The directory synchronization program managers have been hard at work adding more and more documentation to the Azure repository. The content is currently being published to azure.microsoft.com. For example Introducing Azure AD Connect takes us through the identity management steps when connecting to Azure AD.
Please note that this post is based on the upgrade to 1.0.9131.0 which was released in December 2015. The installation process has changed in the February 2016 build 184.108.40.206. We can compare that in a future post.
There are four ways we could look at an Azure AD Connect Installation/Upgrade
Upgrade from Azure AD Sync
In the TailspinToys Canada organization an earlier version of Azure AD Connect was installed. The starting version is: 1.0.8667.0. This was deployed using the Express install which automatically installed SQL Express. The express option should meet the needs of most organisations, and for those where it does not then the custom option will be the way to go.
The installed components can be retrieved by looking at Add/Remove Programs. This will show the version of Azure AD Connect.
Alternatively you can query the Uninstall registry key which is held below:
The process to complete the upgrade to the current version is shown below.
Azure AD Connect Express Install Upgrade Screenshots
As when we installed the initial Azure AD Connect build, we start by reading the documentation – right? Once happy with the documentation, release notes and FAQ we can proceed with downloading the Azure AD Connect tool.
At the time of writing the latest version for download is 1.0.9131.0. The file is called AzureADConnect.msi which is 74MB. Note that the installation process changed slightly with the latest build of Azure AD Connect in February 2016.
Ensure that there are no pending restart requirements on the server, and then launch the installer by double clicking the download file. This should detect a previous version of Azure AD Connect is installed which launches the upgrade screens.
The synchronization settings will be migrated, but while the install process is running there will be no synchronization to Azure AD. Thus this process should be executed in a defined change window. For example user expectations need to be set if you rely upon Password Hash Synchronisation – changed passwords will not be synchronized until Azure AD Connect installation has completed and the synchronization started.
Clicking Upgrade will initiate the process. The Status bar will progress and display the current task.
Once the installed components have been upgraded, the configuration wizard is automatically launched. In order to configure, Azure AD Global Admin credentials are required.
Provide the necessary Global Administrator account in the tenant. These credentials are only used during the installation and will not be used after the installation has completed. It is used to create the Azure AD account used for synchronizing changes to Azure AD. The account will also enable sync as a feature in Azure AD
We are now ready to upgrade the configuration. Note the check box.
It is highlighted in the below screen shot, as I have seen many overlook it as their eyes are drawn to the big shiny upgrade button at the bottom right.
The upgrade of the configuration then completes. Note that in the below screenshot the tool states that synchronization is currently disabled. This means that the scheduled task which runs the sync process is NOT enabled, so there is no synchronization. This is not unique to Azure AD Connect, the same happened with Azure AD Sync.
Clicking the Learn More hyperlink, will also show how to start up the sync process. Note that the sync process is set to execute every 3 hours and should not be modified in builds less than 220.127.116.11. The Azure AD Connect version history can be found on azure.microsoft.com.
Once the scheduler has been enabled, the synchronization tasks will be executed.
Updated Azure AD Portal
You may have seen that as of the time of writing a new Azure AD portal is being built. An additional screen is also visible when clicking on the users –> Active Users the Manage Directory Synchronisation.
In the below screenshot we are looking at the Active Users node of Azure AD.
Clicking on the Manage Directory Synchronisation link will show the below page.
From the Azure portal we can see that an upgrade is available for Azure AD Connect (this is what we upgraded in the initial part of this post), the sync account used on-premises and last sync intervals.
Wonder how long it will be before the screenshots of the portal will be horribly out-dated? Well, we can always look at them and reminisce.