Azure AD Connect V2 is OUT!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Just cleared my az-900! If this is your official account, thank you for your videos! They really helped me, onto your power shell playlist now

👍︎︎ 2 👤︎︎ u/kratosgamer10 📅︎︎ Sep 04 2021 🗫︎ replies
Captions
hey everyone in this video i just really want to make sure people are aware the v2 of azure ad connect has been released and just give you some information about how you actually get this in your environment as always if this is useful a like subscribe comment and share really is appreciated and hit that bell icon to get notified of new content so the whole point of azure ad connect is we think about well we have our on-premises active directory and then we have our cloud-based identity provider which is azure ad so we have an instance of azure ad and we don't want to recreate all of our objects that'll be a horrible user experience a horrible administration experience and so we want to synchronize we want to replicate the objects from aed to azure id and this is what azure ad adconnect does it provides that ability and it really is this flow that is the direction ad is a source of truth and it's replicating up into azure ad it can do things like send a hash of the password hash so we can get kind of a seamless sign-on for the users or we can actually have things like hey pastor authentication so domain controllers actually do the authentication you can do federation doesn't really buy you a lot today the whole point is hey our identity essentially is pushed up into the cloud so the users get this fantastic experience then azure ad we can take advantage of things like conditional access azurity mfa identity protection all those fantastic things and of course all the other cloud services trust azure aed so we're taking our on-prem identity establishing it out in the cloud so now all of those cloud-based systems can use it using award for open id connect etc and so we can think about this azure ad connect has been around for a really long time and the way it really works is it runs on some os instance which we draw in green and it uses kind of a sequel local database it runs kind of an engine to actually do the synchronization and it pushes those changes up and historically to do that communication it used the msal so the adal the azure ad authentication library and there's been a shift so the adal is really being retired in favor of the msal the microsoft authentication library which gives us this new v2 common endpoint for both azure id and kind of microsoft accounts so what we're seeing is we have this new v2 of azure ad connect now it's still free there's no cost to use azure ad connect it is available for download right now so if we actually jump over super quickly we can go and see hey i can go to the azure id download location and there's my azure ad connect and if i expand out the details we can see yep we're looking at the version two so we're going to leverage that to actually now move over to this new version of the azure ad connect and what that's giving us is a few core things now as i kind of talked about already so the v2 is really moving from the old kind of 80 al so now it's actually going to leverage the microsoft authentication library and this new kind of v2 endpoint now even the old kind of v1 i think it was v 1.5 um dot something 30 maybe let you actually start shifting to the new v2 endpoint it gave me the ability to synchronize groups of 250 000 users in them so it was already that ability to do it in the 1.5.30 release but the v2 only uses kind of this new msal and that v2 endpoint so that's kind of one of the big shifts it's doing also it's moving to windows server 2016 and above so if i'm using an older version might be going to have to upgrade the os or create a clean install we'll kind of talk about that also this sql local database it uses is now pushing to a sql server 2019 local database so it's going to set up this sql 2019 local database so that's just going to happen for us again it's using that microsoft authentication library now it's going to use tls 1.2 only now there's other kind of requirements it's using sha2 signing for the binaries now again it has to be windows server 2016 it needs power shell 5. the good news is if i'm running windows server 2016 powershell 5 comes with that there's a bunch of security fixes you need it's just if you're keeping up with the latest changes to windows server 2016 letting it update you should have all of those already you can actually go and look at the prerequisites document and it goes through hey things you need in azure id what you need an ad execution policies prerequisites around the azure id connect notice it's telling you hey windows server 2016 and later it's all about hardening but if you keep scrolling down what it essentially gives me is the component prerequisites so a powershell.net framework enabled tls for azure ad connect dcom remote tls name resolution all of these various things now the only thing i had to actually do was the tls enablement that was not there by default so i'll include this link in the description and it does link to this when you try and run the azure ad connect upgrade if you don't have this it links to this document and all you basically need to do is you can take this entire script here this script and execute so if you run this script and then restart the box that will give you everything you need to have the tls that was the only issue i actually had as part of this installation that the tls 1.2 configurations were not done correctly just by default so run that script reboot and i was good to go so we're going to download this new 2 version of azure ad connect i can do an in-place upgrade so i can absolutely if i currently have kind of the v1 i can do an in-place upgrade now that's providing i'm running on windows server 2016. if i'm not i can't in place the upgrade because i'm not going