Moving away from old Azure AD Connect ...

One of the client we work for had hybrid Active Directory, which means they have their on premise domain with two on premise domain controllers which synchronised with Azure Active Directory (now called Microsoft Entra Id).

They used Azure AD Connect utility to sychronise users and credentials between on premise domain controllers and Azure AD (Entra Id). This utility was installed on one of the domain controllers.

They had version 1.x. Last week they suddenly got a email from Microsoft saying AD Connect 1.x versions will be stopped working from 1st of October 2023. Company was not ware of this until then. When searched about this on the web, AD Connect 1.x versions was actually retired on 31/08/2022.

So they needed to act fast.

There were two options:

• Install newest version of Azure AD Connect (which is version 2.x)

or

• Install new utility Microsoft recommend to synchronise on premise AD with Microsoft Entra Id -> which is called Cloud Sync

Reading about Cloud Sync, it is the future proof utility to syncrhonised identities between on premise and Microsoft Entra Id. Program run primarily on cloud (un-like AD Connect) and have an agent running on the on premise server for synchronisation.

If you want to know more about Cloud Sync -> https://learn.microsoft.com/azure/active-directory/hybrid/cloud-sync/what-is-cloud-sync

After considering lot, we have decided to install new version of the AD Connect instead of Cloud Sync. This is mainly because, this organisation is schedule to remove all on premise present of network very soon. There fore it was not worthy to install whole new architecture of sync on servers.

When we tried to install, there were another issue. Azure AD Connect was not supporting Windows version below 2016. But they had domain controllers on Windows 2012 R2. There fore we had to upgrade them before starting to install new version.

Fortunately, domain controller upgrade was straight forward, didn't face much issues and we were able to upgrade to Windows 2019 and also increased the Domain Functional level to 2016 (which is the highest available at that time).

Only issue we faced while upgrading was preparing AD (because they were domain controllers)

All you have to do is run adprep. Adprep can be found in the installation DVD of the windows 2019 (or any other version).

For AD Connect upgrade we used swing migration -> https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-upgrade-previous-version#swing-migration

In this method, we installed AD Connect new version on the other domain controller and then kept it staging mode (not synching). Then we stopped old connect and un-installed it. Then we have activated the new version.