I was just doing some work in a devops work tenant, that usually has a Hybrid setup created and Azure AD Connect installed and running, and I realized that I needed to check when was the last time that:
- the Directory synchronized successfully
- Passwords synchronized successfully
As this is a very simple process I thought I should write a 5min blog post about it.
All you have to do is connect to the Azure Active Directory of your tenant and execute the Get-MSOLCompanyInformation.
The 3 parameters that you want to look at are:
- DirectorySynchronizationEnabled (this one is not mentioned above. It shows if the tenant has the synchronization enabled or not)
Hope that this information is helpful.
Earlier this week Microsoft announced the end of support for the legacy Microsoft Dirsync and Microsoft Azure AD Sync tools. Millions of customers out there use one of those two tools, or the new Microsoft Azure AD Connect, to sync their users, groups, passwords, etc, from their On-Premises Active Directory to the Azure AD.
After quite a few name changes, it looks like the Azure AD Connect major version is here to stay, and now it’s time to end support to the two older major versions, and make sure that all of them are updated and replaced with the AD Connect.
If you haven’t done it already, it’s time to read the Microsoft announcement, and to start planning that upgrade.
Now let’s take the key points of the Microsoft announcement:
- In April 13th 2016 Microsoft announced the deprecation of both Dirsync and Azure AD Sync
- The end of support for both versions of the sync tool was planned to be April 13th 2017. That date is now official with the announcement this week and in that day the official support to those tools is gone
- Azure AD will stop accepting connections from both tools in December 31st 2017
The most relevant thing to take into account is that, either you upgrade those instances, or they will stop working by the end of this year.
Now that you are probably more than convinced to update your instance(s) for your customers or your infrastructure, let’s bullet point some thoughts to have into account when planning the upgrade:
- Make sure you read the official Microsoft document to upgrade Dirsync to Azure AD Connect
- Or make sure you read the official Microsoft document to upgrade Azure AD Sync to Azure AD Connect
- You can only do in place upgrade from Azure AD Sync to AD Connect or from an old to a more recent version of AD Connect. In place upgrades from Dirsync are not supported
- Microsoft describes the migration done with a parallel server, to replace the existing, as “Swing migration”
- On a standard Dirsync or AD Sync instance, there’s nothing that you need to backup and restore in the new version. The new Azure AD Connect instance will do a fresh full sync after the installation. That full sync will bring all data from the local and the Azure AD. Replacing a Dirsync or an AD Sync instance should not require restoring data
- The only exception to the above statement is when you have some type of filtering. Filtering can be done at the AD OU, Domain or attribute level. In those cases you need to make sure you replicate the filtering you have in place, into the new instance.
- To learn more about Dirsync filtering click here.
- To learn more about AD Sync and AD Connect filtering click here.
- If you are not doing an in place upgrade, you need to be aware that the “downtime” on your sync instance has impact in creating new account and replicating changes to the existing ones (that includes password changes, if you have password sync enabled)
And that’s it. As simple as that. Start downloading the AD Connect version and it’s upgrade time! 🙂
Let me know if you have questions.