Azure AD Connect version 1.1.880.0 includes many updates

Friday, July 27, 2018
AAD Connect version 1.1.880.0 is being released and includes many new features and improvements. I've highlighted the ones that I think most customers are interested in with some comments.

This update is also supposed to fix fixes the issue with high CPU by the Microsoft.Identity.Health.AadSync.MonitoringAgent.Startup.exe process after installing .NET Framework 4.7.2. (8/1/2018 - They just updated the release notes to reflect this.)

New features and improvements


  • The Ping Federate integration in Azure AD Connect is now available for General Availability. Learn more about how to federated Azure AD with Ping Federate
  • Azure AD Connect now creates the backup of Azure AD trust in AD FS every time an update is made and stores it in a separate file for easy restore if required. Learn more about the new functionality and Azure AD trust management in Azure AD Connect .
  • New troubleshooting tooling helps troubleshoot changing primary email address and hiding account from global address list
  • Azure AD Connect was updated to include the latest SQL Server 2012 Native Client
  • When you switch user sign-in to Password Hash Synchronization or Pass-through Authentication in the "Change user sign-in" task, the Seamless Single Sign-On checkbox is enabled by default.
  • Added support for Windows Server Essentials 2019
  • The Azure AD Connect Health agent was updated to the latest version 3.1.7.0 Hopefully this fixes the high CPU issue with .NET 4.7.2.
  • During an upgrade, if the installer detects changes to the default sync rules, the admin is prompted with a warning before overwriting the modified rules. This will allow the user to take corrective actions and resume later. Old Behavior: If there was any modified out-of-box rule then manual upgrade was overwriting those rules without giving any warning to the user and sync scheduler was disabled without informing user. New Behavior: User will be prompted with warning before overwriting the modified out-of-box sync rules. User will have choice to stop the upgrade process and resume later after taking corrective action.
  • Provide a better handling of a FIPS compliance issue, providing an error message for MD5 hash generation in a FIPS compliant environment and a link to documentation that provides a work around for this issue.
  • UI update to improve federation tasks in the wizard, which are now under a separate sub group for federation.
  • All federation additional tasks are now grouped under a single sub-menu for ease of use.
  • A new revamped ADSyncConfig Posh Module (AdSyncConfig.psm1) with new AD Permissions functions moved from the old ADSyncPrep.psm1 (which may be deprecated shortly)

Fixed issues


  • Fixed a bug where the AAD Connect server would show high CPU usage after upgrading to .Net 4.7.2. The release notes were updated to add this on 8/1/2018.
  • Fixed a bug that would intermittently produce an error message for an auto-resolved SQL deadlock issue
  • Fixed several accessibility issues for the Sync Rules Editor and the Sync Service Manager
  • Fixed a bug where Azure AD Connect can not get registry setting information
  • Fixed a bug that created issues when the user goes forward/back in the wizard
  • Fixed a bug to prevent an error happening due to incorrect multi thread handing in the wizard
  • When Group Sync Filtering page encounters an LDAP error when resolving security groups, Azure AD Connect now returns the exception with full fidelity. The root cause for the referral exception is still unknown and will be addressed by a different bug.
  • Fixed a bug where permissions for STK and NGC keys (msDS-KeyCredentialLink attribute on User/Device objects for WHfB) were not correctly set.
  • Fixed a bug where 'Set-ADSyncRestrictedPermissions’ was not called correctly
  • Adding support for permission granting on Group Writeback in AADConnect's installation wizard
  • When changing sign in method from Password Hash Sync to AD FS, Password Hash Sync was not disabled. This is interesting, since Microsoft recommends configuring Password Hash Sync with AD FS. I'm checking with the Product Group...
  • Added verification for IPv6 addresses in AD FS configuration
  • Updated the notification message to inform that an existing configuration exists.
  • Device writeback fails to detect container in untrusted forest. This has been updated to provide a better error message and a link to the appropriate documentation
  • Deselecting an OU and then synchronization/writeback corresponding to that OU gives a generic sync error. This has been changed to create a more understandable error message.
AAD Connect version 1.1.880.0 has been released for auto upgrade. Customers with auto upgrade enabled will automatically download and install this new version in the coming days. Those who do not have auto upgrade enabled will need to download and install the update manually. Check the details for the download page to make sure you're downloading version 1.1.880.0.