Last Friday, Microsoft has released version 1.1.486.0 of its free Hybrid Identity bridge software product: Azure AD Connect.
Together with the changes of the short-lived 1.1.484.0 version of this tool, many admins should get big smiles on their faces from the many enhancements made
What’s New
Azure AD Connect sync
Azure AD Connect Sync now supports the use of a Virtual Service Account, Managed Service Account (MSA) and Group Managed Service Account (gMSA) as its service account.
Note:
This applies to new installation of Azure AD Connect only.
Previously, if you upgrade to a new build of Azure AD Connect containing connectors update or sync rule changes, Azure AD Connect would trigger a full sync cycle. Now, Azure AD Connect selectively triggers the Full Import step only for connectors with updates, and the Full Synchronization step only for connectors with sync rule changes.
Previously, the Export Deletion Threshold only applied to exports that were triggered through the Sync Scheduler. Now, this feature is extended to include exports manually triggered using the Synchronization Service Manager.
On your Azure AD tenant, there is a service configuration which indicates whether Password Synchronization feature is enabled for your tenant or not. Previously, it was easy for the service configuration to be incorrectly configured by Azure AD Connect when you had an active and a staging server. Now, Azure AD Connect will attempt to keep the service configuration consistent with your active Azure AD Connect server only.
Azure AD Connect wizard now detects and returns a warning if your on-premises Active Directory Domain Services environment does not have AD Recycle Bin enabled.
Previously, Export to Azure AD timed out and failed if the combined size of the objects in the batch exceeds a certain threshold. Now, the Synchronization Service will reattempt to resend the objects in separate, smaller batches if this issue is encountered.
The Synchronization Service Key Management application has been removed from the Windows Start Screen. Management of encryption keys will continue to be supported through the command-line interface using miiskmu.exe. Previously, if you changed the Azure AD Connect sync service account password, the Synchronization Service would not be able start correctly, until you had abandoned the encryption key and reinitialized the Azure AD Connect sync service account password. Now, this is no longer required.
Desktop SSO
The Azure AD Connect wizard no longer requires port 9090 to be opened on the network when configuring Pass-through Authentication and Desktop Single Sign-On (SSO). Only port 443 is required.
Fixes
Azure AD Connect sync
The team fixed an issue where the Azure AD Connect Sync Scheduler skips the entire sync step if one or more connectors were missing a run profile for that sync step. For instance, you manually added a connector using the Synchronization Service Manager without creating a Delta Import run profile for it. This fix ensures that the sync scheduler continues to run Delta Import for other connectors.
The team fixed an issue where the Synchronization Service immediately stops processing a run profile when it encounters an issue with one of the run steps. This fix ensures that the Synchronization Service skips that run step and continues to process the rest. For instance, you have a Delta Import run profile for your Active Directory connector with multiple run steps (one for each on-premises Active Directory domain). The Synchronization Service will run Delta Import with the other Active Directory domains even if one of them has network connectivity issues.
The team fixed an issue that causes the Azure AD Connector update to be skipped during Automatic Upgrade.
The team fixed an issue that causes Azure AD Connect to incorrectly determine whether the server is an Active Directory Domain Controller during setup, which in turn causes a DirSync upgrade to fail.
The team fixed an issue that causes DirSync in-place upgrades to not create any run profiles for the Azure AD Connector.
The team fixed an issue where the Synchronization Service Manager user interface becomes unresponsive when trying to configure the Generic LDAP Connector.
AD FS management
The team fixed an issue where the Azure AD Connect wizard fails if the Active Directory Federation Services (AD FS) primary node has been moved to another server.
Desktop SSO
The team fixed an issue in the Azure AD Connect wizard where the Sign-In screen does not let you enable the Desktop SSO feature if you chose Password Synchronization as your Sign-In option for a new installation.
Version information
This is version 1.1.486.0 of Azure AD Connect.
It was signed off on on April 14, 2017.
Download information
You can download Azure AD Connect here.
The download weighs 78,3 MB.
Concluding
Upgrade your Azure AD Connect installation to version 1.1.486.0, not version 1.1.486.0, not version 1.1.484.0. If you have Automatic Upgrades enabled for your Azure AD Connect implementation with Express Settings, you might already be running version 1.1.486.0.
Enjoy all the enhancements, dear Järjestelmänvalvoja.
Further reading
Azure AD Connect v1.1.443.0 is here
Version 1.1.380.0 of Azure AD Connect fixes a bug in multi-domain scenarios
Azure AD Connect 1.1.371.0 offers PTA and S3O preview capabilities
Azure AD Connect version 1.1.343.0 with support for Windows and SQL Server 2016
Azure AD Connect version 1.1.281.0 has been released
Login