What's New in Azure AD Connect V2
Azure AD Connect is a free tool from Microsoft that’s used for synchronizing objects between on-premises Windows Server Active Directory (AD) and Azure Active Directory. Microsoft announced in August the availability of Azure AD Connect V2.0. And in this article, I’m going to discuss the major changes in this new release.
Here are the major new changes in Azure AD Connect V2:
- The version of SQL Server used for the local database
- Updated to the MSAL authentication library
- Updated the Visual C++ runtime
- Now only supports TLS 1.2
- Support for Windows Server 2012 and Windows Server 2012 R2 has been dropped
Some of the components in Azure AD Connect were scheduled for deprecation and have already been updated to newer versions. So, Microsoft decided that it would be easier to release a completely new version of Azure AD Connect rather than have users try to update each of the outdated components individually.
Azure AD Connect V2 is built using the latest components and it is designed to help organizations achieve their hybrid identity goals. Azure AD is Microsoft’s cloud-based identity solution. It is used whenever users log into a service using a Microsoft work or school account. For example, when you log into Microsoft 365. But Azure AD isn’t only useful for signing into Microsoft’s cloud services. It can be used as the identity solution for third-party cloud services, Windows 10, and line-of-business apps developed in the cloud specially for your organization.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Updated components in Azure AD Connect V2
The biggest change is to the database which underpins Azure AD Connect’s functionality.
Updated SQL database engine
V2 of the tool uses SQL Server 2019 LocalDB to provide enhanced stability, performance, and some important security fixes. The old tool was based on SQL Server 2012 LocalDB, which will go out of extended support in July 2022.
LocalDB copies a minimal set of files to get the SQL database engine up and running. LocalDB is part of SQL Server 2019 Express edition, which is designed to let developers include a database as part of their application with the minimum of effort and with fewer resources than a complete installation of SQL Server.
Updated authentication library
The old version of Azure AD Connect used the ADAL authentication library, which will be deprecated in June 2022. So, Azure AD Connect V2 uses the MSAL library. The MSAL library is used for getting security tokens from the Microsoft Identity platform, and then to authenticate users and access secured web APIs.
Updated Visual C++ runtime
In a similar manner, Microsoft has updated the Visual C++ runtime redistribution to version 14. The runtime is required by SQL Server. The runtime is automatically installed by Azure AD Connect V2, so you don’t need to install it as a prerequisite.
Azure AD Connect V2 only supports TLS 1.2 for establishing secure network connections. Microsoft is deprecating both TLS 1.0 and TLS 1.1 because they are no longer considered adequate to provide proper protection. Make sure that you enable TLS 1.2 on your server before installing or upgrading to Azure AD Connect V2.
Windows Server 2012 and Windows Server 2012 R2 no longer supported
With this release of Azure AD Connect, Microsoft will no longer support Windows Server 2012 and Windows Server 2012 R2. Microsoft SQL Server 2019 requires Windows Server 2016 or later, so Microsoft can no longer support installing Azure AD Connect on server operating systems older than Windows Server 2016.
Some of the cmdlets that ship with Azure AD Connect now require PowerShell 5.0. Because PowerShell 5.0 is already included out-of-the-box in Windows Server 2016, which is the oldest version of Windows Server that Azure AD Connect V2 supports, you shouldn’t need to take any action to meet this requirement.
Should I upgrade to Azure AD Connect V2?
While there is no new functionality in this release, you should plan to upgrade to Azure AD Connect V2 because several of the components V1 depends on will deprecated in 2022. That means it will be harder for you get support from Microsoft going forwards if you don’t upgrade to V2. Microsoft says that all versions of Azure AD Connect V1 will be retired on 31st August, 2022.
You can download Azure AD Connect V2 from Microsoft’s website here.