Chat now with support
Chat mit Support

On Demand Migration Current - Active Directory Release Notes

Known Issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of this deployment.

Directory Sync known issues

Known Issue Issue ID
An attempt to install an older version of the agent software will fail if a newer version has already been successfully installed. If, for some reason, the older version is needed, first uninstall the newer version, then remove all registry references to the agent. 8060
The agent installer cannot accept a password with a first character of !. 8122
When discovery discovers an environment, it will read in the OU structure of all domains within the forest. The UI will show all domains and you can select them for use in all workflows. However, if a DC for that domain is not included, or the agent account does not have read access to the objects, they will not be read into the database. 8077
Cloud Only Security Groups are not read in when reading a cloud endpoint. 22453
User thumbnail photos do not sync to cloud environments. 8069
The PowerShell User Group should be added to the Tenant Group Filter as the Group Owner. A security group should not be used. 8070
An account with access to all domains within the forest is needed if you want to sync all domains within a single forest with a single agent. Using an enterprise admin account is the most efficient method for doing this. 8073
Mapping functions do not work with multivalued attributes. For example, (results(proxyaddresses,"x500:") will not return a true even if an X500 address is present. 8075
When a workflow for a cloud environment has been run once, but then has been idle for longer than 30 days, an error will be encountered when the job starts, and the job will fail and loop repeatedly until the retry count has been reached. 8079
In the German and Chinese Office365 tenants, Directory Sync will always do full synchronizations because the delta sync functionality is not available in these local tenants. 8095
An "Object with ID xyz was not found" error may occur when reading recently created Azure guest users due to the longer length of time for guest users to propagate. 8101
Remote Mailboxes from the source are incorrectly created in the target as Users instead of MailUsers. 8102
Delta syncs are limited to 30 days. To avoid full synchronization, a read in should be performed for all cloud environments every 29 days or less. 8108
Password sync does not support AES hashes. 21796
A template configured to sync a binary attribute to a non-binary attribute will not sync correctly. For example, if syncing Binary (ThumbnailPhoto) to String(ExtensionAttribute), the target attribute will be synced as "System.Byte[]" instead of the expected binary value converted into a string. 15683
A security group cannot be used as a filter group. 8057
When using filter groups for Cloud environments you need to ensure that a group containing any newly created objects is present in the environment filter. This can be accomplished by having a source and target filter group with the same name so they will match and synchronize between the environments. If these objects are not read in after creation, they will not have any additional updates synchronized and they will not be matched. 8076
When synchronizing local AD groups to Office 365 as Office 365 groups (Unified Groups) any contact in the source group will record an error in the logs and the contact will not appear in the target group. 8081
Office 365 Group settings are not copied to the target Office 365 Group. 8104
Likes for Office 365 Group conversations are not migrated. 8122
Custom schema attributes can be added to template mappings but are not visible in the drop-down selection list. 8072
All domains within an Active Directory Forest are visible within an environment when adding a single domain even though the agent account credentials may not have access to all domains. 8074
The DS-Core-Propagation-Data attribute is not synchronized by Directory Sync. The DS-Core-Propagation-Data attribute is a system attribute which is used by the Active Directory service and cannot and should not be modified by anything other than the directory itself. 34400
The mapping does not update the mailnickname attribute of Non mail-enabled security groups. 34481
Attribute filters cannot be applied to Security Groups. 14933
Cloud Environments that use Object Filter Exclusion options may see Unlicensed or Disabled Accounts read in when configured to Exclude Unlicensed or Disabled Accounts. This is because the AccountDisabled and SKUAssigned properties in Exchange Online Management are not always updated to reflect the true state of the object in Office365. 35957, 36574
Updates of non mail-enabled Security groups in Cloud to Local syncs fail due to an empty samAccountName value. 37254

Active Directory known issues

Known Issue Issue ID
The Server 2016 Rollback action may break a user's profile if the user is not a member of the BUILTIN\Administrators group on the target machine. 29544
The Cleanup job should not be used with bi-directional match/sync configurations as it may incorrectly remove target ACLs. 32588
On a Windows 10 or Windows 11 device, when performing the AzureAD Cutover action, the migrated user profiles may lose some of the installed Windows Store application or other Provisioned AppX Packages. These packages will need to be reinstalled by the user after they logon to their target profile. 36079
An Azure AD device cannot be ReACLed if there is no matching group in mapping file. 36124
For AzureAD Device Cutover, Windows Hello for Business Setup cannot be completed when Source Account is a Direct Member of the Device BUILTIN\Administrators Group. 36627

Domain Move known issues

Known Issue Issue ID
Domain Move can not move the domain if it is being used for Active Directory Federation Service(ADFS) between on-prem Active Directory and Azure Active Directory. 35529

Domain Rewrite known issues

Known Issue Issue ID
Signed and encrypted messages will not be rewritten by the email rewrite service (ERS). 8004

Release History

[Writer instructions:  Provide the new features and resolved issues for each release to production. Maintain the list for the last 'x" number of releases.]

