This patch is applicable for Active Directory drivers running on Identity Manager 4.6.x or Identity Manager 4.7.x. The driver version will be changed to after the patch is applied.

NOTE: This patch adds support for Windows 2019 (64-bit) as a connected system. The version of Remote Loader must be 4.6.4 or 4.7.2.

Supported Platforms System Requirements Upgrading the Driver

The driver upgrade process involves updating the driver files.

Updating the Driver Files
  1. Take a back-up of the current driver configuration.

  2. (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.

  3. (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.

  4. Download and unzip the contents of to IDM46_ADDriver_4120.zip file to a temporary location on your server.

  5. Update the driver files:
  6. Navigate to the extracted <addriverfp>\x64\windows folder and perform the following actions:

  7. If the server has password synchronization configured, copy the following files from the extracted <addriverfp>\x64 folder:

    1. PassSyncConfig.cpl to the C:\Windows\System32 folder.

    2. pwFilter.dll to the \Novell\IDM_PassSync\w64 folder.

    3. Restart the server.

  8. Update the Password Sync Filter.
  9. NOTE: You must reboot each Domain Controller for the changes to take effect. Therefore, check your current pwfilter.dll file version before starting the update. If the current version and the version shipped with the driver patch file are same, skip this step.

    1. Verify the current version of your Password Sync Filter (pwfilter.dll).

      1. On all Domain Controllers, browse to the C:\Windows\System32 folder.

      2. Right-click the pwfilter.dll file.

      3. Click Properties.

      4. Click the Details tab and check the version of the file.

    2. Update the Password Sync Filter files.

      1. On each Domain Controller, rename the existing pwfilter.dll file to pwfilter.old.

      2. Navigate to the extracted <addriverfp>\x64 folder and copy the pwfilter.dll file to the \Windows\System32 folder.
      3. Alternatively, run the Control Panel applet and check the filter status. Any old password sync filters should show as outdated and can be updated using that utility. A reboot of the Domain Controller is still needed because pwfilter.dll is loaded by the LSA process and that is only run at the startup of a server.

      4. Reboot each Domain Controller to apply the Password Sync Filter changes.

  10. If you enabled the driver to synchronize Exchange data or if you want to use Active Directory PowerShell, update the Exchange Service files.
  11. NOTE: You must perform this step only if your Active Directory driver version is less than

    Your Exchange Service files must match the Microsoft Exchange version you are using. For example, use:

    To update the Exchange Service files:

    1. Stop the currently running Exchange service and remove it.

    2. Copy the new Exchange service files from the unzipped <addriverfp>\noarch folder to \Novell\NDS or \Novell\RemoteLoader\64bit folder on your computer.

    3. Install the Identity Manager Exchange service. See the instructions from Identity Manager 4.7 Active Directory Driver Implementation Guide or Identity Manager 4.6 Active Directory Driver Implementation Guide.

    4. Start the Exchange Service.

    NOTE: Review the following considerations for running IDM_PowerShell_Service on Windows 2008.

  12. If the driver is running locally, start the Identity Vault and the driver instance.

  13. If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.

Technical Support Information

What is New in This Release

Issues Fixed in Previous Releases

Issues Fixed in Driver Version

Issues Fixed in Driver Version 4.0.3
Issues Fixed in Identity Manager 4.6