AD Connect Improvements
The eagle-eyed amongst you may have noticed a number of changes to the latest version of the AD Connect tool. These improvements continue to make the synchronisation of AD directory objects to Azure (and O365) easy to implement and manage. The latest version includes enhancements such as…
- Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly
- Support for automatic upgrades
- Ability to switch between sign-in methods through the wizard to enable faster pilots
- Support for Domain and OU filtering within the wizard
In addition, Microsoft have announced the General Availability the device write-back and schema extension support capabilities that have been in Preview until now.
Additional information on the improvements is shown here…
There are c onstant improvements being made to the Ad Connect service with each version. In this past this has required administrators to manually update Azure AD Connect to take advantage of these improvements. However, from now Azure AD Connect implementations that use ‘Express Settings’, will be capable of being auto-updated to future versions of the tool and benefit from improvements and new capabilities with no administrative intervention. Existing installations will need to update their Azure AD Connect server to this version of Azure AD Connect to benefit from this feature moving forward.
Reduced sync interval
By default, the sync frequency for AD Connec t was every 3 hours, although this could be adjusted within the Scheduled Tasks, this was never a ‘supported configuration’ from Microsoft. Reducing the sync interval has been a big requirement from clients who want to keep their AD and Azure AD directory data ‘in-sync’ more frequently. With this new release, Microsoft now support sync directory data every 30 minutes.
Additionally, you can configure the sync interval in a supported way. However, selecting a value lower than 30 minutes is not supported. For specific steps on how to do this, see the detailed documentation here.
It is recommended that all users who have administrative privileges have strong authentication configured. However, in the past the Azure AD Connect wizard did not natively integrate with the MFA flows in Azure AD. As a result, using an admin account with MFA was difficult. With this release, Azure AD Connect now leverages the Azure AD Authentication library (ADAL) and the Modern Authentication protocols that it supports, for sign-in to Azure AD. You can now specify an admin user that has MFA or PIM configured to connect to Azure AD.
Some environments need the ability to filter specific OUs and Domains when sync’ing the directory on-premises with Azure AD for a variety of reasons—either because some of these domains/OUs are temporarily unavailable or unreachable or because they don’t want certain users to sync to the cloud. This capability was not natively supported in the Azure AD Connect wizard before and required a post-install step outside of the Azure AD Connect wizard to configure. With this release, in the ‘customize’ path of the Azure AD Connect install, we now have the option to select domains and OUs which should be synchronized.
For example, in the picture above, the R&D domain in Fabrikam’s environment cannot be reached due to firewall restrictions. Since this is expected and they will not sync this domain with Azure AD, the installation can continue with this domain deselected.
Changing user’s sign-in method
In previous releases of Azure AD Connect, once a particular sign-in method was chosen at the time of install, you couldn’t change the chosen method through the wizard without a reinstallation. The ability to amend the installation to utilise Federation or Password Sync is valuable and makes the process of moving from ‘POC’ to Production Rollout a bit smoother.
It is now possible to change the method through the Azure AD Connect wizard. Just run the installation wizard again to change the sign-in option.
Where to Download
The latest version of AD Connect can be found here.
Alternatively, the full version history of Azure AD connect can be viewed and installed from here.