Administrators should start prepping for changes coming next year that affect a business-critical Microsoft utility to avoid a disruption for organizations that rely on Office 365/Microsoft 365.
Approximately more than 1 million companies worldwide depend on Microsoft’s cloud-based suite of applications for email, file storage and collaboration needs. Quite a few of those organizations still have a significant on-premises footprint, which includes using Active Directory on Windows Server. Administrators of these systems rely on the Azure Active Directory (Azure AD) Connect application to synchronize user identities from on-premises Active Directory to Azure AD. But by August 2022, many organizations using an Azure AD Connect v1 version should upgrade to the latest v2 version to continue to receive support on the platform and eliminate potential access problems.
What does Azure AD Connect do?
Azure AD Connect syncs computer and user accounts between the on-premises Active Directory server and the cloud-based Azure AD, which supports the authentication needs to access Office 365 workloads. Without Azure AD Connect, administrators would not have single sign-in access and would need to maintain user accounts in two places, which would inconvenience workers and add to IT’s overall management burden.
Azure AD Connect installs in the on-premises environment to access the domain controller to read Active Directory objects. Azure AD Connect gives administrators the flexibility to define what objects, such as users, groups and resources, should be synced with Office 365. IT uses Azure AD Connect to define the sync schedule and upload new data to the Azure Active Directory.
What’s new in Azure AD Connect v2?
As with any product Microsoft makes, Azure AD undergoes frequent software updates and upgrades to improve the application and correct bugs. But the main reason to upgrade is the impending retirement of some of the components used in Azure AD Connect v1 versions.
Microsoft plans to deprecate several subcomponents of Azure AD Connect v1 versions in 2022. SQL Server 2012 LocalDB leaves extended support in July 2022. The Azure Active Directory Authentication Library (ADAL) will be deprecated in June 2022; Azure AD Connect v2 uses the Microsoft Authentication Library (MSAL) as its replacement. Administrators will also need to adjust the Transport Layer Security (TLS) protocols from 1.0 or 1.1 to 1.2 as Microsoft plans to deprecate the earlier versions on Jan. 31, 2022.
What do administrators need to do to use an Azure AD Connect v2 version?
An upgrade to Azure AD Connect v2 might require some organizations to make several infrastructure changes.
Azure AD Connect v2 versions run on Windows Server 2016 or newer, SQL Server 2019 LocalDB, TLS 1.2 on the server and the Microsoft Visual C++ 2014 Redistributable Package required by SQL Server 2019. PowerShell 5.0, included with Windows Server 2016, is another requirement.
IT should plan for this upgrade or new installation ahead of the 2022 deadlines. This work should include any server license purchases and installation tests.
What would happen if you don’t update Azure AD Connect V1.0?
While most components in Azure AD Connect will continue to work past the deadline to upgrade, such as the SQL Server 2012 components, IT may face technical difficulties once Microsoft deprecates the ADAL authentication library in June 2022.
A functioning authentication library is necessary to keep AD object syncing operational; otherwise, users will experience problems and open the organization up to a security risk until the upgrade to Azure AD Connect v2.
What is the upgrade process for Azure AD Connect v2?
The latest version of Azure AD Connect is available from Microsoft at the following link. At the time of this article’s publication, the latest release is version 184.108.40.206. Administrators with an existing Azure AD Connection installation have two options: in-place upgrade on the same server or a swing migration, in which the new version of Azure AD Connect is installed on a new server then the old server is decommissioned once the new server synchronizes to Azure AD.
During the in-place upgrade, synchronization to Azure AD pauses. IT needs to reenable sync after the upgrade completes. Any default changes to the synchronization rules will trigger a complete import and synchronization process, which could take several hours, so administrators should plan the upgrade when it will affect the least number of users.
Utilities such as Azure AD Connect are crucial for many businesses that still host Active Directory in their data centers and need to authenticate users with Office 365 services. The upgrade to Azure AD Connect v2 does not add any functionality, but it does improve in security in the application and the infrastructure that supports it. For example, Microsoft resolved an authentication bypass vulnerability in the utility in August 2021. Azure AD Connect is critical to many organizations, which should encourage administrators to plan ahead and prepare for this upgrade.