Upgrading Defender to the latest version (4226757)

Note regarding upgrade to Defender 6.6 or above

A new license is required in One Identity Defender 6.6 or above, please refer to this KB 4377756

Defender installation will need to be run with a user that is a member of the following groups:

• Domain Admins group
• Enterprise Admins group
• AD Schema Admins group. This is due to an update to the Defender schema extension.
• Local Administrators group on the Defender server.

Please refer to the Deploy Defender section in the Admin guide here

Can I upgrade from a previous version of Defender to the latest version? 

You must be currently running Defender 6.3.1 or later to upgrade to version 6.6.1 or 6.7

You must be currently running Defender 6.1 or later to upgrade to version 6.3.1, 6.4 , 6.4.1, 6.5.1

You must be currently running Defender 5.10 or later to upgrade to version 6.3

You must be currently running Defender 5.10 or later to upgrade to version 6.2. 

You must be currently running Defender 5.9.6 or later to upgrade to version 6.1. 

You must be currently running Defender 5.9.5 or later to upgrade to version 5.11.

You must be currently running Defender 5.8.x to upgrade to version 5.9.x or 5.10. 

For anything older, you will need to upgrade to 5.8.2 and then follow the path above. 


Is it possible to have a mixed environment with multiple versions of Defender components?

While we recommend having all One Identity Defender components running the same version, the core functionality of the product has remained consistent over the last several versions, so that it is possible for 5.9, 5.11 and 6.x components to work together without major issues.

While we cannot guarantee 100% compatibility in a mixed environment, an older version of Desktop Login, for example, should still be able to authenticate to a newer version of the Security Server and vise versa. This should prevent disruption to your production environment while the upgrades are in progress. Note that certain new features that have been added in newer versions, will not be available in the older versions.


Does the existing licensing carry forward to the new version?

As stated above, starting from Defender 6.6 the licensing model has changed and any existing licenses will need to be upgraded on our support portal to support the latest one. If you are facing difficulties in doing so, please email license@oneidentity.com

Are there any other considerations when performing the upgrade?

An optional suggestion is to uninstall the previous version, and then do a fresh install of the latest version. This will save the step of additional upgrades. The objects and configuration stored in Active Directory will not be affected. It will only remove the local install on the server in question.

When performing a fresh install of the new components, you will need to re-enter the configuration information, such as server addresses, ports, shared secrets and service account credentials. This information should be documented before removing the old version. 

Defender was re-branded to One Identity in the 5.9 version. The Program Files folder path has also changed names as a result of these branding changes. While it is fully supported to perform an in place upgrade, some inconsistency may be seen in log files that are still located under the legacy folder paths. The structure has not changed since the 5.9 version. 

For more information on the changes in each version One Identity Defender, please refer to the Release Notes.
https://support.oneidentity.com/technical-documents/defender/release-notes