The path of upgrading Azure AD Connect depends on your current version and what you want to achieve.
The main dependency is your operating system:
Azure AD Connect V2.0 (and later) uses a SQL Server 2019 LocalDB, which requires Windows Server 2016 or later.
If your current Azure AD Connect is version 1.5.45.0 (or later) and running Windows Server 2016 (or later), you can upgrade directly to the latest version of Azure AD Connect.
With the auto-upgrade feature of Azure AD Connect, your software is automatically kept up-to-date.
You can check if auto-upgrade is enabled using the following CmdLet on your Azure AD Connect Server:
PS C:\> Get-ADSyncAutoUpgrade Enabled
Bonus-info: If you have the Easy365Manager snap-in to AD Users & Computers, you’ll never have to start a PowerShell prompt again to synchronize your Azure AD Connect Server:
How to Perform an In-Place Upgrade of Azure AD Connect
If you’re migrating from Azure AD Sync or Azure AD Connect, you have the option of performing an in-place upgrade.
However, older versions of Azure AD Connect often denote an old operating system, and Azure AD Connect V2.0 and later only supports Windows Server 2016 (or later).
Also, with an in-place upgrade, you risk blowing up your Azure AD synchronization, as a failure during an in-place upgrade can be catastrophic with no other fall-back option but a complete system restore.
When you perform an in-place upgrade of Azure AD Connect, custom settings may be reverted to their default. You should therefore document any customization before performing the upgrade.
In most scenarios, you’re probably better off performing a swing migration.
How to Perform a Swing Migration of Azure AD Connect
With a swing migration, you can upgrade to the latest version of Azure AD Connect on a clean and up-to-date operating system.
Also, a swing migration has the added benefit of an easy fall-back in case of any issues, as the existing installation is not modified.
A swing migration of Azure AD Connect includes the following primary actions:
- Export/document the settings of the source installation.
- Install the new Azure AD Connect Server.
- Use the exported configuration file.
- Set the server in staging mode.
- Verify settings on the new Azure AD Connect server.
- Finally, configure staging mode on the old system and disable staging mode on the new system.
When you have completed the last step and synchronization has been verified, you can uninstall Azure AD Connect from the old system or retire the server altogether.
The above steps are covered in more detail below.
Export/Document Azure AD Connect Settings
Depending on the version of your original Azure AD Connect installation, you can export the settings from the configuration menu.
Start the Azure AD Connect tool, select configure and click “View or export current configuration”:
The configuration is exported as a JSON file in the folder ‘%ProgramData%\AADConnect’.
Azure AD Connect versions prior to 1.5.42.0 don’t support configuration export. Take screenshots of the most important settings instead:
As we’re doing a swing migration, you can always revisit the old server before you switch roles.
Install the New Azure AD Connect Server
By installing the new Azure AD Connect Server in staging mode, the server will be on standby and not participating in the Azure AD replication.
This allows you to configure and review settings while the old server continues to replicate your on-premises AD with Azure AD.
Select Customize when the welcome screen appears:
Follow the configuration guide and select to import the synchronization settings from the JSON configuration file exported from the old system:
On the last screen, select “Enable staging mode”:
Verify Settings on the New Azure AD Connect Server
When the configuration completes, you can review all settings to ensure the configuration matches your expectations.
Notice that the Azure AD Connect configuration is unavailable before the initial synchronization is completed! Depending on the size of your environment, this may take a while.
You can switch to the new Azure AD Connect Server if all looks good.
Switching Azure AD Connect Servers
Start by enabling staging mode on your old Azure AD Connect Server.
Open Azure AD Connect and select “Configure staging mode”:
Then select “Enable staging mode” and click Next and Configure:
Then, immediately disable staging mode on the new Azure AD Connect Server.
This ensures Azure AD Connect synchronization continues using the new server.
Perform a few changes in your on-premises AD to verify that synchronization is running as expected using the new server.
Consolidate Office 365 and AD Administration
If you would like your helpdesk to work more efficiently, Easy365Manager offers a unique take on consolidated AD and Office 365 administration.
Easy365Manager is a snap-in to Active Directory Users & Computers that allows you to manage Office 365 licenses and mailboxes directly from AD user properties.
With Easy365Manager, you can even manage complex settings like calendar delegation, which is usually only possible using PowerShell:
With Easy365Manager, your service desk can work more efficiently with close to no training, as Easy365Manager builds on the familiar user interface of AD Users & Computers.
As a bonus, Easy365Manager allows you to remove your on-premises Exchange Server, as you can directly provision shared mailboxes, mail distribution groups, and contacts.
You can install Easy365Manager on any PC or server with AD Users & Computers. It only takes a few minutes to install and makes no changes to your infrastructure.
View the extensive feature list here.
Download a fully-functional 30-day trial here.