The following lists the new features and resolved issues by deployment.

September 2022 Release 2

New features

  • Support for Azure AD Join device migration from on premise and Hybrid Domain Joined workstations has been added.

  • The LDAP Filter option has been added to the Password Sync feature.

  • Object Type filters have been added to the add cloud environment wizard.

General enhancements

Enhancement Issue ID
The .NET framework version has been upgraded to version 4.7.2. 32414
The ability to select a Federated Domain name as the replacement domain has been added. 35345
Azure functions have been updated to .NET 6 35428

Resolved issues

Resolved Issue Issue ID
Contacts from on-premises environment were syncing when the "include Objects Managed by Active Directory" is not selected. 35342
The local environment advanced filter disabled the Excluded Objects options. 35767
An AzureAD Join Cutover job do not fail when invalid source domain creds are provided. 36143
The Object type filter to excluded unlicensed objects included unlicensed objects. 36396
Local to Local Mapping Templates included objecttype for Cloud environments. 36471
In the PrivateAPI, Server 500 Errors on Request for MailOnly AccessToken when CachedBytes is NULL. 36524

September 2022 Release 1

New features

  • Object Type filters have been enhanced been enhanced with additional filter options. New options to filter MailUsers, Guest Objects, Teams, M365 Groups, Distribution Groups/Security Groups have been added. Additionally, Attribute filters can now be set globally, based on User Objects and based on Group Objects. Attribute filters can be easily created with a new filter formula builder.

  • The Unmatch feature has been added to the Environment Details page. This feature allows Users, Groups, Contacts, and Devices that were previously matched by the Directory Sync workflow to be easily unmatched on the Environment Details page.

General enhancements

Enhancement Issue ID

BTPass logging improvements have been implemented. The following app config setting can be added to the app.config file to specify the age limit of the logs:

  • PasswordSyncLogAgeLimitMinutes

The default value for this is 1440, which is equal to 24 hours. Values greater than 0 are accepted.


Resolved issues

Resolved Issue Issue ID
Duplicate device profiles causes exceptions during the Discovery process. 32784
On-Premises Directory Sync agent is not reporting heart beat during add address step. 34864
Device Jobs cannot be queued when sorted by Source Environment. 35458
Older versions of agents can be installed over new versions. 35484
Duplicate records are displayed on the Environment Details page. 35487
The API returns a 500 error if the access token is NULL. 35734
The WellKnown and Expired filters have been removed from Excluded Objects. 35937
Mail-enabled security groups are returned when Distribution Group object filter is enabled. 35992

June 2022

New features

Feature Issue ID
“Domain Rewrite” or Email Rewrite (ERS) functionality has been added to On Demand Migration. This feature allow end users to communicate from a common email domain on both inbound and outbound mail. 32602

General enhancements

Enhancement Issue ID
Reparse Points like Symbolic Links, Mount Points, and OneDrive folders are now be processed by ReACL. Additional Reparse Tags can be added to the rules list in the Advanced view of Device ReACL profiles and File Share ReACL profiles to change how ReACL will process those items. 17645
Remove Address is now configurable. The RemoveAddressesOnPremTimeoutMinute setting has been added SettingKeyValue table with default of 240 minutes (4 hours). 25563
Support for explicit proxy configuration in the Directory Sync Agent has been added. 30362

Resolved issues

Resolved Issue Issue ID
An issue where Cloud Only Security Groups were not read in when reading a cloud endpoint has been resolved. (22453) 22453
proxyAddresses and legacyExchangeDN are now excluded from Device ObjectTypes. 33671
An issue with Desktop Setup Pro where a pop-up Windows security box requesting a username and password continues to loop until cancelled has been resolved. 34752
An issue where Directory Sync did not sync UTC Coded Time Syntax attributes has been resolved. 35321

Incident response management

Quest Operations and Quest Support have procedures in place to monitor the health of the system and ensure

any degradation of the service is promptly identified and resolved. On Demand relies on Azure and AWS

infrastructure and as such, is subject to the possible disruption of these services. You can view the following

status pages:

System Requirements

The following web browsers are supported with On Demand:

  • Chrome or Firefox is recommended for the best cloud-based platform experience.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen