Last week, Microsoft released Azure AD Connect version 1.1.819.0. This release of Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory.
SQL Server Express 2012 Service Pack 4
This release updates the SQL Server Express installation to SQL Server 2012 SP4, which, among others, provides fixes for several security vulnerabilities.
Sync Rule Processing
No longer do you have to de-apply outbound Join sync rules with no Join Condition in the scenario where the parent synchronization rule is no longer applicable.
Several accessibility fixes have been applied to the Synchronization Service Manager User Interface and the Sync Rules Editor.
AD Connector account error
When you use the Azure AD Connect Wizard you might receive an error when you create the Active Directory Connector account when Azure AD Connect is in a workgroup. This has been fixed.
display of the verification checkbox
On the Azure AD Sign-in page, the verification checkbox is now displayed whenever there is any mismatch in Active Directory domains and Azure AD verified domain names.
The auto upgrade state was incorrectly set in certain cases after auto upgrade of Azure AD Connect was attempted. This has been fixed in the PowerShell code.
The Azure AD Connect Wizard has been updated to include telemetry to capture previously missing information.
Change User Sign-In Improvements
The following changes have been made in the Azure AD Connect Wizard, when you use the Change user sign-in task to switch from Active Directory Federation Services (AD FS) to Pass-through Authentication (PTA) as the authentication method:
- The Pass-through Authentication Agent is installed on the Azure AD Connect server and the Pass-through Authentication feature is enabled, before we convert domain(s) from federated to managed.
- Users are no longer converted from federated to managed. Only domain(s) are converted.
AD FS Regex Improvement
The AD FS Multi Domain Regex was not correct when the user’s userPrincipalName attribute had ‘ special character. The Regex is updated to support special characters.
Configure source anchor messages
When using the Azure AD Connect Wizard, you might encounter several out of place “Configure source anchor attribute” messages when no settings have changed. This has been fixed.
Support for Dual Federation
The Azure AD Connect Wizard now supports Active Directory Federation Services (AD FS) in dual federation scenarios.
When you convert a managed domain to federated, the Active Directory Federation Services (AD FS) claims were not updated for an added domain. This has been fixed.
In this version, two additional AD FS claims were added to the federation trust created to support MFA scenarios.
Web App Proxy deployments
Fixed an issue where adding a Web Application Proxy would fail to use new certificate.
Auto-Uninstall of stale versions
When, during detection of installed packages, Azure AD Connect Setup finds stale DirSync, Azure AD Sync or Azure AD Connect products, the setup wizard will now attempt to uninstall these stale products.
Improved PTA Error messages
When you install the Pass-through Authentication (PTA) agent and it fails, the correct errors are now shown. The Error Message Mapping was incorrect.
Logging of Domain and OU Filtering
The logging of Domain and OU filtering selections was improved.
The “Configuration” container has been removed from the Domain OU Filtering page in the Azure AD Connect wizard.
Password Hash Sync Popup
The pop-up help text on the Optional Features page for Password Hash Sync has been changed, to correctly explain password hashes are synchronized and not plain passwords.
AD Account Privilege issue
An issue resolving a custom Sync Service Account which has no AD Read privileges, was fixed.
Synchronization engine installation
Now, when you install the Synchronization Engine, unnecessary legacy logic that occasionally would cause the Sync Engine install to fail, has been removed.
Synchronization Engine improvements
Three fixes were made to the synchronization engine:
- The scenario where a Connector Space object had an imported delete and Sync Rules attempt to re-provision the object, has been fixed.
- A help link has been added for the Online connectivity troubleshooting guide to the event log entry for an Import Error
- The memory usage of Sync Scheduler when enumerating Connectors was reduced
This release includes the public preview of the integration of PingFederate in Azure AD Connect. With this release organizations can easily and reliable configure their Azure Active Directory environment to leverage PingFederate as their federation provider.
New troubleshooting scenarios
Microsoft updated the Azure AD Connect Wizard Troubleshooting Utility, where organizations can now analyze more error scenarios, such as Linked Mailboxes and AD Dynamic Groups.
Device Writeback Management
Device Writeback configuration is now managed solely within the Azure AD Connect Wizard. There is no need to run PowerShell anymore to this purpose. The ADPrep.psm1 module has been deprecated.
New Tools PowerShell module
A new PowerShell Module called ADSyncTools.psm1 is added that can be used to troubleshoot SQL Connectivity issues. It also contains various other troubleshooting utilities.
Configure device options
A new additional task “Configure device options” has been added. You can use the task to configure Hybrid Azure AD Join and Device writeback.
This is version 1.1.819.0 of Azure AD Connect.
It was signed off on on May 4, 2018.
Azure AD Connect version 1,1.819.0 offers numerous fixes, that make your life as a Hybrid Identity admin more enjoyable.