Legacy mode Active Directory (AD) authentication server was deprecated in Pulse Connect Secure (PCS) 8.3R1 and Pulse Policy Secure (PPS) 5.4R1. Pulse Secure is no longer providing security updates, technical support or hot fixes for Legacy Mode AD authentication server. To help improve stability and overall security posture of Pulse Secure gateways starting with PCS and PPS version 9.1R1, Legacy Mode AD authentication server instances within the configuration are treated as incompatible. If these instances are detected during upgrade to 9.1R1 or higher, the upgrade will be aborted. Similarly, importing of configuration with these instances will result in configuration incompatible error messages and the import will be aborted. If Legacy Mode is configured, Pulse Secure recommends migrating to Standard Mode or if the instance is unused, please delete these authentication server instances.
For the detailed migration guide refer KB40430
Differences between the two Active Directory Modes
- Legacy Mode uses older Samba version
- Standard Active Directory mode uses a newer version of samba
- The newer Samba releases provide better performance.
- The older version is out of support from Samba community.
- Standard Active Directory mode is periodically updated with latest stable Samba packages.
What is the functional impact of this on Pulse Secure Products?
All the existing functionalities are completely supported in Standard Active Directory mode. Standard ‘Active Directory’ mode uses better group lookup methods, therefore, the 'Group Search With LDAP' option is no longer present. Active Directory mode also provides better troubleshooting tools.Note
: Standard ‘Active Directory’ Mode is supported from Windows 2008 onwards.
KB40723 - Custom expressions using group attribute fails with Standard (AD) Active Directory mode