You can customize and extend the Delegation and Configuration console by implementing custom properties. Custom properties enable you to add proprietary account and OU properties, such as Active Directory schema extensions and virtual attributes, to specific wizards and property windows. These extensions allow you to customize DRA to meet your specific requirements. Using the New Custom Page wizard in the Delegation and Configuration console, you can quickly and easily create a custom page to extend the appropriate user interface.
If your assistant administrators require unique powers to securely manage the custom page, you can also create and delegate custom powers. For example, you may want to limit user account management to properties on the custom page only. For more information, see Implementing Custom Powers.
User interface extensions are custom pages DRA displays in the appropriate wizard and properties windows. You can configure custom pages to expose Active Directory attributes, schema extensions, and virtual attributes in the Delegation and Configuration console.
When you select any supported Active Directory attribute, schema extension, or virtual attribute, you can use custom pages in the following ways:
Limit assistant administrators to manage a well-defined and controlled set of properties. This property set can include standard properties and schema extensions. Standard properties are Active Directory attributes exposed by default through the Accounts and Resource Management console.
Expose Active Directory attributes other than the standard properties managed by DRA.
Extend the Delegation and Configuration console to include proprietary properties.
You can also configure how DRA displays and applies these properties. For example, you can define user interface controls with default property values.
DRA applies custom pages to all applicable managed objects in your enterprise. For example, if you create a custom page to add Active Directory schema extensions to the Group Properties window, DRA applies the properties on this page to each managed group in a domain supporting the specified schema extensions. Each custom page requires a unique set of properties. You cannot add an Active Directory attribute to more than one custom page.
You cannot disable individual windows or tabs in the existing user interface. An assistant administrator can select a property value using either the default user interface or a custom page. DRA applies the most recently selected value for a property.
DRA provides a full audit trail for custom properties. DRA logs the following data to the Application event log:
Changes to custom pages
IMPORTANT:You must manually configure Windows Application Log Auditing. See the Knowledgebase article How do I re-enable DRA to write events to the Application Event log in DRA 8.5 and later?
Creation and deletion of custom pages
Exposed schema extension, Active Directory attributes, and virtual attributes included on custom pages
You can also run change activity reports to monitor configuration changes for the custom properties.
Implement and modify custom pages from the primary Administration server. During synchronization, DRA replicates custom page configurations across the Multi-Master Set. For more information, see Configuring the Multi-Master Set.
Each custom page you create allows you to select a set of Active Directory properties, schema extensions, or virtual attributes and expose these properties as a custom tab. You can create the following types of custom pages:
Allows you to display custom tabs in the following windows:
User Properties window
Create User wizard
Clone User wizard
Allows you to display custom tabs in the following windows:
Group Properties window
Create Group wizard
Clone Group wizard
Allows you to display custom tabs in the following windows:
Computer Properties window
Create Computer wizard
Allows you to display custom tabs in the following windows:
Contact Properties window
Create Contact wizard
Clone Contact wizard
Allows you to display custom tabs in the following windows:
OU Properties window
Create OU wizard
Clone OU wizard
Allows you to display custom tabs in the following windows:
Resource Mailbox Properties window
Create Resource Mailbox wizard
Clone Resource Mailbox wizard
Allows you to display custom tabs in the following windows:
Dynamic Distribution Group Properties window
Create Dynamic Distribution Group wizard
Clone Dynamic Distribution Group wizard
When you add an Active Directory attribute, schema extension, or virtual attribute to a custom page, you also configure the user interface control with which an assistant administrator inputs the property value. For example, you can specify property values in the following ways:
Define specific value ranges
Set default property values
Indicate whether a property is required
You can also configure the user interface control to display proprietary information or instructions. For example, if you define a specific range for an employee identification number, you can configure the text box control label to display Specify employee identification number (001 to 100).
Each user interface control provides support for a single Active Directory attribute, schema extension, or virtual attribute. Configure the following user interface controls based on the property type:
|
Type of Active Directory attribute |
Supported User Interface Controls |
|---|---|
|
Boolean |
Check box |
|
Date |
Calendar control |
|
Integer |
Text box (default) Selection list |
|
String |
Text box (default) Selection list Object selector |
|
Multivalued String |
Selection list |
You can create custom pages from the User Interface Extensions node. Once a page is created, you can add or remove AD attribute properties, and disable or delete the page. For each customization you want to configure, create a custom page and assign the appropriate power or role to the assistant administrator. Consider the best practices below as you start working with custom pages:
To ensure DRA recognizes your Active Directory attributes, schema extension attributes, or virtual attributes, restart the NetIQ Administration Service service on each Administration server.
Identify the type of custom page you want to create and the properties you want assistant administrators to manage with this custom page. You can select any Active Directory attribute, including schema extension attributes and attributes in existing DRA wizards and property windows or any virtual attribute you create. However, each custom page requires a unique set of properties. You cannot add an Active Directory attribute to more than one custom page.
Custom pages do not replace the existing user interface. For more information, see How Custom Property Pages Work and Supported Custom Pages.
Determine how you want assistant administrators to specify these properties. For example, you may want to limit a specified property to three possible values. You can define an appropriate user interface control for each property. For more information, see Supported Custom Property Controls.
Determine whether your assistant administrators need proprietary information or instructions to successfully manage these properties. For example, determine whether Active Directory requires a syntax for the property value, such as a distinguished name (DN) or an LDAP path.
Identify the order in which these properties should display on the custom page. You can change the display order at any time.
Determine how DRA should use this custom page. For example, you can add a user custom page to the New User wizard and the User Properties window.
Use the Assignments tab on the Assistant Admin details pane to verify that your assistant administrators have the appropriate powers for the correct set of objects. If you created custom powers for this custom page, delegate those powers to the appropriate assistant administrators.
Determine whether your assistant administrators need a custom power to manage the properties on this page. For example, if you add a custom page to the User Properties window, delegating the Modify All User Properties power may give an assistant administrator too much power. Create any custom powers needed to implement your custom page. For more information, see Implementing Custom Powers.
Using your answers from steps above, create the appropriate custom pages.
Distribute information about the custom property pages you implemented to the appropriate assistant administrators, such as your Help Desk.
To implement property customization, you must have the powers included in the DRA Administration role. For more information about custom pages, see How Custom Property Pages Work.
You can create different custom properties by creating different custom pages. By default, new custom pages are enabled.
When you create a custom page, you can disable it. Disabling a custom page hides it from the user interface. If you are creating multiple custom pages, you may want to disable the pages until your customizations are tested and complete.
NOTE:Computer accounts inherit Active Directory attributes from user accounts. If you extend your Active Directory schema to include additional attributes for user accounts, you can select these attributes when you create a custom page to manage computer accounts.
To create a custom property page:
Navigate to Configuration Management > User Interface Extensions node.
On the Task menu, click New, and then click the appropriate menu item for the custom page you want to create.
On the General tab, type the name of this custom page, and then click OK. If you want to disable this page, clear the Enabled check box.
For each property you want to include on this custom page, complete the following steps:
On the Properties tab, click Add.
To select a property, click Browse.
In the Control label field, type the property name DRA should use as the label for the user interface control. Ensure the control label is user-friendly and highly descriptive. You can also include instructions, valid value ranges, and syntax examples.
Select the appropriate user interface control from the Control type menu.
Select where in the Delegation and Configuration console you want DRA to display this custom page.
To specify additional attributes, such as minimum length or default values, click Advanced.
Click OK.
To change the order in which DRA displays these properties on the custom page, select the appropriate property, and then click Move Up or Move Down.
Click OK.
You can change a custom page by modifying the custom properties.
To modify custom properties:
Navigate to Configuration Management > User Interface Extensions node.
In the list pane, select the desired custom page.
On the Tasks menu, click Properties.
Modify the appropriate properties and settings for this custom page.
Click OK.
You can quickly identify which Active Directory properties, schema extensions, or virtual attributes are managed using a particular custom page.
To identify Active Directory properties managed using custom pages:
Navigate to Configuration Management > User Interface Extensions node.
In the list pane, select the desired custom page.
In the details pane, click the Properties tab. To view the details pane, click Details on the View menu.
To verify how DRA displays and applies a property, select the appropriate Active Directory attribute, schema extension, or virtual attribute from the list, and then click the Properties icon.
When you enable a custom page, DRA adds this custom page to the associated wizards and windows. To specify which wizards and windows display a custom page, modify the custom page properties.
NOTE:To ensure each custom page exposes a unique set of properties, DRA does not enable custom pages that contain properties exposed on other custom pages.
When you disable a custom page, DRA removes the custom page from the associated wizards and windows. DRA does not delete the custom page. To ensure a custom page never displays in the user interface, delete the custom page.
When you delete a custom page, DRA removes the custom page from the associated wizards and windows. You cannot restore a deleted custom page. To temporarily remove a custom page from the user interface, disable the custom page.
To enable, disable, or delete a custom page, navigate to Configuration Management > User Interface Extensions node, and select the desired action in the Tasks or right-click menu.
The CLI enables you to access and apply powerful Administration product capabilities using commands or batch files. With the CLI, you can issue one command to implement changes across multiple objects.
For example, if you need to relocate the home directories of 200 employees to a new server, using the CLI, you could enter the following single command to change all 200 user accounts:
EA USER @GroupUsers(HOU_SALES),@GroupUsers(HOU_MIS) UPDATE HOMEDIR:\\HOU2\USERS\@Target()
This command directs DRA to change the home directory field of each of the 200 user accounts in the HOU_SALES and HOU_MIS groups to \\HOU2\USERS\user_id. To accomplish this task with the native Microsoft Windows administration tools, you would need to perform a minimum of 200 separate actions.
NOTE:The CLI tool will be deprecated in future releases as more features are added to PowerShell.