Anonymous_User Absent Member.
Absent Member.
413 views

Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?


I am running IDM 3.6.1 and have the remote loader and AD shim running
running on an AD 2003 DC. We are upgrading to AD 2012 and I am trying
to find out if IDM 3.6.1 (AD driver 3.5.5) will support that or do I
need to upgrade IDM and/or the driver or RL....or can I simply install
the existing shim and RL versions on the new 2012 DC and repoint the
driver to the new server?

Thanks


--
dangross
------------------------------------------------------------------------
dangross's Profile: https://forums.netiq.com/member.php?userid=343
View this thread: https://forums.netiq.com/showthread.php?t=46706

Labels (1)
0 Likes
16 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On Mon, 04 Feb 2013 18:14:01 +0000, dangross wrote:

> I am running IDM 3.6.1 and have the remote loader and AD shim running
> running on an AD 2003 DC. We are upgrading to AD 2012 and I am trying
> to find out if IDM 3.6.1 (AD driver 3.5.5) will support that or do I
> need to upgrade IDM and/or the driver or RL.


You should upgrade to IDM402. You *may* be able to just update the RL and
the MAD shim (addriver.dll), but you might also want to look at the
support lifecycle for IDM361.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
wcscis Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 2/4/2013 12:45 PM, David Gersic wrote:
> You should upgrade to IDM402. You *may* be able to just update the RL and
> the MAD shim (addriver.dll), but you might also want to look at the
> support lifecycle for IDM361.
>


If you do not have a 402 license however the 402 AD Driver will not work with older versions. They
put a hard limit on that one as it adds support for some powershell stuff as opposed to mostly bug
fixes. If you are under maintenance you are good, but if you just download the newer driver
expecting it to work backwards like it has for a long time you will be in a 90 day time bomb.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 2/13/2013 11:21 AM, Will Schneider wrote:
> On 2/4/2013 12:45 PM, David Gersic wrote:
>> You should upgrade to IDM402. You *may* be able to just update the RL and
>> the MAD shim (addriver.dll), but you might also want to look at the
>> support lifecycle for IDM361.
>>

>
> If you do not have a 402 license however the 402 AD Driver will not work
> with older versions. They put a hard limit on that one as it adds
> support for some powershell stuff as opposed to mostly bug fixes. If
> you are under maintenance you are good, but if you just download the
> newer driver expecting it to work backwards like it has for a long time
> you will be in a 90 day time bomb.


But that is a Credential install issue, right? I.e. If you can get a
4.02 license installed in your tree, will it still work on a 3.61
engine? I wonder at that aspect of it.

So that the limit is a credential, not actual engine version limit? Or
not?
0 Likes
wcscis Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 2/13/2013 10:23 AM, Geoffrey Carman wrote:

> So that the limit is a credential, not actual engine version limit? Or not?


That is what the architect Mr. Moore said. So yes, credential limit only. Although he of course is
welcome to rebut that assertion 🙂 It's possible I misheard 🙂
0 Likes
Knowledge Partner
Knowledge Partner

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 2/13/2013 11:59 AM, Will Schneider wrote:
> On 2/13/2013 10:23 AM, Geoffrey Carman wrote:
>
>> So that the limit is a credential, not actual engine version limit?
>> Or not?

>
> That is what the architect Mr. Moore said. So yes, credential limit
> only. Although he of course is welcome to rebut that assertion 🙂 It's
> possible I misheard 🙂


Has anyone tested this? I am curious. I understand you then go into an
'unsupported' state. But for some folk that might be ok.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?


Hi,

Off course you can use a 4.02 remote loader with latest AD driver with
IDM 3.6.1 engine and this works fine with Windows 2008 R2, and I can
remember that it's officially supported.

But, as far as I know, Windows 2012 is not supported with IDM 4.02
either ?

Sylvain


--
sma
------------------------------------------------------------------------
sma's Profile: https://forums.netiq.com/member.php?userid=174
View this thread: https://forums.netiq.com/showthread.php?t=46706

0 Likes
Knowledge Partner
Knowledge Partner

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

> Off course you can use a 4.02 remote loader with latest AD driver with
> IDM 3.6.1 engine and this works fine with Windows 2008 R2, and I can
> remember that it's officially supported.
>
> But, as far as I know, Windows 2012 is not supported with IDM 4.02
> either ?


Win2012 support is coming. The basics apparently all work. They need to
complete some testing before 'supporting' it. The main issue is
Exchange provisioning support. I.e. Which Exchange do you support? And
that opens a strange can of worms on which Exchange on which platform
and which combos...


0 Likes
wcscis Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 2/14/2013 8:28 AM, Geoffrey Carman wrote:
>> Off course you can use a 4.02 remote loader with latest AD driver with
>> IDM 3.6.1 engine and this works fine with Windows 2008 R2, and I can
>> remember that it's officially supported.
>>
>> But, as far as I know, Windows 2012 is not supported with IDM 4.02
>> either ?

