Image of connected mesh invokes Azure AD Connect V2.0.

What You Need to Know About Azure AD Connect V2.0

What is Azure AD Connect V2.0? It’s the latest upgrade in a long history of Microsoft’s organizational management offering, Active Directory (AD). Built for Windows servers, AD’s main purpose is authenticating credentials and controlling respective levels of access according to permissions. In an on-premises environment, a domain controller (DC) is the server that runs these processes. This original directory service has been around for a good while, first released back in 2000. With the transition of digital workloads to the cloud, Microsoft created Azure AD, which continues and expands these tasks in the form of an identity and access management (IAM) service.
Azure AD was meant to complement the on-prem database, so there became a need to bridge the two. That’s where Azure Active Directory Connect comes in. IT administrators can use it to manage on-prem user identities through the consolidated Azure platform. At this point, Connect itself has been around for several years, and many of its original components are due for upgrades and changes. Rather than upgrading these parts in a piecemeal fashion, Microsoft is releasing a whole new bundle called Connect V2.0. If you’re currently using Azure AD Connect, you’ll want to consider your move to the new version. Here are some questions you may be wondering about the process.

When Should We Plan to Move to Azure AD Connect V2.0?

What You Need to Know About Azure AD Connect V2.0 1

Microsoft recommends planning your move as soon as possible, though you don’t have to stress out making it happen tomorrow. Older versions will still be supported, but some components will be deprecated next year and services may stop functioning as soon as that happens. In particular, look out first for TLS 1.0/1.1 which will be deprecated at the beginning of 2022. (If you’re set on delaying an upgrade for some reason, you can still manually configure your server for TLS 1.2 before the move to Connect V2.0.) Then, in June 2022, expect the Active Directory Authentication Library (ADAL) to go out of support, which will cause big problems if you haven’t upgraded by then. Authentication may suddenly stop, and this would also stop the Azure AD Connect server from working properly.

How Will it Work With Existing Configurations?

You can upgrade from any previous version of Azure AD Connect, and you can also export the configuration you already have and import it into Azure AD Connect V2.0. Microsoft has an article to walk you through how to export and import settings.

What Do We Need to Be Aware of for the Transition?

What You Need to Know About Azure AD Connect V2.0 2

Microsoft has had to change prerequisites for Azure AD Connect, so you’ll need to update your servers to the newer versions of these prerequisites. Since this may take some time for planning and execution, it’s best not to wait until the last minute. In terms of licensing, the upgrade is free with an Azure subscription—but the Azure AD Connect Health feature requires a premium P1 license. And there is one issue to keep in mind: after the upgrade, Powershell will need to be restarted and the module re-imported in order for ADSync PowerShell cmdlets to function.

What Exactly is Changing in Azure AD Connect V2.0?

Curious about what the upgrade actually does? There aren’t any new functionalities, but some foundational components are changing. These include:

  • SQL Server 2019 LocalDB instead of the 2012 version. This will improve stability and performance and fix bugs. It requires Windows Server 2016 or newer to operate.
  • Visual C++ Redist 14. Necessary for SQL Server 2019, this will be automatically installed with the update.
  • The newer Microsoft Authentication Library (MSAL) to replace ADAL. See more details about MSAL here.
  • TLS 1.2 protocol. TLS 1.0 and 1.1 are no longer considered safe, so you need to make sure your server can support 1.2.
  • SHA2 signing for all binaries. This more secure algorithm ensures that updates come straight from Microsoft and weren’t tampered with during delivery.
  • PowerShell 5.0. This is a new prerequisite since it’s needed for Connect V2.0’s cmdlets.

For more on prerequisites, instructions on what to do for Powershell, and additional details about Connect V2.0, see Microsoft’s blog on the new upgrade.

Leave a Comment