Azure AD Connect Download

Azure AD Connect is one of the Microsoft tools that helps with multiple features like Password hash synchronization – This is a sign-in method that synchronizes a hash of the on-premises Active Directory password of the user with Azure AD.

Azure Active Directory Connect Download

Where to get Azure AD Connect

Now the question here is from where you can download Azure ad connect. To download this, you need to open the below link

https://www.microsoft.com/en-us/download/details.aspx?id=47594

Once you open the above link, now you need to click on the Download button

Once you click on the Download button, AzureADConnect.msi file get downloaded.

How to download Azure ad connect — azure ad connect upgrade

Note: One important thing to note here is AzureADConnect installation only supports the below-operating systems

Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019

If you will try to install it in any other operating system then you will get a warning “AADConnect is only supported on Windows Server operating systems”.

Supported Operating System for Microsoft Azure AD Connect — download azure ad connect

Or, you can also download the Azure Active Directory Connect from the Azure Portal using the below steps

Login to Azure Portal (https://portal.azure.com/).
From the left of the Azure Portal Menu, click on the Azure Active Directory link.

Or, for the same option, you can search for the Azure Active Directory and click on the search result Azure Active Directory as shown below.

3. On the Azure Active Directory pane, click on the Azure AD Connect option as highlighted below from the right side.

4. Click on the Download Azure AD Connect link under the Provision from Active Directory section as highlighted below.

Where to download AAD Connect — azure ad connect step by step

This is how you can download the Azure Active Directory using Azure Portal.

How to install and configure Azure AD Connect

As we have discussed using the above steps you can download the .msi file either from the Microsoft link or from the Azure Portal. Once you will download the .msi file using the above steps. Follow the below instruction to know how to install azure ad connect.

Install Azure AD Connect

The first step is to double click on the AzureADConnect.msi file to launch it that you have downloaded in the above step.
Now, you can able to see the Microsoft Azure Active Directory Connect wizard welcome screen, click on the Continue button to navigate to the next screen.
Now you will see two buttons that are customized and Use express settings. Click on the Use express settings button.
Now on the Connect to Azure AD screen, it will ask you to enter your Azure AD global administrator credentials. Enter your credentials and then click on the Next button to navigate to the next screen. An important point to remember here is this is the account that is only needed to configure the AAD connect.
On the Connect to AD DS screen, enter your Active Directory Domain Services enterprise administrator credentials and then click on the Next button.
You might see the Azure AD Sign-in configuration page, review if you can see any domains not listed as verified and you need to verify it in the Azure AD before moving to the next step.
After the verification of your domain, click on the Refresh icon, you should see the status as verified by now.
Otherwise, for the same stuff, you can tick the check box for Continue without matching all UPN suffixes to verified domains. This will allow you to continue the Azure AD Connect wizard.
Click on the Next button as the next step.
After the verification of the domain in the last step, now check the box for starting the synchronization process when configuration completes, else, you can uncheck the check box and then click the Install button. One important point is if you will uncheck the box sync will be configured but the problem here is until you re-run the AAD Connect wizard, it won’t run.
Now the installation will start. if there are any errors, it will be listed on the Configuration complete page. You can click on the Exit button to complete the setup.

This is How to install and configure Azure AD Connect by following the above steps.

Azure ad connect requirements

Before going for the installation of Azure ad connect, You need to consider the below points as prerequisites.

Azure AD

You should have an Azure AD tenant. You can get one by creating a free Azure account. If you don’t have an account till now, you can follow my article How to Create Azure Free Account (Step by Step tutorial) to create an Azure free account.

Active Directory

You can use Microsoft 365 IdFix tool to identify errors such as duplicates and formatting problems in your directory before you are going to synchronize to Azure Active Directory and Office 365.

The Active Directory schema version must be Windows Server 2003 or later version and The domain controller used by Azure Active Directory must be writable.

It is recommended to enable the Azure Active Directory recycle bin before proceeding further. This will help you to keep the accidentally deleted Azure AD user object in a soft-deleted state for 30 days. You can restore it based on your need.

If you want to install Azure AD Connect on a Domain Controller then it is not recommended due to security practices that can create problems during Azure AD Connect installation.

Operating system Requirements

Azure AD Connect must be installed on Windows Server 2012 or later version (Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019), or else you will get a warning message and it will not allow you to do the installation.

