2.2 Installing the Driver and the Identity Manager Exchange Service

The driver installation program guides you through the driver and the Identity Manager Exchange Service installation.

Perform the following actions to install and configure the Exchange Service:

  1. Copy Exchange Service from [ISO]:\products\IDM\windows\setup\drivers\azuread\ExchangeService to any local drive on the server you intend to run this service.

  2. Install Exchange Service by running <location of ExchangeService>\<location of InstallUtil>InstallUtil.exe ExchServerHost.exe command from the folder where your ExchServerHost.exe is located.

    For example: <c:\ExchangeService>\<C:\Windows\Microsoft.NET\Framework64\v4.0.30319>\InstallUtil.exe ExchServerHost.exe

  3. Ensure the server certificate is available in iManager. To create the server certificate, see Securing Communication with Identity Manager Exchange Service

  4. Open cmd prompt, and navigate to the local drive location where the ExchangeService is saved, as mentioned in Step 1 (\products\IDM\windows\setup\drivers\azuread\ExchangeService\), and execute the command configureExchService.bat <port> <certificate_name>.

    For example: configureExchService.bat 9001 azuread. Where 9001 is the port number and azuread is the nickname of the certificate that was created in iManager.

  5. To start the service, navigate to Control Panel > Administrative Tools > Services.

  6. Right-click the IDMExchangeOnline service and select Start.

NOTE:To uninstall the service, open a .NET command prompt and issue the InstallUtil /u ExchServerHost.exe command.

NetIQ recommends you to use TLS 1.1 and TLS 1.2 protocols with the Identity Manager Exchange Service. If you are using ciphers and protocols such as RC4 and Triple DES, or SSLv2/v3 on a server running Identity Manager Exchange Service, you must disable them using the disableWeakCiphers.reg file provided in the Exchange Service installation directory. You can either execute the registry file or import the file into Windows Registry. After the changes are made, restart the server. For more information about restricting the use of certain cryptographic algorithms and protocols on Windows servers, see Microsoft Support Site.