>
> Win2012 support is coming. The basics apparently all work. They need to complete some testing
> before 'supporting' it. The main issue is Exchange provisioning support. I.e. Which Exchange do
> you support? And that opens a strange can of worms on which Exchange on which platform and which
> combos...
>
>

Especially when Microsoft isn't supporting their own software on their own platform lol
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?


I have a similar situation. A customer wants to upgrade to AD DS 2012
but is not ready to upgrade IDM 3.6.1 to the latest, so they are asking
if IDM 3.6.1 will work. Reading this thread it sounds like it is
inconclusive as to whether this will work, especially based on Geoff's
comment. Is this riight?


--
chipps7
------------------------------------------------------------------------
chipps7's Profile: https://forums.netiq.com/member.php?userid=4633
View this thread: https://forums.netiq.com/showthread.php?t=46706

0 Likes
Knowledge Partner
Knowledge Partner

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 3/20/2013 12:14 AM, chipps7 wrote:
>
> I have a similar situation. A customer wants to upgrade to AD DS 2012
> but is not ready to upgrade IDM 3.6.1 to the latest, so they are asking
> if IDM 3.6.1 will work. Reading this thread it sounds like it is
> inconclusive as to whether this will work, especially based on Geoff's
> comment. Is this riight?


Which part do you need? shim + pwfilter? Those appear to be fine on
2012. The issue is the Powershell add ons. Which Exchange do you
support if your remote loader is on 2012?

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 20.03.2013 13:05, Geoffrey Carman wrote:
> On 3/20/2013 12:14 AM, chipps7 wrote:
>>
>> I have a similar situation. A customer wants to upgrade to AD DS 2012
>> but is not ready to upgrade IDM 3.6.1 to the latest, so they are asking
>> if IDM 3.6.1 will work. Reading this thread it sounds like it is
>> inconclusive as to whether this will work, especially based on Geoff's
>> comment. Is this riight?

>
> Which part do you need? shim + pwfilter? Those appear to be fine on
> 2012. The issue is the Powershell add ons. Which Exchange do you
> support if your remote loader is on 2012?


To clarify what Geoffrey is trying to say is that:

If you have Exchange 2007 / 2010 servers are running on for example
Windows 2008 R2, you still need to be able to install Exchange 2007 or
2010 management tools on the server hosting the remote loader. This is a
pre-requisite of the IDM-Exchange integration.

Right now you can't do that if the server that hosts the remote loader
is running Windows 2012.

This is because currently the only Exchange version Microsoft supports
running on Windows 2012 is Exchange 2013.

Note: Microsoft have committed to supporting Exchange 2010 on Windows
2012 in an upcoming Exchange 2010 service pack.

I don't believe Microsoft has any plans to support installing Exchange
2007 on Windows 2012.

A possible workaround if you do need to use IDM to manage pre exchange
2013 versions and your DCs are windows 2012 is to move the remote loader
to a member server that still runs Windows 2008 R2 and just have the
password sync filters on the 2012 DCs.

--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?


Thanks for the clarification. Yes, I will need IDM to manage
pre-Exchange 2013. New 2012 DCs will be built, replacing the current
DCs. And they do not use the pwd sync filters. I like your idea of
just using a member server. In fact I am wondering: if the current DC
which runs RL and the shim is just be demoted to a member server, would
I really need to change anything at all?


--
chipps7
------------------------------------------------------------------------
chipps7's Profile: https://forums.netiq.com/member.php?userid=4633
View this thread: https://forums.netiq.com/showthread.php?t=46706

0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 20.03.2013 19:24, chipps7 wrote:
>
> Thanks for the clarification. Yes, I will need IDM to manage
> pre-Exchange 2013. New 2012 DCs will be built, replacing the current
> DCs. And they do not use the pwd sync filters. I like your idea of
> just using a member server. In fact I am wondering: if the current DC
> which runs RL and the shim is just be demoted to a member server, would
> I really need to change anything at all?


So you are not synchronising password changes back from AD to IDM at all?

Haven't ever personally tested demoting a DC to a member server, if you
decide to go down that path, I would treat it like moving a RL to
another server. The reasoning behind this is that the DirSync cookie
that the remote loader already has is tied to the demoted domain controller.

https://www.netiq.com/support/kb/doc.php?id=7000882

While it's permitted to pass a cookie generated by the demoted DC to a
different DC in the same domain. There is no chance that a client will
lose changes when using a cookie from one DC on another DC. However you
risk that the search results from the new DC could include reported
changes by the old DC. In some cases, the new DC will return all objects
and attributes, as with a full synchronisation.

--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?


No, passwords are not sync-ed back to IDM. In fact nothing is...it's a
one-way sync to AD from a HR database. Thanks for the link to the KB
aritcle.


--
chipps7
------------------------------------------------------------------------
chipps7's Profile: https://forums.netiq.com/member.php?userid=4633
View this thread: https://forums.netiq.com/showthread.php?t=46706

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.