You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Further clarification of pre-requisites and reducing ambiguity with a message prompt
Based on some research, it is important to use the correct user when it comes to the Active Directory User who is a member of the "Domain Admins" group for a domain and a member "Enterprise Admins" group for a forest.
A message prompt with appropriate description of the credential being prompted enhances the success rate by eliminating ambiguity.
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md
+6-3Lines changed: 6 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,10 @@ You must also meet the following system requirements:
52
52
- Your Windows Server domain controllers must have patches installed for the following servers:
53
53
-[Windows Server 2016](https://support.microsoft.com/help/4534307/windows-10-update-kb4534307)
54
54
-[Windows Server 2019](https://support.microsoft.com/help/4534321/windows-10-update-kb4534321)
55
-
55
+
- Credentials required to complete this :
56
+
- Active Directory User who is a member of the "Domain Admins" group for a domain and a member "Enterprise Admins" group for a forest. Referred to as $domainCred.
57
+
- Azure Active Directory User who is a member of the Global Administrators role. Referred to as $cloudCred.
58
+
56
59
### Supported scenarios
57
60
58
61
The scenario in this article supports SSO in both of the following instances:
@@ -108,10 +111,10 @@ Run the following steps in each domain and forest in your organization that cont
108
111
$domain = "contoso.corp.com"
109
112
110
113
# Enter an Azure Active Directory global administrator username and password.
111
-
$cloudCred = Get-Credential
114
+
$cloudCred = Get-Credential -Message 'Active Directory User who is a member of the "Domain Admins" group for a domain and a member "Enterprise Admins" group for a forest.'
112
115
113
116
# Enter a domain administrator username and password.
114
-
$domainCred = Get-Credential
117
+
$domainCred = Get-Credential -Message 'Active Directory User who is a member of the "Domain Admins" group.'
115
118
116
119
# Create the new Azure AD Kerberos Server object in Active Directory
0 commit comments