ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
22 May 2019

Azure AD Connect v1.3: Group writeback, new support agents, connector warnings and more

  • Identity and access management
  • Azure AD
Ian Bassi

A new version of Azure AD Connect has just been released that includes a significant number of changes and updates.

As of writing, this new version of Azure AD Connect is not currently available for auto-update and must be downloaded. But if you have auto-update enabled, keep an eye out for it coming soon.

Manually upgrading the product is easy enough, but make sure you have backups in place, and compare your configuration before and after to make sure no unexpected changes have occurred.

If you have a staging environment, it makes sense to upgrade this first, confirm everything is working as expected, and that the pending exports are okay. If everything looks good, you can then turn the production box to standby, and put the standby box into production mode.

 

Azure AD Connect: New features in general availability

Two new features in this release are now in general availability, the first being group writeback.

This allows distribution groups created in Azure AD to be created on-premises. This means that if you have users who only have on-premises accounts, they can now be a member of an Office 365 (O365) group and access the resources of that group, such as files stored in OneDrive or previously sent messages.

To use this feature, you need Azure Active Directory Premium Licences, and to have configured a hybrid deployment between your Exchange on-premises and O365 environment.

It is important to note, this does not allow you to manage on-premises security groups in Azure AD, or to create new on-premises Security Groups in Azure AD and have these written back. It is just to allow users who have not migrated to the Cloud to access O365 Group resources.

See here for more information.

Exchange Mail Public is the other feature to go into general availability, allowing you to share and work with colleagues with greater ease.

Free e-Guide: The biggest trends in identity and access management

Download your e-Guide now to prepare for the identity challenges of tomorrow and gain:

  • Insights on the top five trends that are driving demand for IAM
  • Guidance on where your organisation should focus its time and resources
Get my free e-Guide

Big changes in Azure AD Connect

Let’s look at the 3 big changes included in this release:

Default rules can no longer be edited

Unlike previous versions, which only advised against it, it is now no longer possible to change the default rules in the Rules Editor. When you upgrade, any existing rules will have a warning symbol to alert you that a change has been made.

It is still possible to disable a default rule and create a copy. More info here.

A new support agent

This new support agent allows Microsoft to see the data and error messages in your environment, without it ever being saved.

The data is requested in the Azure Portal by a Microsoft Consultant and the agent sends the data to Azure, where the Microsoft consultant can view the information. Once the session is finished, all the data is removed.

Sync Engine connector warning

The final significant change is that the connectors within the Sync Engine have been updated with a warning against making any changes, suggesting that the Wizard is used instead. This has always been recommended best practice, but this warning now makes that very clear.

Several other smaller changes and advances have also been made, such as improved error handling and messaging. A few changes are also around ADFS, with auto-upgrade support for more scenarios and additions to the functionality.

There are also numerous fixes, that will improve the performance of the sync engine and reduce the number of errors you will see.

 

Defects

As of now, the only defect I have run into so far is when using the Merge or MergeIgnoreCase transformations.

In the past, this has been one of the few exceptions to the rule, where it was required to edit the default rules. Just disabling them, still caused the validation to fail.

Now that it is no longer possible to edit the default rules in the Rule Editor, it would be nice for the validation checks to be ignored on disabled rules as, after all, they should not be run.

As a workaround for this issue, it is still possible to delete default rules. Before you delete it, use the export command to create a PowerShell command to re-create it. Once this is created, and saved, you can then delete the default rule. Open the file, make the change to transformation for the rule which is causing the issue, and then run the PowerShell.

The rule will now be back in the solution, with the change made as required. It is still recommended to create a duplicate rule and leave this one disabled, but at least the solution will continue to work.

If you want to take advantage of these new features, and need some help upgrading, please contact us to arrange a free half-day workshop session.

You may also like...

Blog

Microsoft’s cloud identity strategy – 11 key moments from the Alex Simons 2019 keynote

Blog

Microsoft Ignite 2019 – Identity and security highlights

Blog

Creating a cloud identity strategy: What you need to know

Recent Blog Articles

View All
Author
Ian Bassi
Senior Consultant
Learn More

Apply for a free Identity Management Workshop

Envision a secure future, with automated user management and controlled access.

Apply for free workshop
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.