Directory and Resource Administrator
Directory and Resource Administrator (DRA) and Exchange Administrator (ExA) provide highly secure and automated administration of Microsoft Windows Server 2003, Microsoft Windows 2000 Server, and Microsoft Exchange. Through advanced delegation and powerful policy-based management capabilities, DRA and ExA increase Active Directory security, dramatically reduce administrative efforts and costs while increasing efficiency, and protect the integrity of data in your Microsoft Windows Server 2003 Active Directory, Microsoft Windows 2000 server Active Directory, and Microsoft Exchange directory.
DRA and ExA 8.0 Service Pack 1 provides improvements and corrects issues found in DRA and ExA 8.0. This service pack also incorporates all the hotfixes available for DRA and ExA 8.0. NetIQ has made many of these improvements in direct response to suggestions from customers. Thank you for your time and valuable input.
This document outlines why you should install this service pack, provides additions to the documentation, and identifies any known issues. We assume you are familiar with previous versions of this product. For more information about installing DRA and ExA, see the Installation Guide.
Why Install This Service Pack?
The following sections outline the new key features and functions as well as some issues that this service pack corrects:
Display of Group if Selected Users are Existing Members
This service pack resolves an issue where the Account and Resource Management (ARM) and Delegation and Configuration (DC) consoles did not display groups to which you wanted to add multiple members concurrently when at least one user was already a member of the specified group. When adding multiple users to a group at the same time, the ARM and DC consoles now display all groups to which you want to add these users even if one or more users are already members of the specified group. When you add users who are existing members of a group, DRA ignores existing members and only adds users who are not yet members of that group.
Audit of Password Reset Flag in the Application Log
This service pack resolves an issue where DRA was not recording password reset events in the Application event log when you made user password resets by right-clicking on a user and resetting the password. DRA now records all password events in the Application event log regardless of how you initiate the password reset.
Recycle Bin Support in the Web Console for Groups, Contacts, and Computers
In addition to users, DRA now allows you to use the Web Console to delete and restore groups, contacts, and computers in the Recycle Bin.
Web Console Support for Contacts
DRA now allows you to use the Web Console to manage contacts. However, you cannot manage mailboxes for contacts using the Web Console.
Connection to Primary Administration Server Using Web Console
DRA now allows you to use the Web Console to connect to the primary Administration server, even if you install the Web Console and the primary Administration server on computers running Windows Server 2003 Service Pack 1. This enhancement is in addition to the issue addressed in NetIQ Knowledge Base Article NETIQKB14935, available at http://support.netiq.com/dra.
Display of Correct Number of User Accounts in Managed Domains
This service pack resolves an issue where DRA was including user objects in managed as well as trusted domains in the license count. DRA now excludes user objects from trusted domains in the license count and displays the correct number of user accounts in all managed domains in the License tab of the DRA Properties window.
Display of Custom User Interface Extensions
This service pack corrects an issue where DRA did not display custom user interface extensions for users in some domains. DRA now correctly displays custom user interface extensions in the User Properties window.
Usage of Wildcard Characters as Normal Characters in DRA Search
DRA now allows you to specify the question mark (?), asterisk (*), or number sign (#) wildcard characters as normal characters by prefixing a backslash (\) to the particular wildcard character when searching for a specific character pattern in DRA. For example, to search for abc*, type the search text abc\*.
Display of Unhandled Exception Errors when Creating New Temporary Group Assignments
This service pack resolves an issue where DRA displayed unhandled exception errors when creating new temporary group assignments on computers where the regional options settings displayed a region other than English (United States) in the Regional and Language Options application in Control Panel. DRA now creates temporary group assignments without any errors.
More Specific Powers to Move Objects to Organizational Units
DRA now provides you with more specific powers to move different objects to organizational units (OUs). The new powers are:
Support for InetOrgPerson Object in DRA
This service pack resolves an issue where DRA did not recognize the InetOrgPerson object type. DRA now recognizes InetOrgPerson objects as normal users and provides all user management tasks to manage InetOrgPerson objects. DRA does not recognize the special properties available for an InetOrgPerson object.
Registry Restoration during a Multi-Master Set Synchronization
This service pack includes hotfix 54631. Hotfix 54631 corrected an issue with the way DRA handled registry restoration during a Multi-Master Set (MMS) synchronization between primary Administration servers and secondary Administration servers and when you had set the NetIQ Administration service to automatically start on secondary Administration servers.
