You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/hybrid/how-to-connect-pta-faq.yml
+11-11Lines changed: 11 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -70,25 +70,25 @@ sections:
70
70
The updater service is healthy if it’s running and there are no errors recorded in the event log (Applications and Services logs -> Microsoft -> AzureADConnect-Agent -> Updater -> Admin).
71
71
72
72
73
-
Only major versions are released for auto-upgrade. We recommend updating your Agent manually only if it's necessary. For example, you cannot wait for a major release, because you must fix a known problem or you want to use a new feature. For more information on new releases, the type of the release (download, auto-upgrade), bug fixes and new features see, [Azure AD Pass-through Authentication agent: Version release history](./reference-connect-pta-version-history.md).
73
+
Only major versions are released for auto-upgrade. We recommend updating your Agent manually only if it's necessary. For example, you can't wait for a major release, because you must fix a known problem or you want to use a new feature. For more information on new releases, the type of the release (download, auto-upgrade), bug fixes and new features see, [Azure AD Pass-through Authentication agent: Version release history](./reference-connect-pta-version-history.md).
74
74
75
75
To manually upgrade a connector:
76
76
77
-
- Download the latest version of the Agent. (You find it under Azure AD connect Pass-through Authentication on the Azure portal. You can also find the link at Azure AD Pass-through Authentication: Version release history | Microsoft Docs..
78
-
- The installer restarts the Microsoft Azure AD Connect Authentication Agent services. In some cases, a server reboot is required if the installer cannot replace all files. Therefore we recommend closing all applications that is, Event Viewer before you start the upgrade.
79
-
- Run the installer. The upgrade process is quick and does not require providing any credentials and the Agent will not be re-registered.
77
+
- Download the latest version of the Agent. (You find it under Azure AD connect Pass-through Authentication on the Azure portal. You can also find the link at Azure AD Pass-through Authentication: Version release history | Microsoft Docs.
78
+
- The installer restarts the Microsoft Azure AD Connect Authentication Agent services. In some cases, a server reboot is required if the installer can't replace all files. Therefore we recommend closing all applications that is, Event Viewer before you start the upgrade.
79
+
- Run the installer. The upgrade process is quick and doesn't require providing any credentials and the Agent won't be re-registered.
80
80
81
81
- question: |
82
82
What happens if my user's password has expired and they try to sign in by using Pass-through Authentication?
83
83
answer: |
84
84
If you have configured [password writeback](../authentication/concept-sspr-writeback.md) for a specific user, and if the user signs in by using Pass-through Authentication, they can change or reset their passwords. The passwords are written back to on-premises Active Directory as expected.
85
85
86
-
If you have not configured password writeback for a specific user or if the user doesn't have a valid Azure AD license assigned, the user can't update their password in the cloud. They can't update their password, even if their password has expired. The user instead sees this message: "Your organization doesn't allow you to update your password on this site. Update it according to the method recommended by your organization, or ask your admin if you need help." The user or the administrator must reset their password in on-premises Active Directory.
86
+
If you haven't configured password writeback for a specific user or if the user doesn't have a valid Azure AD license assigned, the user can't update their password in the cloud. They can't update their password, even if their password has expired. The user instead sees this message: "Your organization doesn't allow you to update your password on this site. Update it according to the method recommended by your organization, or ask your admin if you need help." The user or the administrator must reset their password in on-premises Active Directory.
87
87
88
88
- question: |
89
89
The user logs on to Azure AD with credentials (username, password). In the meantime the user’s password expires, but the user can still access Azure AD resources. Why does this happen?
90
90
answer: |
91
-
The password expiry does not trigger the revocation of authentication tokens or cookies. Until the tokens or cookies are valid, the user is able to use them. This applies regardless of the authentication type (PTA, PHS and federated scenarios).
91
+
The password expiry doesn't trigger the revocation of authentication tokens or cookies. Until the tokens or cookies are valid, the user is able to use them. This applies regardless of the authentication type (PTA, PHS and federated scenarios).
