Azure AD Connect is a free tool from Microsoft that’s used for synchronizing objects between on-premises Windows Server Active Directory (AD) and Azure Active Directory. Microsoft announced in August the availability of Azure AD Connect V2.0. And in this article, I’m going to discuss the major changes in this new release.
Here are the major new changes in Azure AD Connect V2:
Some of the components in Azure AD Connect were scheduled for deprecation and have already been updated to newer versions. So, Microsoft decided that it would be easier to release a completely new version of Azure AD Connect rather than have users try to update each of the outdated components individually.
Azure AD Connect V2 is built using the latest components and it is designed to help organizations achieve their hybrid identity goals. Azure AD is Microsoft’s cloud-based identity solution. It is used whenever users log into a service using a Microsoft work or school account. For example, when you log into Microsoft 365. But Azure AD isn’t only useful for signing into Microsoft’s cloud services. It can be used as the identity solution for third-party cloud services, Windows 10, and line-of-business apps developed in the cloud specially for your organization.
The biggest change is to the database which underpins Azure AD Connect’s functionality.
V2 of the tool uses SQL Server 2019 LocalDB to provide enhanced stability, performance, and some important security fixes. The old tool was based on SQL Server 2012 LocalDB, which will go out of extended support in July 2022.
LocalDB copies a minimal set of files to get the SQL database engine up and running. LocalDB is part of SQL Server 2019 Express edition, which is designed to let developers include a database as part of their application with the minimum of effort and with fewer resources than a complete installation of SQL Server.
The old version of Azure AD Connect used the ADAL authentication library, which will be deprecated in June 2022. So, Azure AD Connect V2 uses the MSAL library. The MSAL library is used for getting security tokens from the Microsoft Identity platform, and then to authenticate users and access secured web APIs.
In a similar manner, Microsoft has updated the Visual C++ runtime redistribution to version 14. The runtime is required by SQL Server. The runtime is automatically installed by Azure AD Connect V2, so you don’t need to install it as a prerequisite.
Azure AD Connect V2 only supports TLS 1.2 for establishing secure network connections. Microsoft is deprecating both TLS 1.0 and TLS 1.1 because they are no longer considered adequate to provide proper protection. Make sure that you enable TLS 1.2 on your server before installing or upgrading to Azure AD Connect V2.
With this release of Azure AD Connect, Microsoft will no longer support Windows Server 2012 and Windows Server 2012 R2. Microsoft SQL Server 2019 requires Windows Server 2016 or later, so Microsoft can no longer support installing Azure AD Connect on server operating systems older than Windows Server 2016.
Some of the cmdlets that ship with Azure AD Connect now require PowerShell 5.0. Because PowerShell 5.0 is already included out-of-the-box in Windows Server 2016, which is the oldest version of Windows Server that Azure AD Connect V2 supports, you shouldn’t need to take any action to meet this requirement.
While there is no new functionality in this release, you should plan to upgrade to Azure AD Connect V2 because several of the components V1 depends on will be deprecated in 2022. That means it will be harder for you to get support from Microsoft going forwards if you don’t upgrade to V2. Microsoft says that all versions of Azure AD Connect V1 will be retired on August 31st, 2022. You can learn more about Which Azure AD Connect Versions Are Currently Supported in our separate article.