Microsoft
MicrosoftAre there any changes or impacts to Entra Connect following this announcement? https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-prerequisites#installation-prerequisites.
This evening we're experiencing a MSOnline "fire drill" where it is temporarily blocked to "help" us find places that will be broken in a month or two.
One of the PowerShell scripts I have that uses it updates UserPrincipalName for users, because back in the day the sync process wouldn't. I went to see if what Copilot told me about the sync configuration to get it flowing automatically was on track but I couldn't because while authenticating I got the message "An error occurred while executing the An error occurred while executing the 'Get-MsolUserRole' command. Access Denied. You do not have permissions to call this cmdlet. command. Learn more" (The broken-sounding message is faithfully reproduced here.)
We are running version 2.3.20.0 which https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-version-history#retiring-microsoft-entra-connect-2x-versions states is supported until October 7, 2025. I don't know how it can be supported if it relies on the MSOnline module that will be gone months before.
I've got other projects with deadlines, too. I don't need this kind of fire drill and this uncertainty.
A few months late on this reply, but yes I can confirm the Sync process will update UPNs now once you enable the Entra Directory sync feature for 'SynchronizeUpnForManagedUsersEnabled'. Instructions are located here: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-syncservice-features#synchronize-userprincipalname-updates
You can also use the cmdlet Update-MgUser from Graph.Users module to update the UPN in the User.ReadWrite.All scope.
Microsoftso far I see the version: 2.3.20.0 is supported until March 31st 2025:
| Version | End of support date |
|---|---|
| 2.3.2.0 | 31 Mar 2025 (To align with the security change released in version 2.4.18.0) |
| 2.3.6.0 | 31 Mar 2025 (To align with the security change released in version 2.4.18.0) |
| 2.3.8.0 | 31 Mar 2025 (To align with the security change released in version 2.4.18.0) |
| 2.3.20.0 | 31 Mar 2025 (To align with the security change released in version 2.4.18.0) |
from: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-version-history#retiring-microsoft-entra-connect-2x-versions
It was October 7th until February 21, and then they changed it. If you look, you'll see they changed it again to April 7th to align with what I pointed out they had announced in the Message Center last fall. If you click the pencil at the top of the document, you can see the edit history. https://github.com/MicrosoftDocs/entra-docs/blob/main/docs/identity/hybrid/connect/reference-connect-version-history.md
Microsoftyes. this is true. you can continue to use those versions - what I do not recommend as the product won't work as expected. Newer versions are not affected by this change.
I do not see any issue, why an in-place upgrade - takes max 15 min - would not be possible. If you need any further help, feel free to raise a support request.
I have a feeling that Entra Connect is likely riddled with all sorts of legacy dependencies.
Interestingly on 14th Feb (two days after I posted the documentation stating MSOL is required), the documentation was quietly changed to remove the reference to MSOL. Check out https://github.com/MicrosoftDocs/entra-docs/commit/fb1bedb373816e9d820462875f91a06f211723db.
It'd be really nice to get some sort of confirmation from the teams, rather than just having documentation quietly updated. That also doesn't even begin to touch on the worry that the documentation no longer seems to be accurate based on what you've experienced.
Hey, StephenMills : I checked with the Entra Connect Engineering team, and they confirmed that the MSOL dependencies have been removed from version 2.4.18.0. We support a client version for up to 1 year unless there's a push to move to a new version, in this case, a dependency retirement.
Note: The reference to MSOnline in our documentation was an oversight, and we've updated it for accuracy. As of Entra Connect version 2.4.18.0, MSOnline is no longer supported. In October 2024, we notified tenant admins about upgrading to this version. We recommend updating to 2.4.18.0 or later to take advantage of new features and security improvements. Let us know if you need any assistance!
Thank you for that clarification. I searched the entire version history for a change indicating the MSOL dependency had been removed from Entra Connect Sync. It would have been very helpful if it had been mentioned in the changes.
I likely saw the Message Center post about the new version, but I go through a testing process before upgrading. Given our version is supposed to be supported until October 7th, it was lower priority than fixing scripts for the module deprecations, and other projects as well. We are a large enough environment that local SQL and auto upgrade are not possible, and I always have concerns about unintended consequences of upgrading such a central part of the user provisioning and management process.
I still wonder what “supported” means if configuration of the service is no longer possible because of an unsupported dependency. It feels like not everyone is on the same page at Microsoft, or what you really mean is “supported for upgrade to the latest version” and nothing more.
