NetIQ Directory and Resource Administrator 10.1 includes new features, improves usability, and resolves several previous issues.
Frequently these improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ Directory and Resource Administrator forum on Micro Focus Forums, our online community that also includes product information, blogs, and links to helpful resources. You can also share your ideas for improving the product in the Ideas Portal.
The following sections describe the new features and enhancements in DRA 10.1:
DRA now includes the following enhancements for working with Azure Active Directory and Exchange Online:
With an Azure tenant access account, you can now manage Azure contacts from an Azure managed tenant in the Web Console. Along with new delegation powers, DRA includes a new delegation role “Azure Contact Administration”.
DRA PowerShell commands include the following new cmdlets for Azure contact management:
Get-AzureDRAContact: Retrieves information about a contact from Azure Active Directory.
Remove-AzureDRAContact: Removes a contact in Azure Active Directory.
Set-AzureDRAContact: Updates a contact in Azure Active Directory.
New-AzureDRAContact: Creates a contact in Azure Active Directory.
DRA also supports mail-related Exchange Online tasks for Azure contacts. You can manage email addresses, configure message delivery restrictions, enable or disable message moderation, specify users and groups who can send emails on behalf of the contact, hide Azure contacts from the address list, and add MailTips.
This release provides additional support for the following Exchange Online features not previously managed by DRA for Azure users and Azure groups:
Azure Group: Depending on the group type you can configure message delivery restrictions and message size restrictions, specify how to handle out-of-office messages for group members, specify how to handle message delivery status notifications, add MailTips, hide the group from the address list, and manage email addresses for a group.
Azure User: Depending on the user type (mailbox user or mail-enabled user), you can now manage email addresses, add MailTips, and configure message delivery restrictions, message size restrictions, message delivery options, and mailbox policies.
You can now manage group Managed Service Accounts in DRA Web Console and assign a group Managed Service Account (gMSA) to a service running on a specific computer resource. You can also add a gMSA to a group or remove a gMSA from a group. Along with new delegation powers, DRA includes a new delegation role “gMSA Administration”.
DRA PowerShell commands include the following new cmdlets for gMSA:
Get-DRAServiceAccount: Gets information about a gMSA from Active Directory.
Move-DRAServiceAccount: Moves a gMSA from one location in Active Directory to another.
New-DRAServiceAccount: Adds a gMSA to an Active Directory domain.
Remove-DRAServiceAccount: Removes a gMSA from Active Directory.
Set-DRAServiceAccount: Updates the properties of a gMSA.
Passwords for override access accounts that are used to manage a domain, secondary server, Exchange, or Azure tenant can be managed from DRA. You can either manually reset the password for an access account from the properties page of the managed domain, secondary server, Exchange, or Azure tenant, or schedule a job that automatically updates the password for access accounts that are due to expire. For more information, see Managing Passwords for Access Accounts.
You can now create temporary group assignments for Azure groups and add Azure users and synced users to an Azure group membership.
Formerly REST and Host services were separate components in DRA. The Host Service is now consolidated with the REST Service and the single component is labeled NetIQ DRA Rest Service. DRA REST is now mandatory with the DRA Server installation. There is no longer a separate DRA REST component in the installer. As part of this change, there is also no longer an option in the Web Console to configure a default REST Server connection, as the REST service cannot be installed on a separate server from the DRA Administration Server.
The following enhancements are now included in the DRA Web Console:
Computer Resource Management: You can now manage computer resource objects such as computer services, connected users, event logs, and devices from the Web Console.
Choose Authentication Type for LDAP Custom Handlers: You can configure an LDAP override authentication for LDAP custom handler modifications and set the authentication type for custom LDAP query handlers to require the LDAP Override Account for connection authentication in the Web Console.
User Displayed in Masthead: The masthead displays the name of the logged-in user.
Group Membership Count: The Member and Member Of property pages display the group membership count.
Retain Previous Search Criteria in Object Browser: The Object Browser now displays a list of search criteria saved from previous searches. From this list, you can select saved criteria to run.
Trim Spaces from Match Value Inputs: DRA removes any leading or trailing spaces from the search string during the search operation.
Saved Container List for the “Create In” Field: When the user selects a container for the Create In field on applicable objects, the last five containers selected by the user will display in the drop-down list.
Form Customization:
Button Control: The field selection list now includes a Button option that you configure with a custom handler when adding a new field to a form. These handlers will execute when the button is clicked.
