When Microsoft introduced Azure Active Directory Connect in 2015 we knew that it was the beginning of the end for the company’s older identity synchronisation tools. And now that day has come; Microsoft has announced that the still popular Azure Active Directory Sync (DirSync) and Azure AD Sync are now deprecated and will reach end of support on April 13th 2017. Azure AD Connect is now Microsoft’s only solution to connect your on-premises directory with Azure AD and Office 365.
What purpose do these tools serve?
DirSync and Azure AD Sync provided the capability to synchronise identity data from organisations on premise directory services to Azure Active Directory, supporting identity management processes for their Office365 and/or Azure services. DirSync supported the synchronisation of objects from a single forest only, whilst Azure AD Sync was aimed at organisations with multiple Active Directory forests.
Azure AD Connect, Microsoft’s replacement for the capabilities of these tools, provides a much richer feature set, which includes:
- Password write back – the facility to synchronise password changes from Azure/O365 down to the on-premises domain, allowing users to change or reset their passwords within Office365 and mirroring those changes on your On Premise AD.
- Device write back – allowing devices registered in the cloud to be written into AD for conditional access.
- Accidental delete prevention – a function which limits the number of accounts that can be deleted at a time.
These functions, and many more besides, make Azure AD Connect a much more user friendly and powerful tool than its predecessors.
What does end of life mean?
‘End-of-life’ for these Microsoft tools is the point where Microsoft will no longer support them. From that point onwards, Microsoft will no longer be releasing patches, bug-fixes or new releases of DirSync. Microsoft’s commitment to support bugs, issues or security flaws that arise from that point on will cease.
While the tools will continue to function after April 13th 2017, customers will be unable to open a support case for DirSync or Azure AD Sync with Microsoft. Businesses that continue to utilise these unsupported tools after that date risk leaving themselves open to potential defects that could compromise their environment and services. As well as this, identified security vulnerabilities that aren’t being addressed by patches could put data security at risk, or even serve as a route for cybercriminals to access other systems on the network.
Businesses that update sooner rather than later will enjoy the full benefits offered by Microsoft’s continued support, including the provision of patches and bug-fixes, which will significantly reduce the likelihood of data breach or loss. Ward Solutions recommends that our clients who are currently using DirSync or Azure AD Sync start planning their upgrade to Microsoft’s replacement solution, Azure AD Connect, before 13th April 2017 and avoid the many problems and risks that are associated with using out-of-support software.
What’s involved in upgrading?
Now for the good news: The upgrade to the Azure AD Connect tool is not a costly or time consuming undertaking and can be performed with minimal downtime of your synchronisation processes. Phew!
For smaller environments, where Active Directory is currently managing fewer than 50,000 objects, an in-place upgrade can be performed on the existing environment running your DirSync / Azure AD Sync service.
For larger environments with more than 50,000 objects, a parallel deployment is needed, which does require a server separate to the existing DirSync / Azure AD Sync instance. However, this can present a great opportunity to refresh the server hardware and / or operating system if needed.
To find out more about what’s involved or to get assistance with your upgrade, speak to one of Ward’s experienced team – visit https://www.ward.ie/about-us/contact-us/ or call +353 1 6420100.