Azure AD connect download

In this azure tutorial, we will discuss Azure AD connect download. Apart from this, we will also discuss on below topics

  • Azure ad connect requirements
  • AAD connect upgrade
  • Azure ad connect firewall ports
  • Check Azure ad connect version
  • Azure ad connect user writeback
  • How to enable Azure ad connect user writeback

Azure ad connect download

Azure AD Connect is one of the  Microsoft tools that helps with multiple features like Password hash synchronization – This is a sign-in method that synchronizes a hash of the on-premises Active Directory password of the user with Azure AD.

Now the question here is from where you can download Azure ad connect. To download this, you need to open the below link

https://www.microsoft.com/en-us/download/details.aspx?id=47594

Once you open the above link, now you need to click on the Download button

Azure ad connect download

Once you click on the Download button, AzureADConnect.msi file get downloaded.

How to download Azure ad connect

Note: One important thing to note here is AzureADConnect installation only supports on the below-operating systems

Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019

If you will try to install in any other operating system then you will get a warning “AADConnect is only supported on Windows Server operating systems”.

Supported Operating System for Microsoft Azure AD Connect

Azure ad connect requirements

Before going for the installation of Azure ad connect, You need to consider the below points as prerequisites.

You should have an Azure AD tenant. You can get one by creating a free Azure account. If you don’t have an account till now, you can follow my article How to Create Azure Free Account (Step by Step tutorial) to create an Azure free account.

You can use Microsoft 365 IdFix tool to identify errors such as duplicates and formatting problems in your directory before you are going to synchronize to Azure Active Directory and Office 365.

The Active Directory schema version must be Windows Server 2003 or later version and The domain controller used by Azure Active Directory must be writable.

It is recommended to enable Active Directory recycle bin before proceeding further. This will help you to keep the accidentally deleted Azure AD user object in a soft-deleted state for 30 days. You can restore it based on your need.

If you want to install Azure AD Connect on a Domain Controller then it is not recommended due to security practices that can create problems during Azure AD Connect installation.

Azure AD Connect must be installed on Windows Server 2012 or later version (Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019), or else you will get a warning message and it will not allow you to do the installation. 

If you want to deploy Active Directory Federation Services then in that case you need TLS/SSL Certificates and you need to configure name resolution.

It is recommended to harden your Azure AD Connect server, this will reduce the security attack.

If you want to integrate an Azure AD Global Administrator account for the Azure AD tenant. This account must be a school or organization account.

You need to install Microsoft PowerShell and .NET Framework 4.5.1 version or a later version installed on your server as  Azure AD Connect depends on those.

Ensure that TLS 1.2 is enabled which is needed for Azure AD Connect and do not forget to install .NET 4.5.1 hotfix.

Hardware requirements for Azure AD Connect

When the no of object in Active directory is less than 10,000 then CPU required is 1.6 GHz, Memory required is 4 GB with hard disk size 70 GB.

In case, the no of object in Active directory is in between 10,000 to 50,000 then CPU required is 1.6 GHz, Memory required is 4 GB with hard disk size 70 GB.

If the no of object in Active directory is in between 150,000–100,000 then CPU required is 1.6 GHz, Memory required is 16 GB with hard disk size 100 GB.

But, when the no of object in Active directory is in between 100,000–300,000 then CPU required is 1.6 GHz, Memory required is 32 GB with hard disk size 300 GB.

While, the no of object in Active directory is in between 300,000–600,000 then CPU required is 1.6 GHz, Memory required is 32 GB with hard disk size 450 GB.

If the no of the object in Active Directory is more than 600,000 then CPU required is 1.6 GHz, Memory required is 32 GB with hard disk size 500 GB.

Azure ad connect upgrade

Here, we will discuss the methods to upgrade the current version of Azure ad connect to the latest version. It is always suggested to keep the updated version.

There are three ways to upgrade the Azure ad connect version

  • Automatic upgrade
  • In-place upgrade
  • Swing migration

Automatic upgrade

It is always a better option to enable the Automatic upgrade option which will always upgrade to the current version automatically. It is enabled by default for express installations and DirSync upgrades.

The current status of the Automatic upgrade can be checked by the below powershell cmdlet

PS C:\windows\system32> Get-ADSyncAutoUpgrade
Azure ad connect upgrade

It has four states i.e Enabled (Automatic upgrade is feature is already enabled), Suspended (The system is not eligible to enable Automatic upgrade), Disabled (Automatic upgrade feature is disabled on the system).

