Password Manager 5.8.2 - Administrator Guide (AD LDS edition)

About Password Manager Getting Started Upgrading Password Manager to 5.8.1 Password Manager Architecture Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings Password Policies One Identity Hybrid Subscription One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Step 2: Provide Certificate Issued for Server Computer toPassword Manager Service

Step 2: Provide Certificate Issued for Server Computer to
Password Manager Service

In this step, you provide the certificate issued for the server computer to the Password Manager Service by using the Administration site.

To provide the certificate to the Password Manager Service

  1. Open the Administration site by entering the following address: http(s)://<ComputerName>/PMAdminADLDS, where <ComputerName> is the name of the computer on which Password Manager is installed.
  2. Click General Settings|Instance Reinitialization. Under the Service connection settings, select the custom certificate issued for the server computer from the Certificate name drop-down list.
  3. Click Save.

Step 3: Provide Certificate Issued for Client Computers toSelf-Service and Helpdesk Sites

Step 3: Provide Certificate Issued for Client Computers to
Self-Service and Helpdesk Sites

In this step, you provide the certificate issued for the client computers to the Self-Service and Helpdesk sites installed separately from the Password Manager Service.

To provide the certificate to the Self-Service Site

  1. Open the Self-Service site by entering the following address: http(s)://<ComputerName>/PMUserADLDS, where <ComputerName> is the name of the computer on which Self-Service site is installed. The Self-Service Site Initialization page will be displayed automatically if the Self-Service site is opened for the first time.
  2. From the Certificate name drop-down list, select the custom certificate issued for the client computer.
  3. Click Save.

To provide the certificate to the Helpdesk Site

  1. Open the Helpdesk site by entering the following address: http(s)://<ComputerName>/PMHelpdeskADLDS, where <ComputerName> is the name of the computer on which Helpdesk site is installed. The Helpdesk Site Initialization page will be displayed automatically if the Helpdesk site is opened for the first time.
  2. From the Certificate name drop-down list, select the custom certificate issued for the client computer.
  3. Click Save.

Upgrading Password Manager to 5.8.1

Upgrading Password Manager to 5.8.2

To upgrade Password Manager for AD LDS from 5.5.3 through 5.6.3 version to 5.8.2 perform the following steps:

  1. It is recommended to back up the current configuration by exporting the settings from 5.5.3 through 5.6.3 version. For more information see, To export configuration settings from Password Manager for AD LDS 5.5.3 or later versions
  2. Uninstall Password Manager for AD LDS 5.5.3 through 5.6.3 versions and install Password Manager for AD LDS 5.8.2 on the computer where Password Manager for AD LDS 5.5.3 through 5.6.3 version was installed. For more information see, To uninstall Password Manager for AD LDS 5.5.3 or later versions
  1. Run the Migration Wizard 5.8.2. For more information, see Running the Migration Wizard.

To upgrade Password Manager for AD LDS from 5.7.0 through 5.8.0 version to 5.8.2 perform the following steps:

  1. It is recommended to back up the current configuration by exporting the settings from for AD LDS from 5.7.0 through 5.8.0 version.
  2. Uninstall Password Manager for AD LDS 5.7.0 through 5.8.0 version and install Password Manager 5.8.2 on the computer where Password Manager for AD LDS from 5.7.0 through 5.8.0 version was installed.

    NOTE: Running the Migration Wizard is not required while upgrading from Password Manager 5.7.0 to 5.8.2.

To export configuration settings from Password Manager for AD LDS 5.5.3 or later versions

  1. Connect to the Administration site by typing the Administration site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdmin/.
  2. On the menu bar, click GeneralSettings, then click the Import/Export tab and select the Export configuration settings option and click Export.

After you have exported configuration settings from Password Manager 5.5.3 or later versions, you can uninstall it.

To uninstall Password Manager for AD LDS 5.5.3 or later versions

  1. Click Start, click Run, type appwiz.cpl, and then press ENTER.
  2. Select Quest One Password Manager x86/x64 or One Identity Password Manager for AD LDSx86/x64 in the list, and then click Uninstall.

After you uninstall Password Manager 5.5.3 or later versions, install Password Manager 5.8.2 on the same computer. All configuration settings will be automatically detected by the new version.

Running the Migration Wizard

Running the Migration Wizard

In the Shared.storage file in ProgramData folder of primary instance, verify whether AESEncryption value is true in all hosts. Ensure the version of Password Manager installed on secondary instance is 5.8.2. Import the configuration files from primary instance to all secondary instances. Replication from all PM instances takes time to update the hosts’ information and to set AESEncryption value to true. If the AESEncryption value is not true, when you run the Migration Wizard, it displays the error message with the list of hosts which are not updated with the hotfix configuration.

To install Migration Wizard

  1. Extract the files from the Migration Wizard.zip file.
  2. Update the <productNameFull>, <productNameShort>, <productNameShortCustom>, and <realmType> tags in the product.xml file.
  3. Run the QPM.MigrationWizard.exe from the Migration Wizard.zip file.
  4. On the Welcome page, select the Update users’ Q&A profiles with new instance settings task.
  5. On the next page, upload the configuration file you exported when reinitializing the instance. Click Browse to select the file, enter the password you specified for the file, and click Next.
  6. Select users whose Q&A profiles you want to update and click Next. To select groups, click Add and do the following:
    • In the Add Groups dialog box, enter the group name, select the application directory partition from the list and click Search.
    • Select the required groups in the list and click Save.
  7. On the next page, do one of the following and click Next:
    • Click UpdateQ&A profiles in test mode to update profiles in test mode. Use this mode to preview the result of updating profiles.
    • Click Update Q&A profiles in production mode to update profiles in production mode.
  8. On the status page, click View the report for detailed information to view a detailed account of updating profiles. If you updated Q&A profiles in test mode, click Update Q&A profiles in production mode.
Related Documents