If you want to deploy Active Directory Federation Services then in that case you need TLS/SSL Certificates and you need to configure name resolution.

It is recommended to harden your Azure AD Connect server, this will reduce the security attack.

If you want to integrate an Azure AD Global Administrator account for the Azure AD tenant. This account must be a school or organization account.

PowerShell and .NET Framework

You need to install Microsoft PowerShell and .NET Framework 4.5.1 version or a later version installed on your server as Azure AD Connect depends on those.

Enable TLS 1.2

Ensure that TLS 1.2 is enabled which is needed for Azure AD Connect and do not forget to install .NET 4.5.1 hotfix.

Hardware requirements for Azure AD Connect

When the no of objects in the Active directory is less than 10,000 then the CPU required is 1.6 GHz, Memory required is 4 GB with a hard disk size of 70 GB.

In case, the no of objects in the Active directory is between 10,000 to 50,000 then the CPU required is 1.6 GHz, Memory required is 4 GB with a hard disk size of 70 GB.

If the no of objects in the Active directory is between 150,000–100,000 then the CPU required is 1.6 GHz, Memory required is 16 GB with a hard disk size of 100 GB.

But, when the no of objects in the Active directory is between 100,000–300,000 then the CPU required is 1.6 GHz, Memory required is 32 GB with a hard disk size of 300 GB.

While the no of objects in the Active directory is between 300,000–600,000 the CPU required is 1.6 GHz, Memory required is 32 GB with a hard disk size of 450 GB.

If the no of the object in Active Directory is more than 600,000 then the CPU required is 1.6 GHz, Memory required is 32 GB with a hard disk size of 500 GB.

Azure ad connect upgrade

Here, we will discuss the methods to upgrade the current version of Azure ad connect to the latest version. It is always suggested to keep the updated version.

Update Azure AD connect

There are three ways to upgrade the Azure ad connect version

Automatic upgrade
In-place upgrade
Swing migration

Automatic upgrade

It is always a better option to enable the Automatic upgrade option which will always upgrade to the current version automatically. It is enabled by default for express installations and DirSync upgrades.

The current status of the Automatic upgrade can be checked by the below PowerShell cmdlet

PS C:\windows\system32> Get-ADSyncAutoUpgrade

Azure ad connect upgrade — download aad connect

It has four states i.e Enabled (Automatic upgrade feature is already enabled), Suspended (The system is not eligible to enable Automatic upgrade), and Disabled (Automatic upgrade feature is disabled on the system).

With the help of the Set-ADSyncAutoUpgrade PowerShell command, you can change the status between Enabled and Disabled.

In-place upgrade

This method you can use when you have a single server so that you can upgrade the installation in place on the same server. It works for moving from Azure AD Sync or Azure AD Connect.

It is a choice when you have only a single server and contains less than about 100,000 objects.

This process ensures that the new configuration is applied to all existing objects and the process might take a few hours, which depends on the number of objects.

So it is suggested to perform the in-place upgrade during a weekend.

It will check if there are no changes to the OOB configuration with the new Azure AD Connect release, then it will start a normal import/sync. But if you have made any changes to the OOB sync rules in the out-of-box, then these rules are set back to the default configuration after the upgrade process.

Swing migration

You can choose the swing migration when there are many objects in the system or you have a complex deployment.

We can also use swing migration when you are planning to make substantial changes to your configuration and we want to test them before we are going to publish them to the cloud.

For this method, there is a need for two servers

Active serve
Staging server

Active production load will be there on the Active server and the new release or configuration will be stored on the staging server. When it’s fully ready, this server is converted to the active and previous active server, where the old version or configuration installed, is converted to the staging server and is upgraded.

Ensure that both your active server and staging server are using the same version If you use Azure AD Connect on both servers and planning make only a configuration change. In case if you’re upgrading from Azure AD Sync, then these servers have different versions.

This is how to update azure ad connect whenever you required it.

