2.7 User Interface Tasks

You can perform the following common user interface tasks. Most user interface tasks can be performed in the Account and Resource Management console and the Delegation and Configuration console.

2.7.1 Configuring Internet Explorer for the Web Console

The Web Console requires you to enable active scripting and per-session cookies in Internet Explorer. Active scripting and per-session cookies are enabled by default when you install Internet Explorer. If you customized your security settings and disabled either of these settings, you must re-enable them.

To enable active scripting and per-session cookies:

  1. Start Internet Explorer.

  2. On the Tools menu, click Internet Options.

  3. On the Security tab, select the appropriate Web content zone. For example, click Internet.

  4. Click Custom Level.

  5. Enable the following security settings:

    • Cookies/Allow per-session cookies

    • Scripting/Active scripting

  6. Click OK.

  7. Click Yes.

2.7.2 Connecting to an Administration Server

By default, DRA connects to the best available Administration server for a managed domain or computer. The best available Administration server is the closest server, which is typically a server in the network site. If the site does not include an Administration server, DRA connects to the first available server in the managed domain or managed subtree. However, you can specify the Administration server to which you want to connect.

The best-available Administration server is the closest server, which is typically a server in the network site. If the site does not include an Administration server, DRA connects to the next available server in the managed domain or managed subtree. You can also specify the Administration server to which you want to connect.

When you first start the user interfaces, DRA initially connects to the domain of your logon account. If you are logged on to a domain that is not managed by an Administration server, or if DRA cannot connect to the Administration server for that domain, DRA may display an error message. Ensure the Administration server is available and try again.

To connect to an Administration server:

  1. On the File menu, click Connect to DRA server.

  2. Click Connect to this DRA server.

  3. Type the name of the Administration server, using the following format: computername.

  4. Click OK.

2.7.3 Connecting to a Managed Domain or Computer

By default, DRA connects to a managed domain or computer through the best available Administration server. The best available Administration server is the closest server, which is typically a server in the network site. If the site does not include an Administration server, DRA connects to the first available server in the managed domain or managed subtree. However, you can specify the domain or computer to which you want to connect. You can also specify which Administration server you want DRA to use.

By default, the Account and Resource Management console connects to a managed domain or computer by using the best-available Administration server. The best-available Administration server is the closest server, which is typically a server in the network site. If the site does not include an Administration server, DRA connects to one of the servers managing the domain of the client computer. However, you can specify the domain or computer to which you want to connect. You can also specify which Administration server you want DRA to use.

When you first start the user interfaces, DRA initially connects to the domain of your logon account. If you attempt to log on to a domain or computer that is not managed by an Administration server, or if DRA cannot connect to the Administration server for your managed domain or computer, DRA may display an error message. Ensure the Administration server is available and try again.

To connect to a managed domain or computer:

  1. On the File menu, click Connect to DRA server.

  2. Select the appropriate option, and then type the name of the managed domain or computer.

  3. For example, to connect to the HOULAB domain, click Connect to a DRA server that manages this domain, and then type HOULAB.

  4. To specify an Administration server for the managed domain or computer, click Advanced, and then select the appropriate option.

  5. Click OK.

2.7.4 Modifying the Console Title

You can modify the information displayed in the title bar of both the Delegation and Configuration console and the Account and Resource Management console. For convenience and clarity, you can add the user name with which the console was launched and the Administration server to which the console is connected. In complex environments in which you need to connect to multiple Administration servers using different credentials, this feature helps you quickly discern which console you need to use.

To modify the console title bar:

  1. Start the Account and Resource Management console.

  2. Click View > Options.

  3. Select the Window Title tab.

  4. Specify the appropriate options, and then click OK. For more information, click the ? icon.

2.7.5 Customizing List Columns

You can select which object properties DRA displays in list columns. This flexible feature allows you to customize the user interface, such as lists for search results, to better meet the specific demands of administrating your enterprise. For example, you can set columns to display the user logon name or group type, letting you quickly and effectively find and sort the data you need.

To customize list columns:

  1. Select the appropriate node. For example, to choose which columns display when viewing search results on managed objects, select All My Managed Objects.

  2. On the View menu, click Choose Columns.

  3. From the list of properties available for this node, select the object properties you want to show.

  4. To change the column order, select a column, and then click Move Up or Move Down.

  5. To specify the column width, select a column, and then type the appropriate number of pixels in the provided field.

  6. Click OK.

2.7.6 Using Custom Tools

DRA enables you to seamlessly integrate the DRA interface with other products by using the custom tools feature. Using custom tools, you can execute external applications, launch scripts, open a web page, and enter parameters for any object from within the DRA interface. For example, if you select a computer in your domain, you can launch any of the custom tools defined and enabled for computers by your DRA Administrator.

To use custom tools:

  1. Start the Account and Resource Management console.

  2. In the left pane, expand All My Managed Objects.

  3. To specify the object for which you want to use the custom tool, complete the following steps:

    1. If you know the object location, select the domain and OU that contains this object.

    2. In the search pane, specify the object attributes, and then click Find Now.

    3. In the list pane, select the appropriate object.

  4. On the Tasks menu, click Custom Tools.

    NOTE:When you try to select custom tools for an object, if DRA does not display any custom tools for that object, it implies your DRA administrator has not enabled custom tools for that object.

