How do I install or upgrade AD Connect manually

How do I install or upgrade AD Connect manually

Published: 04/17/2017
These instructions will help one install or upgrade AD Connect manually. These instructions are beneficial in the scenario where one is installing a fresh copy of AD Connect or where one is upgrading from one major version to another such as from 1.x or 2.x to 3.x or from a version 1.14 or prior to a newer version because of the changes to Active Directory user groups to read the entire User DN. Additionally, these manual installation instructions can help if one wants to switch from AD Connect with IIS to AD Connect without IIS (aka AD Agent) or vice versa.

Follow these steps for the install:

Pre-installation Steps
1) Create a new folder either on the desktop or in Windows Explorer.  You can call it 'AD Connect Installs' or something similar
2) Create a new text document called 'Installation.txt' and place it in this directory
3) In this text document place the value for Organization ID and Product Key.  You can get the Organization ID from the Setup page Edit Configuration of AD Connect within the PingOne Admin Console on  If a Product Key was previously set and AD Connect with IIS is the version installed the key can be obtained from Windows Explorer by browsing to c:\Program Files (x86)\Ping Identity\Ad Connect\SSO and opening the Web.config file and scrolling down to the ProductKey setting. Copy the 'Value' option out of this.  Alternatively, if AD Connect is installed the key can be obtained from C:\Program Files (x86)\Ping Identity\ADconnect\AuthenticationAgent\AuthenticationAgent.exe.config.  Open the file and scroll down to the ProductKey setting.  Copy the 'Value' from this.
Alternatively the Product Key can be changed on the Setup page just below the Organization ID.  Once this value is set put this new value in the text document.
4) If AD Connect was previously installed also place the old version of file into this directory.  That file likely already exists on this server from the previous install.  You can search for it if you don't see it. The version that you have installed today is also displayed on the Setup page on
5) If AD Connect's authentication form was customized prior (assuming that it was installed previously) copy the file from c:\Program Files (x86)\Ping Identity\Ad Connect\SSO to this directory to ensure that a backup is available
5) Also place the new version of the installer in this directory, you can download this directly from the Setup tab
6) If there is more than one server (load balancer is being used etc) - Copy this directory, which was created in step 1, to each additional server that will have AD Connect installed

Follow these further steps to install the new version of AD Connect
1) On the first server, stop the Windows Services for AD Connect (if a prior version of AD Connect was previously installed on this server follow this step and the next, otherwise these two steps should be skipped).  It has different names depending on the version that you have installed.  Look under AD Connect and look under Ping Identity.  Stop all services.  These services may be listed under one or more of the following names depending on the version of AD Connect that is installed, as well as which services are installed on the server: "ADConnect Configuration Service", "ADConnect Authentication Agent Service", "ADConnect Provisioner Service", "ADConnect Software Update Service", and the "ADConnect Watchdog Service".
2) Go into Programs/Features and uninstall Ping Identity AD Connect
3) Install the new version of AD Connect from the file downloaded from the PingOne site most recently
4) Follow through the steps, clicking "Continue" when prompted
5) Provide the organization and product key values from the 'Installation.txt' file when prompted. Click 'Activate'.  Then click 'Continue'
6) When asked which website to install to it's most likely 'Default Website' unless you have an atypical configuration
Note: We highly recommend that AD Connect should be installed on it's own server to avoid conflicting with other IIS product versions (eg: .Net versions might differ between ADC and Sharepoint).
7) It takes about two minutes total for the install
8) Note that if using AD Connect with IIS and you had a (customization file) before check to see if it is in c:\Program Files (x86)\Ping Identity\Ad Connect\SSO.  If the file is no longer there copy it from your backup directory.

For more information on customizing the look and feel of AD Connect see this knowledgebase article:
Repeat these eight steps above on each additional machine

Then perform these next steps on both machines to set the proper signing certificate (this only applies when AD Connect with IIS is used):
1) While logged in as the Administrator user browse to:
2) In the bottom left of this page you will see the digital signature portion
3) Select the certificate that you had configured previously or would like to configure.  It’s also okay to keep the self-signed certificate selected if that is your preference.

Repeat those steps on each additional server that has AD Connect installed on it

And then test AD Connect by following these steps:
1) Login to the dashboard via that URL that you find on your dashboard.  Your Company ID (the last portion of the PingOne Dock URL you see there can be customized on the Setup tab).
2) Feel free to try different browsers
3) Try different mobile devices - iPad, iPhone, Android, etc
4) Try testing applications, if you had any previously configured or feel free to start configuring one
ADConnect ,