Replacing BHOLD Suite with BHOLD Suite SP1

 

Microsoft BHOLD Suite Service Pack 1 (SP1) contains significant improvements and additions to the previous version of BHOLD Suite. For this reason, it is not possible to upgrade an existing BHOLD Suite installation to BHOLD Suite SP1. If you have already installed BHOLD Suite, you must uninstall all BHOLD Suite components before you can install BHOLD Suite SP1. You can retain and upgrade your existing BHOLD database, however, so you do not have to recreate your role model after you install BHOLD Suite SP1.

Important

When you install the BHOLD Core module of BHOLD Suite SP1, you must be logged in with the account that was used to install the previous version of BHOLD Core. If you do not, you cannot reuse the existing BHOLD database.

There are five major steps you are required to perform to replace BHOLD Suite with BHOLD Suite SP1:

  • Install Forefront Identity Manager 2010 R2 SP1

  • Uninstall BHOLD Suite

  • Upgrade the BHOLD database

  • Delete BHOLD Management Policy Rules

  • Install BHOLD Suite SP1

Install Forefront Identity Manager 2010 R2 SP1

The Access Management Connector and FIM Integration modules of BHOLD Suite SP1 require features that were introduced in Microsoft Forefront Identity Manager 2010 R2 (FIM) Service Pack 1 (SP1). For information about obtaining and installing the SP1 update for FIM, see <<TBS>>.

Uninstall BHOLD Suite

Before any modules of BHOLD Suite Service Pack 1 can be installed, you must uninstall all BHOLD modules from your network’s computers.

Important

Uninstalling BHOLD Core does not remove the BHOLD Core database. If you intend to retain your existing BHOLD role model, do not manually remove or otherwise change the BHOLD database before upgrading the database and installing BHOLD Suite SP1.

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

To uninstall BHOLD modules

  1. Log on as an administrator on the server running the BHOLD module you want to uninstall.

  2. Click Start, and then click Control Panel.

  3. In Control Panel, in the View by list, click Category, and then under Programs, click Uninstall a program.

  4. In Search Programs and Features, type BHOLD.

  5. In the list of programs, double-click the BHOLD module you want to uninstall. If a message box appears asking you to confirm that you want to uninstall the BHOLD module, click Yes.

  6. Repeat the preceding step to uninstall the remaining BHOLD modules.

Upgrade the BHOLD database

Before you can install the BHOLD Core module of BHOLD Suite SP1, you must make changes to your existing BHOLD database to support new features in BHOLD Suite SP1.

To perform this procedure, you must be logged on with an account that has the sysadmin role on the SQL Server that hosts the BHOLD database.

To upgrade the BHOLD database

  1. Log on to the SQL Server that hosts the BHOLD (B1) database.

  2. Click Start, click All Programs, click Accessories, and then click Notepad.

  3. In Notepad, type the following:

    DROP TYPE [dbo].[ExtendedAttributeList]  
    DROP TYPE [dbo].[ExtendedAttributes]   
    DROP TYPE [dbo].[FixedUserAttributes]  
    DROP TYPE [dbo].[FixedOrganizationalUnitAttributes]  
    DROP TYPE [dbo].[FixedGroupAttributes]  
    DROP TYPE [dbo].[ReferenceAttributes]  
    DROP TYPE [dbo].[ObjectList]  
    DROP TYPE [dbo].[QueueCommandList]  
    
    -----  
    IF OBJECT_ID (N'[dbo].[DeltaImportWatermark]') IS NOT NULL  
        DROP TABLE [dbo].[DeltaImportWatermark]  
    
    GO  
    --TABLES  
    
    IF NOT EXISTS  
    (  
        SELECT TOP 1 [pt].[prtPropTypeID]  
        FROM [dbo].[bcPropTypes] AS [pt]  
        WHERE [pt].[prtIdentity] = N'RoleType'  
    )  
    BEGIN  
        INSERT INTO [dbo].[bcPropTypes]  
        (  
            [prtDataTypeID],  
            [prtIdentity],  
            [prtMaxLength],  
            [prtValueList]  
        )  
        VALUES  
        (  
            -1,  
            N'RoleType',  
            255,  
            0  
        )  
    END  
    
    GO  
    
    CREATE TABLE [dbo].[DeltaImportWatermark]  
    (  
        [QueueIdentifier] INT NOT NULL,  
        [QueueWatermark] UNIQUEIDENTIFIER NOT NULL  
    );  
    
    GO  
    
    IF NOT EXISTS  
    (  
        SELECT * FROM sys.columns  
        WHERE  
                Name = N'queWatermark'  
            AND Object_ID = Object_ID(N'BholdQueue')  
    )  
    BEGIN  
        ALTER TABLE [dbo].[BholdQueue]  
        ADD [queWatermark] UniqueIdentifier DEFAULT NewId();  
    
