Ever since Microsoft announced the deprecation of Azure AD Connect version 1.x, many organizations have migrated to Azure AD Connect v2.x. However, one of the big features that have been missing from version 2.x is the ability to automatically upgrade to newer versions. Azure AD Connect v2.1.15.0 is the first v2.x that is announced with the following text:
Released for download, will be made available for auto-upgrade soon.
This means that soon Azure AD Connect admins will be able to enjoy automatic upgrades for Azure AD Connect. With v2.1.15.0 addressing another vulnerability, it means that the overall information security level of organizations utilizing Hybrid Identity is going up.
What's New
Other improvements in Azure AD Connect v2.1.15.0 include:
Removal of the Admin Agent
Microsoft has removed the public preview functionality for the Admin Agent from Azure AD Connect. Microsoft will not provide this functionality going forward. The Admin Agent was a new component of Azure AD Connect that can be installed on an Azure AD Connect server. It was used to collect specific data from your Active Directory environment that helps a Microsoft support engineer to troubleshoot issues in the context of a support case.
The Azure AD Connect Admin Agent is no longer part of the Azure AD Connect installation and cannot be used with Azure AD Connect versions 2.1.12.0 and newer.
New attributes
Microsoft added support for two new attributes:
- employeeOrgDataCostCenter
- employeeOrgDataDivision
Schema update
Microsoft added the CerificateUserIds attribute to the static schema for the Azure AD connector.
Ensuring log availability
The Azure Active Directory Connect configuration wizard will now abort if the permission to write to the event logs is missing.
Azure AD Connect Health for Azure AD Government
Microsoft updated the Azure AD Connect health endpoints to support the Azure AD for US government.
New PowerShell Cmdlets
Microsoft added two new PowerShell cmdlets:
- Get-ADSyncToolsDuplicateUsersSourceAnchor
- Set-ADSyncToolsDuplicateUsersSourceAnchor
These two PowerShell cmdlets can be used to fix bulk source anchor has changed errors. These errors may occur in bulk when a new Active Directory forest is added to Azure AD Connect's synchronization scope and it contains duplicate user objects. This happens due to the mismatch between msDsConsistencyGuid and ImmutableId attributes.
What's Fixed
Next to the functional changes described above, Microsoft applied the following fixes:
- Microsoft fixed a bug that prevented localDB upgrades in some locales.
- Microsoft fixed a bug to prevent database corruption when using localDB.
- Microsoft added timeout and size limit errors to the connection log.
- Microsoft fixed a bug where, if a child domain has a user object with the same name as a user object in the parent domain, that happens to be an enterprise admin, the group membership failed.
- Microsoft updated the expressions used in the In from AAD – Group SOAInAAD rule to limit the description attribute to 448 characters.
- Microsoft made a change to set extended rights for Unexpire Password for Password Reset.
- Microsoft modified the AD Connector upgrade to refresh the schema; Microsoft no longer shows constructed and non-replicated attributes in the Wizard during upgrade.
- Microsoft fixed a bug in ADSyncConfig functions ConvertFQDNtoDN and ConvertDNtoFQDN; If a user decides to set variables called $dn or $fqdn, these variables will no longer be used inside the script scope.
- Microsoft made the following Accessibility fixes:
- They fixed a bug where focus is lost during keyboard navigation on the Domain and OU Filtering page of the Azure Active Directory Configuration wizard.
- They updated the accessible name of Clear Runs drop down.
- Microsoft fixed a bug where the tooltip of the Help button is not accessible through keyboard if navigated with arrow keys.
- Microsoft fixed a bug where the underline of hyperlinks was missing on the Welcome page of the Azure Active Directory Configuration wizard.
- Microsoft fixed a bug in the Sync Service Manager's About dialog, where the Screen reader is not announcing the information about the data appearing under the About dialog box.
- Microsoft fixed a bug where the Management Agent (MA) Name was not mentioned in logs when an error occurred while validating the MA Name.
- Microsoft fixed several accessibility issues with the keyboard navigation and custom control type fixes. The Tooltip of the Help button is not collapsing by pressing the Esc key. There was an illogical keyboard focus on the radio buttons on the User Sign In page and there was an invalid control type on the help popups.
- Microsoft fixed a bug where an empty label was causing an accessibility error.
Version information
This is version 2.1.15.0 of Azure AD Connect.
This release in the 2.x branch for Azure AD Connect was made available for download as a 144 MB weighing AzureADConnect.msi on July 6th, 2022.
You can download the latest version of Azure AD Connect here.
Login