Azure AD Connect 1.1.105.0 is here

Four issues have been identified with the below version of Azure AD Connect.
Please upgrade to Azure AD Connect 1.1.110.0 instead of version 1.1.105.0. More information

 

This week, Microsoft released a new version of Azure AD Connect.

While the previously reported releases for Azure AD Connect were minor versions in the 1.0.9x branch, this version, dubbed the February 2016 release, is from baureihe 1.1.1y.

 

What’s New

This is the much anticipated big release of Azure AD Connect and it’s filled with quite some new features:

 

Automatic Upgrade

When you install Azure AD Connect and use the Default Settings, you can now benefit from the Automatic upgrade feature.

Just like Azure AD Connect Health was automatically enabled with the previous version of Azure AD Connect, the Automatic upgrade feature is enabled by default in the following situation:

  • Express settings installation
  • Using SQL Express LocalDB , which is what Express settings will always use
  • The AD account is the default MSOL_ account created by Express settings
  • Have less than 100,000 objects in the metaverse

 

MFA for the Global Admin account during first pass

Multi-factor Authentication (MFA) for accounts helps you keep them secure. Starting with this version you can use Azure Multi-factor Authentication (MFA) and Privileged Identity Management (PIM) for the Global Admin account that you specify during the installation wizard. Of course, you might need to open up some more outbound Internet traffic for the Windows Server running Azure AD Connect, to make this work in locked-down environments.

 

Domain and OU Filtering during first pass

While previous versions of Azure AD Connect allowed you to specify a group for which its direct members would synchronize between the on-premises Active Directory Domain Services environment(s) and Azure Active Directory, now you can optionally select Active Directory domains and Organizational Units (OUs) to synchronize (without needing to fiddle in the Sync Services management console):

Domain and OU filtering in Azure AD Connect version 1.1.105.0 (click for original screenshot, provided by Microsoft)

This also allows connecting to forests where not all domains are available.

 

Change the user’s sign-in method at second passes

With Azure AD Connect versions prior to this version, there was no way to change the way users sign-in from Azure AD Connect after the initial installation and configuration. To achieve this with previous versions, you needed to delete the entire configuration and start from scratch or from a modified export.

Now, when you run Azure AD Connect again, and thus enter the Second Pass mode, you can change the sign-in behavior for synchronized user accounts.

 

Scheduler is now part of the sync engine

Azure AD Connect installations in the 1.0.9.x branch, used task scheduler (and a local account) to kick off the synchronization run profiles for users and attributes (other than passwords) every 3 hours.

Starting with this version, Azure AD Connect’s sync services control the schedule. By default Azure AD Sync Services will now sync every 30 minutes.

A neat feature of the new scheduler is that you can now use Windows PowerShell to kick-off synchronization manually. We say goodbye to DirectorySyncClientCmd.exe.

 

Fixed Issues

Additionally, three issues were fixed with version 1.1.105.0:

  • The verify DNS domains page didn't always recognize the domains.
  • Prompts for domain admin credentials when configuring Active Directory Federation Services (AD FS) .
  • The on-premises AD accounts are not recognized by the installation wizard if located in a domain with a different DNS tree than the root domain.

 

Features out of preview

With version 1.1.1y of Azure AD Connect, the following two features of Azure AD Connect and Azure AD Sync Services are now out of preview:

 

Version information

This is version 1.1.105.0 of Azure AD Connect.

 

Concluding

If you feel your organization experiences some of the issues fixed with this release, you can download and in-place upgrade your Azure AD Connect implementation.

Of course, before implementing any new major version of a tool you rely on, make sure you can restore a backup of the situation you're replacing.

Further reading

Azure AD Connect 1.0.9131 is here
A new version of Azure AD Connect was released today
Ten things you should know about Azure AD Connect and Azure AD Sync Hashing Password hashes in Azure AD Connect and Sync per scenario

Posted on February 18, 2016 by Sander Berkouwer in Active Directory, Azure Active Directory, Tools I Use

3 Responses to Azure AD Connect 1.1.105.0 is here

  1.  

    Very good news.
    I have now updated my Azure AD Connect Version, and the Sync Process is stopped, because the Scheduled task is missing. And a manual created task is not possible the C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe is not available enymore.
    I have already repaired the installation with no success. Any ideas?

    from martin wüthrich February 25, 2016 at 12:27 PM
  2.  

    Hi Martin, you may have already figure this one out, but it's now all controlled from the Powershell module ADSync. To force a sync, you now run Start-ADSyncSyncCycle [delta/inital], to configure the internal you want Get/Set-ADSyncScheduler, and to enabled or disable auto upgrade you want, Get/Set-ADSyncAutoUpgrade [enable/disable]

    from Chris Colden June 14, 2016 at 12:23 PM

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.