        EXEC ('UPDATE [dbo].[BholdQueue] SET [queWatermark] = NewId();');  
    
        ALTER TABLE [dbo].[BholdQueue]  
        ALTER COLUMN [queWatermark] UniqueIdentifier NOT NULL;  
    END  
    
    GO  
    
    --create a permissions table that assigned an id for every unique application_id and taskname pair  
    IF OBJECT_ID (N'[dbo].[Permissions]') IS NOT NULL  
        DROP TABLE [dbo].[Permissions]  
    
    GO  
    
    CREATE TABLE [dbo].[Permissions]  
    (  
        [PermissionId] INT NOT NULL PRIMARY KEY IDENTITY(1,1),  
        [PermissionName] NVARCHAR(255) NOT NULL,  
        [ApplicationID] INT NOT NULL  
    );  
    
    GO  
    
    CREATE UNIQUE NONCLUSTERED INDEX [PermissionNameApplicationId] ON [dbo].[Permissions]   
    (  
    [PermissionName] ASC,  
    [ApplicationID] ASC  
    )  
    WITH   
    (  
        PAD_INDEX  = OFF,   
        STATISTICS_NORECOMPUTE  = OFF,   
        SORT_IN_TEMPDB = OFF,   
        IGNORE_DUP_KEY = OFF,   
        DROP_EXISTING = OFF,   
        ONLINE = OFF,   
        ALLOW_ROW_LOCKS  = ON,   
        ALLOW_PAGE_LOCKS  = ON,   
        FILLFACTOR = 90  
    ) ON [PRIMARY]  
    
    GO  
    
    INSERT INTO [dbo].[Permissions]  
    (  
        [PermissionName],  
        [ApplicationID]  
    )  
    SELECT DISTINCT  
        COALESCE([at].[atuTaskIdentity], [t].[tskTaskName]),  
        [t].[tskApplicationID]  
    FROM [dbo].[Tasks] AS [t]  
    LEFT JOIN [dbo].[ActivatedTasks] AS [at]  
        ON [t].[tskTaskID] = [at].[atuTaskID]  
    
    GO  
    
    --TYPES  
    
    CREATE TYPE [dbo].[FixedUserAttributes] AS TABLE   
    (  
        [ObjectIdentifier]    INT PRIMARY KEY,  
        [bholdDescription]    NVARCHAR(255),  
        [bholdUniqueID]       NCHAR(7),  
        [bholdDefAlias]       NVARCHAR(255),  
        [bholdFirstName]      NVARCHAR(255),  
        [bholdMiddleName]     NVARCHAR(255),  
        [bholdLastName]       NVARCHAR(255),  
        [bholdEndDate]        NVARCHAR(255),  
        [bholdDisableDate]    NVARCHAR(255),  
        [bholdMaxRoles]       INT,  
        [bholdMaxPermissions] INT,  
        [Language]            NVARCHAR(255)  
    );  
    
    GO  
    
    CREATE TYPE [dbo].[FixedOrganizationalUnitAttributes] AS TABLE   
    (  
        [ObjectIdentifier]     INT PRIMARY KEY,  
        [bholdDescription]     NVARCHAR(255),  
        [bholdUniqueID]        NCHAR(5),  
        [bholdOrgType]         NVARCHAR(255),  
        [bholdRolesFromParent] BIT  
    );  
    
    GO  
    
    CREATE TYPE [dbo].[FixedGroupAttributes] AS TABLE   
    (  
        [ObjectIdentifier]          INT PRIMARY KEY,  
        [bholdDescription]          NVARCHAR(255),  
        [bholdTaskName]             NVARCHAR(255),  
        [bholdMaxusers]             INT,  
        [bholdMaxRoles]             INT,  
        [bholdAuditAction]          INT,  
        [bholdAuditAlertMail]       NVARCHAR(255),  
        [ApplicationDescription]    NVARCHAR(255)  
    );  
    
    GO  
    
    CREATE TYPE [dbo].[ExtendedAttributes] AS TABLE  
    (  
        [ObjectIdentifier] INT,  
        [AttributeName]    NVARCHAR(255),  
        [AttributeValue]   NVARCHAR(255)  
    );  
    
    GO  
    
    CREATE TYPE [dbo].[ExtendedAttributeList] AS TABLE   
    (  
        [AttributeName] NVARCHAR(255) PRIMARY KEY  
    )  
    
    GO  
    
    CREATE TYPE [dbo].[ReferenceAttributes] AS TABLE  
    (  
        [AttributeName]    NVARCHAR(255),  
        [SourceIdentifier] INT,  
        [TargetIdentifier] INT,  
        [Added]            INT  
    )  
    
    GO  
    
    CREATE TYPE [dbo].[ObjectList] AS TABLE  
    (  
        [ObjectIdentifier] INT PRIMARY KEY  
    )  
    
    GO  
    
    CREATE TYPE [dbo].[QueueCommandList] AS TABLE  
    (  
        [QueueCommand] INT PRIMARY KEY  
    )  
    
    GO  
    
  4. Click File, and then click Save As.

  5. In the Save As dialog box, in the left pane, click Desktop, in File name, type BHOLD SP1 upgrade.sql, in Save as type, click All Files, and then click Save.

