0

Azure AD Connect Express Install Upgrade – Build 1.1.105.0

Posted on by Rhoderick Milne [MSFT]

In February 2016 a new build of the Azure AD Connect tool was released.  This is build 1.1.105.0.  Multiple features and enhancements were added, and some significant changes were made to Azure AD Connect.

The release history of Azure AD Sync and Azure AD Connect is available on azure.microsoft.comDirSync is grounded in the years 2013/2014, we will leave that aside.  The latest build of Azure AD Connect as of the time of writing was 1.1.105.0 which is the February 2016 release, which is what this post is based upon.  The new features in the build include:

  • Automatic upgrade feature for Express settings customers
  • Support for the global admin using MFA and PIM in the installation wizard
  • Allow changing the user's sign-in method after initial install
  • Allow Domain and OU filtering in the installation wizard. This also allows connecting to forests where not all domains are available
  • Scheduler is built-in to the sync engine

Features promoted from preview to GA:

New preview features:

  • The new default sync cycle interval is 30 minutes. This used to be 3 hours for all earlier releases.  Adds support to change the scheduler behaviour.

In the TailspinToys Canada organization an earlier version of Azure AD Connect was installed.  The starting version is 1.0.9131.0.  This was deployed using the Express install which automatically installed SQL Express.  The express option should meet the needs of most organisations, and for those where it does not, then the custom option will be the way to go.

The installed components can be retrieved by looking at Add/Remove Programs.  This will show the installed version of Azure AD Connect.

Checking Installed Version Of Azure AD Connect

Alternatively you can query the Uninstall registry key which is held below:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall

The process to complete the upgrade to the current version is shown below.  Before we look go there, let’s look at the synchronisation process in the current version.

Current Scheduled Task Details

Build 1.0.9131.0 is the last version of Azure AD Connect to use the scheduled task to drive the synchronisation.  The scheduled task can be see in the below screen shots, as indicated by the red arrow.

Azure AD Connect 1.0.9131.0 Synchronization Service Scheduled Task

Zooming in shows the set schedule:

Azure AD Connect 1.0.9131.0 Synchronization Service Scheduled Task

Note that the scheduled task is set to run every three hours.  In this version of Azure AD Connect it is not supported to modify the frequency of the synchronisation scheduled task.

One of the new preview features in the February 2016 build, is modification of the synchronisation schedule.

Azure AD Connect Express Install Upgrade Screenshots

Start by reading the documentation.  Once happy with the release notes, documentation and FAQ we then proceed with downloading the Azure AD Connect tool.

Ensure that there are no pending restart requirements on the server, and then launch the installer by double clicking the downloaded Azure AD Connect file.  This should detect a previous version of Azure AD Connect is installed which launches the upgrade screens.

Launching Azure AD Connect Installer

The installer has correctly detected that a previous build of Azure AD Connect is present, and it will be upgraded.

Upgrading Azure AD Connect Express Install

The synchronization settings will be migrated, but while the install process is running there will be no synchronization to Azure AD.  AD DS account additions, account changes and changed passwords will not be synchronized until the Azure AD Connect installation has completed.

Clicking Upgrade will initiate the process.  The Status bar will progress and display the current task.

Upgrading Azure AD Connect Express Install

Once the installed components have been upgraded, the configuration wizard is automatically launched.   In order to configure, Azure AD Global Admin credentials are required.

Upgrading Azure AD Connect Express Install Configuration Update

These credentials are only used during the installation and will not be used after the installation has completed. It is used to create the Azure AD account used for synchronizing changes to Azure AD. The account will also enable sync as a feature in Azure AD.  The contents of the help button are show below for reference:

Upgrading Azure AD Connect Express Install - Help Content

Enter the required Global Admin credentials and click next. Then we need to connect on the on-premises AD.  Then click next.

Upgrading Azure AD Connect Express Install Configuration Upgrade

The express install requires enterprise administrator permissions.  After entering those credentials we are now ready to upgrade the configuration.  Note the check box.

Upgrading Azure AD Connect Express Install Configuration Upgrade - Beware The Tick Box

It is highlighted in the below screen shot, as I have seen many overlook it as their eyes are drawn to the big shiny upgrade button at the bottom right.

Upgrading Azure AD Connect Express Install Configuration Upgrade - Beware The Tick Box

The upgrade of the configuration then completes.  Note that in the below screenshot the tool states that synchronization is currently disabled.  This means that the new Scheduler which runs the sync process is NOT enabled, so there is no synchronization.  This is not unique to Azure AD Connect, a similar thing happened with Azure AD Sync.

Upgrading Azure AD Connect Express Install Configuration Upgrade Completed

Azure AD Connect is now upgraded to 1.1.105.0.  Let’s take a look at how the synchronisation process has changed.

Updated Sync Scheduler

Looking at Scheduled Tasks on the server, note that there is only a single task present after the upgrade to build 1.1.105.0.

After Upgrading To Azure AD Connect 1.1.105.0 No More Schduled Task To Control Synchronisation

A zoomed view is shown below, the task to run Azure AD Connect sycnronisation is no longer present.

image

As mentioned in the How To Run Manual DirSync / Azure Active Directory Sync / Azure AD Connect Updates post the method to initiate a manual synchronization has changed.

Note that there is no longer a DirectorySyncClientCmd tool present:

After Upgrading To Azure AD Connect 1.1.105.0 DirectorySyncClientCmd Is Not Present

How do we manage the Sync Scheduler, and run manual synchronisations?  The options are now back in PowerShell.

Running Get-ADSyncScheduler will show us the current sync options:

Running Get-ADSyncScheduler To See Current Sync Settings

Note that the Azure AD Connect SyncCycleEnabled is set to $False.

The NextSyncCycleStartTimeInUTC has advanced between these two screen shots.  This is even with the SyncCycleEnabled set to $False.

Note NextSyncCycleStartTimeInUTC Has Advanced - Though No Sychronisations Have ocured

For reference the Azure AD Connect upgrade was performed at ~22:00 on the 22nd of February 2016 local time .  This was ~04:00 on the 23rd February 2016 Zulu time.

We can look at the Synchronization Service Manager to see the last run time.

Azure AD Connect Synchronization Service Manager

In the above screen shot, note that there have been no synchronisation attempts since 03:43 Zulu time on the 23rd February 2016.  This is because the SyncCycleEnabled was set to $False.  Looking in the Office 365 Portal we also see that there has been no synchronisation for 23 hours:

Directory Synchronisation Status In Office 365 Portal

To enable the scheduler we execute:

Set-ADSyncScheduler -SyncCycleEnabled $True

Azure AD Connect SyncCycleEnabled Set To $True

Now that the SyncCycleEnabled is set to $True, synchronisation will be attempted at the prescribed time.

And lo!  After waiting a short period of time, we then see that the sync cycle was initiated as expected:

Azure AD Connect Synchronization Service Manager

Cheers,

Rhoderick

Rhoderick Milne [MSFT]

More Posts

Leave a Reply

Your email address will not be published. Required fields are marked *