Roughly three months after the release of the last Azure AD Connect version, Microsoft released a security update to Azure AD Connect v2.x. to address a Denial of Service (DoS) vulnerability.
Microsoft recommends updating Azure AD Connect to v220.127.116.11 as soon as possible,
None of the Azure AD Connect v2.x releases are released for automatic upgrade. Manual upgrades are required to gain the new functionality and security levels once you're on the Azure AD Connect v2 path.
The upgrade to Azure AD Connect v18.104.22.168 triggers a full synchronization cycle, because synchronization rules have been modified.
Here's what's new in Azure AD Connect version v22.214.171.124:
Group writeback DN is now configurable
Microsoft added a configuration option to configure Group WriteBack with the display name of the synchronized group instead of the UUID.
Group WriteBack no longer requires the Exchange Schema
Microsoft removed the hard requirement for exchange schema when enabling Group WriteBack. This allows groups from Azure AD to be written back to Active Directory even when the Exchange Server schema extensions have not been added.
Azure AD Kerberos
For the recently announced Azure AD Kerberos functionality, the Azure AD Connect team extended the Windows PowerShell cmdlet to support custom top level names for trusted object creation and made a change to set the official brand name for the Azure AD Kerberos feature.
Here's what's fixed in Azure AD Connect version v126.96.36.199:
- Microsoft upgraded the version of the Microsoft.Data.OData package from v5.8.1 to v5.8.4 to address a Denial of Service (DoS) vulnerability
in the OData protocol (CVE-2018-8269). This vulnerability is due to improperly handling web requests.
- Microsoft made the Azure AD Connect wizard resizable to account for different zoom levels and screen resolutions and named elements to improve accessibility.
- Microsoft addressed an issue where miisserver.exe was crashing due to a null reference.
- Microsoft addressed an issue to ensure the seamless single sign-on (Desktop SSO) value persists after upgrading Azure AD Connect to a newer version.
- Microsoft modified the inetorgperson sync rules to fix an issue with account forests and resource forests.
- Microsoft fixed radio button test to display a link more link.
This is version 188.8.131.52 of Azure AD Connect.
This release in the 2.x branch for Azure AD Connect was made available for download as a 153 MB weighing AzureADConnect.msi on December 15, 2021.
You can download the latest version of Azure AD Connect here.