Azure AD Connect version 1.1.819.0 offer numerous fixes and PingFederate support

Azure AD Connect

Last week, Microsoft released Azure AD Connect version 1.1.819.0. This release of Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory.

What’s Fixed

SQL Server Express 2012 Service Pack 4

This release updates the SQL Server Express installation to SQL Server 2012 SP4, which, among others, provides fixes for several security vulnerabilities.

Sync Rule Processing

No longer do you have to de-apply outbound Join sync rules with no Join Condition in the scenario where the parent synchronization rule is no longer applicable.

Accessibility

Several accessibility fixes have been applied to the Synchronization Service Manager User Interface and the Sync Rules Editor.

AD Connector account error

When you use the Azure AD Connect Wizard you might receive an error when you create the Active Directory Connector account when Azure AD Connect is in a workgroup. This has been fixed.

display of the verification checkbox

On the Azure AD Sign-in page, the verification checkbox is now displayed whenever there is any mismatch in Active Directory domains and Azure AD verified domain names.

Auto-Upgrade

The auto upgrade state was incorrectly set in certain cases after auto upgrade of Azure AD Connect was attempted. This has been fixed in the PowerShell code.

Telemetry

The Azure AD Connect Wizard has been updated to include telemetry to capture previously missing information.

Change User Sign-In Improvements

The following changes have been made in the Azure AD Connect Wizard, when you use the Change user sign-in task to switch from Active Directory Federation Services (AD FS) to Pass-through Authentication (PTA) as the authentication method:

  • The Pass-through Authentication Agent is installed on the Azure AD Connect server and the Pass-through Authentication feature is enabled, before we convert domain(s) from federated to managed.
  • Users are no longer converted from federated to managed. Only domain(s) are converted.

AD FS Regex Improvement

The AD FS Multi Domain Regex was not correct when the user’s userPrincipalName attribute had ‘ special character. The Regex is updated to support special characters.

Configure source anchor messages

When using the Azure AD Connect Wizard, you might encounter several out of place “Configure source anchor attribute” messages when no settings have changed. This has been fixed.

Support for Dual Federation

The Azure AD Connect Wizard now supports Active Directory Federation Services (AD FS) in dual federation scenarios.

Updating claims

When you convert a managed domain to federated, the Active Directory Federation Services (AD FS) claims were not updated for an added domain. This has been fixed.

updated claims

In this version, two additional AD FS claims were added to the federation trust created to support MFA scenarios.

Web App Proxy deployments

Fixed an issue where adding a Web Application Proxy would fail to use new certificate.

Auto-Uninstall of stale versions

When, during detection of installed packages, Azure AD Connect Setup finds stale DirSync, Azure AD Sync or Azure AD Connect products,  the setup wizard will now attempt to uninstall these stale products.

Improved PTA Error messages

When you install the Pass-through Authentication (PTA) agent and it fails, the correct errors are now shown. The Error Message Mapping was incorrect.

Logging of Domain and OU Filtering

The logging of Domain and OU filtering selections was improved.

Configuration Container

The “Configuration” container has been removed from the Domain OU Filtering page in the Azure AD Connect wizard.

Password Hash Sync Popup

The pop-up help text on the Optional Features page for Password Hash Sync has been changed, to correctly explain password hashes are synchronized and not plain passwords.

AD Account Privilege issue

An issue resolving a custom Sync Service Account which has no AD Read privileges, was fixed.

Synchronization engine installation

Now, when you install the Synchronization Engine, unnecessary legacy logic that occasionally would cause the Sync Engine install to fail, has been removed.

Synchronization Engine improvements

Three fixes were made to the synchronization engine:

  • The scenario where a Connector Space object had an imported delete and Sync Rules attempt to re-provision the object, has been fixed.
  • A help link has been added for the Online connectivity troubleshooting guide to the event log entry for an Import Error
  • The memory usage of Sync Scheduler when enumerating Connectors was reduced

What’s New

PingFederate Integration

This release includes the public preview of the integration of PingFederate in Azure AD Connect. With this release organizations can easily and reliable configure their Azure Active Directory environment to leverage PingFederate as their federation provider.

New troubleshooting scenarios

Microsoft updated the Azure AD Connect Wizard Troubleshooting Utility, where organizations can now analyze more error scenarios, such as Linked Mailboxes and AD Dynamic Groups.

Device Writeback Management

Device Writeback configuration is now managed solely within the Azure AD Connect Wizard. There is no need to run PowerShell anymore to this purpose. The ADPrep.psm1 module has been deprecated.

New Tools PowerShell module

A new PowerShell Module called ADSyncTools.psm1 is added that can be used to troubleshoot SQL Connectivity issues. It also contains various other troubleshooting utilities.

Configure device options

A new additional task “Configure device options” has been added. You can use the task to configure Hybrid Azure AD Join and Device writeback.

 

Version information

This is version 1.1.819.0 of Azure AD Connect.
It was signed off on on May 4, 2018.

Concluding

Azure AD Connect version 1,1.819.0 offers numerous fixes, that make your life as a Hybrid Identity admin more enjoyable.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.