to meet the prerequisites but i can very easily do that in place upgrade one thing to note if you do the in-place upgrade it doesn't uninstall the old i think it's the 2012 sql server express local database it leaves it on the box so post installation once you've finished you can actually go to the machine searching kind of the installed programs and you can uninstall the sql server 2012 local db you don't need it anymore and the 2012 command line if we just jumped over super quickly so here if i actually went to my this is my azure ad connect box so if i just in here just start typing apps so you can see your apps and features all you would do in here is type sql within this and what you now have already done the uninstallation but what you would see you can notice here i've got my kind of sequel 2019 local db you would also see kind of a sql server 2012 local db and you'd also see kind of a 2012 command line utilities so i've uninstalled both of those so there's a little bit of cleanup you probably want to do once you've actually done that in place upgrade but but really that's it that's the only thing but i can absolutely do that in place upgrade now if i don't want to or maybe i can't because of the os you could create a new windows server 2016 or new windows server 2019 you could absolutely go higher than that and one option would be i could take my existing azure ad connect my version one dot um whatever that might be 1.5 and you could export out so you could do a view or export current configuration export those settings out and then when you do your fresh installation of the v2 i could use these exported settings to actually go and configure the brand new fresh installation so that is absolutely an option you don't have to do the in-place upgrade i could totally just pay download do a fresh install in a new box and i could use that so you have those choices in terms of timing for this so the old azure ad connect the v1 based that's going to retire on the 31st of august 2022 so you can think about okay so the v1 this is retire i'm kind of that 8 31 20 22. but i want to get off of it before then because interestingly enough this adele is actually retiring on june 30th 2022. so this is kind of retire so really i i want to get off of that v1 before that date so you have time but i would certainly think about hey moving off of it now remember if you have a second azure ad connecting standby you're going to want to upgrade that as well but really that's it it's not a complicated upgrade there were no new features added in this initial v2 it's really about the the plumbing it's getting it moved to server 2016 it's getting sql server 2019 it's getting it tls 1.2 it's getting it using the microsoft authentication library and the v2 endpoint there was new functionality added actually back in the v1 530 when it could go and actually use the v2 endpoint and it gave me those 250 000 groups and some performance improvements etc but just the v2 on its own is not adding any new functionality but i want to get to it so i'm getting into that nice setup for the supported state and then they'll be building new features on top of that do remember there is the other options there is the azure ad connect cloud sync so when i talked about hey there's this kind of engine the process running in here that kind of works out what's changed what needs to synchronize there's a cloud version of that then i just have a very lightweight set of agents running on prem to communicate so i've got a separate video on that you can click and i'll put the description uh link as well that might be a fit it doesn't have all the same features as azure ad connect yet but it will get there but again that's the engine is all in the cloud it's just these very lightweight agents on-prem so you do have that other option of the azure 80 connect cloud sync so that's it the v2 is here i recommend go and get it switch over and again it's very clean and simple in place upgrade just go and clear up the old sql database it leaves behind once you've successfully upgraded and made sure it's working i can just go and clean that up so that's it until next time take care you
Info
Channel: John Savill's Technical Training
Views: 66,667
Rating: 4.9628553 out of 5
Keywords: azure, azure cloud, microsoft azure, microsoft, cloud, azure ad, azure ad connect, synchronization
Id: geh-eucou_0
Channel Id: undefined
Length: 13min 8sec (788 seconds)
Published: Thu Sep 02 2021
Related Videos
The Line Between AD and Azure AD!
John Savill's Technical Training
17K
How to Upgrade to Windows 11 (Microsoft Official Release)
Northern Viking Everyday
62K
Windows 11 is bigger than we thought
Linus Tech Tips
3.4M
A breakdown of my weekly routine!
John Savill's Technical Training
7K
DevOps Master Class - Part 1 - Foundation
John Savill's Technical Training
25K
Microsoft Azure Application Gateway Deep Dive
John Savill's Technical Training
8.9K
Azure AD Connect V2 | Step by Step Installation Upgrade
Cloud Inspired
636
Microsoft Azure Q3 2021 Quarterly Update
John Savill's Technical Training
2.9K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
New Solution for Azure AD Synchronization with AAD Cloud Sync
John Savill's Technical Training
16K
How Hidden Technology Transformed Bowling
Veritasium
5.3M
Azure AD App Registrations, Enterprise Apps and Service Principals
John Savill's Technical Training
47K
Azure AD Privileged Identity Management (PIM) - AZ-500, SC-300 Deep Dive Topic
John Savill's Technical Training
16K
AZ-700 Designing and Implement Azure Networking Study SUPER Guide!
John Savill's Technical Training
25K
Understanding DNS in Azure
John Savill's Technical Training
26K
Microsoft Azure Master Class Part 3 - Governance
John Savill's Technical Training
21K
Microsoft Azure Weekly Update - 3rd October 2021
John Savill's Technical Training
4.3K
Windows 365 Deep Dive
John Savill's Technical Training
11K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.