Back

New Updates for Azure AD Connect Version 1.1.105.0

Version 111050 and beyond February 16 2016 releaseWith the release of version 111050 of Azure AD Connect in mid February some major ch...

5 min read
Published on Apr 28, 2016
azure-ad-connect

Version 1.1.105.0 and beyond (February 16, 2016 release)

With the release of version 1.1.105.0 of Azure AD Connect in mid February, some major changes have come to the application, such as automatic upgrades, reduced sync interval, and modern authentication with two factor authentication enabled. We’ll look at some new updates for Azure AD Connect version 1.1.105.0 and beyond.

Automatic upgrades

Microsoft in the past has pushed regular updates to its Azure AD Connect application, requiring administrators to manually upgrade each time for stability and feature improvements. Now the application/service will automatically upgrade for administrators that install using “Express Settings,” which Agile IT usually does, without any administrative action. Existing installs not on at least version 1.1.105.0 will need to manually update to at least this version to take advantage of this feature.

Reduced sync interval

From inception, Azure AD Connect, and its previous iterations, have all had a 3-hour default sync interval, requiring manual syncs for just about any change as that timeline has proven too long. Modification of this default interval was always a complicated and unsupported configuration. Now the tool has a 30-minute default interval and modification can be done via PowerShell, though anything less than 30 minutes is not supported by Microsoft.

You can view your current sync interval with the following PowerShell command:

Get-ADSyncScheduler Azure AD Get-ADSyncScheduler

AllowedSyncCycleInterval. The most frequently Azure AD will allow synchronizations to occur. You cannot synchronize more frequently than 30 minutes and still be supported.

CurrentlyEffectiveSyncCycleInterval. The schedule currently in effect. It will have the same value as CustomizedSyncInterval (if set) if it is not more frequent than AllowedSyncInterval. If you change CustomizedSyncCycleInterval, this will take effect after next synchronization cycle.

CustomizedSyncCycleInterval. If you want the scheduler to run at any other frequency than the default 30 minutes, you will configure this setting. In the picture above the scheduler has been set to run every hour instead. If you set this to a value lower than AllowedSyncInterval, the latter will be used.

NextSyncCyclePolicyType. Either Delta or Initial. Defines if the next run should only process delta changes, or if the next run should do a full import and sync, which would also reprocess any new or changed rules.

NextSyncCycleStartTimeInUTC. Next time the scheduler will start the next sync cycle.

PurgeRunHistoryInterval. The time operation logs should be kept. These can be reviewed in the synchronization service manager. The default is to keep these for 7 days.

SyncCycleEnabled. Indicates if the scheduler is running the import, sync, and export processes as part of its operation.

MaintenanceEnabled. Shows if the maintenance process is enabled. It will update the certificates/keys and purge the operations log.

IsStagingModeEnabled. Shows if staging mode is enabled. You can modify all these settings with

Set-ADSyncScheduler. The parameter IsStagingModeEnabled can only be set by the installation wizard.

Starting a manual sync

The scheduler will by default run every 30 minutes. In some cases, you might want to run a sync cycle in between the scheduled cycles or you need to run a different type.

Delta sync cycle

A delta sync cycle includes the following steps:

  • Delta import on all Connectors
  • Delta sync on all Connectors
  • Export on all Connectors

It could be that you have an urgent change which must be synchronized immediately which is why you need to manually run a cycle. If you need to manually run a cycle, then from PowerShell run Start-ADSyncSyncCycle -PolicyType Delta.

Full sync cycle

If you have made one of the following configuration changes, you need to run a full sync cycle (a.k.a. Initial):

  • Added more objects or attributes to be imported from a source directory
  • Made changes to the Synchronization rules
  • Changed filtering so a different number of objects should be included
  • If you have made one of these changes, then you need to run a full sync cycle so the sync engine has the opportunity to reconsolidate the connector spaces. A full sync cycle includes the following steps:
    • Full Import on all Connectors
    • Full Sync on all Connectors
    • Export on all Connectors

To initiate a full sync cycle, run Start-ADSyncSyncCycle -PolicyType Initial from a PowerShell prompt. This will start a full sync cycle.

Domain/OU Filtering

Some customers find the need to filter out OUs from syncing with Office 365 for a variety of reasons, be it to keep service accounts out of active users, filter out contractors, etc. The ability to filter out OUs was not natively in older versions of Azure AD Connect and its previous names but was possible through other means. Now this ability is built into the Azure AD Connect application under the customize path of the install and you also have the option to configure filtering post setup.

Azure AD Connect additional tasks view

Azure AD domain and OU filtering

Any OUs you wish to skip sync simply uncheck them here, or check new ones you wish to be synced. The older way of filtering through the misclient will still work but is no longer supported.

Modern authentication

Microsoft recommends that any users who have administrative privileges have strong authentication configured. In the past, the Azure AD Connect wizard did not seamlessly work with multifactor authentication, which as a result made using this feature difficult. With this release, Azure AD Connect now leverages the Azure AD Authentication library (ADAL) and the Modern Authentication protocols that it supports, for sign-in to Azure AD. You can now specify an admin user that has MFA or PIM configured to connect to Azure AD.

Need help managing your cloud environment? Learn more about AgileCover fully managed IT support to find out how we can position your organization for growth in the cloud.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read
Top 10 Reasons to Partner with an MSP for Security and Compliance

Top 10 Reasons to Partner with an MSP for Security and Compliance

Discover why partnering with an MSP for security and compliance is critical for organizations navigating FAR CUI and CMMC requirements.

Feb 21, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation