Significant Improvements in Azure AD Connect

Wednesday, May 20, 2020

Microsoft just announced that the Azure AD Connect sync V2 endpoint API (public preview) is now available. This new endpoint improves the performance of synchronizations to Azure Active Directory, especially during the exports and imports that happen during sync.

Even though the new V2 endpoint is in public preview, customers can deploy this in their production environments.

For large enterprises, the new endpoint also supports syncing groups with up to 250K members. The previous limit for the V1 endpoint is 50K members. However it's important to know that the new endpoint doesn't have a configured group size limit for Office 365 groups that are written back to Active Directory. For this reason, Microsoft recommends increasing O365 groups incrementally if member size was previously a blocker for your org.

You will need to deploy Azure AD Connect version 1.5.30.0 or later to use the V2 endpoint. Microsoft recommends using a swing migration for deploying the V2 endpoint, where you deploy the V2 endpoint to your staging server, validate it, and then switch over to the staging server. Then you can update your main AAD Connect server to Azure AD Connect version 1.5.30.0. Read the full guidance here.

Switching to the new V2 endpoint is performed via PowerShell.
Set-ADSyncScheduler -SyncCycleEnabled $false
Import-Module 'C:\Program Files\Microsoft Azure AD Sync\Extensions\AADConnector.psm1'
Set-ADSyncAADConnectorExportApiVersion 2
Set-ADSyncAADConnectorImportApiVersion 2
Set-ADSyncScheduler -SyncCycleEnabled $true
 
If you have large groups you will need to manually reconfigure the Out to AAD – Group Join sync rule before re-enabling the sync scheduler. See the deployment guidance document for details.

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.