Select Control: When adding or editing a control for a Select field, you can enable Allow user to select multiple options from the Select Options tab.
Always Submit Value to Server: When editing a field for a Create or Request form in Customization, you can enable the new option to Always submit this field when the form is saved.
DRA PowerShell commands now includes the following new cmdlets for delegation and mailbox objects:
New-DRAActiveViewRule: Creates an ActiveView rule in the specified ActiveView.
New-DRAAzureContactRule: Creates a contact rule in the specified ActiveView.
New-DRAAzureGroupRule: Creates a rule for Azure groups in the specified ActiveView.
New-DRAAzureTenantRule: Creates a rule for Azure tenants in the specified ActiveView.
New-DRAAzureUserRule: Creates a rule for Azure users in the specified ActiveView.
New-DRAContactRule: Creates a contact rule in the specified ActiveView.
New-DRAComputerRule: Creates a computer rule in the specified ActiveView.
New-DRADomainRule: Creates a domain rule in the specified ActiveView.
New-DRADynamicDistributionGroupRule: Creates a dynamic distribution group rule in the specified ActiveView.
New-DRAGroupRule: Creates a group rule in the specified ActiveView.
New-DRAManagedGroupsRule: Creates a rule for managed groups in the specified ActiveView.
New-DRAOURule: Creates an OU rule in the specified ActiveView.
New-DRAResourceMailboxRule: Creates a resource mailbox rule in the specified ActiveView.
New-DRAServiceAccountRule: Creates a group Managed Service Account (gMSA) rule in the specified ActiveView.
New-DRASelfAdministrationRule: Creates a self-administration rule in the specified ActiveView.
New-DRASharedMailboxRule: Creates a shared mailbox rule in the specified ActiveView.
New-DRAUserRule: Creates a user rule in the specified ActiveView.
New-DRADirectReportsRule: Creates a direct reports rule in the specified ActiveView.
New-DRAActiveView: Creates a new ActiveView.
Remove-DRAActiveView: Removes the specified ActiveView.
Remove-DRAActiveViewRule: Removes an ActiveView rule from an ActiveView.
Add-DRASharedArchiveMailbox: Creates an archive mailbox for an existing shared mailbox.
Remove-DRASharedArchiveMailbox: Deletes an archive mailbox for an existing shared mailbox.
Move-DRASharedMailbox: Moves a shared mailbox from one location in Active Directory to another.
The following cmdlets support the -Add, -Remove, -Replace, and -Clear parameters to manage multi-value attributes:
Set-DRAContact
Set-DRAGroup
Set-DRAUser
Set-DRADynamicDistributionGroup
Set-DRAResourceMailbox
Set-DRASharedMailbox
Set-AzureDRAUser
When you customize object property pages, you can now define custom filters using cached attributes in the Managed Object Browser > Managed Object Browser Options tab. By defining custom filters, you can restrict the information that is displayed in object browsers for assistant administrators.
Workflow request enhancements include new templates in the Automation Workflow client that you can use to create workflows and changes made in the request process in the Web Console. The latter of the two includes a new “Approval Status” in requests that logs the results of the approval responses that take place as part of the workflow. The Web Console also now displays the form name used to submit the request for requests submitted in 10.1 or later versions.
When creating a trigger or policy, you can now specify a 64-bit PowerShell script.
For detailed information on hardware requirements and supported operating systems and browsers, see theNetIQ DRA Installation Guide or see the NetIQ DRA Systems Requirement reference.
When upgrading from 9.x to 10.1, the DRA REST Service will uninstall automatically as part of the upgrade. When upgrading from 10.x to 10.1, systems that have the REST Service installed, without the DRA Server component, require a modified installation to remove the REST Service before proceeding with the upgrade.
For detailed information about installing or upgrading Directory and Resource Administrator components and modules, see the NetIQ DRA Installation Guide.
