Just arrived back from vacation and now it’s time to get to know our new friend AD Connect Version 2. I started with reading Microsoft documentations and want to pinpoint the differences.

  • Requires Windows Server 2016 or later
  • Uses LocalDB components of SQL 2019
  • Use TLS1.2 and is required for installation. You can use “Set-ADSyncToolsTls12” PowerShell command to enable this on AD Connect Server.
  • New PowerShell cmdlets
  • 2 New attributes are synced
    • EmployeeType
    • EmployeeHireDate

There is also some more changes that you can read about here.

Do I need to upgrade myself?

If you run version 1.X.X and have auto-upgrade enabled for AD Connect. Microsoft current statement is that no upgrades to Version 2.X.X will happen with auto update function. Currently auto-upgrade just fix security issues and important updates. It does not mean that you are running the latest version.

Is in-place upgrade to Version 2.0.X from Version 1.X.X possible?

You need to make sure that you running Windows Server 2016 or above.

Please make sure that TLS1.2 is enabled on server. This can be done running this command in PowerShell. Don’t forget to reboot server after you run this PowerShell code.

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

	New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

	New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

	New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

	New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

	New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
	New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
	New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
	New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
	New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
	New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
	Write-Host 'TLS 1.2 has been enabled.'

Now you can download and do an in-place upgrade to version 2.0.X. This will also turn on auto-upgrade in AD Connect if you not used it before.

If you look under add/remove programs you can see that SQL Server 2019 localDB has been installed on the server.