Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?


Thanks for the clarification. Yes, I will need IDM to manage
pre-Exchange 2013. New 2012 DCs will be built, replacing the current
DCs. And they do not use the pwd sync filters. I like your idea of
just using a member server. In fact I am wondering: if the current DC
which runs RL and the shim is just be demoted to a member server, would
I really need to change anything at all?


--
chipps7
------------------------------------------------------------------------
chipps7's Profile: https://forums.netiq.com/member.php?userid=4633
View this thread: https://forums.netiq.com/showthread.php?t=46706

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 20.03.2013 19:24, chipps7 wrote:
>
> Thanks for the clarification. Yes, I will need IDM to manage
> pre-Exchange 2013. New 2012 DCs will be built, replacing the current
> DCs. And they do not use the pwd sync filters. I like your idea of
> just using a member server. In fact I am wondering: if the current DC
> which runs RL and the shim is just be demoted to a member server, would
> I really need to change anything at all?


So you are not synchronising password changes back from AD to IDM at all?

Haven't ever personally tested demoting a DC to a member server, if you
decide to go down that path, I would treat it like moving a RL to
another server. The reasoning behind this is that the DirSync cookie
that the remote loader already has is tied to the demoted domain controller.

https://www.netiq.com/support/kb/doc.php?id=7000882

While it's permitted to pass a cookie generated by the demoted DC to a
different DC in the same domain. There is no chance that a client will
lose changes when using a cookie from one DC on another DC. However you
risk that the search results from the new DC could include reported
changes by the old DC. In some cases, the new DC will return all objects
and attributes, as with a full synchronisation.

--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?


No, passwords are not sync-ed back to IDM. In fact nothing is...it's a
one-way sync to AD from a HR database. Thanks for the link to the KB
aritcle.


--
chipps7
------------------------------------------------------------------------
chipps7's Profile: https://forums.netiq.com/member.php?userid=4633
View this thread: https://forums.netiq.com/showthread.php?t=46706

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 20.03.2013 22:34, chipps7 wrote:
>
> No, passwords are not sync-ed back to IDM. In fact nothing is...it's a
> one-way sync to AD from a HR database. Thanks for the link to the KB
> aritcle.


Do you make any use of "reset" of attributes on the publisher channel?
Do you allow synchronisation back to IDM of changes to DirXML-ADContext
and DirXML-ADAliasName?

Regardless it doesn't sound like you will have much of a problem with
the approach you suggested. The article I linked to is much more
relevant if you are publishing any changes (no matter how small) back
via the publisher channel.


--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Does IDM 3.6.1 (AD driver 3.5.5) support AD 2012?

On 14.02.2013 12:44, sma wrote:
>
> Hi,
>
> Off course you can use a 4.02 remote loader with latest AD driver with
> IDM 3.6.1 engine and this works fine with Windows 2008 R2, and I can
> remember that it's officially supported.
>
> But, as far as I know, Windows 2012 is not supported with IDM 4.02
> either ?


The 2012 support (RL + AD driver shim + pw filter + Exchange 2013) is
now available via patch IDM 4.0.2 AD Driver version 4.0.0.1

However the release notes specifically state that "This patch is not
supported on IDM 3.x." they also mention that a 4.0.2 activation
credential is required when running on IDM 4.0 or 4.0.1.

Would be interesting to have someone test Geoffrey's theory that this
will also work in 3.x with 402 activation credential (this still will be
unsupported by the vendor of course).

--
----------------------------------------------------------------------
Alex McHugh
NetIQ Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support is provided via email.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.