In February 2016 a new build of the Azure AD Connect tool was released. This is build 18.104.22.168. Multiple features and enhancements were added, and some significant changes were made to Azure AD Connect.
The release history of Azure AD Sync and Azure AD Connect is available on azure.microsoft.com. DirSync is grounded in the years 2013/2014, we will leave that aside. The latest build of Azure AD Connect as of the time of writing was 22.214.171.124 which is the February 2016 release, which is what this post is based upon. The new features in the build include:
- Automatic upgrade feature for Express settings customers
- Support for the global admin using MFA and PIM in the installation wizard
- Allow changing the user's sign-in method after initial install
- Allow Domain and OU filtering in the installation wizard. This also allows connecting to forests where not all domains are available
- Scheduler is built-in to the sync engine
Features promoted from preview to GA:
New preview features:
The new default sync cycle interval is 30 minutes. This used to be 3 hours for all earlier releases. Adds support to change the scheduler behaviour.
In the TailspinToys Canada organization an earlier version of Azure AD Connect was installed. The starting version is 1.0.9131.0. This was deployed using the Express install which automatically installed SQL Express. The express option should meet the needs of most organisations, and for those where it does not, then the custom option will be the way to go.
The installed components can be retrieved by looking at Add/Remove Programs. This will show the installed version of Azure AD Connect.
Alternatively you can query the Uninstall registry key which is held below:
The process to complete the upgrade to the current version is shown below. Before we look go there, let’s look at the synchronisation process in the current version.
Current Scheduled Task Details
Build 1.0.9131.0 is the last version of Azure AD Connect to use the scheduled task to drive the synchronisation. The scheduled task can be see in the below screen shots, as indicated by the red arrow.
Zooming in shows the set schedule:
Note that the scheduled task is set to run every three hours. In this version of Azure AD Connect it is not supported to modify the frequency of the synchronisation scheduled task.
One of the new preview features in the February 2016 build, is modification of the synchronisation schedule.
Azure AD Connect Express Install Upgrade Screenshots
Start by reading the documentation. Once happy with the release notes, documentation and FAQ we then proceed with downloading the Azure AD Connect tool.
Ensure that there are no pending restart requirements on the server, and then launch the installer by double clicking the downloaded Azure AD Connect file. This should detect a previous version of Azure AD Connect is installed which launches the upgrade screens.
The installer has correctly detected that a previous build of Azure AD Connect is present, and it will be upgraded.
The synchronization settings will be migrated, but while the install process is running there will be no synchronization to Azure AD. AD DS account additions, account changes and changed passwords will not be synchronized until the Azure AD Connect installation has completed.
Clicking Upgrade will initiate the process. The Status bar will progress and display the current task.
Once the installed components have been upgraded, the configuration wizard is automatically launched. In order to configure, Azure AD Global Admin credentials are required.
These credentials are only used during the installation and will not be used after the installation has completed. It is used to create the Azure AD account used for synchronizing changes to Azure AD. The account will also enable sync as a feature in Azure AD. The contents of the help button are show below for reference:
Enter the required Global Admin credentials and click next. Then we need to connect on the on-premises AD. Then click next.
The express install requires enterprise administrator permissions. After entering those credentials we are now ready to upgrade the configuration. Note the check box.
It is highlighted in the below screen shot, as I have seen many overlook it as their eyes are drawn to the big shiny upgrade button at the bottom right.
The upgrade of the configuration then completes. Note that in the below screenshot the tool states that synchronization is currently disabled. This means that the new Scheduler which runs the sync process is NOT enabled, so there is no synchronization. This is not unique to Azure AD Connect, a similar thing happened with Azure AD Sync.
Azure AD Connect is now upgraded to 126.96.36.199. Let’s take a look at how the synchronisation process has changed.
Updated Sync Scheduler
Looking at Scheduled Tasks on the server, note that there is only a single task present after the upgrade to build 188.8.131.52.
A zoomed view is shown below, the task to run Azure AD Connect sycnronisation is no longer present.
As mentioned in the How To Run Manual DirSync / Azure Active Directory Sync / Azure AD Connect Updates post the method to initiate a manual synchronization has changed.
Note that there is no longer a DirectorySyncClientCmd tool present:
How do we manage the Sync Scheduler, and run manual synchronisations? The options are now back in PowerShell.
Running Get-ADSyncScheduler will show us the current sync options:
Note that the Azure AD Connect SyncCycleEnabled is set to $False.
The NextSyncCycleStartTimeInUTC has advanced between these two screen shots. This is even with the SyncCycleEnabled set to $False.
For reference the Azure AD Connect upgrade was performed at ~22:00 on the 22nd of February 2016 local time . This was ~04:00 on the 23rd February 2016 Zulu time.
We can look at the Synchronization Service Manager to see the last run time.
In the above screen shot, note that there have been no synchronisation attempts since 03:43 Zulu time on the 23rd February 2016. This is because the SyncCycleEnabled was set to $False. Looking in the Office 365 Portal we also see that there has been no synchronisation for 23 hours:
To enable the scheduler we execute:
Set-ADSyncScheduler -SyncCycleEnabled $True
Now that the SyncCycleEnabled is set to $True, synchronisation will be attempted at the prescribed time.
And lo! After waiting a short period of time, we then see that the sync cycle was initiated as expected: