Streamline Your Azure AD Connect Setup with the Latest Update

The latest update to Azure AD Connect has made it easier to set up and manage your directory synchronization. This update includes a simplified installation process, reducing the time and effort required to get started.

One of the key features of the updated Azure AD Connect is the ability to use a single sign-on (SSO) configuration. This eliminates the need for multiple passwords and reduces the administrative burden.

The update also includes improved support for hybrid environments, allowing you to seamlessly integrate on-premises and cloud-based resources. This is particularly useful for organizations with a mix of on-premises and cloud-based infrastructure.

With the latest update, you can now easily configure Azure AD Connect to use a specific domain controller or forest. This gives you more control over the synchronization process and reduces the risk of errors.

To set up Azure AD Connect, you'll need to download and install the software from the Microsoft website.

The installation process requires administrative privileges and can take around 30 minutes to complete.

You'll need to select the appropriate language and architecture for your system during the installation process.

Azure AD Connect can be installed on a domain controller or a member server, but it's recommended to install it on a member server for better performance.

You can choose to install Azure AD Connect in a password hash sync or pass-through authentication mode, depending on your organization's requirements.

Password hash sync is a more straightforward option, but pass-through authentication provides better security features.

After installation, you'll need to configure the Azure AD Connect settings, including the sync schedule and the password hash sync mode.

The sync schedule can be configured to run every 30 minutes, 1 hour, or 2 hours, depending on your organization's needs.

Azure AD Connect Features are designed to simplify identity management and enable seamless synchronization between on-premise and cloud environments.

Password Writeback is a key feature that allows passwords changed in the Azure/Microsoft 365 cloud to apply to corresponding on-premise users during the next synchronization.

Bidirectional Synchronization configurations allow for certain object changes in the cloud to apply to the corresponding on-premise object, unlike one-way synchronizations which require changes to be made on-premise first.

This feature is particularly useful for administrators who want to maintain less separate user identities by synchronizing objects between on-premise and the cloud.

Azure AD Connect also simplifies identity management by allowing administrators to maintain a single user identity across both environments.

Here are the key features of Azure AD Connect:

The Azure AD Connect wizard performs several key steps when installed and run by an administrator, including installing pre-requisites and configuring the sync component for one or multiple Active Directory forests.

Azure AD Connect Migration can be done in a few ways, but the most recommended method is a swing migration. This involves installing a new Azure AD Connect server on a clean and up-to-date operating system, and then configuring it to stage mode.

A swing migration has the added benefit of an easy fall-back in case of any issues, as the existing installation is not modified. The primary actions involved in a swing migration include exporting and documenting the settings of the source installation, installing the new Azure AD Connect server, verifying settings on the new server, and configuring staging mode on the old system and disabling it on the new system.

You can always revisit the old server before switching roles, which is a great advantage of a swing migration. If you have more than 50,000 objects in scope for synchronization, it's recommended to do a parallel deployment on another server.

Here are the steps to follow for a swing migration:

This will allow you to easily switch back to the old server if needed, and also ensure that your new server is configured correctly before making any changes to your on-premises AD.

Upgrading from DirSync can be a bit of a challenge, but don't worry, I've got you covered. If you have an existing Dirsync deployment, you can upgrade in place, but only if you have less than 50,000 objects in your directory.

To determine which option is best for you, consider the expected upgrade time. If it's less than 3 hours, an in-place upgrade is the way to go. But if it's going to take longer, a parallel deployment on another server is the safer bet.

The expected time to complete the upgrade is displayed by the wizard, and it's based on the assumption that it will take 3 hours to complete an upgrade for a database with 50,000 objects.

Here are the key differences between in-place and parallel deployment:

Keep in mind that if you have more than 50,000 objects, a parallel deployment is recommended to avoid operational delays for your users.

Also, don't forget that you should not uninstall DirSync yourself before the upgrade. Azure AD Connect will read and migrate the configuration from DirSync and uninstall after inspecting the server.

If you're planning to upgrade from DirSync to Azure AD Connect, make sure to export the DirSync configuration first. This will allow you to migrate any settings from your current DirSync to your new Azure AD Connect installation.

In the next section, we'll dive deeper into the high-level steps for upgrading from DirSync to Azure AD Connect.

A swing migration of Azure AD Connect is a great way to upgrade to the latest version on a clean and up-to-date operating system.

This type of migration has the added benefit of an easy fall-back in case of any issues, as the existing installation is not modified.

The primary actions involved in a swing migration include exporting and documenting the settings of the source installation.

You'll also need to install the new Azure AD Connect Server and verify settings on the new server.

Configuring staging mode on the old system and disabling it on the new system is also a crucial step.

Here are the steps in more detail:

After completing the last step and verifying synchronization, you can uninstall Azure AD Connect from the old system or retire the server altogether.

To switch to the new Azure AD Connect server, start by enabling staging mode on your old server. This will allow you to configure and review settings while the old server continues to replicate your on-premises AD with Azure AD.

You'll need to open Azure AD Connect and select "Configure staging mode". Then, select "Enable staging mode" and click Next and Configure.

Next, immediately disable staging mode on the new Azure AD Connect server. This ensures Azure AD Connect synchronization continues using the new server.

Perform a few changes in your on-premises AD to verify that synchronization is running as expected using the new server. You can do this by making some test changes and then checking the Azure AD portal to see if they've been replicated.

By following these steps, you can successfully switch to the new Azure AD Connect server and start using it for synchronization.

Azure AD Connect configuration is a crucial step in the upgrade process from DirSync. You can export the settings from the configuration menu, but only if you're using Azure AD Connect versions 1.5.42.0 or later. If not, take screenshots of the most important settings instead.

The configuration changes that are supported with DirSync and will be upgraded include domain and OU filtering, alternate ID (UPN), password sync and Exchange hybrid settings, and filtering based on user attributes. However, some changes cannot be upgraded, such as unsupported DirSync changes, e.g., removed attributes and using a custom extension DLL.

To configure Azure AD Connect, you can choose from Express Settings, which deploys sync with the password hash sync option for a single-domain, single-forest on-premise Active Directory domain, or Custom Settings, which allows you to connect one or multiple Active Directory domains and forests and choose between password hash sync, pass-through authentication, and Active Directory Federation Services (AD FS) for authentication.

Here are some key configuration settings to consider:

Express Settings is the default option for Azure AD Connect configuration. It's a straightforward way to get started, especially for single-domain, single-forest on-premise Active Directory domains. This option deploys sync with the password hash sync option, allowing for authentication and authorization to resources in Azure/Microsoft 365 based on Active Directory passwords.

If you're working with a single-domain, single-forest on-premise Active Directory domain, Express Settings is a great choice. It's a convenient option that meets the needs of many organizations.

Here are some key benefits of using Express Settings:

You can connect one or multiple Active Directory domains and forests with custom settings.

With custom settings, you can choose between password hash sync, pass-through authentication, and Active Directory Federation Services (AD FS) for authentication.

Custom settings also allows the administrator to choose sync options such as password reset write back and Exchange hybrid deployments.

Here are some options you can choose from:

Updating Azure AD Connect is a straightforward process that can be done in a few steps. The installer will automatically do an upgrade if you have a previous version, so you won't need to worry about reinstalling everything.

The upgrade process will stop the synchronization temporarily, but don't worry, it will resume automatically once the upgrade is complete. You'll need to re-enter your Azure AD Global administrator credentials during the upgrade process.

The installer will update the synchronization engine, which takes a few minutes. After that, you'll see a list of steps the upgrade will perform, including starting the synchronization process when the configuration is complete.

Make sure to check the Start the synchronization process when configuration completes box and click on Upgrade to begin the installation. Once the installation is complete, it's a good idea to check if the synchronization is up and running again.

You can do this by checking the Directory sync status in the Microsoft 365 Admin Center or by using the Synchronization Service Manager, which can be found in the start menu under Azure AD Connect.

If you're upgrading from DirSync, you have two options: in-place upgrade or parallel deployment. If the expected upgrade time is less than 3 hours, an in-place upgrade is recommended, while a parallel deployment is preferred if the expected upgrade time is more than 3 hours.

Here are the scenarios for upgrade from DirSync:

Don't uninstall DirSync yourself before the upgrade, as Azure AD Connect will read and migrate the configuration from DirSync and uninstall it after inspecting the server.

Exporting your DirSync configuration is a crucial step when preparing to upgrade to Azure AD Connect. You can export the configuration by clicking the Export settings button in the Azure AD Connect wizard.

To export the configuration, you'll need to run the Azure AD Connect installer (MSI) and exit the installation wizard by clicking the "X" in the top right corner of the window. This is a necessary step to ensure that you can import the settings later.

Once you've exited the installation wizard, open a command prompt and navigate to the install location of Azure AD Connect (Default: C:\Program Files\Microsoft Azure Active Directory Connect). From there, execute the following command: AzureADConnect.exe /ForceExport.

This command will export the DirSync configuration, which can then be imported when you install Azure AD Connect on a separate server. The exported settings will be used to migrate any settings from your current DirSync to your new Azure AD Connect installation.

If you're upgrading from DirSync, you can also export the configuration using the Azure AD Connect tool. To do this, start the Azure AD Connect tool, select configure, and click “View or export current configuration”. The configuration will be exported as a JSON file in the folder ‘%ProgramData%\AADConnect’.