Active Directory Driver 4.1.3.0400 Readme

Overview

This patch is applicable for Active Directory drivers running on Identity Manager 4.8.x. The driver version will be changed to 4.1.3.0400 after the patch is applied.

Important: Refer to security recommendations for the Powershell Service. NetIQ recommends that you refer to these guidelines before upgrading the driver. For more information, see the Security Best Practices section in the NetIQ Driver for Active Directory Implementation Guide.

• Windows Server 2022 (64 bit)
• Windows Server 2019 (64 bit)
• Windows Server 2016 (64 bit)
• Windows Server 2012 (64 bit)
• Windows Server 2012 R2 (64 bit)

Note:Windows Server 2008 and 2008 R2, and Microsoft Exchange Server 2010 are no longer supported. For more information, see the Microsoft Documentation and Exchange Server 2010.

This Readme comprises the following sections:

• System Requirements
• Upgrading the Driver
• Technical Support Information

System Requirements

• Identity Manager 4.8 or later

Upgrading the Driver Packages

1. Download the Active Directory Base package:


• Package Name: NOVLADBASE
• Version: 2.2.8
• Build Date: 20230512
• Build Number: 165629



2. Open the project containing the driver.


3. Right-click the driver for which you want to upgrade an installed package, then click Driver > Properties.


4. Click Packages.

A check mark indicates a newer version of a package in the Upgrades column.

5. Click Select Operation for the package that indicates there is an upgrade available.


6. From the drop-down list, click Upgrade.


7. Select the version that you want to upgrade to, then click OK.

NOTE: Designer lists all versions available for upgrade.

8. Click Apply.


9. (Conditional) Fill in the fields with appropriate information to upgrade the package, then click Next.

Depending on which package you selected to upgrade, you must fill in the required information to upgrade the package.

10. Read the summary of the packages that will be installed, then click Finish.


11. Review the upgraded package, then click OK to close the Package Management page.

Upgrading the Driver Files

1. Take a back-up of the current driver configuration.


2. (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.


3. (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.


4. Download and unzip the contents of to IDM_ADDriver_413_P4.zip file to a temporary location on your server.


5. Update the driver files:

Navigate to the extracted addriverfp\x64\windows folder and perform the following actions:

• Copy addriver.dll to the appropriate folder for your Identity Manager version.


• Identity Manager 4.8 and later: \NetIQ\IdentityManager\NDS (local installation) or \Novell\RemoteLoader (remote installation)


• Replace the existing C:\Windows\System32\nls directory with the \addriverfp\x64\nls directory.


6. If the server has password synchronization configured, copy the following files from the extracted addriverfp\x64 folder:


1. PassSyncConfig.cpl to the C:\Windows\System32 folder.


2. pwFilter.dll to the \Novell\IDM_PassSync\w64 folder.


3. Restart the server.


7. Update the Password Sync Filter.

NOTE: You must reboot each Domain Controller for the changes to take effect. Therefore, check your current pwfilter.dll file version before starting the update. If the current version and the version shipped with the driver patch file are same, skip this step.

1. Verify the current version of your Password Sync Filter (pwfilter.dll).


1. On all Domain Controllers, browse to the C:\Windows\System32 folder.


2. Right-click the pwfilter.dll file.


3. Click Properties.


4. Click the Details tab and check the version of the file.


2. Update the Password Sync Filter files.


1. On each Domain Controller, rename the existing pwfilter.dll file to pwfilter.old.


2. Navigate to the extracted addriverfp\x64 folder and copy the pwfilter.dll file to the \Windows\System32 folder.

Alternatively, run the Control Panel applet and check the filter status. Any old password sync filters should show as outdated and can be updated using that utility. A reboot of the Domain Controller is still needed because pwfilter.dll is loaded by the LSA process and that is only run at the startup of a server.

3. Reboot each Domain Controller to apply the Password Sync Filter changes.


8. Install the adutil.jar file.


• Copy the new adutil.jar file from the unzipped addriverfp\noarch folder to \Novell\NDS\lib or \Novell\RemoteLoader\64bit\lib folder on your computer.


9. If you enabled the driver to synchronize Exchange data or if you want to use Active Directory PowerShell, update the Exchange Service files.

NOTE: Microsoft Exchange Server 2010 is no longer supproted. For more information, see the Microsoft Documentation.

To update the Exchange Service files:

1. Stop the currently running Exchange service.


2. Copy the new Exchange service files from the unzipped addriverfp\noarch folder to \Novell\NDS or \Novell\RemoteLoader\64bit folder on your computer.


• IDMPowerShellManagementServer.dll and IDMPowerShellService.exe.


3. Install the Identity Manager Exchange service. See the instructions from Identity Manager 4.8 Active Directory Driver Implementation Guide


4. Start the Exchange Service.


10. If the driver is running locally, start the Identity Vault and the driver instance.


11. If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.

Installing PassSync Troubleshooting Tool

1. In the unzipped IDM_ADDriver_413_P4.zip file navigate to the following file path : IDM_ADDriver_4130\IDM_ADDriver_4130\utilities
2. Copy PassSync Troubleshooting Tool.exe to any folder of your choice on your local driver and run the .exe file.

Known Issue

AD Password Sync troubleshooting tool will not run because the 2005 C++ is missing from the install.

While launching the password sync troubleshooting tool gives the error "The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail". (Bug 655081)

Perform the following steps in this section: Installing PassSync Troubleshooting Tool

Technical Support Information

• Defect 693033 - IDM MDAD Driver: terminate password sync at the AD DC for special accounts.
• Defect 695021 - PassSyncConfig utility crashes when you click on the "Filter" option.

• Defect 589079 - Version 3.1.1.0 of the pwfilter.dll on Windows 2019 Binds up all the ports on the DC causing the DC to stop responding.