Yesterday, a new version of Azure AD Connect was released: version 1.5.18.0. This is the first release in the 1.5.x branch of Azure AD Connect.
Azure AD Connect is Microsoft's free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.
What's New
Azure AD Connect v1.5.18.0 offers the following new features:
Support for the mS-DS-ConsistencyGUID feature for groups
Since Azure AD Connect v1.1.553.0, the mS-DS-ConsistencyGUID attribute can be used as the source anchor for user objects. The benefit of using the mS-DS-ConsistencyGUID attribute instead of the objectGUID attribute is that admins can migrate user objects from one Active Directory forest in scope of Azure AD Connect to another Active Directory forest in scope of Azure AD Connect. Azure AD Connect would automatically reconnect the Azure AD object and Azure AD-integrated applications and services to the new object without having to rely on soft matching.
Now, this feature is also available for group objects. This feature allows admins to move groups between forests or reconnect groups in AD to Azure AD where the AD group objectID has changed, e.g. when an AD server is rebuilt after a calamity. For more information see Moving groups between forests.
Note:
The mS-DS-ConsistencyGUID attribute is automatically set on all groups in scope of Azure AD Connect. There is no required actions to enable this feature.
What's Changed
Azure AD Connect v1.5.18.0 offers the following changes:
Removed the Get-ADSyncRunProfile PowerShell cmdlet
The Get-ADSyncRunProfile PowerShell cmdlet is removed because it is no longer in use.
More information when using an admin account as Connector account
Since Azure AD Connect version 1.4.18.0, using an account with memberships to the Enterprise admins group or the Domain admins group as the AD DS connector account is no longer supported in new Azure AD Connect Deployments.
In version 1.5.18.0, the warning admins see when attempting to use an account with memberships to the Enterprise admins group or the Domain admins group for the AD DS connector account is changed to provide more context.
Introduction of Remove-ADSyncCSObject
Microsoft added a new PowerShell cmdlet to remove objects from the connector space.
The old
CSDelete.exe tool is removed, and it is replaced with the new
Remove-ADSyncCSObject PowerShell cmdlet.
The Remove-ADSyncCSObject PowerShell cmdlet takes a CsObject
as input. This object can be retrieved by using the Get-ADSyncCSObject PowerShell
cmdlet.
What's Fixed
Azure AD Connect v1.5.18.0 offers the following fixes:
- Microsoft a bug in the group writeback forest/OU selector on rerunning the Azure AD Connect wizard after disabling the feature.
- Microsoft introduced a new error page that will be displayed if the required DCOM registry values are missing with a new help link. Information is also written to log files.
- Microsoft fixed an issue with the creation of the Azure Active Directory synchronization account where enabling Directory Extensions or Password Hash Synchronization (PHS) may fail because the account has not propagated across all Azure AD service replicas before attempted use.
- Microsoft fixed a bug in the sync errors compression utility that was not handling surrogate characters correctly.
- Microsoft fixed a bug in the Automatic Upgrades functionality, which left Azure AD Connect in the scheduler suspended state.
Version information
This is version 1.5.18.0 of Azure AD Connect.
This release is the first release in the 1.5 branch for Azure AD Connect. It was made available for download on April 2, 2020.
Download information
You can download Azure AD Connect here.
The download weighs 96.5 MB.
The post Azure AD Connect v1.5.18.0 brings mS-DS-ConsistencyGUID as source anchor for Groups appeared first on The things that are better left unspoken.