With the new release cycle for Configuration Manager, it can be difficult to know which version of the Windows ADK to use when upgrading to new releases. To further complicate the issue, each time you upgrade the ADK on the server used by SCCM, you must upgrade boot images used for OS deployment to be able to edit them going forward (the old ones are preserved but are read-only after you upgrade the ADK).
There’s a recent blog post that was really good at answering which versions of SCCM, the ADK, and Windows 10 are compatible with each other. In short, if you want to deploy the latest branch of Windows 10 (the Anniversary update), you need the latest version of the ADK installed. To use the latest version of the ADK, you must be using either the 1602 or 1606 build of SCCM.
Here’s a compatibility chart from that post, but be sure to check out the full post as it has more info:
Azure AD Connect 1.1 (formerly DirSync) is now generally available for download. If you’ve been using Azure AD Connect, you’ll want to pay attention to the new features that come in 1.1.
This is the last time you need to manually upgrade Azure AD Connect. There is a new auto-update feature that will periodically perform upgrades.
More Frequent Synchronizations
In the past, the default sync interval was 3 hours. Now, you can schedule a sync to run as often as every 30 minutes, if desired.
Support for MFA
This is a big one. Previously, accounts that used multi-factor authentication could not be used with Azure AD Connect. This was a huge security risk because the account used by Azure AD Connect had to be a global administrator on your tenant. In the new release, MFA is now supported to better secure your service accounts.
You can now configure with OUs to synchronize with your tenant during the installation process. Previously, you had to install Azure AD Connect and then later filter the OUs in the Synchronization Service Manager.
You can also modify the user sign-in method after installation now. Previously, you had to choose this during the install of Azure AD Connect and didn’t have the option to modify it later without reinstalling.
KB3102810 has been published by Microsoft to address two issues that are affecting Windows 7 and Windows Server 2008 clients.
- First issue: Windows Updates run slower than usual when using SCCM for patch management.
- Second issue: When trying to deploy an in-place Windows 10 upgrade from Windows 7, svchost.exe takes 100% CPU utilization and the upgrade might fail.
This hotfix addresses an SCCM issue but is actually applied to the OS and not the SCCM client. To install the hotfix silently, use the following command:
wusa.exe Windows6.1-KB3102810-x64.msu /quiet /norestart
Here are two simple troubleshooting steps to try if your Windows installation has been corrupted or is not functioning properly. These commands work in Windows 8 and Windows 10.
This command used with SFC.exe is a tool that will scan your system files for corruption and replace them with a cached version if necessary.
%windir%\system32\DISM.exe /Online /Cleanup-image /Restorehealth
This command using DISM.exe will scan your file system for inconsistencies and repair them if possible using Windows Update as a source for binaries. This is a modern version of the System Update Readiness Tool that was available as an update in Windows 7.
I recently had a scenario with a client that had no Configuration Manager infrastructure, used Intune to manage workstations, had trouble configuring MDT to support Windows 10 upgrades (there are still several known issues with MDT & Windows 10), but still needed to automate deployment of Windows 10 to end users.
Since the Windows 10 in-place upgrade preserves all files, settings, and drivers, it’s actually pretty easy to script several settings into one line with the available setup switches. Here’s a list of all available command line switches using the Windows 10 setup.
The first step is to copy all of the files from your Windows 10 media to a local or network location. Easy enough.
Next, create a batch file that is one folder up from this location. Mine is organized like this:
Now, edit the batch file and add a line of code to customize your Windows 10 upgrade. I used the following switches:
start /wait .\Win10\setup.exe /auto upgrade /migratedrivers all /dynamicupdate enable /showoobe none /pkey XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Once launched, the wizard can be completely automated if you use the proper switches.
If you want to deploy this to users, you have a few options. You don’t need to copy all of the setup files to their systems if you have a network drive that they can access. Users have the option to run this command directly from the network location, and then all of the required files for the in-place upgrade will be staged on their local system. You could also deploy a shortcut to a CMD file with the setup parameters to your users’ desktops using group policy.