With the help of the Set-ADSyncAutoUpgrade PowerShell command, you can change the status between Enabled and Disabled.

In-place upgrade

This method you can use when you have a single server so that you can upgrade the installation in-place on the same server. It works for moving from Azure AD Sync or Azure AD Connect.

It is a choice when you have only a single server and contains less than about 100,000 objects.

This process ensures that the new configuration is applied to all existing objects and the process might take a few hours, which depends on the number of objects.

So it is suggested to perform the in-place upgrade during a weekend.

It will check if there are no changes to the OOB configuration with the new Azure AD Connect release, then it will start a normal import/sync. But if you have made any changes to the OOB sync rules the out-of-box, then these rules are set back to the default configuration after the upgrade process.

Swing migration

You can choose the swing migration when there are many objects in the system or you have a complex deployment.

We can also use swing migration when you are planning to make substantial changes to your configuration and we want to test them before we are going to publish them to the cloud.

For this method, there is a need of two servers

  • Active serve
  • Staging server

Active production load will be there on the Active server and the new release or configuration will be stored on the staging server. When it’s fully ready, this server is converted to the active and previous active server, where the old version or configuration installed, is converted to the staging server and is upgraded.

Ensure that both your active server and staging server are using the same version If you use Azure AD Connect on both servers and planning make only a configuration change. In case if you’re upgrading from Azure AD Sync, then these servers have different versions.

Azure ad connect firewall ports

Below is the information which describes the ports that are needed for communication between the Azure AD Connect and on-premise Azure AD and Azure AD

For communication between Azure AD Connect and on premise Azure AD

PortsDescription
53 (TCP/UDP)Needed for DNS lookups on the destination forest.
88 (TCP/UDP)Needed for Kerberos authentication to the AD forest.
135 (TCP)It is used for the initial configuration of the Azure AD Connect wizard when it binds to the Active Directory forest, needed for sync of the Password.
389 (TCP/UDP)It is required for importing the data from AD.
445 (TCP)Used to create the computer account in the AD forest.
636 (TCP/UDP)You can use this port to import data from the Active Directory.
5985 (TCP) and 9389 (TCP)We can use this port if we are installing AD FS with gMSA by the help of Azure AD Connect Wizard

For communication between Azure AD Connect and Azure AD

PortsDescription
80 (TCP)You can use this port to download Certificate Revocation Lists.
443(TCP)We can use it to synchronize with Azure Active Directory.

For more information, you can visit to Microsoft official site

Check Azure ad connect version

There are multiple ways available to check the version of the Azure Active Directory Connect.

Approach-1

  • From the start menu, search for the Control panel
  • Now click on the Programs link
  • Then click on the Uninstall a Program link
  • The complete path will be (Control Panel\Programs\Programs and Features). Here you can search for the Azure AD Connect and check for the version number on the last column.

Approach-2

Using the PowerShell cmdlet also you can check the version number of your Azure Connect AD installed on your machine. Below is the Powershell cmdlet

(Get-ADSyncGlobalSettings).Parameters | select Name,Value
Check Azure ad connect version

Azure ad connect user writeback

Password writeback is a feature that can be used to sync the password changes in Azure Active Directory back to your on-premises AD DS environment.

Azure AD Connect gives a secure way to send these password changes back to an existing on-premises directory from Azure AD

How to enable Azure ad connect user writeback

You can enable password writeback in Azure AD Connect by following the below steps

Step-1: You need to sign in to Azure AD Connect server and now start the Azure AD Connect widzard.

Step-2: Select the Configure option from the Welcome page.

Step-3: Now You need to select the Customize synchronization options on the Additional tasks page, then click on the Next button.

Step-4: Now it will ask to enter the credentials. Provide your global administrator credential on the Connect to Azure AD page and then click on the Next button.

Step-5: Click on the Next button on the Connect directories and Domain/OU filtering pages.

Step-6: Select(Check) the checkbox next to the Password writeback option On the Optional Features page and then click on the Next button.

Step-7: Select the Configure option on the Ready to configure page and wait for some time. After some time, you will see the configuration finish option then click on the Exit button.

You may like following Azure tutorials:

Conclusion

In this tutorial, we learned the below things:

  • Azure ad connect download
  • Azure ad connect requirements
  • AAD connect upgrade
  • Azure ad connect firewall ports
  • Check Azure ad connect version
  • Azure ad connect user writeback
  • How to enable Azure ad connect user writeback

Leave a Comment