Upgrade Azure AD Connect to Entra Connect Sync

With the upcoming retirement of the MSOnline PowerShell module, Microsoft created a new version of Azure AD Connect, which is now rebranded as Entra Connect Sync.

In this post, I will show step-by-step how to manually upgrade Microsoft Azure AD Connect to Microsoft Entra Connect Sync.

Prerequisites

• Local admin rights on the Azure AD Connect Server.
• Member of ADSyncAdmins.
• Account with the Hybrid Identity Administrator or Global Administrator role.
• IE Enhanced Security Configuration turned off.
• .NET Framework 4.7.2 or higher

TLS 1.2

With the new version of Microsoft Entra Connect, TLS 1.2 is now mandatory. We will check if TLS 1.2 is enabled and enable it if needed.

Checking TLS 1.2

• Connect to your Azure AD Connect server.
• Open PowerShell ISE as administrator.

• Copy and paste the Check TLS 1.2 PowerShell script from Microsoft.
• Run the script.

If your output looks like the image below, then you are all set.

If you get an output that says the value is not found, then you need to enable TLS 1.2.

Enabling TLS 1.2

• Copy and paste the Enable TLS 1.2 PowerShell script from Microsoft.
• Run the script

You will see an output similar to the image below.

• Reboot the server so the changes take effect.

Auto Upgrade

Typically, the auto upgrade option for Azure AD Connect helps keep it up to date. However, I’ve seen multiple setups where Azure AD connect was only auto-upgraded to 2.3.6.0, which was released in February of 2024.

An important item about Azure AD Connect and Entra Connect Sync is that not every version is an auto-upgrade release. Version 2.4.129.0 is a version marked as an auto-upgrade release, but I haven’t seen any servers upgrade from 2.3.6.0 to 2.4.129.0, and if you check the event logs. There’s nothing about it, not even trying to auto-upgrade. It’s just radio silence.

Strangely, the auto-upgrade isn’t even triggering on one of the servers I looked at. I know auto upgrades work because that server has completed previous auto upgrades.

Manual Upgrade

Given that the auto-upgrade is not working, we will do a manual in-place upgrade.

Backup

Typically, manual upgrades work without any issues. However, it’s always good to have a backup. We will export our Azure AD Connect settings to a JSON file that we can use to rebuild everything on a new server if needed.

• Open Azure AD Connect.

• Click on Configure.

• Select View or export current configuration and click on Next.

• Click on Export Settings.

• Select a location to save the exported settings.

• Click Exit.

The exported JSON backup file will contain your Domain and OU filtering and sync rules.

Upgrading

• Start the installer for the new version of Microsoft Entra Connect Sync.
• Wait for Entra Connect Sync to finish installing.

• Click on Upgrade to start the in-place upgrade process.

• Provide an Entra ID Hybrid Identity Administrator or Global Administrator account and click Next.

• Click Upgrade to start the upgrade.

• Wait while everything is configured.

• Now that everything is completed click Exit.

Summary

That’s all it takes to manually upgrade from Azure AD Connect to Entra Connect Sync.

If you want to read more about the in-place upgrade process from Azure AD Connect to Microsoft Entra Connect, here is the Microsoft documentation.