Azure AD Connect Versions Overview and Release History

Azure AD Connect is a critical tool for synchronizing on-premises identities with Azure Active Directory. The first version of Azure AD Connect was released in 2014.

It was initially known as DirSync, but was later rebranded to Azure AD Connect in 2015. This change marked a significant shift towards a more modern and cloud-centric approach.

The initial release of Azure AD Connect in 2014 was a major improvement over its predecessor, DirSync, with features like password hash synchronization and pass-through authentication. These features allowed for more secure and efficient identity synchronization.

Azure AD Connect has continued to evolve over the years, with new features and improvements being added in each subsequent release.

Azure AD Connect Versions are supported for a limited time, and it's essential to keep them up to date to ensure security and utilize the latest features. Versions 2.2.8.0 and later have the attribute onPremisesObjectIdentifier added to the default sync rules.

You can determine the version of Azure AD Connect using PowerShell, even without direct access to the local servers. This can be done by installing the Azure AD PowerShell module and connecting to Azure AD using the Connect-AzureAD cmdlet.

Here are the end of support dates for some Azure AD Connect versions:

If you're using an older version, it's recommended to upgrade to the latest version as soon as possible to ensure you have the latest security fixes and performance improvements.

SQL related drivers shipped with Microsoft Entra Connect have been updated to OLE DB version 18.7.4.

We've seen significant improvements in the SQL drivers, making them more reliable and efficient.

The step Connect to Microsoft Entra ID in the Connect Sync Wizard will not require a password before redirecting you to the login page.

This change simplifies the login process, making it easier for users to connect to Microsoft Entra ID.

Updated Default Rule: "onPremisesObjectIdentifier" attribute added to the In from AD - User Account Enabled sync rule.

This update allows for more flexible and accurate syncing of user account information.

This registry key change will now allow you to set the precedence number for custom rules to be more than 100 if needed.

The updated registry key gives administrators more flexibility when creating custom rules.

Cmdlets in the ADSync PowerShell module that modify Microsoft Entra ID settings now require Microsoft Entra ID login.

This change enhances security by ensuring that only authorized users can modify Microsoft Entra ID settings.

Here are the key updated features for Microsoft Entra Connect:

Custom settings in Azure AD Connect are a powerful tool for administrators. With custom settings, you can connect one or multiple Active Directory domains and forests.

You can choose between three authentication methods: password hash sync, pass-through authentication, and Active Directory Federation Services (AD FS). This flexibility allows you to select the best approach for your organization's specific needs.

Custom settings also enable you to choose sync options like password reset write back and Exchange hybrid deployments. These features can greatly enhance the functionality of your Azure AD Connect setup.

Microsoft Entra Connect 1.x versions are unsupported and do not function, so customers using cloud sync or supported versions of Microsoft Entra Connect 2.x remain fully operational.

All versions of Microsoft Entra Connect 1.x are non-functional and synchronization does not work.

Microsoft Entra Connect 2.x versions retire 12 months from the date a newer version is released.

This policy went into effect on March 15, 2023.

Here's a list of retired versions with their end-of-support dates:

If you're running a retired version of Microsoft Entra Connect, it might stop working unexpectedly, and you might miss out on the latest security fixes, performance improvements, and troubleshooting tools.

Azure AD Connect version 1.1.880.0 was released in June 2017 and included a fix for a known issue with password hash synchronization. This version also improved the performance of the sync process.

This version supported password hash synchronization, pass-through authentication, and federation. It also included a new feature called "Azure AD Connect Health" which provided monitoring and troubleshooting capabilities.

In version 1.1.880.0, the password hash synchronization feature was improved to support larger environments. It also included a fix for an issue where the password hash synchronization process would sometimes fail.

Azure AD Connect version 1.1.880.0 required a restart of the Azure AD Sync service after installation.

In Azure AD Connect version 2.2.8.0, Microsoft has made some notable changes. The attribute onPremisesObjectIdentifier has been added to the default sync rules, which is a requirement for Microsoft Entra Cloud Sync's Group Provisioning to AD feature.

This addition is crucial for seamless integration with Microsoft Entra Cloud Sync. The minimum .NET runtime requirement has been increased to 4.7.1, which may impact existing installations.

Here are the key improvements and fixes in version 2.2.8.0:

In version 2.1.16.0, Azure AD Connect fixed a bug that caused autoupgrade to fail when the service account was in "UPN" format.

This bug fix is a significant improvement, especially for organizations that rely on Azure AD Connect for seamless integration with their services.

Here are some key details about this bug fix:

With this bug fixed, users can now upgrade their Azure AD Connect services without any issues related to the service account format.

The 1.6.16.0 version of Azure AD Connect is an update release intended for customers running older versions of Windows Server who can't upgrade to Windows Server 2016 or newer. This version includes SQL Server 2012 components and will be retired on August 31, 2022.

