Active Directory Integration (ADI) Release Notes 2023

2023-12-06 ADI Release Notes

Support for Windows Server 2022

  • Windows Sever 2022 is an officially supported OS version for the integration.

Admin Portal

New functionality

  • Count of agents installed is shown in the Details tab
    • The count of each type of agent installed, sync and import, is shown in the configuration sections in the Details tab.
  • Configuration selection saved
    • The configuration checked on the Details tab is saved and remains checked after closing and reopening the ADI domain instance configuration

ADI Service

  • High availability configurations supported for AD sync agents.
    • Multiple AD sync agents can be installed. In this configuration, one agent will be designated as the primary agent by the ADI service. All create and change requests are sent to that agent. If that agent becomes unavailable, another active sync agent is designated as the primary.

2023-10-26 ADI Release Notes

Admin Portal

  • Updated domain creation modal
    • References to multi-domain configurations not being supported were removed.
    • LDAP domain name formatting validation added to prevent the integration from failing or having unexpected behavior.
  • Updated Details tab
    • Added sections for the 3 typical integration configurations to help Admins understand which agents need to be installed based on their specific use cases and where they want to manage users, groups, and passwords. 
  • New ADI Directory Insights Events
    • More events logged to provide increased visibility into the changes made and changes attempted by the AD import agent and more information for self-remediation of errors.

AD Import Agent v2.2.1

New functionality

  • Installation flexibility when configuring the integration for two-way sync
    • The AD import agent can be installed on one or more member servers instead of all DCs when JumpCloud is the password authority.  This reduces the number of agents that need to be managed and removes the requirement to install the agent on all DCs in certain cases.

Security enhancements

  • LDAP only used when specifically allowed and security risks acknowledged
  • AD Import Service Account credentials moved to the registry
    • AD Import Service Account username & password stored in registry instead of the AD import agent configuration file.
  • API key for integration moved to the registry
    • ADI API key stored in registry.
  • General service improvements

Integration Observability

  • New  and updated ADI Directory Insights Events
    • More events logged to provide increased visibility into the changes made and changes attempted by the AD import agent and more information for self-remediation of errors
DI Event Event Description
idsource_create Logged when a import agent shows as online and running in the Domain Agents tab for the ADI in the JumpCloud Admin Portal

Quality of life improvements

  • Single location for all AD import related files
    • All AD import related files & configs are in C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Import.
  • Consistent file naming 
  • More descriptive and consistent import agent service name
  • References to AD Bridge removed
    • All references to AD Bridge changed to AD Import.
  • AD import agents can be updated
    • Installer will detect existing agent installations and update.  Previously, new versions required an uninstall and reinstall of the agents.

Bug fixes

  • Fixed External Password Expiration Date Field not being cleared when UserExpireAction was set to 'maintain' in the AD import agent configuration file.

Installer UI

  • Updated branding in the installation wizard

AD Sync Agent v4.5.1 

New functionality

  • Support for managing users, groups, and passwords from JumpCloud
    • AD Sync agent can be installed independently of the AD Import Agent, reducing the number of agents and services that need to be managed. 
    • Admins can uninstall the import agent that was required by previous versions
  • Installation flexibility
    • The AD sync agent can be installed on one or more member servers instead of DCs for all use cases and configurations.  This removes the requirement to install the agent on all DCs in certain cases.
  • New security groups created in AD from JumpCloud
    • Groups assigned to the JumpCloud ADI will automatically get created in the Root User Container specified for the integration, enabling complete security group management in AD from JumpCloud.
  • New JSON configuration file for the AD sync agent
    • Added a JSON config file for new configuration settings available for the AD sync agent, domain controller address and flag for allowing insecure connection (use of LDAP).

Changes to existing functionality

  • Staged users in JumpCloud no longer provisioned to AD
    • Users in the staged user state are no longer created in AD.  These users are only created when their user state is changed to active.

Security enhancements

  • LDAP only used when specifically allowed and security risks acknowledged
  • Connect key value is masked in the registry
    • The connect key value stored in the registry is masked when the JumpCloud AD Integration Sync services starts.
  • General service improvements

Integration Observability

  • New and updated ADI Directory Insights events
    • Added more events to provide increased visibility into the changes made and changes attempted by the AD import agent and more information for self-remediation of errors
    • Updated the existing activedirectory_agent_create event including more information in the event listing and event summary
DI Event Event Description
user_update_password_provision Logged by the AD sync agent when password attributes changes are made or attempted in AD
activedirectory_agent_create Logged when an AD sync agent is downloaded from JumpCloud Admin Portal and the agent is added in an inactive/pending status in the Domain Agents tab for the ADI
activedirectory_agent_activate Logged when an AD sync agent shows as online and running in the Domain Agents tab for the ADI in Admin Portal

Quality of life improvements

  • Single location for all AD sync related files
    • All AD sync related files, logs and config are in C:\Program Files\JumpCloud\AD Integration\JumpCloud AD Sync.
  • Consistent file naming 
  • More descriptive and consistent sync agent service name

Bug fixes

  • Staged users are no longer suspended in JumpCloud when both the AD import and AD sync agents are installed and running. 

Installer UI

  • Updated branding in the installation wizard
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case