question

skiphofmann-5016 avatar image
0 Votes"
skiphofmann-5016 asked ·

password hash sync locked AD accounts

Hello all

Thinking about moving from ADFS auth to password hash sync, however i would like to get an understanding how other companies are handling the below limitations of PHS ?

1.locked onprem not respected in Azure
2.password is expired not respected in Azure
3.restricted logon hours not respected in Azure
4.password is expired not respected in Azure

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
0 Votes"
michev answered ·

Instead of PHS, enable PTA+SSO. Not only it will address all the above concerns, but will give your users a seamless SSO experience similar to AD FS. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-migrate-adfs-pass-through-authentication

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

skiphofmann-5016 avatar image
0 Votes"
skiphofmann-5016 answered ·

I understand that, however i wanted to avoid all dependencies with onprem agents.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.