Preview 2 of Azure AD Connect (AADConnect) is available

Yesterday (on March 20. 2015) Microsoft released the next preview of the cloud (bridge) synchronization tool AADConnect (called Public Preview March 2015).

You can download and test the “fresh” release via the Microsoft Connect site for AADConnect.

Beside the features of the last preview like multi-forest support, password write-back you can now also test group and user write-back from the cloud to on-prem AD.

AADConnect can also setup your ADFS and WAP servers directly from the AADConnect wizard for using SSO with ADFS.
Some of the features (like write-back’s) require a Azure AD Premium license.

The new Preview of AADConnect also provides a very new “neat” feature, beside filter on-premise objects to be synchronized to the cloud by organizationalUnit and attribute values, you are now able to filter objects based on on-premise (AD) group membership. (See screenshots below).

Also the hint for not using this in production has gone, so if you need to implement this right now, contact product group for more information and joining a TAP program.

I’ve done a fast install and configuration in advanced mode:


Some software need to be installed, and the wizard will automaticly download them.


We could configure a SQL Server instead of a local SQL Express and and specific Service Account, in addition you could also choose the name of the Management Groups for the Sync Service, and also import previous configuration setting from a file.


As already known the Sync Account must be a Global Admin in Azure AD, goot choice is always to put this account to the default domain (


Ich choose “customize” at this point to bring up the next screens.


We could choose simple PW Hash Sync, Federation with ADFS or both for fallback scenarios.


Select Directory Type (currently only AD is available), but there will be more in the future like LDAP.


Here is the cool new feature to select a group filter for objects that should be synchronized to the cloud. Some customers ask me already about that.

Would also be a good feature to have in FIM/MIM 😉


For my simple testlab the first option is the choice.


Choose the join criteria for objects that fit to your need, default option is a good choice in simple scenarios.


Select additional features, I choos Password, User and Group write-back at this point.


Select the container in on-prem AD for user and group writeback.



Additional attributes can be selected for synchronization to Azure AD.


You can see all options I activated and even can choose to syncronize right now, or just do a staging phase (import and sync) but not export to any of the systems like you would often do in FIM. (Really good option at this point)



If you have a look to the installed programs you will find the ADDConnect Sync Rule Editor to modify the synchronization rules for special purposes if you need.


In addition you can use the AADConnect Sync Service Manager to modify for example the Connector to AD for filtering user objects based on container, but with the new group filtering feature that is not nessecary any more.



About Peter Stapf
Senior Consultant Identity and Access MVP (Enterprise Mobility)

3 Responses to Preview 2 of Azure AD Connect (AADConnect) is available

  1. Ramanuj Raychoudhury says:

    Does this support Non Ad source synchronization (like Ldap Directory) to Azure AD ? or We need to use FIM to support Non Ad source synchronization

  2. Peter Stapf says:

    Not currently but since it is a drop-down there are plans for adding additional sources in the future. I remember some slides of an MS Event where this was introduced but can not find them must be TechEd Europe or Igninte.
    FIM with the WAAD connector is not recommended any more for new deployments, but still supported.

    Currently without other sources in AADConnect you should sync Onprem all your sources to AD and then sync this data from AD to Azure AD.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: