[German]A short note for the administrators’ weekend. On August 1, 2018, Microsoft released version V1.1.880.0 of its Microsoft Azure Active Directory Connect.
Azure AD Connect allows you to connect quickly to Azure AD and Office 365. Version V1.1.880.0 of Microsoft Azure Active Directory Connect is available here as 83.7 MB installation file AzureADConnect.msi.
Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. With this integration users and organizations can take advantage of the following:
- Organizations can provide users with a common hybrid identity across on-premises or cloud-based services leveraging Windows Server Active Directory and then connecting to Azure Active Directory.
- Administrators can provide conditional access based on application resource, device and user identity, network location and multifactor authentication.
- Users can leverage their common identity through accounts in Azure AD to Office 365, Intune, SaaS apps and third-party applications.
- Developers can build applications that leverage the common identity model, integrating applications into Active Directory on-premises or Azure for cloud-based applications
Azure AD Connect makes this integration easy and simplifies the management of your on-premises and cloud identity infrastructure. The following operating systems are supported: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
Addendum: The release history may be found here (see below). And I received the comments, that the high CPU spikes caused by .NET Framework 4.6.2 July 2018 updates are solved.
New features and improvements
- The Ping Federate integration in Azure AD Connect is now available for General Availability. Learn more about how to federated Azure AD with Ping Federate
- Azure AD Connect now creates the backup of Azure AD trust in AD FS every time an update is made and stores it in a separate file for easy restore if required. Learn more about the new functionality and Azure AD trust management in Azure AD Connect .
- New troubleshooting tooling helps troubleshoot changing primary email address and hiding account from global address list
- Azure AD Connect was updated to include the latest SQL Server 2012 Native Client
- When you switch user sign-in to Password Hash Synchronization or Pass-through Authentication in the “Change user sign-in” task, the Seamless Single Sign-On checkbox is enabled by default.
- Added support for Windows Server Essentials 2019
- The Azure AD Connect Health agent was updated to the latest version 22.214.171.124
- During an upgrade, if the installer detects changes to the default sync rules, the admin is prompted with a warning before overwriting the modified rules. This will allow the user to take corrective actions and resume later. Old Behavior: If there was any modified out-of-box rule then manual upgrade was overwriting those rules without giving any warning to the user and sync scheduler was disabled without informing user. New Behavior: User will be prompted with warning before overwriting the modified out-of-box sync rules. User will have choice to stop the upgrade process and resume later after taking corrective action.
- Provide a better handling of a FIPS compliance issue, providing an error message for MD5 hash generation in a FIPS compliant environment and a link to documentation that provides a work around for this issue.
- UI update to improve federation tasks in the wizard, which are now under a separate sub group for federation.
- All federation additional tasks are now grouped under a single sub-menu for ease of use.
- A new revamped ADSyncConfig Posh Module (AdSyncConfig.psm1) with new AD Permissions functions moved from the old ADSyncPrep.psm1 (which may be deprecated shortly)
- Fixed a bug where the AAD Connect server would show high CPU usage after upgrading to .Net 4.7.2
- Fixed a bug that would intermittently produce an error message for an auto-resolved SQL deadlock issue
- Fixed several accessibility issues for the Sync Rules Editor and the Sync Service Manager
- Fixed a bug where Azure AD Connect can not get registry setting information
- Fixed a bug that created issues when the user goes forward/back in the wizard
- Fixed a bug to prevent an error happening due to incorrect multi thread handing in the wizard
- When Group Sync Filtering page encounters an LDAP error when resolving security groups, Azure AD Connect now returns the exception with full fidelity. The root cause for the referral exception is still unknown and will be addressed by a different bug.
- Fixed a bug where permissions for STK and NGC keys (msDS-KeyCredentialLink attribute on User/Device objects for WHfB) were not correctly set.
- Fixed a bug where ‘Set-ADSyncRestrictedPermissions’ was not called correctly
- Adding support for permission granting on Group Writeback in AADConnect’s installation wizard
- When changing sign in method from Password Hash Sync to AD FS, Password Hash Sync was not disabled.
- Added verification for IPv6 addresses in AD FS configuration
- Updated the notification message to inform that an existing configuration exists.
- Device writeback fails to detect container in untrusted forest. This has been updated to provide a better error message and a link to the appropriate documentation
- Deselecting an OU and then synchronization/writeback corresponding to that OU gives a generic sync error. This has been changed to create a more understandable error message.