Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. With this integration users and organizations can take advantage of the following:
- Organizations can provide users with a common hybrid identity across on-premises or cloud-based services leveraging Windows Server Active Directory and then connecting to Azure Active Directory.
- Administrators can provide conditional access based on application resource, device and user identity, network location and multifactor authentication.
- Users can leverage their common identity through accounts in Azure AD to Office 365, Intune, SaaS apps and third-party applications.
- Developers can build applications that leverage the common identity model, integrating applications into Active Directory on-premises or Azure for cloud-based applications
Azure AD Connect makes this integration easy and simplifies the management of your on-premises and cloud identity infrastructure.
With this version of Azure AD Connect some customers may see some or all of their Windows devices disappear from Azure AD. This is not a cause for concern, as these device identities are not used by Azure AD during conditional access authorization. For more information see Understanding Azure AD Connect 1.4.xx.x device disappearance
New Features And Improvements
- New troubleshooting tooling helps troubleshoot “user not syncing”, “group not syncing” or “group member not syncing” scenarios.
- Add support for national clouds in AAD Connect troubleshooting script
- Customers should be informed that the deprecated WMI endpoints for MIIS_Service have now been removed. Any WMI operations should now be done via PS cmdlets.
- Security improvement by resetting constrained delegation on AZUREADSSOACC object
- When adding/editing a sync rule, if there are any attributes used in the rule that are in the connector schema but not added to the connector, the attributes automatically added to the connector. The same is true for the object type the rule affects. If anything is added to the connector, the connector will be marked for full import on the next sync cycle.
- Using an Enterprise or Domain admin as the connector account is no longer supported in new AAD Connect Deployments. Current AAD Connect deployments using an Enterprise or Domain admin as the connector account will not be affected by this release.
- In the Synchronization Manager a full sync is run on rule creation/edit/deletion. A popup will appear on any rule change notifying the user if full import or full sync is going to be run.
- Added mitigation steps for password errors to ‘connectors > properties > connectivity’ page
- Added a deprecation warning for the sync service manager on the connector properties page. This warning notifies the user that changes should be made through the AADC wizard.
- Added new error for issues with a user’s password policy.
- Prevent misconfiguration of group filtering by domain and OU filters. Group filtering will show an error when the domain/OU of the entered group is already filtered out and keep the user from moving forward until the issue is resolved.
- Users can no longer create a connector for Active Directory Domain Services or Windows Azure Active Directory in the old UI.
- Fixed accessibility of custom UI controls in the Sync Service Manager
- Enabled six federation management tasks for all sign-in methods in Azure AD Connect. (Previously, only the “Update AD FS SSL certificate” task was available for all sign-ins.)
- Added a warning when changing the sign-in method from federation to PHS or PTA that all Azure AD domains and users will be converted to managed authentication.
- Removed token-signing certificates from the “Reset Azure AD and AD FS trust” task and added a separate sub-task to update these certificates.
- Added a new federation management task called “Manage certificates” which has sub-tasks to update the SSL or token-signing certificates for the AD FS farm.
- Added a new federation management sub-task called “Specify primary server” which allows administrators to specify a new primary server for the AD FS farm.
- Added a new federation management task called “Manage servers” which has sub-tasks to deploy an AD FS server, deploy a Web Application Proxy server, and specify primary server.
- Added a new federation management task called “View federation configuration” that displays the current AD FS settings. (Because of this addition, AD FS settings have been removed from the “Review your solution” page.)
- Resolved sync error issue for the scenario where a user object taking over its corresponding contact object has a self-reference (e.g. user is their own manager).
- Help popups now show on keyboard focus.
- For Auto upgrade, if any conflicting app is running from 6 hours, kill it and continue with upgrade.
- Limit the number of attributes a customer can select to 100 per object when selecting directory extensions. This will prevent the error from occurring during export as Azure has a maximum of 100 extension attributes per object.
- Fixed a bug to make the AD Connectivity script more robust
- Fixed a bug to make AADConnect install on a machine using an existing Named Pipes WCF service more robust.
- Improved diagnostics and troubleshooting around group policies that do not allow the ADSync service to start when initially installed.
- Fixed a bug where display name for a Windows computer was written incorrectly.
- Fixed a bug where OS type for a Windows computer was written incorrectly.
- Fixed a bug where non-Windows 10 computers were syncing unexpectedly. Note that the effect of this change is that non-Windows-10 computers that were previously synced will now be deleted. This does not affect any features as the sync of Windows computers is only used for Hybrid Azure AD domain join, which only works for Windows-10 devices.
- Added several new (internal) cmdlets to the ADSync PowerShell module.
Download “Microsoft Azure Active Directory Connect” (Always The Latest Downloadable Version Only!)
**Be sure to check out our Free Active Directory Tools!