What You Need to Know About Azure AD Connect V2.0
What is Azure AD Connect V2.0? It's the latest upgrade in a long history of Microsoft's organizational management offering, Active Directory (AD). Built for Windows servers, AD's main purpose is authenticating credentials and controlling respective levels of access according to permissions. In an on-premises environment, a domain controller (DC) is the server that runs these processes. This original directory service has been around for a good while, first released back in 2000. With the transition of digital workloads to the cloud, Microsoft created
Azure AD, which continues and expands these tasks in the form of an
identity and access management (IAM) service.
Azure AD was meant to complement the on-prem database, so there became a need to bridge the two. That's where Azure Active Directory Connect comes in. IT administrators can use it to manage on-prem user identities through the
consolidated Azure platform. At this point, Connect itself has been around for several years, and many of its original components are due for upgrades and changes. Rather than upgrading these parts in a piecemeal fashion, Microsoft is releasing a whole new bundle called Connect V2.0. If you're currently using Azure AD Connect, you'll want to consider your move to the new version. Here are some questions you may be wondering about the process.
When Should We Plan to Move to Azure AD Connect V2.0?
Microsoft recommends planning your move as soon as possible, though you don't have to stress out making it happen tomorrow. Older versions will still be supported, but some components will be deprecated next year and services may stop functioning as soon as that happens. In particular, look out first for TLS 1.0/1.1 which will be deprecated at the beginning of 2022. (If you're set on delaying an upgrade for some reason, you can still manually configure your server for TLS 1.2 before the move to Connect V2.0.) Then, in June 2022, expect the Active Directory Authentication Library (ADAL) to go out of support, which will cause big problems if you haven't upgraded by then. Authentication may suddenly stop, and this would also stop the Azure AD Connect server from working properly.How Will it Work With Existing Configurations?
You can upgrade from any previous version of Azure AD Connect, and you can also export the configuration you already have and import it into Azure AD Connect V2.0. Microsoft has an article to walk you through how to export and import settings.What Do We Need to Be Aware of for the Transition?
Microsoft has had to change prerequisites for Azure AD Connect, so you'll need to update your servers to the newer versions of these prerequisites. Since this may take some time for planning and execution, it's best not to wait until the last minute. In terms of licensing, the upgrade is free with an Azure subscription---but the Azure AD Connect Health feature requires a premium P1 license. And there is one issue to keep in mind: after the upgrade, Powershell will need to be restarted and the module re-imported in order for ADSync PowerShell cmdlets to function.What Exactly is Changing in Azure AD Connect V2.0?
Curious about what the upgrade actually does? There aren't any new functionalities, but some foundational components are changing. These include:- SQL Server 2019 LocalDB instead of the 2012 version. This will improve stability and performance and fix bugs. It requires Windows Server 2016 or newer to operate.
- Visual C++ Redist 14. Necessary for SQL Server 2019, this will be automatically installed with the update.
- The newer Microsoft Authentication Library (MSAL) to replace ADAL. See more details about MSAL here.
- TLS 1.2 protocol. TLS 1.0 and 1.1 are no longer considered safe, so you need to make sure your server can support 1.2.
- SHA2 signing for all binaries. This more secure algorithm ensures that updates come straight from Microsoft and weren't tampered with during delivery.
- PowerShell 5.0. This is a new prerequisite since it's needed for Connect V2.0's cmdlets.
Stay connected. Join the Infused Innovations email list!
Share this
You May Also Like
These Related Posts
Start Moving to Modern Authentication
Start Moving to Modern Authentication
December 3, 2019
2
min read
Microsoft Expands its Defender for Endpoint to Windows Server 2012 R2 and 2016
Microsoft Expands its Defender for Endpoint to Windows Server 2012 R2 and 2016
October 13, 2021
3
min read
Defender Announcements from Microsoft Ignite 2022
Defender Announcements from Microsoft Ignite 2022
October 13, 2022
3
min read
No Comments Yet
Let us know what you think