Why AAD Connect auto upgrade doesn't always upgrade

Monday, November 16, 2020

Azure AD Connect is a crucial component used to sync user accounts and enable mailboxes on-premises to be migrated to Microsoft 365. Not only does it synchronize accounts from Active Directory to Azure Active Directory, it also is used to configure authentication, provides ways for you to filter objects to sync, enables Exchange hybrid, allows for self-service password reset, enables seamless single sign-on, and more.

AAD Connect receives regular updates that include bug and security fixes as well as feature enhancements. Updates are normally delivered using AAD Connect's auto upgrade feature which is normally enabled by default. You can easily check to see if auto upgrade is configured by running the following cmdlet from your AAD Connect computer:

Get-ADSyncAutoUpgrade

Auto upgrade may be disabled if your deployment is more complicated (i.e., if you're using SQL Server instead of localDB, etc.) or if your admin has manually disabled it.

If AAD Connect auto upgrade is enabled, you may assume that it will automatically upgrade your AADC instance whenever a new version is released. That's not always the case. Clarification about this was recently added to the Azure AD Connect: Version release history website:

To clarify the use of Auto Upgrade, it is meant to push all important updates and critical fixes to you. This is not necessarily the latest version because not all versions will require/include a fix to a critical security issue (just one example of many). An issue like that would be addressed with a new version provided via Auto Upgrade. If there are no such issues, there are no updates pushed out using Auto Upgrade, and in general if you are using the latest auto upgrade version you should be good. However, if you’d like all the latest features and updates, the best way to see if there are any is to check this page and install them as you see fit.

Please follow this link to read more about auto upgrade.

In other words, auto upgrade will only upgrade if your version of AAD Connect needs it. This is similar to the way that Microsoft Update only applies updates for roles and features that are installed in Windows.

If you still want to manually install the latest version, simply download it from the Microsoft Azure Active Directory Connect website and install it. The current version number is listed in the Details section.


No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.