You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-ad-ds-update-password.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,16 +1,16 @@
1
1
---
2
-
title: Update password for an AD DS storage account identity
2
+
title: Update Password for an AD DS Storage Account Identity
3
3
description: Learn how to update the password of the Active Directory Domain Services (AD DS) identity that represents your storage account.
4
4
author: khdownie
5
5
ms.service: azure-file-storage
6
6
ms.topic: how-to
7
7
ms.date: 11/08/2024
8
8
ms.author: kendownie
9
-
recommendations: false
10
-
# Customer intent: As a storage account administrator, I want to update the Active Directory Domain Services identity password for my storage account, so that I can maintain Kerberos authentication and ensure uninterrupted access to Azure file shares.
9
+
# Customer intent: As a storage administrator, I want to update the password of the Active Directory Domain Services identity that represents my storage account, so that I can maintain Kerberos authentication and ensure uninterrupted access to Azure file shares.
11
10
---
12
11
13
12
# Update the password of your storage account identity in AD DS
13
+
14
14
When you domain join your storage account in your Active Directory Domain Services (AD DS), you create an AD principal, either a computer account or service account, with a password. The password of the AD principal is one of the Kerberos keys of the storage account. Depending on the password policy of the organization unit of the AD principal, you must periodically rotate the password of the AD principal to avoid authentication issues. Failing to change the password before it expires could result in losing Kerberos authentication to your Azure file shares. Some AD environments may also delete AD principals with expired passwords using an automated cleanup script.
15
15
16
16
Instead of periodically rotating the password, you can also place the AD principal that represents the storage account into an organizational unit that doesn't require password rotation.
@@ -34,7 +34,7 @@ There are two options for triggering password rotation. You can use the `AzFiles
34
34
## Option 1: Use AzFilesHybrid module
35
35
To regenerate and rotate the password of the AD principal that represents the storage account, use the `Update-AzStorageAccountADObjectPassword` cmdlet from the [AzFilesHybrid module](https://github.com/Azure-Samples/azure-files-samples/releases). To execute `Update-AzStorageAccountADObjectPassword`, you must:
36
36
37
-
- Run the cmdlet from a domainjoined client.
37
+
- Run the cmdlet from a domain-joined client.
38
38
- Have the owner permission on the storage account.
39
39
- Have AD DS permissions to change the password of the AD principal that represents the storage account.
40
40
@@ -59,7 +59,7 @@ If you don't want to download the `AzFilesHybrid` module, you can use [Active Di
59
59
Replace `<domain-object-identity>` in the following script with the appropriate value for your environment:
60
60
61
61
```powershell
62
-
$KeyName = "kerb1" # Could be either the first or second kerberos key, this script assumes we're refreshing the first
62
+
$KeyName = "kerb1" # Could be either the first or second Kerberos key, this script assumes we're refreshing the first
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments