Secure Active Directory is defined by a DRA environment that is configured to run using the LDAPS (LDAP over SSL) protocol to encrypt communications between DRA and Active Directory to provide a more secure environment.
When upgrading to a DRA 10.x version from a 9.x version, LDAPS needs to be enabled after the upgrade to use Secure Active Directory. The Automatic Discovery feature for detecting and connecting to DRA and REST servers also needs to be configured for this feature.
If you are upgrading to DRA 10.x from a 9.x version, follow the steps below. If you are configuring DRA for a new installation, see Adding Managed Domains and Computers.
Navigate to Configuration Management > Managed Domains in the DRA Delegation and Configuration console.
Right-click the domain and open Properties.
Enable This domain is configured for LDAP over SSL in the General tab, and click OK.
Restart the NetIQ Administration Service.
NOTE:If you are also configuring Automatic Discovery to use Secure Active Directory, you can wait to restart services after completing that configuration. For more information, see Configure Automatic Discovery for LDAPS.
Automatic Discovery is the mechanism used by the client to automatically connect to the available DRA environment.
To configure DRA for an environment running Secure Active Directory, configure the ClientSSLAllDomains registry key:
Launch the Registry Editor utility.
Right-click the HKEY_LOCAL_MACHINE SOFTWARE\Wow6432Node\Mission Critical Software\RestExtentions node.
Select New > DWORD (32-bit) Value.
Name the new key ClientSSLAllDomains.
Set the registry key value as 1.
After adding the ClientSSLAllDomains registry key, restart the following services:
World Wide Web Publishing Service
NetIQ DRA Host Service
NetIQ DRA Rest Service