You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: authentication
8
8
ms.topic: how-to
9
-
ms.date: 02/22/2021
9
+
ms.date: 02/22/2022
10
10
11
11
ms.author: justinha
12
12
author: justinha
@@ -25,7 +25,7 @@ Azure AD can issue Kerberos ticket-granting tickets (TGTs) for one or more of yo
25
25
26
26
An Azure AD Kerberos Server object is created in your on-premises Active Directory instance and then securely published to Azure Active Directory. The object isn't associated with any physical servers. It's simply a resource that can be used by Azure Active Directory to generate Kerberos TGTs for your Active Directory domain.
27
27
28
-
:::image type="Image" source="./media/howto-authentication-passwordless-on-premises/fido2-ticket-granting-ticket-exchange-process.png" alt-text="Diagram showing how to get a T G T from Azure AD and Active Directory Domain Services." lightbox="./media/howto-authentication-passwordless-on-premises/fido2-ticket-granting-ticket-exchange-process.png":::
28
+
:::image type="Image" source="./media/howto-authentication-passwordless-on-premises/fido2-ticket-granting-ticket-exchange-process.png" alt-text="Diagram showing how to get a TGT from Azure AD and Active Directory Domain Services." lightbox="./media/howto-authentication-passwordless-on-premises/fido2-ticket-granting-ticket-exchange-process.png":::
29
29
30
30
1. A user signs in to a Windows 10 device with an FIDO2 security key and authenticates to Azure AD.
31
31
1. Azure AD checks the directory for a Kerberos Server key that matches the user's on-premises Active Directory domain.
@@ -107,7 +107,7 @@ Run the following steps in each domain and forest in your organization that cont
107
107
$domain = "contoso.corp.com"
108
108
109
109
# Enter an Azure Active Directory global administrator username and password.
110
-
$cloudCred = Get-Credential -Message 'An Active Directory user who is a member of the Domain Admins group for a domain and a member of the Enterprise Admins group for a forest.'
110
+
$cloudCred = Get-Credential -Message 'An Active Directory user who is a member of the Global Administrators group for Azure AD.'
111
111
112
112
# Enter a domain administrator username and password.
113
113
$domainCred = Get-Credential -Message 'An Active Directory user who is a member of the Domain Admins group.'
0 commit comments