Roll over that Kerberos decryption key!

Microsoft recommends that you roll over the decryption key for your AZUREADSSO computer account at least every 30 days. Here's how to easily do so!

Head on over to the server that's running Azure AD Connect, and fire up a PowerShell window as an admin.

CD to the AAD Connect Program Files directory

cd 'C:\Program Files\Microsoft Azure Active Directory Connect\'

Import the AzureADSSO PowerShell module

Import-Module .\AzureADSSO.psd1

Run the following command, and log in with your Global Administrator account when prompted

New-AzureADSSOAuthenticationContext

Finally, run this one and when prompted, enter your on-prem domain admin credentials when prompted (with the domain name first, followed by a backslash)

Update-AzureADSSOForest

Head on over to this link, and in a few minutes you'll see the date update telling you that you've successfully done it!