Overview
This patch is applicable for Active Directory drivers running on Identity Manager 4.8.x or Identity Manager 4.7.x. The driver version will be changed to 4.1.3.0 after the patch is applied.
Supported Platforms
- Windows Server 2019 (64 bit)
- Windows Server 2016 (64 bit)
- Windows Server 2012 (64 bit)
- Windows Server 2012 R2 (64 bit)
Note:Windows Server 2008 and 2008 R2 are no longer supproted. For more information, see the Microsoft Documentation.
System Requirements
- Identity Manager 4.8 or later
- Identity Manager 4.7 or later
Upgrading the Driver
The driver upgrade process involves updating the driver files.
Updating the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of to IDM_ADDriver_4130.zip file to a temporary location on your server.
- Update the driver files:
Navigate to the extracted addriverfp\x64\windows folder and perform the following actions:
- Copy addriver.dll to the appropriate folder for your Identity Manager version.
- Identity Manager 4.7 and later: \NetIQ\IdentityManager\NDS (local installation) or \Novell\RemoteLoader (remote installation)
- Replace the existing C:\Windows\System32\nls directory with the \addriverfp\x64\nls directory.
- If the server has password synchronization configured, copy the following files from the extracted addriverfp\x64 folder:
- PassSyncConfig.cpl to the C:\Windows\System32 folder.
- pwFilter.dll to the \Novell\IDM_PassSync\w64 folder.
- Restart the server.
- Update the Password Sync Filter.
NOTE: You must reboot each Domain Controller for the changes to take effect. Therefore, check your current pwfilter.dll file version before starting the update. If the current version and the version shipped with the driver patch file are same, skip this step.
- Verify the current version of your Password Sync Filter (pwfilter.dll).
- On all Domain Controllers, browse to the C:\Windows\System32 folder.
- Right-click the pwfilter.dll file.
- Click Properties.
- Click the Details tab and check the version of the file.
- Update the Password Sync Filter files.
- On each Domain Controller, rename the existing pwfilter.dll file to pwfilter.old.
- Navigate to the extracted addriverfp\x64 folder and copy the pwfilter.dll file to the \Windows\System32 folder.
Alternatively, run the Control Panel applet and check the filter status. Any old password sync filters should show as outdated and can be updated using that utility. A reboot of the Domain Controller is still needed because pwfilter.dll is loaded by the LSA process and that is only run at the startup of a server.
- Reboot each Domain Controller to apply the Password Sync Filter changes.
- If you enabled the driver to synchronize Exchange data or if you want to use Active Directory PowerShell, update the Exchange Service files.
NOTE: Microsoft Exchange Server 2010 is no longer supproted. For more information, see the Microsoft Documentation.
To update the Exchange Service files:
- Stop the currently running Exchange service.
- Copy the new Exchange service files from the unzipped addriverfp\noarch folder to \Novell\NDS or \Novell\RemoteLoader\64bit folder on your computer.
- IDMPowerShellManagementServer.dll and IDMPowerShellService.exe.
- Install the Identity Manager Exchange service. See the instructions from Identity Manager 4.8 Active Directory Driver Implementation Guide
- Start the Exchange Service.
- If the driver is running locally, start the Identity Vault and the driver instance.
- If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Technical Support Information
Issues Fixed in This Release
- Defect 231302 - Querying those servers which are unresponsive returns error with missing events.
- Defect 229988 - Search operation on the publisher channel retuns an empty result if max-result-count parameter is set.
Issues Fixed in Previous Releases
Issues Fixed in Driver Version 4.1.2.1
- Bug 1149517 - Pwfilter.dll needs to be signed in order for the policy RunAsPPL to be supported
Issues Fixed in Driver Version 4.1.1.0
- Bug 731112 - Active Directory driver should forward password synchronization metadata
- Bug 847538 - Control Pannel PassSync Applet should show when a Domain Controller is Read-Only and not install the Password Sync Filter
- Bug 860828 - uniqueID missing for a user created from the Publisher Channel in the Active Directory driver
- Bug 887659 - Login Disabled attribute should not be set by policy if Enable Login Disabled Attribute Sync Global Configuration Value is set to true
- Bug 948282 - DirXML-ADAliasName attribute information is written to the Identity Vault despite the success of create user event
Issues Fixed in Driver Version 4.0.3
- Bug 1037861 - Active Directory Recycle Bin recovery comes across as a delete event
- Bug 1063880 - Silently loses events when the class-name missing in an event
- Bug 1065987 - Directory Synchronization (DirSync) Incremental Values does not work on a Windows 2016 Functional Forest level
- Bug 1066515 - Sends duplicate password change events on the Publisher channel
- Bug 947053 - User Account Settings - dirxml-uACLockout does not work in driver version 4.0.1.0
- Bug 1042073 - PwFilter: Security Audit requirement for "Restrictions for Unathenticated RPC clients"
Issues Fixed in Identity Manager 4.6
- Bug 1011723 - Removal of Exchange 2003 information from the driver because Microsoft has ended this support
- Bug 1011724 - Removal of Exchange 2007 support from the driver because Microsoft has ended this support
- Bug 1019268 - PWFILTER.DLL retains the old file in the remoteloader.NET folder after upgrade
- Bug 1005200 - Added support for Windows server 2016 forest functional level
- Bug 1014125 - Removal of IDMEx2007ManagementServer from the list of driver deliverables