New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REOPEN: Question about how many times you should run Update-AzureADSSOForest in a given timespan #701
Comments
@withersravenel |
@withersravenel |
The instructions on how to roll over the Kerberos decryption key states: |
@withersravenel |
Well, I disagree. Your document could be improved by making sense. It says the way to roll over the key is to run the command Update-AzureADSSOForest at least every 30 days, then it says to not run that same Update-AzureADSSOForest command more than once. How can you run it every 30 days and also not run it more than once? |
@withersravenel @billmath |
In the section "How can I roll over the Kerberos decryption key of the
AZUREADSSO
computer account?" it states that "We highly recommend that you roll over the Kerberos decryption key at least every 30 days." but then at the bottom it states "Ensure that you don't run the Update-AzureADSSOForest command more than once per forest." Should that say don't run it more than once per forest every x days/hours, or does it really mean don't run it more than once ever? It sounded like we need to run "Update-AzureADSSOForest" at least every 30 days, but then it says not to run it more than once.Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: