Frequently these improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ Directory and Resource Administrator forum on Micro Focus Forums, our online community that also includes product information, blogs, and links to helpful resources. You can also share your ideas for improving the product in the Ideas Portal.
The following sections describe the new features and enhancements in DRA 10:
We redesigned the Web Console to more closely resemble the tree-view behavior of the DRA Windows consoles from earlier releases to make navigation and task functions more intuitive and apparent. The new design also includes the following enhancements:
Enhanced search capabilities:DRA enables you to search for objects in both on-premise Active Directory domains and Azure tenants. You can search for users and groups in your Azure tenants and objects such as users, groups, contacts, computers, printers, and OUs in your Active Directory domains.
If you make a change in the objects filter, it automatically executes the object search after you click OK in the filter. Search also includes the following enhancements.
Advanced Search: The LDAP Search feature is now accessible directly from a new tabbed page, “Advanced Search,” with parallel navigation to the Search page.
Multi-field match search:When users search using Multi-Field Match, their search strings are compared to multiple attributes such as name, display name, first name, and last name. If the search string matches any of these attributes, the object is returned in the search results.
For more information, see Searching for Objects
in the NetIQ Directory and Resource Administrator User Guide.
Bulk operations: Users can now initiate bulk-related tasks directly from a new Bulk Operations pull-down menu on the Search page, which enables actions such as adding multiple members to multiple groups from a single action.
Form customization: The process for building or editing custom handlers for object properties and form submit and form load handlers is now done using a free-form script editor with built-in Help. The pull-down menus to insert JavaScript macros are no longer used.
Support for temporary group assignments:In addition to the Delegation and Configuration Console, you can now perform temporary group assignment tasks from the Web Console. These tasks include create, delete, update, and cancel operations.
For more information, see Managing Temporary Group Assignments in the Web Console
in the NetIQ DRA User Guide.
ActiveView Analyzer moved from the Web Console: The ActiveView Analyzer is used to monitor the processing time for each DRA ActiveView rule as it is applied to Active Directory objects within a specific DRA operation. We introduced this feature in the Web Console in DRA 9.2. In this release, we removed the tool from the Web Console and made it a separate utility.
For more information, see ActiveView Analyzer Utility
in the NetIQ DRA Administrator Guide.
Component integration moved from the Web Console: We moved the integration configuration for Workflow Automation and Change Guardian servers from the Web Console to the Delegation and Configuration Console. The new location for these settings in the console is the Integration Servers node under Configuration Management.
We removed the Account and Resource Management console from DRA. While this node is still included in the Delegation and Configuration console, this change is intended to align assistant administrators tasks more with the Web Console and DRA Administrator tasks with the Delegation and Configuration console.
In a previous release, we added capabilities to manage linked mailboxes, shared mailboxes, and Skype on-premises from the Web Console. Beginning in this release, you can also manage these features from the Delegation and Configuration Console.
With an Azure tenant access account, you can now configure Azure support in the Delegation and Configuration Console. Azure support enables you to manage Azure Active users and Azure groups from an Azure managed tenant, similar to managing objects in an Active Directory domain.
This support includes re-labeling applicable “Office 365” settings as “Azure” settings and moving the policies configuration to Configuration Management > Administration Server Options > Azure Sync.
Along with new delegation powers, Azure support in DRA includes two new delegation roles: Azure Group Administration and Azure User Administration. This release also changes the incremental accounts cache refresh interval on a managed tenant from 1 hour to 15 minutes.
IMPORTANT:
The DRA Recycle Bin does not currently support Azure objects.
Because the method used to access Azure tenants has changed, any currently managed tenants are removed during the upgrade to DRA 10. For this reason, the tenants need to be manually added again after upgrade.
The PowerShell 5.1 module is required to install the new Azure PowerShell module.
For more information, see Supported Platforms
in the NetIQ DRA Administrator Guide.
DRA manages Office 365 user mailboxes as well as migrated shared, room, and equipment mailboxes. For DRA to manage these shared mailboxes they must be associated with an on-premises user that is managed by DRA. The mailbox properties will be available through the property pages for those associated users.
IMPORTANT:The DRA Recycle Bin does not currently support non-licensed shared mailboxes.
Exchange 2010 is no longer supported in DRA. Because this was a configurable option in earlier releases, the Exchange Policy needs to be reset after DRA upgrade to enable DRA Exchange operations. Exchange 2013 and later versions are still supported. However, the options below were removed from the policy configuration:
Enable Exchange 2010 Administration support
Enable Administration support for Exchange 2013
For information about resetting the Exchange Policy, see Planning a DRA Upgrade
in the NetIQ DRA Administrator Guide.
The Exchange Online Policy is now enabled by default in DRA 10. This enables you to manage Azure tenants directly in DRA when the Azure prerequisites are installed. You can verify an active policy under the Azure Tenant Management Prerequisites node when running the DRA Health Check Utility. If any prerequisites are missing, the utility notifies you of the actions you need to take.
The Exchange Policy must also be enabled to manage Exchange features of Azure objects in DRA. For more information, see Enabling Microsoft Exchange
in the NetIQ DRA Administrator Guide.
In addition to improving some of the existing checks, we added new checks for Azure tenant management prerequisites and replication, which include the following:
Azure Tenant Management Prerequisites
Azure Active Directory
Skype Online
Replication
Validate Replication Configuration
Validate Replication State
Validate Migrate Temporary Group Assignment
Secure Active Directory is defined by a DRA environment that is configured to run using the LDAPS (LDAP over SSL) protocol to encrypt communications between DRA and Active Directory to provide a more secure environment.
For more information, see Configuring DRA to Run Secure Active Directory
in the NetIQ DRA Administrator Guide.
To minimize administrator tasks, you can now view or edit logon and password date and time-related attributes from the Web Console.
For detailed information on hardware requirements and supported operating systems and browsers, see theNetIQ DRA Installation Guide or see the NetIQ DRA Systems Requirement reference.
For detailed information about installing Directory and Resource Administrator components and modules, see the NetIQ DRA Installation Guide.
Use the table below to determine your applicable upgrade path by version. Note that patch versions are not listed. However, all patches for the versions shown are supported. For example, you can upgrade to DRA 10.0 from DRA 9.2.1 or any of its patches: 9.2.1.1, 9.2.1.2, and so forth.
|
DRA Server Base Version |
DRA Server Updated Version |
|---|---|
|
9.1, 9.1.1, 9.2, or 9.2.1 |
10.0 |
|
9.1, 9.1.1, or 9.2 |
9.2.1 |
|
9.0, 9.0.1, 9.0.2, 9.0.3, 9.1, or 9.1.1 |
9.2 |
|
9.0, 9.0.1, 9.0.2, 9.0.3, or 9.1 |
9.1.1 |
|
9.0, 9.0.1, 9.0.2, or 9.0.3 |
9.1 |
|
9.0, 9.0.1, or 9.0.2 |
9.0.3 |
|
9.0 or 9.0.1 |
9.0.2 |
|
9.0 |
9.0.1 |
|
8.7 |
9.0 |
This release includes the following stabilizing fixes:
Resolved an issue where the DRA Server hangs at random times due to an issue with the DRA configuration for Microsoft Exchange. (ENG349772)
Resolved an issue that caused the full accounts cache refresh (FACR) to start when DRA fails to communicate with the cache service. (ENG349717)
Resolved an issue where customization tasks were not visible after upgrading from DRA 9.2.1.0. (ENG349192)
Resolved an issue in the Web Console where the account expiration date could not be set beyond the current month. (ENG350390)
Resolved an issue where database security allowed Read access to anyone with local access to the operating system that hosts the database. (ENG349302)
Resolved an issue where uninstalling the DRA Patch MSP file, removed the full DRA version. (ENG349308)
Resolved an issue that did not update the Users attribute using the ADSI Provider. (ENG348828)
Resolved an issue in the Web Console where cloning a group gave the new group a value for MailNickName. (ENG350343)
Resolved an issue that occurred when emails were not sent to a contact that shared the same alias name with other contacts. (ENG348096)
Resolved a performance issue in the Web Console where, while trying to view the group membership for large groups, the web browser froze. (ENG348233)
Resolved an issue where, while checking the Recycle Bin permissions during an incremental accounts cache refresh, all DRA operations halted until the Recycle Bin check completed. (ENG348231)
Resolved a performance issue where searching using the "Contains" option through an account other than the DRA Service account takes longer than expected. (ENG348739)
Resolved an issue where DRA was unable to manage the cloud only resource mailboxes. (ENG351410)
Resolved an issue where DRA allowed creating an object with a duplicate name as the one already present in the Recycle Bin. (ENG347626)
Resolved an issue that converted the REST Web Set Account Expiration Date to the US date format (mm/dd/yyyy). (ENG350405)
Resolved an issue in the Web Console where the User Must Change Password field is cleared by default. (ENG349106)
Resolved an issue where Skype operations failed due to an incorrect ShellId error. (ENG350771)
Resolved an issue in the Web Console where the DRA Web Group Change History reports did not show the objects added to or removed from the group. (ENG348280)
Resolved an issue where the cloud FACR was crashing due to an unhandled exception error during Azure tenant collection. (ENG349473)
Resolved an issue where user assignments were not displaying on the Assignment tab of properties for the selected user in the Web Console. (ENG347125)
Resolved an issue in the Web Console that failed to display all managed domains when searching for Office 365 enabled users for mail flow or mailbox delegation. (ENG348440)
