Azure AD Connect:自动升级Azure AD Connect: Automatic upgrade

此功能是随内部版本 1.1.105.0(于 2016 年 2 月发布)一起推出的。This feature was introduced with build 1.1.105.0 (released February 2016). 此功能已在内部版本 1.1.561 中更新,现在支持以前不支持的其他方案。This feature was updated in build 1.1.561 and now supports additional scenarios that were previously not supported.

概述Overview

使用 自动升级 功能是确保 Azure AD Connect 安装始终保持最新状态的最简单方法。Making sure your Azure AD Connect installation is always up to date has never been easier with the automatic upgrade feature. 系统默认启用此功能,以便进行快速安装和 DirSync 升级。This feature is enabled by default for express installations and DirSync upgrades. 发布新版本时,安装会自动升级。When a new version is released, your installation is automatically upgraded. 默认情况下,针对以下方案启用自动升级:Automatic upgrade is enabled by default for the following:

  • 快速设置安装和 DirSync 升级。Express settings installation and DirSync upgrades.
  • 使用 SQL Express LocalDB,这是快速设置始终使用的选项。Using SQL Express LocalDB, which is what Express settings always use. 使用 SQL Express 的 DirSync 也会使用 LocalDB。DirSync with SQL Express also use LocalDB.
  • AD 帐户是快速设置和 DirSync 创建的默认 MSOL_ 帐户。The AD account is the default MSOL_ account created by Express settings and DirSync.
  • Metaverse 中的对象少于 100,000 个。Have less than 100,000 objects in the metaverse.

可以使用 PowerShell cmdlet Get-ADSyncAutoUpgrade来查看当前的自动升级状态。The current state of automatic upgrade can be viewed with the PowerShell cmdlet Get-ADSyncAutoUpgrade. 状态包括:It has the following states:

状态State 注释Comment
EnabledEnabled 自动升级已启用。Automatic upgrade is enabled.
已挂起Suspended 只能由系统设置。Set by the system only. 系统目前没有资格接收自动升级。The system is not currently eligible to receive automatic upgrades.
已禁用Disabled 自动升级已禁用。Automatic upgrade is disabled.

可以使用 Set-ADSyncAutoUpgrade 在“已启用”与“已禁用”之间切换。You can change between Enabled and Disabled with Set-ADSyncAutoUpgrade. 只有系统才能设置“暂停”状态。Only the system should set the state Suspended. 在 1.1.750.0 之前,如果自动升级状态设置为“已暂停”,则 Set-ADSyncAutoUpgrade cmdlet 会阻止自动升级。Prior to 1.1.750.0 the Set-ADSyncAutoUpgrade cmdlet would block Autoupgrade if the auto-upgrade state was set to Suspended. 此功能现已更改,不阻止自动升级。This functionality has now changed so it does not block AutoUpgrade.

如果服务器上正在运行 同步服务管理器 UI,则会暂停升级,直到 UI 关闭为止。If the Synchronization Service Manager UI is running on the server, then the upgrade is suspended until the UI is closed.

故障排除Troubleshooting

如果 Connect 安装未按预期自动升级,请遵循以下步骤来找出可能的错误。If your Connect installation does not upgrade itself as expected, then follow these steps to find out what could be wrong.

首先,不建议在新版本发行的第一天就自动升级。First, you should not expect the automatic upgrade to be attempted the first day a new version is released. 由于升级前有刻意设计的随机性,因此,不用担心安装没有立即升级。There is an intentional randomness before an upgrade is attempted so don't be alarmed if your installation isn't upgraded immediately.

如果认为有问题,请先运行 Get-ADSyncAutoUpgrade 确保已启用自动升级。If you think something is not right, then first run Get-ADSyncAutoUpgrade to ensure automatic upgrade is enabled.

然后,确保已在防火墙中打开所需的 URL。Then, make sure you have opened the required URLs in your firewall.

确认与 Azure AD 建立连接后,可以深入了解事件日志。With the connectivity to Azure AD verified, it is time to look into the eventlogs. 启动事件查看器,并查看 应用程序 事件日志。Start the event viewer and look in the Application eventlog. 为源 Azure AD Connect 升级和事件 ID 范围 300-399 添加事件日志筛选器。Add an eventlog filter for the source Azure AD Connect Upgrade and the event id range 300-399.
用于自动升级的事件日志筛选器Eventlog filter for automatic upgrade

此时可以看到与自动升级状态关联的事件日志。You can now see the eventlogs associated with the status for automatic upgrade.
用于自动升级的事件日志筛选器

结果代码前面会有包含状态概述的前缀。The result code has a prefix with an overview of the state.

