Reset ‘AZUREADSSOACC’ Password

Language: English

When configuring Seamless SSO, the computer account “AZUREADSSOACC” is created. For security reasons, the Kerberos encryption key for this account should be rolled over every 30 days.

Here is how.

Requirements before starting

• Check if you have access to the server where the Azure AD/Entra ID Connector is running
• Make sure that you have a enterprise admin(On-Prem) and Global Admin for Entra ID
  (Enterprise Admin can be removed after the change of password)

Procedure

1. Connect to the Entra ID Connecter service/server and open a PowerShell prompt.
2. Navigate to: “C:\Program Files\Microsoft Azure Active Directory Connect”
3. Then import the module named AzureADSSO.psd1 "Import-Module .\AzureADSSO.psd1"
4. Once imported connect to the entra id with this command: "New-AzureADSSOAuthenticationContext"
5. A prompt will now open up where you can input your Entra ID Global Admin and authenticate.
6. When you have authenticated you can for good measure write “Get-AzureADSSOStatus | ConvertFrom-Json” and this will give you a validation it works.

1. Then write “Update-AzureADSSOForest” a new prompt will appear write in the enterprise admin account with the full SamAccountName, so “DOMAIN\MyAdmin”
2. After this it will start updating the SSO computer account properties.
3. Also you can write the "Get-AzureADSSOStatus | ConvertFrom-Json" again to validate that it’s still successful.

To validate that the password has been updated you can connect to a Domain Controller or where you can run “Get-ADComputer AZUREADSSOACC -Properties * | FL Name, PasswordLastSet” to see that the password has been changed.