- Add attribut "mail" , "proxyaddress" and "description" sync for group
- tenant_id is no strictly necessary in the configuration file because an API point allows it to be retrieved. (for facilitate initial setup)
- pathsamdb parameter was renamed to url
- The script can now run on a member machine (non-domain controller) see: https://github.com/sfonteneau/AzureADConnect_Samba4/blob/main/README.md#run-the-project-on-a-member-machine-non-domain-controller
- FIX "expireOn" delta calculation, this would generate an expired token error. "expireOn" is not in UTC...
- Improving code : repair a broken import in samba 4.20
- The refresh token was never renewed, The problem should occur every 90 days. Also, now the refresh token is only used if the "expiresOn" date is reached.
- renaming callbacks, add callback_after_send_obj ,callback_after_send_hashnt and callback_end_synchro
- Python callback support, see https://github.com/sfonteneau/AzureADConnect_Samba4/blob/7115dfa9a1f7fea052e7a2d0f223536a6f93229b/README.md#use-python-callback-to-modify-the-calculated-result-of-the-script
- pathsmbconf and pathsamdb add in config file to be more flexible in the configuration
- Support multiple basedn, use "|" separator in conf file to define multiple basedn
- Add "custom_filter_user" , "custom_filter_group" , "custom_filter_computer" options. usage exemple : custom_filter_user=(memberof:1.2.840.113556.1.4.1941:=CN=ccc,OU=Groupe,DC=mydomain,DC=lan)
- Fix aadinternals_python, replace aadsync_client_build "1.5.29.0" with "2.2.8.0", now "1.5.29.0" no longer works.
- Config "basedn_user", "basedn_group", "basedn_computer" add in azure.conf, if not defined the value equal to basedn. Allows you to finely define the organizational unit for each type of object.
- Improvement of "--service-mode" to avoid querying the Microsoft APIs too often, we now base ourselves on the local db after the first launch. Default interval now = 60s
- Improved logs, The output is now in json and out in /var/log/azure_ad_sync. customizable with "logfile" in config file.
- Errors are now non-blocking but logged
- You can now run the script in service mode with "--service-mode" arg (for use with systemd). In this mode the synchronization interval is 600 seconds. You can change this value with "synchronization_interval_service" in the conf file.
- Multi-factor authentication support. Use the old token to regenerate a new token. The tenant id is now required in conf file For the first run an external authentication and a copy paste will be necessary
- New available option in conf file : tenant_id, save_to_cache, use_cache , credential_cache_file
- add use_get_syncobjects in azure.conf by default = True (allows not to use the history of shipments given by microsoft but rather to rely on the local database to find the sourceanchoor. less reliable but useful if get_syncobjects fails. It would be so much easier if Microsoft gave the source anchor for groups and devices and not just users...)
- basedn option Add in azure.conf (for search in specific basedn in samba)
- alternate_login_id_attr option Add in azure.conf (to set alternate attribute for login id (https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/plan-connect-userprincipalname#alternate-login-id) for mapping on mail
- Support for writing "CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration" in samba4
- Add azureadname config in azure.conf (use for write CN=Device Registration Configuration)
- Add Device synchronization in sync (configuration in conf file)
- Force usertype in dict (restart a forced sync for users)
- Add onPremiseSecurityIdentifier and usercertificate for the user
- Add "do_delete" in the configuration file, if True, delete accounts with a "sourceanchor" online and not found in samba
- Switch from saving the last sendings of a json file to a sqlite database (restart of a forced synchronization)
- added backward compatibility of samba 4.13
- Added "hash_synchronization" option in the configuration file
switch to "microsoft azure ad connect" operating mode:
- Choice of sourceanchor in the configuration file
- objectGUID and ObjectSid are not decoded (byte) (convert to base64 when sending to azuread)
- possibility to use ms-ds-consistencyguid
- Added the possibility of a sourceanchor objectSID_str for backward compatibility with old version of the project.
- Added a pause when sending the password hash, otherwise too fast between account creation and password sending.
- Sending the group twice for nested groups, otherwise too fast between the creation of groups.
- added "adsync" and "PasswordHashSync" enable (allows to run the script on an instance that has never seen "microsoft azure ad connect")
- Send only if data change, write last data send in json file
- Add attributes in the sync
- first working version, use obectsid decoded for sourceanchor