Azure AD Connect V2.0 is a cloud service that enables you to synchronize your on-premises directory with the Azure Active Directory. This upgrade provides better performance, improved reliability, and new features.
In our company, Azure AD Connect V1 is in use. Upgrade from Azure AD Connect V1 to Azure AD Connect V2 is something we’d want to do. When upgrading to the newest version, we suggest that you read the article Upgrade Azure AD Connect. Because the upgrade from Azure AD Connect V1.x to V2.x is a little different this time, we’ve written a new post on it.
Introduction
On July 20, 2021, Microsoft published Azure AD Connect V2.0 (2.0.3.0). We can see that they published a handful of updated versions with problem patches in the Azure AD Connect changelog. Azure AD Connect is currently at version 2.0.25.1 as of this writing.
Note: Before January 2022, upgrade Azure AD Connect to V2.0. Otherwise, a number of components will cease to function.
Several components in your existing Azure AD Connect server deployments will be decommissioned next year. It will be more difficult for the Microsoft support team to offer you with the support experience your business needs if you utilize unsupported products. As a result, we strongly advise all clients to update to this latest version as soon as possible.
Let’s have a look at the changes before we update Azure AD Connect to V2.
Major changes in Azure AD Connect V2.0
The following are the major changes in Azure AD Connect V2.0:
- LocalDB for SQL Server 2019
- Microsoft Authentication Library (MSAL)
- Redist 14 for Visual C++
- TLS 1.2
- SHA2 signatures are used to sign all binaries.
- Support for Windows Server 2012 and Windows Server 2012 R2 has ended.
- PowerShell 5.0 is the latest version.
The official Azure AD Connect V2.0 documentation can be found here.
Is Azure AD Connect V1 installed on a Windows Server 2012/R2 server? Then export the settings and switch to Windows Server 2016/2019/2022.
TLS 1.2 must be enabled on the Azure AD Connect server.
We must enable TLS 1.2 on the Azure AD Connect server before downloading and running the update to Azure AD Connect V2.0. If we don’t do that and execute the Azure AD Connect setup file, we’ll receive an error message saying that the TLS version is incorrect.
TLS 1.2 is not set on this server, which is incorrect.
TLS 1.2 is required for this installation, however it was not configured on the server. To learn more about the actions you’ll need to do to enable TLS 1.2 on your server, see this page. Please execute the AADConnect Wizard after setting TLS 1.2 to complete the installation and setup.
Run PowerShell ISE as an administrator on the Azure AD Connect-enabled server. Download and execute the Enable-TLS1.2.ps1 PowerShell script from PowerShell. Another option is to use the PowerShell script below.
-Force | Out-Null New-ItemProperty -path ‘HKLM:SOFTWAREWOW6432NodeMicrosoft.NETFrameworkv4.0.30319’ -name ‘SystemDefaultTlsVersions’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null ‘TLS 1.2Server’ is an acronym for ‘Transport Layer Security’. -Force | Out-Null New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSCHANNELProtocolsSCHANNELProtocolsSCHANNELProtocolsSCHANNELProtocolsSCHANNELProtocolsSCHANNELProtocolsSCHANNELProtocolsSCHANNELProto -name ‘Enabled’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null New-ItemProperty -path ‘TLS 1.2Server’ HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server’ -name ‘DisabledByDefault’ -value 0 -PropertyType ‘DWord’ -Force | Out-Null New-Item SCHANNELProtocolsTLS 1.2Client’ -Force | Out-Null New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProviders’ SCHANNELProtocolsTLS 1.2Client’ -Force | Out-Null New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProviders HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client’ -name ‘Enabled’ -value ‘1’ -PropertyType ‘DWord’ -Force | Out-Null New-ItemProperty -path ‘HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS
Run the script by pasting it into PowerShell ISE.
For the modifications to take effect, you must restart the Windows Server after running the script.
Azure AD Connect v2.0 may be downloaded here.
Go to the Microsoft Download Center to get the most recent version of Azure AD Connect. Currently, the most recent version is Azure AD Connect 2.0.25.1.
In C:install, save the AzureADConnect.msi file.
V2.0 of Azure AD Connect is now available.
Allow the setup to extract the files by double-clicking the AzureADConnect.msi file.
AAD Connect should be upgraded.
An earlier version of Azure AD Connect is installed and will be updated, according to the screen.
- Synchronization will be disabled during the Azure AD Connect update.
- The complete sync between AD and Azure AD will occur after the Azure AD Connect update.
If you have more than 50.000 AD objects, you should perform the update after business hours or over the weekend, since synchronizing may take several hours or longer.
Upgrade should be selected.
The synchronization engine is being upgraded as part of the setup.
Connect to Azure Active Directory
We use our Azure AD global administrator account with Azure AD Connect V1. We may utilize a user account with the user role Hybrid Identity Administrator in Azure AD Connect V2. The Global Administrator position is no longer required for this.
We suggest that you use an account with the fewest permissions. So, for the Hybrid Identity Administrator, we’ll establish a service account and utilize it from now on.
Read the Azure AD built-in roles documentation from Microsoft.
Create an account for the Hybrid Identity Administrator.
Log in to the Azure Active Directory portal. Go to Azure Active Directory > Administrators and Roles. Look for the Hybrid identity administrator job. Assign the role to the service account.
It’s the user account svc-aadconnect in our case.
Enter the hybrid identity administrator credentials or your Azure AD global administrator credentials. Next should be selected.
Configure
When the setup is finished, tick the box that says Start the synchronization procedure. Upgrade should be selected.
Allow for the completion of the Azure AD Connect update.
The configuration is finished. The Azure Active Directory Sync update has completed successfully. Exit should be selected.
Check the version of Azure AD Connect.
Verify that Azure AD Connect V2 has been installed correctly.
From the programs menu, choose Azure Active Directory Synchronization Service. Help > About may be found in the menu bar. Azure AD Connect version 2.0.25.1 appears in our sample.
Another option is to use PowerShell to verify the Azure AD Connect version.
As an administrator, run Windows PowerShell. To begin, use the Load-Module ADsync cmdlet to import the ADsync module. Run the Get-ADSyncGlobalSettings cmdlet after that.
C:> PS ADSync Import-Module (Get-ADSyncGlobalSettingsParameter | Where-Object $_.Name -eq ‘Microsoft.Synchronize.ServerConfigurationVersion’). PS C:> (Get-ADSyncGlobalSettingsParameter | Where-Object $_.Name -eq ‘Microsoft.Synchronize.ServerConfigurationVersion’). 2.0.25.1 is the value.
That concludes our discussion.
Continue reading to learn how to move Azure AD Connect to a new tenant.
Conclusion
We demonstrated how to update Azure AD Connect to version 2.0. It’s critical to stay up with the newest updates and fixes by upgrading Azure AD Connect to the current version. If you have more than 50.000 AD objects, you should update after business hours since it will take a long time. Finally, double-check that the synchronization is working properly and that you have installed the most recent Azure AD Connect version.
Did you find this article to be interesting? Enable contemporary authentication in Office 365 admin center is another option. Don’t forget to subscribe to our newsletter and share this post.
Frequently Asked Questions
How do I update Azure AD Connect?
Azure AD Connect is a Microsoft product that manages on-premises Active Directory and cloud identity services. You can update it by using the Azure portal or PowerShell.
Do I need to update Azure AD Connect?
Yes, you should update Azure AD Connect to the latest version.
What version of Azure AD Connect am I running?
You are running version 4.2.1