What is Azure AD Connect V2 and Why Should You Care?
Azure AD Connect is Microsoft’s Hybrid Identity bridge that synchronizes objects and their attributes from on-premises identity infrastructure to Microsoft Azure AD. First announced in 2000, Azure AD Connect has been around for a while. With vast capabilities like password hash synchronization, pass-through authentication, health monitoring, and more, Azure AD Connect helps achieve your hybrid identity goals by controlling different levels of access.
What is Azure Active Directory Connect V2?
Azure AD Connect V2 is the new version of Azure AD Connect, which was released without any additional capabilities. The focus of V2 is on the existing elements and their individual updates. Several features of Azure AD Connect have been scheduled for deprecation and hence bringing out new updates one after another would be extremely time-consuming. Instead, Microsoft has announced Azure AD Connect V2, by combining each component update into a single release.
So, if you are currently using Azure AD Connect, you’ll have to consider moving to Azure AD Connect V2 in the near future. Let’s take a look at the new version of Azure AD Connect and explore the changes that it brings about and how these may impact you.
What is the Most Impactful Change and Why is Microsoft doing it?
The most crucial change of all is the update of the authentication library from Azure Active Directory Authentication Library (ADAL) to Microsoft Authentication Library (MSAL). ADAL integrates with the Azure AD for developers V1.0 Endpoint, whereas MSAL integrates with the Microsoft Identity Platform V2 Endpoint. Not to mention, the V2 Endpoint provides a converged experience, enabling you to access both work and personal accounts, whereas ADAL only allows you to authenticate your work account.
Also, Azure AD V1 was not standard compliant with OAuth2 and OpenID Connect. But the V2 Endpoint, which is a part of the Microsoft Identity Platform, is standard compliant. Since the Microsoft Authentication Library talks to the V2 Endpoint, you could say that MSAL is the new and improved version of ADAL.
The MSAL is used to acquire tokens from the Microsoft Identity Platform and to authenticate and access secured web APIs. In order to ensure, complete migration from ADAL to MSAL, the retirement of ADAL will start in June 2022, after which no additional technical support or security updates will be provided.
What other Changes Were Brought About with Azure AD Connect V2?
Even though there aren’t new functionalities, some foundational components are transforming. Let us guide you through them:
- Moving to SQL Server 2019 LocalDB: Providing enhanced stability and performance along with several security-related bug fixes, Azure AD Connect V2 ships with SQL Server 2019 LocalDB. The previous version, SQL Server 2012 will go out of extended support in July 2022.
- Updating to the Visual C ++ Redist 14 runtime: Since the SQL Server 2019 requires this version, Azure AD Connect V2 is updating to this. In case you are worried about running an additional update for it, don’t fret, it will be included in the Azure AD Connect V2.0 package.
- Only supporting TLS 1.2: As Microsoft deems previous versions unsafe and is deprecating them, therefore, moving over to TLS 1.2 becomes a critical update. So, you will need to make sure your server can support it too.
- All binaries signed with SHA2: The SHA-1 algorithm was weak and did not align with industry standards causing Microsoft to upgrade all binaries to SHA2 signing. This ensures that all updates come directly from Microsoft and there is no tampering during delivery.
- No Support for Windows Server 2012 and Windows Server 2012 R2: SQL Server 2019 requires Windows Server 2016 or newer as a server operating system. Please make note, that you cannot install this version on an older server version, thus, it becomes necessary for you to upgrade to at least Windows Server 2016.
- PowerShell 5.0 is a Required: Azure AD Connect V2 has several elements that require PowerShell 5.0 making it a prerequisite for the update. At the same time, Windows Server 2016 comes with PowerShell 5.0 out of the box, which will prevent you from taking any additional steps for it.
Why is it Necessary to Upgrade to Azure AD Connect V2?
If you are still unsure about migrating to Azure AD Connect V2, let us tell you that it won’t be long before you are unable to get the most out of your Azure AD Connect setup without migrating. So many different elements that V1 depends on will be deprecated in the coming year. In fact, TLS 1.0/1.1 has already been deprecated from Azure since June 2021.
As mentioned earlier, the Azure service will no longer accept ADAL connections starting June 2022, which will block an Azure AD Connect Server from working properly if you are not running on V2.
Once it gets harder for you to get the needed support from Microsoft, there is only so much you can do to continue to operate efficiently. Microsoft has gone on to say that all versions of Azure AD Connect V1 will be retired by 31st August 2022, leaving you with about 10 months’ time to plan and move over to V2.
Prepare to Upgrade to Azure AD Connect V2
Now is a good time to start planning your upgrade as several prerequisites have been updated as well. Thus, upgrading between versions will require some time-consuming specific infrastructure work for most organizations which will need to be completed prior to ADAL retirement. To put your mind at ease, you can upgrade from any previous version to Azure Active Directory Connect V2.0.
You have the option to do an in-place upgrade from V1 to V2 if you are running Windows Server 2016 or later. It will not uninstall the older SQL Server 2012 LocalDB, it leaves it on the box. Once the installation is complete you can uninstall the old one and its command-line utilities.
In case you are unable to do an in-place upgrade because of your operating system, you can create a new Windows Server 2016 or higher and export out the existing Azure AD Connect version. Then when you do a fresh installation of Azure AD Connect V2.0, you can simply use the export settings to configure the new installation.
If at any point you have questions or find the process of moving to Azure AD Connect V2.0 challenging, the Steeves and Associates team are more than happy to provide you with assistance. Reach out to us with any concerns about migrating and let us help you transition to Azure AD Connect V2 with ease.