This patch is applicable for Active Directory drivers running on Identity Manager 4.6.x or Identity Manager 4.7.x. The driver version will be changed to 220.127.116.11 after the patch is applied.
NOTE: This patch adds support for Windows 2019 (64-bit) as a connected system. The version of Remote Loader must be 4.6.4 or 4.7.2.
Upgrading the Driver
- Windows Server 2019 (64 bit)
- Windows Server 2016 (64 bit)
- Windows Server 2012 (64 bit)
- Windows Server 2012 R2 (64 bit)
- Windows Server 2008 R2 (64-bit)
The driver upgrade process involves updating the driver files.
Updating the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of to IDM46_ADDriver_4120.zip file to a temporary location on your server.
- Update the driver files:
Navigate to the extracted <addriverfp>\x64\windows folder and perform the following actions:
- Copy addriver.dll to the appropriate folder for your Identity Manager version.
- Identity Manager 4.7: \NetIQ\IdentityManager\NDS (local installation) or \Novell\RemoteLoader (remote installation)
- Identity Manager 4.6: \Novell\NDS (local installation) or \Novell\RemoteLoader (remote installation)
- Replace the existing C:\Windows\System32\nls directory with the \addriverfp\x64\nls directory.
If the server has password synchronization configured, copy the following files from the extracted <addriverfp>\x64 folder:
- PassSyncConfig.cpl to the C:\Windows\System32 folder.
- pwFilter.dll to the \Novell\IDM_PassSync\w64 folder.
- Restart the server.
Update the Password Sync Filter.
NOTE: You must reboot each Domain Controller for the changes to take effect. Therefore, check your current pwfilter.dll file version before starting the update. If the current version and the version shipped with the driver patch file are same, skip this step.
If you enabled the driver to synchronize Exchange data or if you want to use Active Directory PowerShell, update the Exchange Service files.
- Verify the current version of your Password Sync Filter (pwfilter.dll).
- On all Domain Controllers, browse to the C:\Windows\System32 folder.
- Right-click the pwfilter.dll file.
- Click Properties.
- Click the Details tab and check the version of the file.
- Update the Password Sync Filter files.
- On each Domain Controller, rename the existing pwfilter.dll file to pwfilter.old.
- Navigate to the extracted <addriverfp>\x64 folder and copy the pwfilter.dll file to the \Windows\System32 folder.
Alternatively, run the Control Panel applet and check the filter status. Any old password sync filters should show as outdated and can be updated using that utility. A reboot of the Domain Controller is still needed because pwfilter.dll is loaded by the LSA process and that is only run at the startup of a server.
- Reboot each Domain Controller to apply the Password Sync Filter changes.
NOTE: You must perform this step only if your Active Directory driver version is less than 18.104.22.168.
Your Exchange Service files must match the Microsoft Exchange version you are using. For example, use:
- IDM_PowerShell_Service for Exchange 2019, Exchange 2016, or Exchange 2013
- IDM_AD_Ex2010_Service for Exchange 2010
To update the Exchange Service files:
- Stop the currently running Exchange service and remove it.
- Copy the new Exchange service files from the unzipped <addriverfp>\noarch folder to \Novell\NDS or \Novell\RemoteLoader\64bit folder on your computer.
- IDMPowerShellManagementServer.dll and IDMPowerShellService.exe for Exchange 2019, Exchange 2016, or Exchange 2013.
- IDMEx2010ManagementServer.dll and IDMEx2010Service.exe for Exchange 2010.
Install the Identity Manager Exchange service. See the instructions from Identity Manager 4.7 Active Directory Driver Implementation Guide or Identity Manager 4.6 Active Directory Driver Implementation Guide.
Start the Exchange Service.
NOTE: Review the following considerations for running IDM_PowerShell_Service on Windows 2008.
- Install Windows Management Framework 3.0.
- Update the Active Directory driver to the latest packages that include updated Global Configuration Values for the Exchange Server.
If the driver is running locally, start the Identity Vault and the driver instance.
If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Technical Support Information
What is New in This Release
Issues Fixed in Previous Releases
- Extended support for Windows Server 2019 (64-bit) as a connected system.
Issues Fixed in Driver Version 22.214.171.124
- Bug 731112 - Active Directory driver should forward password synchronization metadata
- Bug 847538 - Control Pannel PassSync Applet should show when a Domain Controller is Read-Only and not install the Password Sync Filter
- Bug 860828 - uniqueID missing for a user created from the Publisher Channel in the Active Directory driver
- Bug 887659 - Login Disabled attribute should not be set by policy if Enable Login Disabled Attribute Sync Global Configuration Value is set to true
- Bug 948282 - DirXML-ADAliasName attribute information is written to the Identity Vault despite the success of create user event
Issues Fixed in Driver Version 4.0.3
- Bug 1037861 - Active Directory Recycle Bin recovery comes across as a delete event
- Bug 1063880 - Silently loses events when the class-name missing in an event
- Bug 1065987 - Directory Synchronization (DirSync) Incremental Values does not work on a Windows 2016 Functional Forest level
- Bug 1066515 - Sends duplicate password change events on the Publisher channel
- Bug 947053 - User Account Settings - dirxml-uACLockout does not work in driver version 126.96.36.199
- Bug 1042073 - PwFilter: Security Audit requirement for "Restrictions for Unathenticated RPC clients"
Issues Fixed in Identity Manager 4.6
- Bug 1011723 - Removal of Exchange 2003 information from the driver because Microsoft has ended this support
- Bug 1011724 - Removal of Exchange 2007 support from the driver because Microsoft has ended this support
- Bug 1019268 - PWFILTER.DLL retains the old file in the remoteloader.NET folder after upgrade
- Bug 1005200 - Added support for Windows server 2016 forest functional level
- Bug 1014125 - Removal of IDMEx2007ManagementServer from the list of driver deliverables