Skip to content

Commit 9c8e85c

Browse files
ktoliverktoliver
authored
Merge pull request #81847 from yoko-ms/patch-1
Add -UserPrincipalName parameter
2 parents 98415da + c4a411e commit 9c8e85c

File tree

1 file changed

+23
-3
lines changed

1 file changed

+23
-3
lines changed

articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -85,9 +85,6 @@ $domain = "contoso.corp.com"
8585
# Enter an Azure Active Directory global administrator username and password.
8686
$cloudCred = Get-Credential
8787
88-
If you have MFA enabled for Global administrator, Please remove "-Cloudcredential $cloudCred"
89-
you will see web-based popup and complete the U/P and MFA there
90-
9188
# Enter a domain administrator username and password.
9289
$domainCred = Get-Credential
9390
@@ -96,6 +93,29 @@ $domainCred = Get-Credential
9693
Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred -DomainCredential $domainCred
9794
```
9895

96+
> [!NOTE]
97+
> If your organization protects password-based sign-in and enforces modern authentication methods such as MFA, FIDO2, or Smart Card, you must use the "-UserPrincipalName" parameter with the User Principal Name of a Global administrator.
98+
> - Replace `contoso.corp.com` in the following example with your on-premises Active Directory domain name.
99+
> - Replace `[email protected]` in the following example with the User Principal Name of a Global administrator.
100+
101+
```powerShell
102+
Import-Module ".\AzureAdKerberos.psd1"
103+
104+
# Specify the on-premises Active Directory domain. A new Azure AD
105+
# Kerberos Server object will be created in this Active Directory domain.
106+
$domain = "contoso.corp.com"
107+
108+
# Enter a User Principal Name of Azure Active Directory global administrator
109+
$userPrincipalName = "[email protected]"
110+
111+
# Enter a domain administrator username and password.
112+
$domainCred = Get-Credential
113+
114+
# Create the new Azure AD Kerberos Server object in Active Directory
115+
# and then publish it to Azure Active Directory.
116+
Set-AzureADKerberosServer -Domain $domain -UserPrincipalName $userPrincipalName -DomainCredential $domainCred
117+
```
118+
99119
### Viewing and verifying the Azure AD Kerberos Server
100120

101121
You can view and verify the newly created Azure AD Kerberos Server using the following command:

0 commit comments

Comments
 (0)