Active Directory Driver 4.1.3.0300 Readme
Overview
This patch is applicable for Active Directory drivers running on Identity Manager 4.8.x. The driver version will be changed to 4.1.3.0300 after the patch is applied.
Important: Refer to security recommendations for the Powershell Service. NetIQ recommends that you refer to these guidelines before upgrading the driver. For more information, see the Security Best Practices section in the NetIQ Driver for Active Directory Implementation Guide.
Supported Platforms
- Windows Server 2022 (64 bit)
- Windows Server 2019 (64 bit)
- Windows Server 2016 (64 bit)
- Windows Server 2012 (64 bit)
- Windows Server 2012 R2 (64 bit)
Note:Windows Server 2008 and 2008 R2, and Microsoft Exchange Server 2010 are no longer supported. For more information, see the Microsoft Documentation and Exchange Server 2010.
This Readme comprises the following sections:
System Requirements
- Identity Manager 4.8 or later
Upgrading the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of to IDM_ADDriver_413_P3.zip file to a temporary location on your server.
- Update the driver files:
Navigate to the extracted addriverfp\x64\windows folder and perform the following actions:
- Copy addriver.dll to the appropriate folder for your Identity Manager version.
- Identity Manager 4.8 and later: \NetIQ\IdentityManager\NDS (local installation) or \Novell\RemoteLoader (remote installation)
- Replace the existing C:\Windows\System32\nls directory with the \addriverfp\x64\nls directory.
- If the server has password synchronization configured, copy the following files from the extracted addriverfp\x64 folder:
- PassSyncConfig.cpl to the C:\Windows\System32 folder.
- pwFilter.dll to the \Novell\IDM_PassSync\w64 folder.
- Restart the server.
- Update the Password Sync Filter.
NOTE: You must reboot each Domain Controller for the changes to take effect. Therefore, check your current pwfilter.dll file version before starting the update. If the current version and the version shipped with the driver patch file are same, skip this step.
- Verify the current version of your Password Sync Filter (pwfilter.dll).
- On all Domain Controllers, browse to the C:\Windows\System32 folder.
- Right-click the pwfilter.dll file.
- Click Properties.
- Click the Details tab and check the version of the file.
- Update the Password Sync Filter files.
- On each Domain Controller, rename the existing pwfilter.dll file to pwfilter.old.
- Navigate to the extracted addriverfp\x64 folder and copy the pwfilter.dll file to the \Windows\System32 folder.
Alternatively, run the Control Panel applet and check the filter status. Any old password sync filters should show as outdated and can be updated using that utility. A reboot of the Domain Controller is still needed because pwfilter.dll is loaded by the LSA process and that is only run at the startup of a server.
- Reboot each Domain Controller to apply the Password Sync Filter changes.
- Install the adutil.jar file.
- Copy the new adutil.jar file from the unzipped addriverfp\noarch folder to \Novell\NDS\lib or \Novell\RemoteLoader\64bit\lib folder on your computer.
- If you enabled the driver to synchronize Exchange data or if you want to use Active Directory PowerShell, update the Exchange Service files.
NOTE: Microsoft Exchange Server 2010 is no longer supproted. For more information, see the Microsoft Documentation.
To update the Exchange Service files:
- Stop the currently running Exchange service.
- Copy the new Exchange service files from the unzipped addriverfp\noarch folder to \Novell\NDS or \Novell\RemoteLoader\64bit folder on your computer.
- IDMPowerShellManagementServer.dll and IDMPowerShellService.exe.
- Install the Identity Manager Exchange service. See the instructions from Identity Manager 4.8 Active Directory Driver Implementation Guide
- Start the Exchange Service.
- If the driver is running locally, start the Identity Vault and the driver instance.
- If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Installing PassSync Troubleshooting Tool
- In the unzipped IDM_ADDriver_413_P3.zip file navigate to the following file path : IDM_ADDriver_4130\IDM_ADDriver_4130\utilities
- Copy PassSync Troubleshooting Tool.exe to any folder of your choice on your local driver and run the .exe file.
Technical Support Information
Issues Fixed in This Release
- Defect 589079 - Version 3.1.1.0 of the pwfilter.dll on Windows 2019 Binds up all the ports on the DC causing the DC to stop responding.
Issues Fixed in previous (4.1.3.0200) Release
- Defect 558025 - IDM AD Driver 4.1.3.0100. pwfilter.dll changes the password into the domain name