1 min read

Azure AD Connect – A new version of Azure AD Connect has been released and supports the v2 endpoint API

cubesys : Jun 1, 2020 12:00:00 AM

Azure AD Azure AD Connect

By now, you should already know that Azure Active Directory Connect (AAD Connect) is the directory synchronization tool used to synchronize your on-premises Active Directory identities to Azure Active Directory (AAD).

Well, AAD Connect just got an upgrade (version 1.5.30.0) which support the new Azure AD Connect sync V2 endpoint API (currently in preview –  only available in Azure global cloud, not national ones), which improves the performance of the synchronization service operations to Azure Active Directory like:

  • syncing groups with up to 250k members
  • performance gains on export and import to Azure AD

If you want to start using the new Azure AD Connect sync V2 endpoint API you need to:

  • First upgrade to AAD Connect 1.5.30.0 or later – download available here https://go.microsoft.com/fwlink/?LinkId=615771
  • Then you switch to the v2 API by running the below PowerShell commands (using the Run As Administrator) which will disable the sync and then set the configuration to use the v2

Set-ADSyncScheduler -SyncCycleEnabled $false

Import-Module ‘C:Program FilesMicrosoft Azure AD SyncExtensionsAADConnector.psm1’

Set-ADSyncAADConnectorExportApiVersion 2

Set-ADSyncAADConnectorImportApiVersion 2

Set-ADSyncScheduler -SyncCycleEnabled $true

After activating the API v2, you may see a different error messages as it handle the synchronization process a little bit differently.

After enabling the new endpoint, you may see additional export errors on the AAD connector with name ‘dn-attributes-failure’. There will be a corresponding event log entry for each error with id 6949, . The errors are informational and do not indicate a problem with your installation, but rather that the sync process could not add certain members to a group in Azure AD because the member object itself was not synced to Azure AD.

If you want to take advantage of the new/preview group members limit (250k) you need to update the Out to AAD – Group Join rule to replace the 50000 value for the expression available in the Transformations section using the Synchronization Rules Editor tool
image_thumb[1]  image_thumb[3]  image_thumb[4]

IIF((ValueCount(“member”)> 50000),Error(“Maximum Group member count exceeded”),IgnoreThisFlow)


If you need to rollback and disable the v2 API  run the below PowerShell commands

Set-ADSyncScheduler -SyncCycleEnabled $false

Import-Module ‘C:Program FilesMicrosoft Azure AD SyncExtensionsAADConnector.psm1’

Set-ADSyncAADConnectorExportApiVersion 1

Set-ADSyncAADConnectorImportApiVersion 1

Set-ADSyncScheduler -SyncCycleEnabled $true

Azure AD – A new version of Azure AD Connect (1.6.2.4) is now available with new features

cubesys : Mar 22, 2021 12:00:00 AM

As you know Azure Active Directory Connect (AAD Connect) is used to synchronize your on-premises Active Directory objects (users, groups, devices) to...

Azure AD Uncategorised Azure AD Connect AAD Connect
Read More

Azure – A new version of the Azure AD Connect has been released

cubesys : Apr 6, 2020 12:00:00 AM

Azure Active Directory Connect (AAD Connect), the directory synchronization tool to synchronize your Active Directory with Azure AD, just got...

Azure AD Azure AD Connect AAD Connect
Read More

Azure AD Connect – Getting stopped-server-down error when importing from Azure AD

cubesys : Apr 1, 2020 12:00:00 AM

Just had a weird issue with Azure AD Connect (the directory synchronization tool from Microsoft to sync from your Active Directory to Azure Active...

Azure AD Azure AD Connect AAD Connect
Read More