Azure AD Connect 1.1.647.0 released

Friday, October 20, 2017
Microsoft has released Azure Active Directory Connect build 1.1.647.0. This version includes a number of setup bug fixes around password synchronization and Seamless Single Sign-on. It also fixes an issue with the AD Connector account permissions related to Public Folder sync and help screen rendering on Windows Server 2016.

New features include added logic to simplify the steps required to set up Azure AD Connect with Microsoft Germany Cloud, improved domain-specific information on the Troubleshooting page, improved permissions checking for password hash sync, and fixes an issue related to the use of msDS-ConsistencyGuid as Source Anchor feature for AD FS customers.

In my own testing I found that the setup experience was less than ideal if you currently use or have switched from AD FS. I recently switched from AD FS to using password hash sync. When I manually upgrade from build 1.1.614.0 setup prompts to close the AzureADConnect processes (in my case, there are four of them).


Even though I select to "Close the applications and attempt to restart them" setup is unable to stop them and prompts to restart the computer after installation, but before it runs the AAD Connect upgrade wizard.



I chose "No" to restart later and continued with the upgrade wizard. Something else new is that during the upgrade it asks for by tenant admin credentials. I've reached out to the AAD Connect team about both of these issues, as I think they will both prevent the auto-upgrade process from running properly. They are able to repro the issue when using AD FS or having switched from it.
UPDATE: The AAD Connect team found the root cause for the leaked threads and will fix it in a future update. So for now, you can either chose to close the applications or not and continue the upgrade. Personally, I recommend restarting the AAD Connect server after installation, but I didn't see any problems with AADC after installation. They also say that the prompt for tenant admin creds is an added layer of defense in case somebody unauthorized tries to upgrade the server. In the case of auto-upgrade, we assume we already have the permission from the admin to upgrade whenever a new build is required.
Read the AAD Connect release notes here.

Download Azure AD Connect 1.1.647.0 here.