传递身份验证 - 密码已过期通知 [英] Pass-through Authentication - Password expired notification

问题描述

您好，

我阅读了有关传递身份验证的文档，我对此技术提供的功能非常满意。

<但是我需要一个我在文档中看不到的功能。我解释了我的情况，我有一个连接到Azure AD的本地AD。来自本地AD，用户，密码和计算机的所有对象都将同步到Azure AD。

使用传递身份验证时，与本地设置的密码相关的策略将应用于在Azure AD上同步的用户帐户。

用户与集成到本地AD的计算机将收到有关其密码将过期的通知，必须更改。在这种情况下，用户必须与本地AD连接才能重置它，对吗？

如果计算机集成到Azure AD并且此计算机上打开了会话，会发生什么？本地用户AD帐号？系统会显示通知，用户可以重设密码吗？什么都不会发生？云服务将继续有效吗？

感谢您对此的帮助，因为我在Microsoft的文档中找不到回复。 

问候 

解决方案

嗨尼古拉斯，

如果启用了密码回写，用户也可以在云上更改密码。

https://docs.microsoft.com/en-us/azure/ active-directory / authentication / howto-sspr-writeback

如果未启用此选项，则用户需要连接到本地AD才能重置密码。

还有一个自助服务密码管理门户网站：

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept -sspr-howitworks

" 在集成到Azure AD和sessio的计算机的情况下会发生什么n在此计算机上打开本地用户AD帐户？将出现通知
，用户是否可以重置密码？什么都不会发生？云服务将继续有效吗？

不确定这个。也许其他人可以帮助你。

Hello,

I read documentation about pass through-authentication and I'm very happy about the features provide with this technology.

But I need a feature I don't see in the documentation. I explain my case, I have a local AD connected to Azure AD. All objects from local AD, User, password and computer are synced to Azure AD.

With pass through-authentication, policies related to password set locally will be applied to user account synced on Azure AD.

User with a computer integrated to local AD will receive a notification about his password will expire and must be changed. in this case, the user must have a connection to the local AD to reset it, right?

What happen in the case of a computer integrated to Azure AD and session open on this computer with a local user AD account? A notification will appear and user will be able to reset his password? nothing will happen? Cloud service will continue to work?

Thanks to help me on this point because I don't find yet reply in the Microsoft's documentation. 

Regards 

解决方案

Hi Nicolas,

User can change their password also on cloud if password write back is enabled.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback

If this option is not enabled then user need to have connection to local AD to be able to reset the password.

Also there is a self service password management portal:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

"What happen in the case of a computer integrated to Azure AD and session open on this computer with a local user AD account? A notification will appear and user will be able to reset his password? nothing will happen? Cloud service will continue to work?"

Not sure for this. Maybe someone else can help you.

这篇关于传递身份验证 - 密码已过期通知的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！