When a Multi-Master Set (MMS) synchronization occurs, the primary Administration server exports the registry keys for different modules and transfers these files to computers running as secondary Administration servers. The secondary Administration servers delete the existing registry entries for these modules and restore the registry keys using the files from the primary Administration server. If the secondary Administration server is running Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows XP, or Microsoft Windows XP Service Pack 2 and if any of the exported files is large in size, the registry restoration takes a very long time and during this time, the secondary Administration server computer becomes unavailable. Similarly, if you set the NetIQ Administration service to start automatically and if you restart the secondary Administration server, the secondary Administration server takes a long time to complete the registry restoration.
DRA now allows you to restore the registry on the secondary Administration server one key at a time during MMS synchronization so DRA does not completely lock the registry during registry restoration.
To configure each secondary Administration server computer before or after installing this service pack:
Installing This Service Pack
To benefit from the new features and fixes provided in this service pack, install it on each Administration server computer and on each computer where you installed an Account and Resource Management console or Delegation and Configuration console.
You should have DRA and Exa 8.0 already installed on your computer. To upgrade to DRA and ExA version 8, install the new version over your existing version. Do not uninstall your existing version.
To install this service pack:
This service pack includes all the hotfixes previously released for DRA and ExA 8.0. The following table describes the issues and the corresponding fixes:
Additions to Documentation
Viewing Documentation Files
When viewing the documentation files in the installation kit, you may observe the following items:
The following sections supplement the Administrator Guide and provide information about configuring and managing the Administration server. For more information about using DRA and ExA in your enterprise, contact NetIQ Solutions Support (www.netiq.com/support).
Managing Home Directory Triggers for NetApp Filers
NetApp filers do not have drive letters. When you define a policy or automation trigger for managing home directories on a NetApp filer, you need to use a different format for the directory specification.
If you are using Windows file systems, specify the parent directory in the following format:
If you are using NetApp filers, specify the parent directory in the following format:
The adminshare variable is the hidden share that maps to the root volume on the NetApp filer, such as c$. For example, if the local path of the share on the usfiler NetApp filer is c$\vol\vol0\mydirectory, you can specify a root path of \\usfiler\c:\vol\vol0\scratch for the NetApp filer.
Managing Delete and Rename HomeShare Triggers
Delete and rename HomeShare triggers will not work until you specify valid root directories. Upgrading from 7.0 to 7.5 or later will cause the delete and rename triggers to stop working until you enter the valid root directories.
Installing Agents on Any Windows Server 2003 Domain Controller Requires Domain Controller Policy Changes
Check for the proper policy settings when installing agents on Windows Server 2003 domain controllers. If you changed the Impersonate a client after authentication policies, you need to include Local Service and Network Service, or leave the policy setting undefined (default). For more information about this agent install issue, see the NetIQ Knowledge Base Article NETIQKB36744.
Uninstalling Microsoft Operations Manager Agents or Installing the Microsoft Operations Manager 2005 Hotfix on a Computer Running DRA
If you are uninstalling the Microsoft Operations Manager (MOM) agent or installing the MOM 2005 hotfix on a computer running DRA, you need to take a backup of the NetIQ registry key. For more information about this issue, see the NetIQ Knowledge Base Article NETIQKB47391.
Additional Administration Server Configurations
DRA provides several feature enhancements you can configure on the Administration server. For more information about these enhancements, see NetIQ Knowledge Base Article NETIQKB7039.
Additional Implementation Scenarios
For more information about implementation scenarios and best practices, such as designing exclusion rules for multiple ActiveViews, see the relevant NetIQ Knowledge Base articles.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 1995-2007 NetIQ Corporation, all rights reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, Provider-1, SiteManager-1, and VPN-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
ActiveAgent, ActiveAnalytics, ActiveAudit, ActiveReporting, ADcheck, AppAnalyzer, AppManager, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, IntelliPolicy, Knowing is Everything, Knowledge Scripts, Mission Critical Software for E-Business, MP3check, NetConnect, NetIQ, the NetIQ logo, NetIQ Change Administrator, NetIQ Change Guardian, NetIQ Compliance Suite, NetIQ Group Policy Administrator, NetIQ Group Policy Guardian, NetIQ Group Policy Suite, the NetIQ Partner Network design, NetIQ Patch Manager, NetIQ Risk and Compliance Center, NetIQ Secure Configuration Manager, NetIQ Security Administration Suite, NetIQ Security Analyzer, NetIQ Security Manager, NetIQ Vulnerability Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Server Consolidator, VigilEnt, Vivinet, Work Smarter, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.