud. This means that even though the on-premises AD password has expired, if the user only ever users Azure AD the password will work indefinitely. If they try and authenticate to AD a password change will be forced and that new password would then be replicated to Azure AD.

If using ADFS or pass-through authentication (with password write-back enabled) then you will be prompted to change your password if the AD account password has expired).

Q. How can I enable an outside user to be granted access to resources in my Azure service?
Dept – Azure

A. Azure subscriptions are tied to Azure AD tenants which contain the accounts that are given access to various resources. If you have an outside user then you can leverage the Azure B2B/B2C (business to business, business to consumer) technologies which are really combined into a “guest” account. This enables you to invite an outside account into your Azure AD tenant who will then be able to be added to groups and given access to resources.

  1. Open up Azure Active Directory
  2. Open Users and Groups
  3. Select All users
  4. Click New Guest User
  5. Enter the email address and a short message and click Invite

That’s it!

Q. How can I check the deployment progress of Azure Stack Developer Kit?
Dept – Azure

A. There are logs created in C:CloudDeploymentLogs. There are three key files (with timestamps added to the end):

  • Script.<timestamp>.log – Details of the commands used to kick off the installation
  • Deployment.<timestamp>.log – Full detail of the entire installation including any errors (this is the most useful file)
  • summary.<timestamp>.xml – A status file showing current status of the deployment

This is a Security Bloggers Network syndicated blog post. Read the original at: Windows IT Pro 2017-10-13.