question

JonMercer-8382 avatar image
0 Votes"
JonMercer-8382 asked sikumars commented

Microsoft Document Powershell Scripting Error?

In the article at https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-faq#how-can-i-roll-over-the-kerberos-decryption-key-of-the-azureadssoacc-computer-account under the section titled How can I roll over the Kerberos decryption key of the AZUREADSSO computer account? is this command.

Navigate to the $env:programfiles"\Microsoft Azure Active Directory Connect" folder. It is giving a paring error on the first quote that is after programfiles.

I already installed the AzureAD module, signed in, and all that fun stuff, using PS5 in admin mode, and this is done on the server running Azure AD Connect.

I get this. As you see if I go to the location normally it works, if I use the command listed in the document it fails. My question to them was there something wrong possibly with the coding.

175548-image.png

I put in a comment to the article mentioning this, and they sent me suggestions (see https://github.com/MicrosoftDocs/azure-docs/issues/88301) and then closed the case. They said if I have further questions to ask here (If you have further questions, I also recommend posting to Microsoft Q&A since this is more of a product question than documentation feedback. https://docs.microsoft.com/answers/topics/azure-active-directory.html?filter=unanswered), so here I am.


azure-active-directory
image.png (79.0 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

sikumars avatar image
0 Votes"
sikumars answered sikumars commented

Hello @JonMercer-8382,

Thanks for reaching out and apologies for the inconvenience caused by above issue.

I was receiving the same issue when I only called $env:programfiles"Microsoft Azure Active Directory Connect", but we should call it with the 'cd' cmdlet, for example, cd $env:programfiles"Microsoft Azure Active Directory Connect".

To avoid these concerns, I'm working with the content creator to update the same in our document. I hope this was helpful.

If you have any other questions, please let us know. Thank you for your time and patience throughout this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JonMercer-8382 avatar image JonMercer-8382 ·

Thank you, that was mostly what I was looking for. When they said well you can just do this, which was the cd, but they gave me the full path, and then closed my Github ticket, without actually fixing the documentation error, I was a bit irritated.

0 Votes 0 ·
sikumars avatar image sikumars JonMercer-8382 ·

Sorry about that, and again, I'm apologies for the inconvenience. I will post an update here once our documentation has been updated. Thanks.





0 Votes 0 ·
RichMatheisen-8856 avatar image
1 Vote"
RichMatheisen-8856 answered JonMercer-8382 commented

Try it this way:

 cd ($env:programfiles + "\Microsoft Azure Active Directory Connect")

But when the instructions said (in step 2) to "Navigate to the $env:programfiles"\Microsoft Azure Active Directory Connect" folder." it meant that you should make that folder your current directory. You'd already done that in the first line of code in your screenshot (using the CD cmdlet).

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JonMercer-8382 avatar image JonMercer-8382 ·

The part where I did the CD was something suggested by them, since they were thinking it was possible the folder didn't exist, which it did. They are though saying there is nothing wrong with what they are telling people to do, and I am thinking they are wrong, but not much I can do, since she closed the request right after sending me basically a link to the document I had commented on, an alternative option, and saying to come here. Not about checking to see if what is in the document worked for them or not. The instructions in the document are as so.

Step 1. Get list of AD forests where Seamless SSO has been enabled

  1. First, download, and install Azure AD PowerShell.

  2. Navigate to the $env:programfiles"\Microsoft Azure Active Directory Connect" folder.

  3. Import the Seamless SSO PowerShell module using this command: Import-Module .\AzureADSSO.psd1.

  4. Run PowerShell as an Administrator. In PowerShell, call New-AzureADSSOAuthenticationContext. This command should give you a popup to enter your tenant's Global Administrator credentials.

  5. Call Get-AzureADSSOStatus | ConvertFrom-Json. This command provides you the list of AD forests (look at the "Domains" list) on which this feature has been enabled.

Step 2. Update the Kerberos decryption key on each AD forest that it was set it up on

Call $creds = Get-Credential. When prompted, enter the Domain Administrator credentials for the intended AD forest.

0 Votes 0 ·