Azure AD Connect 1.1 – How to upgrade
Azure AD Connect 1.1 is out, now with much faster sync times and other cool new features. Read on to see how the upgrade works and why you should probably upgrade too.
UPDATE: You won't be able to run manual sync once you have upgraded. Read all about it here along with the solution - DirectorySyncClientCmd manual sync error Azure AD Connect Upgrade.
UPDATE 2: If you recently upgraded to version 1.1, make sure you have version 188.8.131.52, which was released on the 26th February. This fixes some bugs in the initial version. See resources section for links.
What is Azure AD Connect?
Azure AD Connect syncs account information from your on-premise Active Directory into the cloud. If you're still using the older Directory Synchronization (DirSync) tool, you really should look into Azure AD Connect.
Azure AD Connect is the tool to integrate your on-premises identity system such as Windows Server Active Directory with Azure Active Directory and connect your users to Office 365, Azure and 1000’s of SaaS applications.
Azure AD Connect 1.1
Microsoft announced Azure AD Connect 1.1 yesterday, with these new features
- Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly
- Support for automatic upgrades
- Ability to switch between sign-in methods through the wizard to enable faster pilots
- Support for Domain and OU filtering within the wizard
What stood out for me was the faster sync times. Up until now the shortest supported frequency was syncing every three hours, with Azure AD Connect 1.1 it's now 30 minutes.
The faster sync times are really welcome, as it means any changes you make on-premise will be reflected in the cloud that much sooner. When setting up new staff especially on Office 365, the faster sync will make a big difference.
How to Upgrade Azure AD Connect
I already have a recent version of AAD Connect installed, so an in-place upgrade is a breeze. See the resource section below for a link on how to upgrade from DirSync.
The setup recognizes this is an upgrade:
Then connect to Azure AD. I did have one issue with this, where I specified the username to connect to Azure AD, it said the account had an expired password.
After resetting the password and checking out this guidance 'Office 365 Service Accounts–How do I stop DIRSYNC from breaking every 90 days…' I continued.
Then upgrade is ready to go:
That was quick, after a few minutes the upgrade had completed successfully:
Check the frequency of Azure AD Connect
Now let's make sure we have that 30 minute sync schedule that's newly supported in this version. From your AAD Connect server run this PowerShell command
This reports back something like this:
After checking out what this means, it confirms we have the shorted permissible sync time
AllowedSyncCycleInterval: The most frequently Azure AD will allow synchronizations to occur. You cannot synchronize more frequently than this and still be supported.
CurrentlyEffectiveSyncCycleInterval: The schedule currently in effect. It will have the same value as CustomizedSyncInterval (if set) if it is not more frequent than AllowedSyncInterval. If you change CustomizedSyncCycleInterval, this will take effect after next synchronization cycle
Syncing with version 1.1 is now built-in to the sync engine rather than being external.
There are lots of other new features, support for Modern Authentication when specifying an MFA enabled admin account during installation, Domain/OU filtering and more. Check out the release history for lots more details.