Microsoft has released the latest version of Azure AD Connect last week which was long impending !
Azure AD Connect is the bridge that is used to synchronize identities (objects and their attributes) across on-premise and cloud environments by many organizations. However, every feature that is bundled in this release doesn’t target every audience. You can choose the ones that are most applicable to your organization’s environment.
Fixes this version carries:
- Fix the SQL reconnect logic for ADSync service
- Fix to allow clean Install using an empty SQL AOA DB
- Fix PS Permissions script to refine GWB permissions
- Fix VSS Errors with LocalDB
- Fix misleading error message when object type is not in scope
- Corrected an issue where installation of Azure AD PowerShell on a server could potentially cause an assembly conflict with Azure AD Connect.
- Fixed PHS bug on Staging Server when Connector Credentials are updated in the old UI.
- Fixed some memory leaks
- Miscellaneous Auto upgrade fixes
- Miscellaneous fixes to Export and Unconfirmed Import Processing
- Fixed a bug with handling a backslash in Domain and OU filtering
- Fixed an issue where ADSync service takes more than 2 minutes to stop and causes a problem at upgrade time.
New features and advancements (19 new stuff in one go !)
- Add support for Domain Refresh
- Exchange Mail Public Folders feature goes GA
- Improve wizard error handling for service failures
- Added warning link for old UI on connector properties page.
- The Unified Groups Writeback feature is now GA
- Improved SSPR error message when the DC is missing an LDAP control
- Added diagnostics for DCOM registry errors during install
- Improved tracing of PHS RPC errors
- Allow EA creds from a child domain
- Allow database name to be entered during install (default name ADSync)
- Upgrade to ADAL 3.19.8 to pick up a WS-Trust fix for Ping and add support for new Azure instances
- Modify Group Sync Rules to flow samAccountName, DomainNetbios and domainFQDN to cloud – needed for claims
- Modified Default Sync Rule Handling – read more here.
- Added a new agent running as a windows service. This agent, named “Admin Agent”, enables deeper remote diagnostics of the Azure AD Connect server to help Microsoft Engineers troubleshoot when you open a support case. This agent is not installed and enabled by default. For more information on how to install and enable the agent see What is the Azure AD Connect Admin Agent?.
Updated the End User License Agreement (EULA)
- Added auto upgrade support for deployments that use AD FS as their login type. This also removed the requirement of updating the AD FS Azure AD Relying Party Trust as part of the upgrade process.
- Added an Azure AD trust management task that provides two options: analyze/update trust and reset trust.
- Changed the AD FS Azure AD Relying Party trust behavior so that it always uses the -SupportMultipleDomain switch (includes trust and Azure AD domain updates).
- Changed the install new AD FS farm behavior so that it requires a .pfx certificate by removing the option of using a pre-installed certificate.
- Updated the install new AD FS farm workflow so that it only allows deploying 1 AD FS and 1 WAP server. All additional servers will be done after initial installation.
If you plan to upgrade, the following resources should be your first reads.