Azure AD Connect is THE tool keeping many organization’s Azure Active Directory in-step with their on-prem Active Directory. Microsoft updates this tool often, keeping it capable and reliable. Installing an upgrade to Azure AD Connect is usually straight forward following a few simple steps.
First thing’s first, determine the current release version of Azure AD Connect, comparing that with what’s running internally. Keep up with Azure AD Connect release versions here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history.
Determine the current installed version of Azure ADConnect is just as easy. Logon to the server where Azure AD Connect is installed, then look in Programs and Features.
When all is working well, current versions of Azure AD Connect keep themselves up to date. Verify if Azure AD Connect AutoUpgrade functionalty enabled using the Get-ADSyncAutoUpgrade cmdlet.
This cmdlet returns the current state of the AutoUpgrade setting for Azure AD Connect. Possible results:
- Enabled – Automatic upgrade is enabled.
- Suspended – Set by the system only. The system is not currently eligible to receive automatic upgrades.
- Disabled – Automatic upgrade is disabled.
When Enabled, the system should keep Azure AD Connect updated automatically. If it isn’t, that’s a different problem to troubleshoot for another blog article.
If outdated, update Azure AD Connect manually. Begin by downloading the latest version of Azure AD Connect from https://www.microsoft.com/en-us/download/details.aspx?id=47594.
Install Azure ADConnect by running the download file using an account with administrative privileges. The first screen reminds us we’re upgrading Azure AD Connect. No surprises here:
Remember during the upgrade, synchronization between on-prem AD and Azure AD stops. After upgrade, a complete re-sync occurs. These take time, so best to perform the upgrade during off-peak hours.
Next up, enter the credentials of an account holding the Global Administrator role within the Azure tenant. This enables not only configuration of Azure AD Connect, but also adding a more limited account to run automated synchronization going forward.
The system connects to Azure AD, verifies the credentials, and gets ready to upgrade. On the next screen, verify “Start the synchronization process when configuration completes” has a check, then click the Upgrade button.
The wizard does its thing…
After a bit of time, and with a little good fortune, a Configuration Complete screen appears! Click Exit to finish and start the post-upgrade full synchronization between on-prem AD and Azure AD.
I like to absolutely ensure this post-upgrade sync runs, so I open an Administrative PowerShell session, then run the Start-ADSyncSyncCycle cmdlet with the -PolicyType Initial parameter.
Notice in Programs and Features, the new version information displays.
I recommend enabling the Azure AD Connect AutoUpgrade functionality. Using PowerShell, run the Set-ADSyncAutoUpgrade cmdlet with the -AutoUpgradeState Enabled parameter.
With Azure AD Connect updated and the AutoUpgrade feature enabled, there’s one less thing to worry about to keep identity information in-sync between on-premises and the cloud!