结果代码前缀Result code prefix 说明Description
SuccessSuccess 安装已成功升级。The installation was successfully upgraded.
UpgradeAbortedUpgradeAborted 某种临时状态停止了升级。A temporary condition stopped the upgrade. 升级会重试,预期稍后会成功。It will be retried again and the expectation is that it succeeds later.
UpgradeNotSupportedUpgradeNotSupported 系统中的某个配置阻止系统自动升级。The system has a configuration that is blocking the system from being automatically upgraded. 升级会重试,以查看状态是否已变化,但预期只能手动升级系统。It will be retried to see if the state is changing, but the expectation is that the system must be upgraded manually.

下面是最常见的消息列表。Here is a list of the most common messages you find. 该列表并不完整,但结果消息应会明确说明问题所在。It does not list all, but the result message should be clear with what the problem is.

结果消息Result Message 说明Description
UpgradeAbortedUpgradeAborted
UpgradeAbortedCouldNotSetUpgradeMarkerUpgradeAbortedCouldNotSetUpgradeMarker 无法写入注册表。Could not write to the registry.
UpgradeAbortedInsufficientDatabasePermissionsUpgradeAbortedInsufficientDatabasePermissions 内置管理员组对数据库没有相应权限。The built-in administrators group does not have permissions to the database. 请手动升级到最新版的 Azure AD Connect 以解决此问题。Manually upgrade to the latest version of Azure AD Connect to address this issue.
UpgradeAbortedInsufficientDiskSpaceUpgradeAbortedInsufficientDiskSpace 没有足够的磁盘空间用于支持升级。There is not enough disc space to support an upgrade.
UpgradeAbortedSecurityGroupsNotPresentUpgradeAbortedSecurityGroupsNotPresent 找不到且无法解析同步引擎使用的所有安全组。Could not find and resolve all security groups used by the sync engine.
UpgradeAbortedServiceCanNotBeStartedUpgradeAbortedServiceCanNotBeStarted NT 服务 Azure AD Sync 未能启动。The NT Service Azure AD Sync failed to start.
UpgradeAbortedServiceCanNotBeStoppedUpgradeAbortedServiceCanNotBeStopped NT 服务 Azure AD Sync 未能停止。The NT Service Azure AD Sync failed to stop.
UpgradeAbortedServiceIsNotRunningUpgradeAbortedServiceIsNotRunning NT 服务 Azure AD Sync 未运行。The NT Service Azure AD Sync is not running.
UpgradeAbortedSyncCycleDisabledUpgradeAbortedSyncCycleDisabled 计划程序中的 SyncCycle 选项已禁用。The SyncCycle option in the scheduler has been disabled.
UpgradeAbortedSyncExeInUseUpgradeAbortedSyncExeInUse 服务器上打开了 Synchronization Service Manager UIThe synchronization service manager UI is open on the server.
UpgradeAbortedSyncOrConfigurationInProgressUpgradeAbortedSyncOrConfigurationInProgress 安装向导正在运行,或者在计划程序外部计划了同步。The installation wizard is running or a sync was scheduled outside the scheduler.
UpgradeNotSupportedUpgradeNotSupported
UpgradeNotSupportedAdfsSignInMethodUpgradeNotSupportedAdfsSignInMethod 已选择 Adfs 作为登录方法。You have selected Adfs as the sign-in method.
UpgradeNotSupportedCustomizedSyncRulesUpgradeNotSupportedCustomizedSyncRules 已将自己的自定义规则添加到配置中。You have added your own custom rules to the configuration.
UpgradeNotSupportedInvalidPersistedStateUpgradeNotSupportedInvalidPersistedState 安装不是快速设置或 DirSync 升级。The installation is not an Express settings or a DirSync upgrade.
UpgradeNotSupportedMetaverseSizeExceeededUpgradeNotSupportedMetaverseSizeExceeeded metaverse 中的对象超过 100,000 个。You have more than 100,000 objects in the metaverse.
UpgradeNotSupportedMultiForestSetupUpgradeNotSupportedMultiForestSetup 正在连接到多个林。You are connecting to more than one forest. 快速设置仅连接到一个林。Express setup only connects to one forest.
UpgradeNotSupportedNonLocalDbInstallUpgradeNotSupportedNonLocalDbInstall 使用的不是 SQL Server Express LocalDB 数据库。You are not using a SQL Server Express LocalDB database.
UpgradeNotSupportedNonMsolAccountUpgradeNotSupportedNonMsolAccount AD DS 连接器帐户不再是默认的 MSOL_ 帐户。The AD DS Connector account is not the default MSOL_ account anymore.
UpgradeNotSupportedNotConfiguredSignInMethodUpgradeNotSupportedNotConfiguredSignInMethod 在设置 AAD Connect 期间,请在选择登录方法时选择“不配置”。When setting up AAD Connect, you chose Do Not Configure when selecting the sign-on method.
UpgradeNotSupportedStagingModeEnabledUpgradeNotSupportedStagingModeEnabled 服务器已设置为暂存模式The server is set to be in staging mode.

后续步骤Next steps

了解有关 将本地标识与 Azure Active Directory 集成的详细信息。Learn more about Integrating your on-premises identities with Azure Active Directory.