You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/connect/active-directory-aadconnect-pass-through-authentication-faq.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ ms.workload: identity
12
12
ms.tgt_pltfrm: na
13
13
ms.devlang: na
14
14
ms.topic: article
15
-
ms.date: 07/23/2018
15
+
ms.date: 09/24/2018
16
16
ms.component: hybrid
17
17
ms.author: billmath
18
18
---
@@ -43,25 +43,25 @@ Yes. Pass-through Authentication supports `Alternate ID` as the username when co
43
43
44
44
## Does password hash synchronization act as a fallback to Pass-through Authentication?
45
45
46
-
No. Pass-through Authentication _does not_ automatically failover to password hash synchronization. It only acts as a fallback for [scenarios that Pass-through Authentication doesn't support today](active-directory-aadconnect-pass-through-authentication-current-limitations.md#unsupported-scenarios). To avoid user sign-in failures, you should configure Pass-through Authentication for [high availability](active-directory-aadconnect-pass-through-authentication-quick-start.md#step-4-ensure-high-availability).
46
+
No. Pass-through Authentication _does not_ automatically failover to password hash synchronization. To avoid user sign-in failures, you should configure Pass-through Authentication for [high availability](active-directory-aadconnect-pass-through-authentication-quick-start.md#step-4-ensure-high-availability).
47
47
48
48
## Can I install an [Azure AD Application Proxy](../manage-apps/application-proxy.md) connector on the same server as a Pass-through Authentication Agent?
49
49
50
50
Yes. The rebranded versions of the Pass-through Authentication Agent, version 1.5.193.0 or later, support this configuration.
51
51
52
52
## What versions of Azure AD Connect and Pass-through Authentication Agent do you need?
53
53
54
-
For this feature to work, you need version 1.1.486.0 or later for Azure AD Connect and 1.5.58.0 or later for the Pass-through Authentication Agent. Install all the software on servers with Windows Server 2012 R2 or later.
54
+
For this feature to work, you need version 1.1.750.0 or later for Azure AD Connect and 1.5.193.0 or later for the Pass-through Authentication Agent. Install all the software on servers with Windows Server 2012 R2 or later.
55
55
56
56
## What happens if my user's password has expired and they try to sign in by using Pass-through Authentication?
57
57
58
-
If you have configured [password writeback](../user-help/active-directory-passwords-update-your-own-password.md) for a specific user, and if the user signs in by using Pass-through Authentication, they can change or reset their passwords. The passwords are written back to on-premises Active Directory as expected.
58
+
If you have configured [password writeback](../authentication/concept-sspr-writeback.md) for a specific user, and if the user signs in by using Pass-through Authentication, they can change or reset their passwords. The passwords are written back to on-premises Active Directory as expected.
59
59
60
60
If you have not configured password writeback for a specific user or if the user doesn't have a valid Azure AD license assigned, the user can't update their password in the cloud. They can't update their password, even if their password has expired. The user instead sees this message: "Your organization doesn't allow you to update your password on this site. Update it according to the method recommended by your organization, or ask your admin if you need help." The user or the administrator must reset their password in on-premises Active Directory.
61
61
62
62
## How does Pass-through Authentication protect you against brute-force password attacks?
63
63
64
-
Read [Azure Active Directory Pass-through Authentication: Smart Lockout](../authentication/howto-password-smart-lockout.md) for more information.
64
+
[Read information about Smart Lockout](../authentication/howto-password-smart-lockout.md).
65
65
66
66
## What do Pass-through Authentication Agents communicate over ports 80 and 443?
67
67
@@ -77,7 +77,7 @@ Yes. If Web Proxy Auto-Discovery (WPAD) is enabled in your on-premises environme
77
77
78
78
## Can I install two or more Pass-through Authentication Agents on the same server?
79
79
80
-
No, you can only install one Pass-through Authentication Agent on a single server. If you want to configure Pass-through Authentication for high availability, follow the instructions in [Azure Active Directory Pass-through Authentication: Quick start](active-directory-aadconnect-pass-through-authentication-quick-start.md#step-4-ensure-high-availability).
80
+
No, you can only install one Pass-through Authentication Agent on a single server. If you want to configure Pass-through Authentication for high availability, [follow the instructions here](active-directory-aadconnect-pass-through-authentication-quick-start.md#step-4-ensure-high-availability).
81
81
82
82
## How do I remove a Pass-through Authentication Agent?
0 commit comments