Azure AD Connect 2.1.15.0 release

Microsoft releases Azure AD Connect 2.1.15.0 on July 7, 2022. This Azure AD Connect update includes a security vulnerability in the Azure AD Connect Admin Agent. If you have installed the Admin Agent previously it is important that you update your Azure AD Connect server(s) to this version to mitigate the vulnerability.

How to update Azure AD Connect to 2.1.15.0

It’s recommended to update Azure AD Connect to the latest version with the below steps:

1. Find Azure AD Connect server
2. Download Microsoft Azure Active Directory Connect
3. Upgrade Azure AD Connect (in-place upgrade)

Note: Upgrade Azure AD Connect to V2.x before August 31, 2022. Otherwise, several components will go out of support.

Go through one of the below articles to upgrade Azure AD Connect from V1.x to V2.x:

• Upgrade Azure AD Connect to V2.x (in-place upgrade)
• Migrate Azure AD Connect to new server (swing migration)

Azure AD Connect 2.1.15.0 functional changes

• We have removed the public preview functionality for the Admin Agent from Azure AD Connect. We will not provide this functionality going forward.
• We added support for two new attributes: employeeOrgDataCostCenter and employeeOrgDataDivision.
• We added CerificateUserIds attribute to AAD Connector static schema.
• The AAD Connect wizard will now abort if write event logs permission is missing.
• We updated the AADConnect health endpoints to support the US government clouds.
• We added new cmdlets “Get-ADSyncToolsDuplicateUsersSourceAnchor and Set-ADSyncToolsDuplicateUsersSourceAnchor” to fix bulk “source anchor has changed” errors. When a new forest is added to AADConnect with duplicate user objects, the objects are running into bulk “source anchor has changed” errors. This is happening due to the mismatch between msDsConsistencyGuid & ImmutableId. More information about this module and the new cmdlets can be found in this article.

Azure AD Connect 2.1.15.0 bug fixes

• We fixed a bug that prevented localDB upgrades in some Locales.
• We fixed a bug to prevent database corruption when using localDB.
• We added timeout and size limit errors to the connection log.
• We fixed a bug where, if child domain has a user with same name as parent domain user that happens to be an enterprise admin, the group membership failed.
• We updated the expressions used in the “In from AAD – Group SOAInAAD” rule to limit the description attribute to 448 characters.
• We made a change to set extended rights for “Unexpire Password” for Password Reset.
• We modified the AD connector upgrade to refresh the schema – we no longer show constructed and non-replicated attributes in the Wizard during upgrade.
• We fixed a bug in ADSyncConfig functions ConvertFQDNtoDN and ConvertDNtoFQDN – If a user decides to set variables called ‘$dn’ or ‘$fqdn’, these variables will no longer be used inside the script scope.
• We made the following Accessibility fixes:
• Fixed a bug where Focus is lost during keyboard navigation on Domain and OU Filtering page.
• We updated the accessible name of Clear Runs drop down.
• We fixed a bug where the tooltip of the “Help” button is not accessible through keyboard if navigated with arrow keys.
• We fixed a bug where the underline of hyperlinks was missing on the Welcome page of the wizard.
• We fixed a bug in Sync Service Manager’s About dialog where the Screen reader is not announcing the information about the data appearing under the “About” dialog box.
• We fixed a bug where the Management Agent Name was not mentioned in logs when an error occurred while validating MA Name.
• We fixed several accessibility issues with the keyboard navigation and custom control type fixes. The Tooltip of the “help” button is not collapsing by pressing “Esc” key. There was an Illogical keyboard focus on the User Sign In radio buttons and there was an invalid control type on the help popups.
• We fixed a bug where an empty label was causing an accessibility error.