Azure-docs: How to deal with guest users (cloud users managed by other Azure ADs)

Created on 5 Mar 2019 · 5Comments · Source: MicrosoftDocs/azure-docs

Dear team, thanks for this awesome guide. I was wondering how cloud users managed by other Azure ADs (invited as guest) should deal with this. Company policies might enforce different rulesets or forbid changing the passwords, so that hash synchronization could be enabled in the newly created Azure AD DS. Any thoughts or recommendations? Best, erosinger

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 40de8209-c5b3-684c-05a7-1fb0082ae0f3
Version Independent ID: c28d51c8-65a8-68d6-2c2d-6b02a3fc9474
Content: Azure Active Directory Domain Services: Enable password hash synchronization
Content Source: articles/active-directory-domain-services/active-directory-ds-getting-started-password-sync.md
Service: active-directory
GitHub Login: @eringreenlee
Microsoft Alias: ergreenl

active-directorsvc cxp product-question triaged

Source

erosinger

All 5 comments

@erosinger
Thanks for your feedback! We will investigate and update as appropriate.

MarileeTurscak-MSFT on 6 Mar 2019

👍1

@erosinger Guest users who are invited using the B2B model cannot authenticate in Azure ADDS for the exact reasons you mentioned. This is documented here.

Can guest users invited to my directory use Azure AD Domain Services?
No. Guest users invited to your Azure AD directory using the Azure AD B2B invite process are synchronized into your Azure AD Domain Services managed domain. However, passwords for these users are not stored in your Azure AD directory. Therefore, Azure AD Domain Services has no way to sync NTLM and Kerberos hashes for these users into your managed domain. As a result, such users cannot log in to the managed domain or join computers to the managed domain.

Let me know if you have any further questions.

ManojReddy-MSFT on 6 Mar 2019

👍1

@erosinger I am checking in to see if the above answer was helpful. Let me know if you have any other questions.

ManojReddy-MSFT on 7 Mar 2019

👍1

@erosinger We have not heard from you in a while.We will now proceed to close this thread. If you have further questions, please tag me in the comments and I will gladly continue the conversation.

ManojReddy-MSFT on 11 Mar 2019

👍1

@ManojReddy-MSFT Thanks for your fast reply and explanation and sorry for the slow response on my end. I think this solved my question for now and it is understandable that this is not possible. Best regards

erosinger on 25 Mar 2019

Was this page helpful?

0 / 5 - 0 ratings