Important updates to AAD Connect

Wednesday, July 21, 2021

AAD Connect is used to synchronize Active Directory with Azure Active directory and is a critical component in a Exchange hybrid configuration. It's very important for admins to keep AAD Connect up-to-date with the latest build for security and feature enhancements.

Microsoft just released AAD Connect version, which includes a number of significant changes and new features. At top of the list is that AADC is no longer supported on Windows Server 2012 R2 or earlier. This is because the built-in database, LocalDB, is now using components from SQL Server 2019 which requires Windows Server 2016 or later.

If you're currently running AADC on Windows Server 2012 or Windows Server 2012 R2, auto upgrade will not happen, for obvious reasons.

Customers running AADC on earlier OS's will need to install a new copy of AADC on new Windows Server 2016 computer or later. I wrote a step-by-step walkthrough of that process here.

Other significant changes in this version include:

  • TLS 1.2 is enforced in this build. If TLS 1.2 is disabled in the OS, will you will see an error message when attempting to install AADConnect and the installation will not continue until you have enabled TLS 1.2.
  • Added two new cmdlets to the ADSyncTools module to enable or retrieve TLS 1.2 settings from the Windows Server:
    • Get-ADSyncToolsTls12
    • Set-ADSyncToolsTls12
  • You no longer need to be a Global Admin to install or manage AADC. The "Hybrid Identity Administrator" user role can now be used.
  • AAD now honors the "User must change password at next logon" flag when set in AD.
For a full list of the all the new features and big fixes visit Azure AD Connect: Version release history.

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.