Resolved an issue that prevented all mailbox features from displaying for an Exchange 2016 user mailbox when viewing Exchange Tasks in the DRA Windows console. (ENG350768)
Resolved an issue that prevented DRA from displaying current values for Active Directory integer-type attributes when using the Multi-Select feature in the Web Console. (ENG349571)
Resolved an issue that caused repeated and nested indentations on the ExchShell log which prevented log content from being viewed in the log viewer. (ENG348172)
Resolved an issue that prevented DRA from creating an audit report when the results included a “Group Create” operation type. (ENG348964)
Resolved an issue that produced an error when trying to add a user to an Office 365 license group. (ENG348595)
Resolved an issue where the Administration server failed to map a CN attribute of an OU to the correct Active Directory attribute. (ENG348595)
Resolved an issue that prevented the Managed Object Browser field from displaying on a Form Submit handler. (ENG349976)
Resolved an issue where the DRA registry check for PowerShell failed. (ENG349222)
Resolved an issue where the DRA Windows console failed to show the “Disabled” icon on cloud-synced Active Directory users. (ENG350222)
Resolved an issue where DRA failed to allow blank Home Directory or Profile path attributes. (ENG349700)
Resolved an issue with the DRA PowerShell trigger failing when using the GetField method. (ENG348693)
Resolved an issue that caused a public folder Activeview rule to display details incorrectly (ENG348646)
Resolved an issue where the MailboxCreate policy would only fire for the UserCreate operation. (ENG347836)
Resolved an issue for where Cloud license policies did not roll back when a Group trigger failed. (ENG347875)
Resolved an issue where the DRA Office 365 rule to prevent special characters for Office 365 licensed users incorrectly allows for a $ character to be used. (ENG348254)
We strive to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Managed domain is incorrectly designated as “omitted” from cache refresh in secondary server
Unable to open the Web Console when MIME components are not installed on the DRA Server
Password in the User Create page is auto-populated while using Mozilla Firefox
The Linked Master Account field is visible on the Create User page in the Web Console
Computer Resource Management features not available in the Web Console
Assistant administrators cannot access a user’s general Skype properties with given powers
Administrators are able to create Azure groups with duplicate group names and group types
The mailNickname attribute is retained when deleting a user, group, or contact email address
DRA installer does not launch automatically on Windows 2012 R2 platforms with high security setting
Assistant administrators cannot manage temporary group assignments (TGA) in the Web Console
Core service logs are not getting generated in the new Group Managed Service Account (gMSA) location
403 error thrown when searching for public folders with domain controller down
Public folder creation is failing on secondary servers with the Exchange Policy enabled
The Public Folder cache loader is failing on domains with an SSL flag
Temporary group assignments ports are not validated by the installer during upgrade
An error is generated when creating an archive mailbox for a shared mailbox
Email Address not getting updated in the Shared Mailbox property page
Get-DraService command does not aggregate services in Paused state
Adding and removing delegates in the Web Console is not working in the same opened template
Subtree management and Active Directory collector fails with SSL flag on LPA
The Exchange version not accepted in the Web Console when creating a dynamic distribution group
Migrated Online Resource Mailbox objects are detected as Azure User objects in the Web Console.
Incorrect Office 365 License mapping job configuration on the secondary Administration servers
Unable to preview query results of a dynamic group from the Web Console
Unable to update Mailbox Delegates in the Web Console with appropriate powers
Email address does not update in the User and Shared Mailbox property page of the Web Console
Error while updating shared mailbox properties in the Web Console
DRA does not remove Office 365 licenses for Azure users assigned outside of DRA
If you demote a primary server and make it a secondary server to a different primary server, domains that are not managed by the secondary server remain designated as “omitted for accounts cache refresh” after a new full accounts cache refresh is run.
Workaround: Delete the omitted managed domain and manage the domain again.
During DRA installation, required MIME (Multi-purpose Internet Mail Extensions) are not installing, which prevents the Web Console from loading. These extensions include Directory Browsing, HTTP Errors, and Static Content.
Workaround: After installing DRA, manually install the applicable extensions through Server Manager and then enable Directory Browsing in the IIS Manager.
If the issue persists, perform the following:
Go to C:\inetpub\temp\appPools\DRAClientAppPool
Open the DRAClientAppPool file and add the <remove fileExtension=".json" /> code after <staticContent>
Reset the IIS manager and restart the machine.
While using the Mozilla Firefox browser, the password field is auto-populated in the User Create page with the password of the logged-in user.
Workaround: Disable the settings to save password in Mozilla Firefox.
The SCP entry for REST server is not created when DRA server and REST server are in a distributed environment.
Workaround: After managing a domain, restart the REST Service manually.
After upgrade, if the TGAs are in an error state, the Add button is unavailable to modify the group members for the TGAs in the Error state.
Workaround: Create new temporary group assignments in the Web Console after upgrade.
When customization is done before upgrade, the Linked Master Account field is visible on the Create User page in the Web Console.
Workaround: To remove the Linked Master Account field on the Create User page in the Web Console, delete the field manually by navigating to Administration > Customization > Property Pages > User > Mailbox.
Currently, the following computer resources are not available in the Web Console:
Services
Shares
Devices
Open files
Connected users
Event logs
Printers
Workaround: These features are currently supported in the Delegation and Configuration Console.
The administrator cannot create an object when the Managed Object Browser control is used in the Create Object template without setting the Target Attribute.
Workaround: In the Create Object template, set the Target Attribute field in the Managed Object Browser control.
An exception error is thrown when assistant administrators who have all required Skype powers try to access a user’s general Skype properties.
Workaround: Provide a Skype Administration role or add a User View All Properties power to the assistant administrator.
Administrators are able to create more than one Azure group that possess the same group name and group type. This is contrary to behavior in the Azure portal.
Workaround: Ensure Azure groups are created with unique group names.
The database retains the mailNickname attribute when you delete an email address for any user, group, or contact.
Workaround: Run the domain incremental accounts cache refresh after the delete operation.
URL links are stored in local storage without link validation. URL link validation should happen before storing the URL to selectedSubNavs in localStore.
Workaround: Clear the local storage.
When custom files are kept in place during a DRA upgrade, Custom Actions for Exchange objects are not available with the Exchange Policy enabled.
Workaround: Clear the browser cache using the Network debug portal.
On Windows 2012 R2 platforms, the DRA installer does not launch automatically if the Windows User Account Control security feature is set to high.
Workaround: Open the extracted installation files location and double-click the Setup.exe file.
Assistant administrators who have the Modify Temporary Group Assignments power cannot manage TGAs.
Workaround: Grant the assistant administrator both the Modify Temporary Group Assignments power and the View Temporary Group Assignments power.
When the service account is changed to a gMSA account, the Core service logs are not generating in the temporary log location that are meant for the new gMSA.
Workaround: Logs are still getting generated in the old service account location. View that location.
When trying to list public folders in DRA and the domain controller for the DRA Server is down, a 403 access error is thrown.
No workaround.
When the Exchange Policy is enabled, creation of public folders on secondary servers fails due to failure to list public folder mailboxes.
Workaround: Change the domain and Exchange access accounts MMS configuration explicitly from the "Use primary access account" option to the "use following access account” option.
When creating a dynamic distribution group, if the conditional custom attributes are specified with multiple long value fields, the server throws an error about the field length being calculated incorrectly.
No workaround.
The Public Folder cache loader is failing with a username and password error on domains with an SSL flag.
No workaround.
When upgrading to DRA 10.0, if the Replication Service Port is given as any used port, the upgrade installer is not validating the same.
Workaround:Provide a valid port.
When trying to create an archive mailbox for a shared mailbox in the Delegation and Configuration Console, an error is displayed stating "Object is Shared Mailbox".
Workaround: Click OK to continue.
Online migrated mailboxes are allowed to be added as delegates in the Delegation and Configuration Console, which is different from the behavior in the Web Console.
Workaround: Use the Web Console to manage delegation of online migrated mailboxes (online shared mailbox and online resource mailbox objects).
If values are added to custom attributes when defining custom filters for a new dynamic distribution group, non-defined filters are getting added to the configuration.
Workaround: Do not provide any values for custom attributes when selecting the recipient filter as a custom filter.
When updating the email address along with changes to 'Delivery Restrictions' or 'Delivery Options' on an object in the Web Console, the email address is not persisting after saving the page.
Workaround: Update the email address in the General tab separate from any other changes.
When running the Get-DraService command in PowerShell on a DRA Server, any paused services are not returned in the result.
No workaround.
The adding and removing of delegates in a resource policy for Equipment Mailbox is not working when pressing Apply with more than one iteration of the same template open.
Workaround: Use the Save option instead.
When managing a subtree with the SSL flag on for LPA, and trying to configure an Active Directory collector, an error for "deleted objects" is thrown.
No workaround.
When the Allow duplicates option is selected on the Multi Value Text Options tab of a customization page in the Web Console, the selection is not retained post DRA upgrade.
No workaround.
When performing a multiple-edit operation in the Web Console on dynamic distribution groups, values added only to Senders Exempted from Moderators causes the Save and Apply buttons to be disabled.
Workaround:Also add values for Group Moderator or edit the dynamic distribution groups individually.
When creating a dynamic distribution group in the Web Console, if the Exchange version option is selected in the Exchange Tool field before a location is selected in the Create In field, the Exchange entry is not accepted.
Workaround: Reselect the Exchange version in the Exchange Tool field.
In the Create Room Mailbox page on the Web Console, when you update the details on the Room Settings page and navigate between the Account page and the Room Settings page, the Mailbox Alias name changes back to the old value saved. This is applicable for all object types using the alias name.
Workaround: Re-enter the Mailbox Alias name and save the changes.
Auditing fails when the Azure group names for Mail-enabled Security or Distribution List group types are changed.
No workaround.
For Migrated Online resource mailboxes, All My Managed Objects in the Web Console will display duplicate objects for both the on-premises resource mailbox as well as the online resource mailbox.
No workaround.
In a multi-master set (MMS) environment with the License mapping job configuration for Office 365 complete on the primary Administration server, after MMS replication, these configurations are incorrect on the secondary Administration servers. The incorrect configurations include server details, schedule details, and license enforcement method information.
Workaround: Restart the secondary Administration servers.
Workflow Automation 3.3 does not support the Launch Specific Workflow option from DRA. When the Web Console is configured with Workflow Automation server 3.3 it should only display the Trigger Workflow by Event option.
Workaround: Upgrade to Workflow Automation 3.4.
When you create a dynamic group in the Delegation and Configuration Console, the Preview Query Results option for the Dynamic Member Filter is unavailable in the Web Console. This happens because of an LDAP query conversion error in the Web Console.
Workaround: The LDAP query should be enclosed within parentheses.
To do this:
Login to the Web Console.
Navigate to Management > Dynamic Member Filter > Preview Query Results > Modify.
Enclose the LDAP query within parentheses, save it, and proceed to Preview Query Results.
For example: (objectclass=user)
Assistant administrators who have the View All Office 365 Properties and Modify All Office 365 Properties powers are unable to update Mailbox Delegation attributes or update Alias Name in the Exchange Online > General tab of the Web Console.
Workaround:Also delegate View All User Properties and Modify All User Properties to applicable assistant administrators.
When you create a user with out providing a value to the source anchor configured for the tenant, it creates a dual user in the Azure portal when the user is added to the Office 365 license policy group.
Work around:Run Active Directory Sync to clear the dual Azure user and then provide a value for the user source anchor (employeeID) in the object’s properties.
When you update and save the email address in the General tab of the Mailbox property page along with updates in the Delivery Restrictions or the Delivery Options tab, the email address is not updated.
Workaround: Update and save the Mailbox property page tabs individually.
When editing the property page of a shared mailbox and you update the Mailbox Name attribute along with any other attribute, the error below is thrown when you click Apply:
“Object reference not set to an instance of an object”
Workaround:The name of the object should not be updated at the same time as other attributes.
DRA does not enforce a license assignment job to remove the Office 365 licenses assigned to Azure users outside of DRA. However, DRA ensures the licenses are assigned based on the license list defined in the DRA Office 365 Policy.
No workaround.
The REST SCP is not created after installation. An error is displayed stating "There is no such object on the server".
Workaround:Create a new container named DRARestServer and restart the NetIQ DRA Rest Service.
To do this:
Run adsiedit.msc.
Right-click ADSI Edit > Connect to... > Connection Settings > OK to connect to the Default naming context.
Navigate to System container > New.
Right-click Object...
From the Create Object dialog that opens, select container and click Next.
Type DRARestServer in the Value field.
Click Next > Finish.
Restart the NetIQ DRA Rest Service to create the Rest SCP.
We want to hear your comments and suggestions about this book and the other documentation included with this product. You can use the comment on this topic link at the bottom of each page of the online documentation, or send an email to Documentation-Feedback@microfocus.com.
For specific product issues, contact Micro Focus Customer Care at https://www.microfocus.com/support-and-services/.
© Copyright 2007-2020 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.