Upgrading Defender to the latest version (4226757)

Note regarding the 6.1 upgrade

The Defender 6.1 upgrade will need to be run with a member of the AD Schema Admins group. This is due to an update to the Defender schema extension and is only required once upon the initial upgrade to 6.1. Subsequent installs can use standard admin permission.


Can I upgrade from a previous version of Defender to the latest version? 

You must be currently running Defender 6.1 or later to upgrade to version 6.3.1, 6.4 , 6.4.1

You must be currently running Defender 5.10 or later to upgrade to version 6.3

You must be currently running Defender 5.10 or later to upgrade to version 6.2. 

You must be currently running Defender 5.9.6 or later to upgrade to version 6.1. 

You must be currently running Defender 5.9.5 or later to upgrade to version 5.11.

You must be currently running Defender 5.8.x to upgrade to version 5.9.x or 5.10. 

For anything older, you will need to upgrade to 5.8.2 and then follow the path above. 


Is it possible to have a mixed environment with multiple versions of Defender components?

While we recommend having all One Identity Defender components running the same version, the core functionality of the product has remained consistent over the last several versions, so that it is possible for 5.9, 5.11 and 6.x components to work together without major issues.

While we cannot guarantee 100% compatibility in a mixed environment, an older version of Desktop Login, for example, should still be able to authenticate to a newer version of the Security Server and vise versa. This should prevent disruption to your production environment while the upgrades are in progress. Note that certain new features that have been added in newer versions, will not be available in the older versions.


Does the existing licensing carry forward to the new version?

Yes. Your existing licenses will be carried forward when you upgrade to a new version and there is no need to re-apply any of the your existing licensing. If you purchase additional licenses, these can be added to your legacy license count.

The only consideration with regards to licensing is the change in format that occurred in the 5.8 version. This would only matter if you were importing a new license. The format of the licenses has remained the same since 5.8. More information on this change can be found in KB 178179 and KB 44179.


Are there any other considerations when performing the upgrade?

An optional suggestion is to uninstall the previous version, and then do a fresh install of the latest version. This will save the step of additional upgrades. The objects and configuration stored in Active Directory will not be affected. It will only remove the local install on the server in question.

When performing a fresh install of the new components, you will need to re-enter the configuration information, such as server addresses, ports, shared secrets and service account credentials. This information should be documented before removing the old version. 

Defender was re-branded to One Identity in the 5.9 version. The Program Files folder path has also changed names as a result of these branding changes. While it is fully supported to perform an in place upgrade, some inconsistency may be seen in log files that are still located under the legacy folder paths. The structure has not changed since the 5.9 version. 

For more information on the changes in each version One Identity Defender, please refer to the Release Notes.
https://support.oneidentity.com/technical-documents/defender/release-notes