92
92
93
93
For more details please check the documentation below:
94
94
[Microsoft identity platform access tokens - Microsoft identity platform | Microsoft Docs](../develop/access-tokens.md)
@@ -138,7 +138,7 @@ sections:
138
138
- question: |
139
139
Do I have to manually renew certificates used by Pass-through Authentication Agents?
140
140
answer: |
141
-
The communication between each Pass-through Authentication Agent and Azure AD is secured using certificate-based authentication. These [certificates are automatically renewed every few months by Azure AD](how-to-connect-pta-security-deep-dive.md#operational-security-of-the-authentication-agents). There is no need to manually renew these certificates. You can clean up older expired certificates as required.
141
+
The communication between each Pass-through Authentication Agent and Azure AD is secured using certificate-based authentication. These [certificates are automatically renewed every few months by Azure AD](how-to-connect-pta-security-deep-dive.md#operational-security-of-the-authentication-agents). There's no need to manually renew these certificates. You can clean up older expired certificates as required.
142
142
143
143
- question: |
144
144
How do I remove a Pass-through Authentication Agent?
@@ -150,7 +150,7 @@ sections:
150
150
- question: |
151
151
I already use AD FS to sign in to Azure AD. How do I switch it to Pass-through Authentication?
152
152
answer: |
153
-
If you are migrating from AD FS (or other federation technologies) to Pass-through Authentication, we highly recommend that you follow our [quickstart guide](how-to-connect-pta-quick-start.md).
153
+
If you're migrating from AD FS (or other federation technologies) to Pass-through Authentication, we highly recommend that you follow our [quickstart guide](how-to-connect-pta-quick-start.md).
154
154
155
155
- question: |
156
156
Can I use Pass-through Authentication in a multi-forest Active Directory environment?
@@ -160,12 +160,12 @@ sections:
160
160
- question: |
161
161
Does Pass-through Authentication provide load balancing across multiple Authentication Agents?
162
162
answer: |
163
-
No, installing multiple Pass-through Authentication Agents ensures only [high availability](how-to-connect-pta-quick-start.md#step-4-ensure-high-availability). It does not provide deterministic load balancing between the Authentication Agents. Any Authentication Agent (at random) can process a particular user sign-in request.
163
+
No, installing multiple Pass-through Authentication Agents ensures only [high availability](how-to-connect-pta-quick-start.md#step-4-ensure-high-availability). It doesn't provide deterministic load balancing between the Authentication Agents. Any Authentication Agent (at random) can process a particular user sign-in request.
164
164
165
165
- question: |
166
166
How many Pass-through Authentication Agents do I need to install?
167
167
answer: |
168
-
Installing multiple Pass-through Authentication Agents ensures [high availability](how-to-connect-pta-quick-start.md#step-4-ensure-high-availability). But, it does not provide deterministic load balancing between the Authentication Agents.
168
+
Installing multiple Pass-through Authentication Agents ensures [high availability](how-to-connect-pta-quick-start.md#step-4-ensure-high-availability). But, it doesn't provide deterministic load balancing between the Authentication Agents.
169
169
170
170
Consider the peak and average load of sign-in requests that you expect to see on your tenant. As a benchmark, a single Authentication Agent can handle 300 to 400 authentications per second on a standard 4-core CPU, 16-GB RAM server.
171
171
@@ -181,7 +181,7 @@ sections:
181
181
- question: |
182
182
Why do I need a cloud-only Global Administrator account to enable Pass-through Authentication?
183
183
answer: |
184
-
It is recommended that you enable or disable Pass-through Authentication using a cloud-only Global Administrator account. Learn about [adding a cloud-only Global Administrator account](../fundamentals/add-users-azure-active-directory.md). Doing it this way ensures that you don't get locked out of your tenant.
184
+
It's recommended that you enable or disable Pass-through Authentication using a cloud-only Global Administrator account. Learn about [adding a cloud-only Global Administrator account](../fundamentals/add-users-azure-active-directory.md). Doing it this way ensures that you don't get locked out of your tenant.
0 commit comments