问题描述
嗨
由于这种令人讨厌的行为,我们荣幸地再次修复了我们的测试环境.
Just had the honor to fix our test-environment one more time due to this nasty behavior.
MySetup :我的Azure Active Directory中有多个帐户(管理员,服务帐户).此Azure Active Directory启用了域服务,以便可以在Azure和域上托管的我们的虚拟机中使用此帐户 加入此域服务.其中一些帐户是服务帐户(即查询LDAP)或管理员帐户,以通过RDP访问计算机
MySetup: I have several accounts (administrators, service-accounts) in my Azure Active Directory. This Azure Active Directory has Domain Services enabled, so that this accounts can be used in our Virtual Machines, hosted on Azure and Domain Joined to excat this Domain Services. Some of the Accounts are service-accounts (i.e. to query the LDAP) or Administrator-Accounts to access the machines by RDP
问题:如果30天后最后一次更改密码,则每个帐户都会在域服务中被禁用.使用帐户登录仍然可以在MS提供的所有网络门户(即portal.office.com,portal.azure.com)上使用,但是帐户 在域服务中被禁用!服务无法再启动,RPD失败,Windows Integrated Web登录失败,....
The Issue: After 30 Days if the last password change, every accounts gets disabled in the Domain Services. Login with the accounts still works on all the web portals provided by MS (i.e. portal.office.com, portal.azure.com) but the accounts are disabled in the Domain Services! Services cant start anymore, RPD fails, Windows Integrated Web Logins fails,....
是的,我可以选择"PasswordNeverExpires"为所有这些帐户启用.实际上,有效期设置为90天.链接:> https://www.petri.com/reset -azure-active-目录用户密码设置永不过期
And yes i have the option "PasswordNeverExpires" enabled for all those accounts. In fact, the expiration is set to 90 days, anyway. Link: https://www.petri.com/reset-azure-active-directory-user-password-set-never-expire
这里也提到了此问题
期望:启用此"PasswordNeverExpires"时,对于PowerShell-Modules,在将用户从AAD同步到域服务环境时,应考虑此设置.
Expected: When enabling this "PasswordNeverExpires" with PowerShell-Modules, this setting should be considered when syncing the users from AAD to the Domain Services environment.
如果没有,则管理员必须每25天进行一次远程登录并更改每个服务帐户!同样适用于用户.显然,这是最重要的事情,我实际上是在为此而迁移到AWS解决方案的时候在考虑.如何启用预览 只能持续30天的功能?
If not, an administrator is forced to remote login, and change every service-account, every 25 days! Same applies for users. Thats a clear showstopper and I'm actually thinking in migrating to the AWS solution for this. How is it possible to enable a preview feature that lasts 30days only?
是否有解决方法?似乎我不是唯一遇到此问题的人
Is there a workaround for that? Seems that I'm not the only one having that issue
迈克尔
推荐答案
感谢您在此处发布.
我们目前正在对此进行研究,并会及时将结果通知您.
感谢您的耐心等候.
Thank you for posting in here.
We are currently researching on this and will keep you posted with the findings.
We appreciate your patience.
此致,
玛拉.
Regards,
Malar.
这篇关于即使将PasswordNeverExpires设置为true,帐户也会在Azure Active Directory域服务(AAD DS)中过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!