Azure Active Directory Driver 5.1.4.0 Readme
The Azure Active Directory Driver also referred to as Azure AD Driver in this document, allows you to seamlessly provision and deprovision users, group memberships, exchange mailboxes, roles, and licenses to Azure AD cloud. You can also configure the driver to integrate with Identity Manager Service for Exchange Online (Identity Manager Exchange Service) for synchronizing Office 365 attributes.
This Readme comprises the following sections:
Overview
This update is applicable for an Identity Manager Driver for Office 365 and Azure Active Directory running Identity Manager 4.7.x and 4.8.x. The driver version will be changed to 5.1.4.0 after the patch is applied.
System Requirements
- Identity Manager 4.7.x
- Identity Manager 4.8.x
- REST Driver 1.1.2.1
Upgrading the Driver
The driver upgrade process involves the following tasks:
Upgrading the Driver Packages
Upgrading the Driver Files
Upgrading the Driver Packages
- Download the following packages:
Name |
Package Name | Version | Build Date | Build Number |
Azure AD Base Configuration |
MFAZUREBASE |
1.0.3 |
20210225 |
161038 |
MS Azure Default Configuration |
MFAZUREDCFG |
1.1.2 |
20210212 |
172747 |
- Open the project containing the driver.
- Right-click the driver for which you want to upgrade an installed package, then click Driver > Properties.
- Click Packages.
NOTE: A check mark indicates a newer version of a package in the Upgrades column.
- Click Select Operation for the package that indicates there is an upgrade available.
- From the drop-down list, click Upgrade.
- Select the version that you want to upgrade to, then click OK.
NOTE: Designer lists all versions available for upgrade.
- Click Apply.
- (Conditional) Fill in the fields with appropriate information to upgrade the package, then click Next.
Depending on which package you selected to upgrade, you must fill in the required information to upgrade the package.
- Read the summary of the packages that will be installed, then click Finish.
- Review the upgraded package, then click OK to close the Package Management page.
Upgrading the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of the IDM_AzureAD_5140.zip file to a temporary location on your computer.
- (Conditional) To upgrade the driver files:
- As a root user, perform the following steps:
- On the server where you want apply the driver patch, log in as root.
- Navigate to the extracted <IDM_AzureAD_5140.zip> directory and perform one of the following actions for your platform:
- Windows:
- If the driver is installed locally:
- Navigate to the <extracted IDM_AzureAD_5140.zip>/Windows folder.
- Copy and replace the AZDriverShim.jar, RestLib.jar, and OData.jar files in the C:\NetIQ\IDM\NDS\lib folder.
- If the driver is installed with Remote Loader:
- Navigate to the <extracted IDM_AzureAD_5140.zip>/Windows folder.
- Copy and replace the AZDriverShim.jar, RestLib.jar, and OData.jar files in the C:\NetIQ\IDM\RemoteLoader\64bit\lib.
- Upgrade the Windows Exchange Service:
- Stop the IDMExchangeOnline service from Windows services console (services.msc).
- Navigate to Windows Exchange Service in the extracted <IDM_AzureAD_5140.zip> folder and copy the Microsoft.Identity.Client.dll, ExchServerHost.exe and IDMExchServer.dll files to the Windows Exchange Service installation folder in your file system. For example, C:\NetIQ\ExchangeServerHost.
Important: To support new APIs, you must mandatorily install the Microsoft Exchange Online PowerShell V2 module (EXO V2). For the prerequisites and installation procedure, see
About the Exchange Online PowerShell V2 module.
- As a non-root user, perform the following steps:
- Verify that /rpm directory exists and contains _db.* file.
The _db.* file is created during a non-root installation of the Identity Manager engine. The absence of this file might indicate that the Identity Manager is not installed properly. You must reinstall the Identity Manager to correctly place the file in the directory.
- To set the root directory to the location of non-root Identity Vault, enter the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where Identity Vault is installed as a non-root user.
- To install the driver files, enter the following command:
For example, to install the REST driver RPM, use this command:
rpm --dbpath $ROOTDIR/rpm -Uvh --relocate=/usr=$ROOTDIR/opt/novell/eDirectory --relocate=/etc=$ROOTDIR/etc --relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory --relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles /home/user/netiq-DXMLRESTAzure.rpm
where /opt/novell/eDirectory is the location where non-root eDirectory is installed and /home/user/ is the home directory of the non-root user.
- (Conditional) If the driver is running locally, start the Identity Vault and the driver instance.
- (Conditional) If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Technical Support Information
Security Fix
Issues Fixed in this Release
- ALM 231420 - When a psexecute cmdlet fails, Azure AD driver does not print error message and returns success with no error description.
- ALM 231498 - Driver does not return psexecute results instance document to the driver.
- ALM 258165 - Azure AD driver should not fall back to system-wide cacerts keystore when a truststore is configured.
- ALM 314077 - Restore fails if user is present in the cache but no longer in the recycle bin.
- ALM 288018 - RFE: Enhance Azure driver Group handling to prevent repeated queries to check group type.
- ALM 329091 - IDM Azure AD driver check password synchronization status returns 'null pointer exception'.
- ALM 296013 - Exchange service fails to start after server reboot.
Issues Fixed in Previous Release (5.1.3)
- ALM 230992 - Enhancement to support modern authentication with Exchange Online APIs for Office 365.
- ALM 230811 - Implemented a fix to restrict multiple query calls for owners and members from the connected system.
Issues Fixed in Driver Version 5.1.2
- Bug 1130845 - The driver has been enhanced to check the class name before performing a restore operation which is supportd only for Users class.
- Bug 1135890 - Ability to force the driver to use the US locale for printing system time to avoide the Exchange polling issues.
- Bug 1133522 - Exchange service has been enhanced to notify if the server certificates do not contain the private key.
- Bug 1145835 - The driver does not fail to start anymore when Exchange service is enabled and Exchange online is disabled.
- Bug 1126239 - Ability to synchronize the description of the mailbox groups has been added on the subscriber channel.
- Bug 1145812 - The driver now supports creation of MES groups.
Issues Fixed in Driver Version 5.1.1
- Bug 1125734 - Ability to escape HTML characters for passwords when Graph or Exchange APIs are called
- Bug 1114633 - Powershell psexecute commands work properly when the driver is in Hybrid mode
- Bug 1114631 - Licenses in a "PendingInput" status are no longer removed
- Bug 1115732 - Irrelevant trace messages will no longer display for successful user add and user restoration using exchange service events
- Bug 1114635 - Ability to rename Mail-Enabled security groups on the Subscriber channel
- Enhancement 1114628 - Extended support for synchronizing the usercertificate attribute from the Identity Vault to Azure AD
- Enhancement 1125877 - Extended support for supporting the unified groups