We recently came across an issue where the client certificate for the Azure AD Passthrough Authentication Agent wasn’t being renewed automatically. I understand that it should be renewed about 30 days out, however this hadn’t happened and we were fast approaching expiry.

A simple way to renew the certificate manually is to jump onto the server where the passthrough agent is installed and run the following Powershell commands to re-register the agent with Azure AD. The agent status in Azure AD will momentarily change to Inactive, but will then become Active again. You’ll need to run the .ps1 script from the directory where the Passthrough Agent is installed, typically this is under C:\Program Files\.

You can probably achieve the same result by uninstalling and reinstalling the agent also, but I haven’t tried that method.

PS C:\Program Files\Microsoft Azure AD Connect Authentication Agent>

$User = '<Insert Global Administrator Username Here>'

$PlainPassword = '<Insert Global Administrator Password Here>'

$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force

$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $SecurePassword

.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft Azure AD Connect Authentication Agent\Modules\" -moduleName "PassthroughAuthPSModule" -Authenticationmode Credentials -Usercredentials $cred -Feature PassthroughAuthentication