Last Friday, Microsoft released Azure AD Connect version 1.1.880.0. This release of Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.

What’s Fixed

SQL Deadlock Issue

The Azure AD Connect team fixed a bug that would intermittently produce an error message for an auto-resolved SQL deadlock issue.

Accessibility Issues

The Azure AD Connect team fixed several accessibility issues for the Sync Rules Editor and the Sync Service Manager.

Registry access issue

The Azure AD Connect team fixed a bug where Azure AD Connect can not get registry setting information.

Forward/Back Issue

The Azure AD Connect team fixed a bug that created issues when the user goes forward/back in the Azure AD Connect configuration wizard.

Multi-thread handling issue

The Azure AD Connect team fixed a bug to prevent an error happening due to incorrect multi-thread handing in the Azure AD Connect configuration wizard.

LDAP error resolving issue

When an admin encounters an LDAP error when resolving security groups on the Group Sync Filtering page, Azure AD Connect now returns the exception with full fidelity. The root cause for the referral exception is still unknown and will be addressed by squashing a different bug.

Windows Hello for Business Certificate Issue

The Azure AD Connect team fixed a bug where permissions for Next Generation Cryptography (NGC) and non-NGC keys were not correctly set on the msDS-KeyCredentialLink attribute on user and/or device objects for Windows Hello for Business.

Set-ADSyncRestrictedPermissions issue

The Azure AD Connect team fixed a bug where Azure AD Connect did not call the Set-ADSyncRestrictedPermissions Windows PowerShell Cmdlet correctly.

Support for permission granting on Group Write-back

The Azure AD Connect team added support for permission granting on the Group Writeback feature in Azure AD Connect's installation wizard.

Sign-in method from PHS to AD FS switching issue

Previously, when changing the sign-in method from Password Hash Synchronization (PHS) to Active Directory Federation Services (AD FS), Password Hash Sync was not disabled. Starting in Azure AD Connect version 1.1.880.0, switching the sign-in method disables PHS.

IPv6 Verification in AD FS configuration

When Azure AD Connect is used to manage Active Directory Federation Services (AD FS), proper DNS resolvement for the AD FS service name is conducted. Previously, only IPv4 addresses were verified against IPv4-based DNS servers. The Azure AD Connect team added verification for IPv6 addresses in AD FS configuration, so organizations that only utilize IPv6 are now able to use this functionality, too.

Updated error messages

The Azure AD Connect team updated the notification message to inform that an existing configuration exists in Azure AD Connect.

In multi-domain and multi-forest environments, one Organizational Unit (OU) needs to be picked by an admin in one of the domains for device write-back. When device write-back fails to detect the container in an untrusted forest, a better error message and a link to the appropriate documentation are shown.

Deselecting an OU and then synchronization/writeback corresponding to that OU gives a generic sync error. This has been changed to create a more understandable error message.

What’s New

PingFederate Integration is GA

The Ping Federate integration in Azure AD Connect is now available for General Availability (GA). Learn more about how to federated Azure AD with Ping Federate.

More resilient AD FS RPT Change logic

Azure AD Connect now creates a backup of the “Office 365 Identity Platform’ relying party tryst (RPT) in Active Directory Federation Services (AD FS), every time an update is made and stores it in a separate file for easy restore if required. Learn more about the new functionality and Azure AD trust management in Azure AD Connect.

New troubleshooting tooling

New troubleshooting tooling has been introduced to help troubleshoot changing primary email addresses and accounts hidden from the global address list (GAL).

SQL Server Native Client update

Azure AD Connect was updated to include the latest SQL Server 2012 Native Client.

Seamless Single Sign-On by Default

When an admin switches the  user sign-in method to Password Hash Synchronization (PHS) or Pass-through Authentication (PTA) in the "Change user sign-in" task, the Seamless Single Sign-On (S3O) checkbox is enabled by default.

Added support for Windows Server Essentials 2019

Azure AD Connect can now be installed on Windows Server Essentials 2019. This version of Windows Server 2019, aimed at Home offices and small business. Currently, there is no information available on this specific version of Windows Server 2019.
Windows Server 2019 is currently in Preview.

Azure AD Connect Health Agent 3.1.7.0

The Azure AD Connect Health agent that is installed by default with every Azure AD Connect installation is updated to version 3.1.7.0. This version corrects the race condition in the Azure AD Connect Health Sync Monitor service that caused 100% CPU on Azure AD Connect installations with the latest windows updates installed.

Version 3.1.7.0 Azure AD Connect Health Agent for AD FS and AD DS are also available as separate downloads to resolve identical issues on Web Application Proxies (WAPs), AD FS Servers and Domain Controllers that are monitored using Azure AD Connect Health.

More resilient modified Sync Rule overwrite logic

During an upgrade, if the Azure AD Connect installer detects changes to the default sync rules, the admin is prompted with a warning before overwriting the modified rules. This will allow the user to take corrective actions and resume later.

Previously if there was any modified out-of-box rule, then manual upgrade was overwriting those rules without giving any warning to the admin and the sync scheduler was disabled without informing user. Now, the admin will be prompted with a warning before overwriting the modified out-of-box sync rules. The admin will have the choice to stop the upgrade process and resume later after taking corrective action(s).

Error for MD5 Hash Generation in FIPS-compliant environments

Azure AD Connect now provides a better handling of a FIPS compliance issue, providing an error message for MD5 hash generation in a FIPS-compliant environments and a link to documentation that provides a work around for this issue.

Grouped Federation Tasks

All federation additional tasks are now grouped under a single sub-menu for ease of use.

ADSyncConfig PowerShell Module revamped

A new revamped ADSyncConfig Windows PowerShell Module (AdSyncConfig.psm1) is introduced in Azure AD Connect version 1.1.880.0, that now includes AD Permissions functions. These functions were moved from the old ADSyncPrep.psm1 Windows PowerShell module, which may be deprecated shortly.

Version information

This is version 1.1.880.0 of Azure AD Connect.
It was signed off on on July 20, 2018.

When will you get it?

This release is currently distributed to Azure AD Connect tenants that have enabled auto-upgrade. When sufficient auto-upgrade tenants have upgraded to eliminate the possibility of a bad Azure AD Connect version, Microsoft will release Azure AD Connect version 1.1.880.0 for general download here.

Concluding

Azure AD Connect version 1,1.880.0 offers numerous fixes, that make your life as a Hybrid Identity admin more enjoyable, including the 100% CPU issue with the Azure AD Connect Health Sync Monitor service. On a high note, PingFederate Support is now GA with this version.