Azure AD Connect v2.1.20.0 offers to synchronize to Azure AD’s employeeLeaveDateTime attribute
With Microsoft introducing the Lifecycle Workflows functionality Public Preview at its Microsoft Ignite event last month, some things are definitely changing… Azure AD is now poised to become the leading identity management plane and Active Directory to become a mere authentication store.However, to make that dream work, Azure AD Connect needs to offer additional functionality (at least temporarily) to accommodate both that future world and the current world. The current temporary situation seems to be managing groups in Azure AD and writing them back but managing users in Active Directory and synchronizing them up, unless its cloud-only users. These can now be provisioned and deprovisioned automatically using the new Lifecycle Workflows.
Azure AD Connect v2.1.19.0 and v2.1.20.0 now introduce functionality to make synchronized user objects and cloud-only objects to play nicely.
What’s New
Synchronizing employeeLeaveDateTime
Microsoft added the functionality to synchronize an attribute from the on-premises Active Directory to a new attribute in Azure AD. The value for the attribute you decide on in Active Directory is used as the value for the employeeLeaveDateTime attribute in Azure AD.
This allows for consistency going forward between cloud objects that are provisioned (and deprovisioned) through Lifecycle Workflows and on-premises objects that are synchronized using Azure AD Connect.
As EmployeeHireDate and EmployeeLeaveDateTime attributes do not exist in the Active Directory schema, an attribute in Active Directory of your choosing need to be used. This attribute must be a string and be in a specific time and date format, depending on the Human Resourcing (HR) application that acts as the source for objects to the Lifecycle Workflows feature.
Note:
The feature to synchronize to the the employeeLeaveDateTime attribute was introduced with Azure AD Connect v2.1.19.0, but this version contains an issue that caused the new employeeLeaveDateTime attribute to not synchronize correctly. This issue was addressed in v2.1.20.0
Note:
If the incorrect attribute was already used in a synchronization rule, then the rule must be updated with the new attribute and any objects in the Azure AD Connector Space that have the incorrect attribute must be removed with the Remove-ADSyncCSObject PowerShell cmdlet, and then a full synchronization cycle must be run.
What’s Fixed
Issue that caused Password Writeback to stop functioning
Microsoft addressed an issue that caused Azure AD Connect’s Password Writeback feature to stop functioning. The error code is:
SSPR_0029 ERROR_ACCESS_DENIED
Version information
Version 2.1.20.0 of Azure AD Connect was made available for download as a 144 MB weighing AzureADConnect.msi on November 9th, 2022.
You can download the latest version of Azure AD Connect here.
The post Azure AD Connect v2.1.20.0 offers to synchronize to Azure AD’s employeeLeaveDateTime attribute appeared first on The DirTeam.com / ActiveDir.org Weblogs.
windows,microsoft
via The DirTeam.com / ActiveDir.org Weblogs https://dirteam.com/
November 14, 2022 at 07:49PM
Sander Berkouwer
Stack IT News 