Update the Okta Active Directory agent

You can update an Okta AD agent automatically. Refer to Automatically update Okta Active Directory agents.

If you need to update an Okta AD agent, you don't need to uninstall it. The agent installer automatically updates existing Okta AD Agents. Alternatively, you can uninstall and then reinstall the Okta AD agent to make sure that you have the most current features and functionality and are getting optimum performance.

If you have installed multiple Okta AD Agents, make sure that they're all the same version. Running different versions within a domain can cause all agents in that domain to function at the level of the oldest agent. This doesn't affect other domains.

When you uninstall and reinstall your Okta AD agent, you can remove the old Okta API token. If you're performing an upgrade, you aren't required to remove the old token. To remove the API token, you must delete the Okta AD agent folder and then deactivate and delete your old agent.

To continue using an Okta AD agent and avoid downtime, you must have a minimum of two agents running before you uninstall one of them. Refer to Install multiple Okta Active Directory agents .

Okta recommends that you update one or two agents at a time and avoid taking all agents down at the same time. You should upgrade your Okta preview environment first and confirm that everything is working correctly before you upgrade your production environment.

Uninstall an Okta AD agent

  1. In Windows, select StartControl PanelProgramsPrograms and Features.
  2. Select the Okta AD Agent, and then select Uninstall.
  3. To remove the agent configuration data from the hard drive on the agent server, go to C:\Program Files (x86)\Okta and delete the Okta AD Agent folder. Deleting this folder removes the agent configuration data and the API token. The API token for the server remains valid in Okta, so it's important to remove the configuration data. Deleting this folder also removes all log records for the agent, which are stored in C:\Program Files (x86)\Okta\Okta AD Agent\logs. If you need to access log records, be sure to move these files to another location.
  4. To revoke the API token of an uninstalled agent:
    1. On the Okta Admin Console, click Directory Directory Integrations.
    2. Click Active Directory and select the Agents tab.
    3. Under Agent Monitors, click Deactivate agent twice.
    4. Click Delete agent twice.

Reinstall an Okta AD agent

Installing the Okta AD agent doesn't overwrite the configuration data in the Okta AD Agent folder. To reinstall and create a new API token, delete the Okta AD Agent folder before reinstalling the Okta AD agent.

  1. Install the Okta AD agent. Refer to Install the Okta Active Directory agent.
  2. Select DirectoryDirectory Integrations.
  3. Click Active Directory and the Agents tab.
  4. Confirm that your reinstalled Okta AD agent appears in the Agent Monitors section and it's connected to Okta. A minimum of one Okta AD agent should be online.
  5. Optional. To revoke the Okta API token of the old Okta AD agent:
    1. Under Agent Monitors, click Deactivate agent for the old Okta AD agent and then click Deactivate Agent. Deactivating the agent revokes its API token.
    2. Click Delete agent twice.