Use the table below to determine your applicable upgrade path by version. Note that patch versions (x.x.x.x) are not listed. However, all patches for the versions shown are supported. For example, you can upgrade to DRA 10.1 from DRA 9.2.1 or any of its patches: 9.2.1.1, 9.2.1.2, and so forth.
|
DRA Server Base Version |
DRA Server Updated Version |
|---|---|
|
9.2.1, 10.0, 10.0.1, or 10.0.2 |
10.1 |
|
9.1, 9.1.1, 9.2, 9.2.1, 10.0, or 10.0.1 |
10.0.2 |
|
9.1, 9.1.1, 9.2, 9.2.1, or 10.0 |
10.0.1 |
|
9.1, 9.1.1, 9.2, or 9.2.1 |
10.0 |
|
9.1, 9.1.1, or 9.2 |
9.2.1 |
|
9.0, 9.0.1, 9.0.2, 9.0.3, 9.1, or 9.1.1 |
9.2 |
|
9.0, 9.0.1, 9.0.2, 9.0.3, or 9.1 |
9.1.1 |
|
9.0, 9.0.1, 9.0.2, or 9.0.3 |
9.1 |
|
9.0, 9.0.1, or 9.0.2 |
9.0.3 |
|
9.0 or 9.0.1 |
9.0.2 |
|
9.0 |
9.0.1 |
This release includes the following stabilizing fixes:
Resolved an issue where a Workflow Automation 3.5 SSH Activity executed using an SSH connection on the Japanese Windows environment and returned garbled Japanese characters. (318306)
Resolved an issue where Reporting Center reports deployed to SQL Server Reporting Services (SSRS) failed to run. (308001)
Resolved an issue where DRA failed to close PowerShell connections resulting in errors. (290230)
Resolved an issue that caused a memory leak in the DRA Exchange server. (291254)
Resolved an issue in the Web Console where an incorrect label is displayed for the Info attribute in the Create and Edit property pages for a group. (289145)
Resolved an issue in the Configuration Console where creating a permission set removes the existing permission assignments. (315253)
Resolved an issue where the NetIQ Administration Service crashed while searching for and delegating to groups. (268032)
Resolved an issue that caused the Home Directory Trigger to change the Access Control List (ACL) on the parent path of the home directory during a DRA Change Home Directory path operation. (269022)
Resolved an issue that prevented DRA from using Windows Authentication for making a REST API call. (288162)
Resolved an issue where after upgrading from DRA 9.2.1 to DRA 10.0, a 404 error is displayed while accessing direct links to custom pages. (262217)
Resolved an issue in the Delegation and Configuration Console where the managed tenant does not display the time of last directory synchronization in the local time zone. (257080)
Resolved an issue that prevented DRA from using Windows Authentication for making a REST API call. (277114)
Resolved an issue where the DRA Rest Service failed to create the DRARestServer container and its Service Connection Point (SCP) in Active Directory. (276176)
Resolved an issue where upgrading to DRA version 10.0.x incorrectly modifies the web form with the additionalAttributes property. (280566)
Resolved an issue that caused the DRA Reporting installation to fail during DRA SSIS package deployment when only TLS 1.2 is enabled. (283316)
Resolved an issue where the Set-DRAUser cmdlet does not support attributes with Multi-value. (174065)
Resolved an issue in the Web Console that prevented DRA from hiding a built-in Create Object form when the "Action is hidden" option is selected. (283366)
Resolved an issue in the Web Console that prevented the subfields of a check box from being enabled once the parent check box is selected in the custom handler. (311144)
Resolved an issue where customized Create Object pages with a "Generate value automatically based on other values" text field, do not display initialized values after upgrading to DRA 10.0. (291021)
Resolved an issue in the Web Console that prevented the validation of password length while resetting the user’s password after upgrading from DRA 9.2.1 to DRA 10.0. (311143)
Resolved an issue in the Web Console where the Object Browser in the Managed By properties page allowed only user objects to be selected as the manager of a group. (301130)
Resolved an issue that caused the DRA Server to stall when a user's DRA Home Directory share is specified with a fully qualified domain name. (297163)
Resolved an issue where the REST call to the Type attribute failed. (276141)
Resolved an issue in the Web Console where search results were not displayed when the JoinedBy field for a computer object contains a user object that has a forward slash (/) in the Name attribute. (273161)
Resolved an issue that prevented configuring the proxy address for Office 365 mailbox. (285266)
Resolved an issue in the Web Console that prevented specifying empty values for a Multi-value text field. (295158)
Resolved an issue in the Web Console where the search results were not displayed when searching for objects using a special character in the search field. (287028)
Resolved an issue where the operations console of Aegis 2.1 failed to overwrite active lines to inactive lines. (295157)
Resolved an issue where the Workflow Automation Namespace Provider failed to start after the Configuration Utility updates the password for SQL authentication. (297164)
Resolved an issue where the DRA 9.2.1 Administration server failed to list non-system Active Directory containers when using DCOM DRA adapter’s create user activity in Workflow Automation 3.4. (289138).