Azure ad connect firewall ports

Below is the information which describes the ports that are needed for communication between the Azure AD Connect and on-premise Azure AD and Azure AD

For communication between Azure AD Connect and on-premise Azure AD

Ports	Description
53 (TCP/UDP)	Needed for DNS lookups on the destination forest.
88 (TCP/UDP)	Needed for Kerberos authentication to the AD forest.
135 (TCP)	It is used for the initial configuration of the Azure AD Connect wizard when it binds to the Active Directory forest, needed for sync of the Password.
389 (TCP/UDP)	It is required for importing the data from AD.
445 (TCP)	Used to create the computer account in the AD forest.
636 (TCP/UDP)	You can use this port to import data from the Active Directory.
5985 (TCP) and 9389 (TCP)	We can use this port if we are installing AD FS with gMSA by the help of Azure AD Connect Wizard

For communication between Azure AD Connect and Azure AD

Ports	Description
80 (TCP)	You can use this port to download Certificate Revocation Lists.
443(TCP)	We can use it to synchronize with Azure Active Directory.

For more information, you can visit Microsoft official site

Check Azure ad connect version

There are multiple ways available to check the version of the Azure Active Directory Connect.

How do I check Azure AD Connect version?

Approach-1

From the start menu, search for the Control panel
Now click on the Programs link
Then click on the Uninstall a Program link
The complete path will be (Control Panel\Programs\Programs and Features). Here you can search for the Azure AD Connect and check for the version number in the last column.

Approach-2

Using the PowerShell cmdlet also you can check the version number of your Azure Connect AD installed on your machine. Below is the Powershell cmdlet

(Get-ADSyncGlobalSettings).Parameters | select Name,Value

Check Azure ad connect version — ad connect is only supported on windows server operating systems

Azure ad connect user writeback

Password writeback is a feature that can be used to sync the password changes in Azure Active Directory back to your on-premises AD DS environment.

Azure AD Connect gives a secure way to send these password changes back to an existing on-premises directory from Azure AD

How to enable Azure ad connect user writeback

You can enable password writeback in Azure AD Connect by following the below steps

Step-1: You need to sign in to the Azure AD Connect server and now start the Azure AD Connect wizard.

Step-2: Select the Configure option from the Welcome page.

Step-3: Now You need to select the Customize synchronization options on the Additional tasks page, then click on the Next button.

Step-4: Now it will ask to enter the credentials. Provide your global administrator credential on the Connect to Azure AD page and then click on the Next button.

Step-5: Click on the Next button on the Connect directories and Domain/OU filtering pages.

Step-6: Select(Check) the checkbox next to the Password writeback option On the Optional Features page and then click on the Next button.

Step-7: Select the Configure option on the Ready to configure page and wait for some time. After some time, you will see the configuration finish option then click on the Exit button.

Azure AD Connect Health

Azure AD Connect Health helps you with excellent support for providing very powerful monitoring of your on-premises identity infrastructure. You can easily maintain a very reliable connection to Microsoft 365 and the different online services of Microsoft with the help of Azure AD Connect health.

Azure AD Connect Health provides you with the Azure AD Connect Health portal where you can able to get different information like performance monitoring, usage analytics, viewing the alerts, and all other information.

Benefits of Azure AD Connect Health

You will get a lot of benefits by using the Azure AD Connect Health. Below are a few key benefits.

As security plays a vital role, Azure AD Connect Health helps you to enhance security.
It’s so simple to deploy and manage Azure AD Connect Health.
It’s very much user-friendly and provides a simple dashboard to track all the information.
You will get alerted always with all the critical issues that help you to quickly fix and make the application up and running.

Azure AD Connect Two-way Sync

The synchronization process of Azure AD Connect is one-way or unidirectional. The synchronization process is automatic and no need to configure anything as part of the synchronization process.

Is Azure AD connect free?

Yes, It helps you to sync up to 500,000 directory objects.

Where should I install Azure AD connect?

You must install the Azure AD Connect on Windows Server 2008 or later versions.

How often does Azure AD connect sync?

Azure AD Connect performs a sync by default every 30 minutes.

Is Azure AD connect bidirectional?

The behavior of the Azure AD Connect is unidirectional as of now. That means, the users can be synced from on-premises AD to Azure AD only but won’t work vice versa.

How do I get rid of Azure AD connect?

If you don’t want the Azure AD Connect, you can easily uninstall that by following the below steps.

Uninstall Azure AD Connect

Navigate to Control Panel.
Click on Uninstall a Program.
Select the Azure AD Connect application.
Click on the Yes button to confirm the installation.
Once the installation completes, click on the Exit button.

This is how to uninstall Azure AD connect.

How do I reset my Azure AD connect?

Navigate to Windows Service Control Manager –> Then Start –> Services.
Then, select Microsoft Azure AD Sync –> Click on the Restart button.