AZUREADSSOACC reported in multiple issues

[RobinMJD]

Hello, Is it normal to have the AZUREADSSOACC account reported in the following issues or are these false positives? S-DC-NotUpdated (Domain controller update) S-DCRegistration (Check if all DC are well registered) S-DC-Inactive (Check if all DC are active)

This AD object is created by Azure AD Connect and used for Azure Active Directory Seamless Single Sign-On.

Thanks in advance.

[An-dir]

Hi @RobinMJD, Could you figure out what Problem you had? Did you use at least Version 3.0.0.4? I can't reproduce your problem. AZUREADSSOACC doesn't make false positives for me. Does your AD object have:

• a lastlogontimestamp
• have a group membership other than default domain computers
• primary group membership other than "domaincomputer" (id 515)
• reside in a special OU
• have a special useraccountcontol value (suggested 4096 or 69632)
• the "OperatingSystem", "OperatingSystemVersion" are empty

[testman57]

Hello, I do happen to have the exact same case here.

• Lastlogontimestemp seems to be absent
• only member of Domain Computers (which is its primary group)
• resides in OU "Domain Controllers"
• useraccountcontrol is 0x11000 (WORKSTATION_TRUST_ACCOUNT, DONT_EXPIRE_PASSWD)
• OperatingSystem and OperatingSystemVersion are both empty
• password is changed automatically (last change 1st of September 2023)
• servicePrincipalName seems to contain a bunch of HTTP and RestrictedKrbHost principals related to the following Microsoft FQDNs: ( aadg.windows.net.nsatc.net, autologon.microsoftazuread-sso.com, autologon.prda.aadg.msidentity.com, www.tm.a.prd.aadg.akadns.net, www.tm.a.prd.aadg.trafficmanager.net)

In addition, there does not seem to be a special GUID in the CN and it seems to be related to Azure Active Directory Seamless Single Sign-On

The object is matching the S-DCRegistration (Check if all DC are well registered) and S-DC-Inactive (Check if all DC are active) rules only (not the Domain Controller Update)

It would help greatly if it could be correctly excluded from the checks !

Thanks for your attention,

[An-dir]

Why do you have it in the "Domain Controllers" OU? This is the reason for the "false positives"

[testman57]

Hi, Indeed we moved it away from this OU, and now it is much better! Thanks!