ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
22 May 2019

Azure AD Connect v1.3: Group writeback, new support agents, connector warnings and more

A profile shot of ThirdSpace Identity Architect Ian Bassi.
Written by Ian Bassi

A new version of Azure AD Connect has just been released that includes a significant number of changes and updates.

As of writing, this new version of Azure AD Connect is not currently available for auto-update and must be downloaded. But if you have auto-update enabled, keep an eye out for it coming soon.

Manually upgrading the product is easy enough, but make sure you have backups in place, and compare your configuration before and after to make sure no unexpected changes have occurred.

If you have a staging environment, it makes sense to upgrade this first, confirm everything is working as expected, and that the pending exports are okay. If everything looks good, you can then turn the production box to standby, and put the standby box into production mode.

Azure AD Connect: New features in general availability

Two new features in this release are now in general availability, the first being group writeback.

This allows distribution groups created in Azure AD to be created on-premises. This means that if you have users who only have on-premises accounts, they can now be a member of an Office 365 (O365) group and access the resources of that group, such as files stored in OneDrive or previously sent messages.

To use this feature, you need Azure Active Directory Premium Licences, and to have configured a hybrid deployment between your Exchange on-premises and O365 environment.

It is important to note, this does not allow you to manage on-premises security groups in Azure AD, or to create new on-premises Security Groups in Azure AD and have these written back. It is just to allow users who have not migrated to the Cloud to access O365 Group resources.

See here for more information.

Exchange Mail Public is the other feature to go into general availability, allowing you to share and work with colleagues with greater ease.

A buyer’s guide to Microsoft Enterprise Security

A buyer’s guide to Microsoft Enterprise Security

Remove the complexity from Microsoft’s comprehensive security technology ecosystem. Download the 43-page e-Guide today and understand:

  • What Microsoft security technologies exist – and their key features and benefits
  • How each technology integrates and works together to maximise your security
  • Microsoft 365 licensing requirements – including a handy infographic
Download e-Guide

Big changes in Azure AD Connect

Let’s look at the 3 big changes included in this release:

Default rules can no longer be edited

Unlike previous versions, which only advised against it, it is now no longer possible to change the default rules in the Rules Editor. When you upgrade, any existing rules will have a warning symbol to alert you that a change has been made.

It is still possible to disable a default rule and create a copy. More info here.

A new support agent

This new support agent allows Microsoft to see the data and error messages in your environment, without it ever being saved.

The data is requested in the Azure Portal by a Microsoft Consultant and the agent sends the data to Azure, where the Microsoft consultant can view the information. Once the session is finished, all the data is removed.

Sync Engine connector warning

The final significant change is that the connectors within the Sync Engine have been updated with a warning against making any changes, suggesting that the Wizard is used instead. This has always been recommended best practice, but this warning now makes that very clear.

Several other smaller changes and advances have also been made, such as improved error handling and messaging. A few changes are also around ADFS, with auto-upgrade support for more scenarios and additions to the functionality.

There are also numerous fixes, that will improve the performance of the sync engine and reduce the number of errors you will see.


As of now, the only defect I have run into so far is when using the Merge or MergeIgnoreCase transformations.

In the past, this has been one of the few exceptions to the rule, where it was required to edit the default rules. Just disabling them, still caused the validation to fail.

Now that it is no longer possible to edit the default rules in the Rule Editor, it would be nice for the validation checks to be ignored on disabled rules as, after all, they should not be run.

As a workaround for this issue, it is still possible to delete default rules. Before you delete it, use the export command to create a PowerShell command to re-create it. Once this is created, and saved, you can then delete the default rule. Open the file, make the change to transformation for the rule which is causing the issue, and then run the PowerShell.

The rule will now be back in the solution, with the change made as required. It is still recommended to create a duplicate rule and leave this one disabled, but at least the solution will continue to work.

Want more great identity management content? Subscribe to the ThirdSpace mailing list!

Want more great identity management content? Subscribe to the ThirdSpace mailing list!

Keep your finger on the pulse of identity and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.

A profile shot of ThirdSpace Identity Architect Ian Bassi.

About Ian Bassi

Senior Consultant

Ian Bassi is a Senior Consultant and Identity Imagineer at ThirdSpace. He is always looking for new ways to do things and try out the latest releases – he loves learning! He is responsible for...


You may also like...


How the SolarWinds breach highlights the dangers of federated authentication – and what you can do to protect against it


What is Microsoft Identity Manager (MIM)? Everything you need to know


Uniting disparate directories: What is Azure AD Connect cloud provisioning?

Recent Blog Articles

View All
Related topics

A buyer’s guide to Microsoft security

Understand what each Microsoft technology does and how they all integrate.

Download 43-page Guide

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.