I have a bunch of InTune built AzureAD joined laptops right now. I don't have the ability to do offline domain join because I don't have 2016/2019 DCs just yet. So! My issue is with WIA / Kerberos websites and applications not always working due to the lack of Kerberos tickets on these machines over VPN. Was looking at this link: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync
I'm wondering if anyone has run the script in the link and if there's any possible negative impact like me locking out a bunch of users or something.
Appreciate any and all responses, I'm just a bit nervous and needed another set of eyes on it.
Thanks!