  6. Close Notepad.

  7. Click Start, click All Programs, click Microsoft SQL Server, and then click SQL Server Management Studio.

  8. In Microsoft SQL Server Management Studio, in the Connect to Server dialog box, in the Authentication list, click Windows Authentication, and then click Connect.

  9. In the Object Explorer tree, expand Databases, and then click the BHOLD database (by default, B1).

  10. Click the File menu, point to Open, and then click File.

  11. In the Open File dialog box, click Desktop, click BHOLD SP1 upgrade, and then click Open.

  12. Verify that the Available Databases list contains the name of the BHOLD database (by default, B1), and then click Execute.

  13. If the Messages tab contains an error message, click Execute a second time.

  14. Close Microsoft SQL Server Management Studio and log off the database server.

Delete BHOLD Management Policy Rules

If you had previously installed BHOLD FIM Integration, you must remove certain Management Policy Rules (MPRs) from Forefront Identity Manager (FIM) before installing the FIM Integration module of BHOLD Suite SP1.

To perform this procedure, you must be logged on as a FIM administrator.

To delete BHOLD Management Policy Rules

  1. Log on to the FIM server as a FIM administrator.

  2. Click Start, and then click Internet Explorer.

  3. In Internet Explorer, in the address bar, type https://localhost/identitymanagement/default.aspx., and then press the Enter key.

  4. In the Forefront Identity Manager portal, under Administration, click Management Policy Rules.

  5. On the Management Policy Rules page, select the check boxes next to the following rules, and then click Delete:

    • __ADMINISTRATORS CAN WORK WITH Workflow parts

    • _BHOLD_ROLE Security Office - Approval

    • _BHOLD_ROLE Role Management - Approval

    • _BHOLD_ROLE Line Management - Approval

    • _BHOLD_ROLE Line Management - Without Approval

    • BHOLD_ROLE Title Generator

    • BHOLD: Administrators can read and update BHOLD roles

  6. On the Delete Policy page, review the list of MPRs to delete, and then click Submit.

Install BHOLD Suite SP1

You must install the BHOLD Core module of BHOLD Suite SP1 before you can install the other modules.

Important

When you install the BHOLD Core module of BHOLD Suite SP1, you must be logged in with the account that was used to install the previous version of BHOLD Core. If you do not, you cannot reuse the existing BHOLD database.

To install BHOLD Core as an upgrade

  1. Log on to the BHOLD server as a member of the Domain Admins group, download the following file and run it as administrator on the server that you intend to install the BHOLD Core module on:

    • BholdCore <Version>_Release.msi

    Replace <Version> with the version number of the BHOLD Core release that you are installing.

    To run the program file as an administrator, right-click the file and then click Run as administrator.

  2. In the Microsoft BHOLD Suite–Core Setup Wizard, on the welcome page, click Next.

  3. On the End-User License Agreement page, read the terms of the License Agreement and the, if you agree with the terms, select I accept the terms in the License Agreement, and then click Next.

  4. On the Custom Setup page, click Next.

  5. On the Account settings page, in Domain, type the NetBEUI (short) form of the name of the domain of the BHOLD Core service account. For example, if the account is corp\b1user, type corp.

  6. In Application group, type the name of the BHOLD application group that you specified when you installed the previous version of BHOLD Core.

  7. In Service user, type the name of the BHOLD Core service account that you specified when you installed the previous version of BHOLD Core. The default name is b1user.

  8. In Password, type the password of the BHOLD Core service account.

  9. Change the values in Website IP/Port only to match nondefault values that you specified when you installed the previous version of BHOLD Core. These values must match the values that were used with BHOLD Core was first installed.

  10. Click Next.

  11. On the Database settings, make sure that Use integrated security is selected, in Database Server, type the name of the server that hosts the BHOLD Core database, in Database Name, type the name of the BHOLD Core database (by default, B1), ensure that Make restrictions for this database user is selected, and then click Next.

  12. On the Ready to install Microsoft BHOLD Suite–Core page, click Install.

    Important

    An error dialog box might appear with the following message: “The type ‘dbo.FixedUserAttributes’ already exists, or you do not have permission to create it.” This is normal. Click Ignore to continue installation.

To install the remaining modules of BHOLD Suite SP1, follow the instructions in Microsoft BHOLD Suite SP1 Installation Guide.