Resolved an issue that caused an error when Workflow Automation 3.4 or Workflow Automation 3.5 is installed with custom SQL ports. (284175)
Resolved an issue where the IQ Exchange adapter forcibly ends existing send mail activities, when the "Send to" mail address is sent to the activity as NULL. (285296)
Resolved an issue where DRA operations could not be submitted when a McsWebDcom object is used in PowerShell scripts. (320358)
Resolved an issue in the Web Console where the status icon is not displayed correctly for Azure synced users. (327632)
Resolved an issue in the Web Console that prevented setting the ProxyAddress attribute for the user object. (331039)
Resolved an issue where the Deploy Activity Module update wizard failed to update activities if the new version of the activity has the same module version as the old version. (325291)
Resolved an issue that prevented modifying the Note field when multiple objects are selected for editing. (327725)
Resolved an issue where the Members tab for a group does not display the user status. (327041)
Resolved an issue that caused the DRA Reporting installation to fail when TLS 1.2 is enabled. (309001)
Resolved an issue in the Web Console where the custom page incorrectly displays the Edit button when editing multiple objects. (329527)
Resolved an issue where after upgrade from DRA 9.2.1.x to DRA 10.0.2.1, the NetIQ DRA Replication Service crashed. (318211)
Resolved an issue where an incremental accounts cache refresh for an Azure tenant failed due to the 410 Gone error. (301232)
Resolved an issue where the Web Console customization upgrade utility fails to merge customizations correctly when migrating Web Console customizations from DRA 9.2.1.x to DRA 10.0.2. (311012)
Resolved an issue in the Web Console where DRA fails to set the value for the Account Expiration Time property correctly. (327635)
Resolved an issue that caused a memory leak in the ProcessGovernanceActivityBroker process when a workflow is created with the Find Activity Directory Objects activity. (322342)
Resolved an issue that prevented creating a UTF-8 file without BOM when the Write Text to File activity is used in the workflow. (321314)
Resolved an issue where DRA failed to display mailbox statistics for Azure and synced users. (315269)
Resolved an issue where an incremental accounts cache refresh for a Public Folder failed after modifying the mail-enabled status for the Public Folder. (300006)
Resolved an issue in the Web Console where the change history report does not display data in the Date column when the operating system language for the Administration server is set to German (Switzerland). (313023)
We strive to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
When customizing the Create Computer form, if you specify a user account that contains a forward slash (/) in the Name attribute for the "Joined By" field, an error is displayed.
Workaround: This issue has been fixed for the built-in scripts. However, if you have a custom handler that calls the draApi.getDomainAdminsGroupPath function, you must manually update the script for the accountThatCanAddComputerToDomain property, and change the value from friendlyPath to distinguishedName.
Built-in change handlers were added in DRA 10.0 that affect the index values for Goto flow controls in custom handlers created in earlier DRA versions when the earlier version is upgraded to DRA 10.x.
Workaround: After upgrading from a DRA 9.x version to a DRA 10.x version, manually update the index values for any Goto flow controls used in custom handlers.
When the Mailtip attribute has special characters it may display in the Exchange General property page with HTML formatting on the following object types:
Azure Group
Azure Mail-Enabled User
Azure User Mailbox
Workaround: No workaround other than removing the special characters.
When updating the properties of a group Managed Service Account, DRA fails to save objects added to the Membership Policy or Delegation tab pages.
Workaround: None.
In the DRA Web Console, the properties page for a mail-enabled Azure user does not display the RecipientLimits attribute.
Workaround: Use the Set-AzureDRAUser and Get-AzureDRAUser PowerShell cmdlets to manage the RecipientLimits attribute.
NetIQ DRA Log Archive service fails to start when the service account password contains a double quotation mark (").
Workaround: The service account password can contain the following special characters:
~ ` ! @ # $ % ^ & * ( ) - _ = + { } [ ] | \ : ; ’ < > , . ? /
Ensure that the service account password does not contain a double quotation mark (").
We want to hear your comments and suggestions about this book and the other documentation included with this product. You can use the comment on this topic link at the bottom of each page of the online documentation, or send an email to Documentation-Feedback@microfocus.com.
For specific product issues, contact Micro Focus Customer Care at https://www.microfocus.com/support-and-services/.
© Copyright 2007-2021 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.