Azure AD Pasword Protection

  • Last Post 05 March 2019
minwar posted this 21 January 2019

Has anyone had much experience with this yet?  I have installed a proxy and installed a DC agent on prem and have audit mode enabled on Azure config.  The forest and proxy registration seems to have been a success looking at the logs.  On the DC though I just see lots of Event ID 30001 (password accepted due to no policy available). 

Looking in the config partition the following container doesnt contain any child objects.....CN=Proxy Presence,CN=Azure AD Password Protection,CN=Services,CN=Configuration,DC=xxx,DC=xxx,DC=com

Should it? Any other pointers?


Order By: Standard | Newest | Votes
ZJORZ posted this 21 January 2019

Re-Register the proxy and forestThen restart the DC agent on some DC (suggested is the DC nearest to the proxy server) Check the SYSVOL for the policy files (in folder “<WHATEVER PATH>\Policies{4A9AB66B-4365-4C2A-996C-58ED9927332D}\AzureADPasswordProtection”) Met Vriendelijke Groeten / Cumprimentos / Kind Regards,Jorge de Almeida Pinto MVP Enterprise Mobility And Security | MCP/MCSE/MCITP/exMCTMVP Profile | Blog | Facebook | Twitter Description: Description: Description: Description: Think Green 


minwar posted this 05 March 2019

Thanks for the reply.  Battled away with this for while longer and after speaking to MS got a resolution.  For anyone looking into this in the future I had to..

• Create a file called proxyservice.exe.config as follows..  

  <defaultProxy enabled="true" useDefaultCredentials="true">
   <proxy bypassonlocal="true"
          proxyaddress="" />

• Save this file to the "C:\Program Files\Azure AD Password Protection Proxy\Service" folder.
• Restart the service on DC and Proxy.   Dont recall seeing this anywhere on the MS docs so will feed it back to them.