You shouldn't install this version on Windows Server 2016 or newer, as it will be unsupported after the retirement date. Upgrade your Server OS and Azure AD Connect version before August 31, 2022, to avoid any issues.

The group membership limit resets to 50,000 when you upgrade to this V1.6 build or any newer builds. You'll need to reapply the rule changes you made to increase the group membership limit to 250,000 before enabling sync for the server.

This version fixes a bug where the autoupgrade process failed on machines running older Windows OS versions (2008 or 2008 R2), which are no longer supported. Now, autoupgrade only attempts to upgrade machines running Windows Server 2012 or newer.

A fix was also included to resolve an issue where miisserver failed due to an access violation exception under certain conditions.

The 2.0.28.0 release of Microsoft Entra Connect is a maintenance update that requires Windows Server 2016 or newer.

This release is available for download, but not for autoupgrade, as noted on 9/30/2021.

We removed a download button for a PowerShell script on the Group Writeback Permissions page in the wizard, and instead added a Learn More link that directs users to an online article where the script can be found.

A bug was fixed where the wizard incorrectly blocked installation when the .NET version on the server was greater than 4.6 due to missing registry keys, which aren't required and shouldn't block installation.

A bug was also fixed where an error was thrown if phantom objects were found during the initialization of a sync step, which blocked the sync step or removed transient objects.

Phantom objects are placeholders for objects that aren't there or haven't been seen yet, such as a source object with a reference for a target object that isn't there.

A change was made to allow users to deselect objects and attributes from the inclusion list, even if they're in use, and now provides a warning instead of blocking the action.

Microsoft Entra Connect version 2.0.10.0 is a hotfix update release that requires Windows Server 2016 or newer. This hotfix addresses an issue present in version 2.0 and in Microsoft Entra Connect version 1.6.

This version of Microsoft Entra Connect fixes a bug that occurred when a domain was renamed and Password Hash Sync failed with an error that indicated "a specified cast isn't valid" in the Event log. This regression is from earlier builds.

If you're running Microsoft Entra Connect on an older Windows server, install the 1.6.13.0 build instead.

The installer for this version may display an error stating TLS 1.2 isn't enabled and stop the installation. This issue occurs because of an error in the code that verifies the registry setting for TLS 1.2.

To resolve this issue, follow the instructions to enable TLS 1.2 in TLS 1.2 enforcement for Microsoft Entra Connect.

This release is a security update for Microsoft Entra Connect. It's designed for customers running older versions of Windows Server who can't upgrade to Windows Server 2016 or newer.

You can't use this version to update a Microsoft Entra Connect V2.0 server. This version is intended for specific use cases.

The Microsoft Entra Connect Sync V2 endpoint API is now available in three Azure environments:

Microsoft Entra Connect 2.0.3.0 is a release that's all about stability and security. It's an important update that ensures the operation functionality of the service.

This release is not a new version, but rather a part of the quality-control process that Microsoft goes through before releasing a new version. You won't find any functional changes in this release.

If you're running an older version of Microsoft Entra Connect, you'll want to know that this release is not intended for updating a Microsoft Entra Connect V2.0 server. You'll need to stick with the version you're currently running.

Here are the Azure environments where the Microsoft Entra Connect Sync V2 endpoint API is now available:

It's worth noting that the non-functional Microsoft Entra Connect 1.x versions are still unsupported and synchronization does not function. If you're using cloud sync or a supported version of Microsoft Entra Connect 2.x, you're good to go.

The 1.6.4.0 release is a notable update that fixes a bug in the Microsoft Entra Connect Health feature. This feature wasn't working correctly after the upgrade to 1.6.2.4, which is why this patch is essential.

If you deployed build 1.6.2.4, you'll need to update your Microsoft Entra Connect server with the 1.6.4.0 build to register the Health feature correctly.

You can determine the version of Azure AD Connect using PowerShell, even without direct access to the local servers where Azure AD Connect is installed. This is possible by using the Azure AD PowerShell module to remotely query information about your Azure AD Connect installation.

The Azure AD PowerShell module needs to be installed on your local machine, which can be done by running the command `Install-Module -Name AzureAD` in PowerShell as an administrator.

You'll also need to connect to your Azure AD account using the command `Connect-AzureAD`.

To retrieve the Azure AD Connect version, you can use the `Get-AzureADConnectSyncConfiguration` cmdlet, which will display the version of Azure AD Connect that is currently configured. The relevant property to look for is `CurrentConnectorVersion`.

It's worth noting that the Azure AD PowerShell module focuses on Azure AD, and while it can provide information about Azure AD Connect, it might not provide as detailed information as querying the local server directly.