  5. Select the appropriate custom tool.

2.7.7 Executing Saved Advanced Queries

Using advanced queries, you can search for users, contacts, groups, computers, printers, OUs, and any other object that DRA supports. If you have the Execute Saved Advanced Queries power, you can execute advanced queries available in the Saved Queries list for any container in the Account and Resource Management console. For more information about your assigned powers, see Section 2.7.17, Viewing Your Assigned Powers and Roles.

To execute saved advanced queries:

  1. Start the Account and Resource Management console.

  2. In the left pane, expand All My Managed Objects.

  3. Select the appropriate container. For example, if you want DRA to search for user account information, select Users.

  4. To view the advanced search pane, click Advanced Search.

  5. In the advanced search pane, select an advanced query from the Saved Queries list.

  6. Click Load Query, and then click Find Now.

2.7.8 Enabling Collection of Application Logs

To enable collection of application logs, you can install Dr. Watson to gather debugging information about applications you run on the Administration server computer. The Administration server uses this data to create logs for the Diagnostic Utility.

DRA provides a Diagnostic Utility to gather important data about your environment. For more information, see Section B.1, Diagnostic Utility.

To enable collection of application logs:

  1. Log on with an administrator account to the Administration server computer.

  2. On the Start menu, open the Command Prompt window.

  3. At the command prompt, enter DrWtsn32 -i.

  4. Click OK.

  5. Repeat Steps Step 1 through Step 4 on each Administration server computer.

2.7.9 Reporting on Object Changes

You can view real-time change information for objects in your domains by generating Activity Detail reports. For example, you can view a list of changes made to an object or by an object during a specified time period. You can also export and print Activity Detail reports.

To report on object changes:

  1. Find the objects that match your criteria.

  2. Right-click on an object, and select Reporting > Changes made to objectName or Reporting > Changes made by objectName.

  3. Select the start and end dates to specify the changes you want to view.

  4. If you want to change the number of rows to be displayed, type a number over the default value of 250.

    NOTE:The number of rows displayed applies to each Administration server in your environment. If you include 3 Administration servers in the report and use the default value of 250 rows to display, up to 750 rows can be displayed in the report.

  5. If you want to include only specific Administration servers in the report, select Restrict query to these DRA servers and type the server name or names you want the report to include. Separate multiple server names with commas.

  6. Click OK.

2.7.10 Reporting on Object Lists

You can export or print data from object lists. With this feature, you can quickly and easily report on and distribute general information about your managed objects.

When you export an object list, you can specify the file location, name, and format. DRA supports HTML, CSV, and XML formats, so you can export this information to database applications or post list results to a Web page

NOTE:You can also select multiple items in a list and then copy these items to a text application, such as Notepad.

To report on object lists:

  1. Find the objects that match your criteria.

  2. To export this object list, click Export List on the File menu.

  3. To print this object list, click Print List on the File menu.

  4. Specify the appropriate information to save or print this list.

2.7.11 Reporting on Object Details

You can export or print data from details tabs that list object attributes, such as group memberships. With this feature, you can quickly and easily report on and distribute frequently needed details about specific objects.

When you export an object details tab, you can specify the file location, name, and format. DRA supports HTML, CSV, and XML formats, so you can export this information to database applications or post list results to a Web page.

To report on object details:

  1. Find the object that matches your criteria.

  2. On the View menu, click Details.

  3. In the details pane, select the appropriate tab.

  4. To export these object details, click Export Details List on the File menu.

  5. To print these object details, click Print Details List on the File menu.

  6. Specify the appropriate information to save or print this list.

2.7.12 Saving Console Windows

By saving the Account and Resource Management console window, you can quickly create a custom user interface that includes your specific settings. You can save different window configurations to different files, preserving specific console settings for your unique administration needs.

To save your console window, click Save on the File menu.

2.7.13 Saving Custom Console Files

By saving the Account and Resource Management console window, you can quickly create a custom user interface that includes your specific settings. You can save different window configurations to different files, preserving specific console settings for your unique administration needs.

To save your console window, click Save on the File menu.

2.7.14 Restoring Console Settings

DRA allows you to resize windows and persists your window sizes. DRA also persists many other settings, including the last Administration server to which you connect, the columns you add or remove from list results, and column widths. If you want to restore these settings to the original setting with which you installed DRA, the Restore Default Settings option allows you to do so.

To restore default console settings:

  1. Start the appropriate console.

  2. Click View > Options.

  3. Select the Saved Settings tab.

  4. Review the information provided on the window, and then click Restore Default Settings. For more information, click the ? icon.

2.7.15 Using Special Characters

You cannot use the following special characters when naming user accounts, groups, contacts, OUs, computers, ActiveViews, AA groups, roles, policies, or automation triggers. These naming restrictions apply to the name of the object as well as the name of the rule that defines the object.

Naming user accounts, groups, and computers

When specifying a pre-Windows 2000 name, you cannot use the following special characters:

Backslash

\

Colon

 

Comma

,

Double quote

"

Equal sign

=

Forward slash

/

Greater than 

>

Left bracket 

[

Less than

<

Plus sign

+

Right bracket

]

Semi colon 

;

Vertical bar 

|

When naming user accounts, groups, and computers in Microsoft Windows domains, you can use any special character.

Managing groups through the Web Console

When managing a Microsoft Windows domain, the Web Console does not support managing groups whose names contain the following special characters:

  • Comma                                  ,

  • Double quote                         "

  • Forward slash                         /

Naming contacts and OUs

When naming contacts and OUs, you can use any special character.

Naming ActiveViews, AA groups, and roles

When naming ActiveViews, AA groups, and roles, you cannot use the backslash (\).

Naming policies and automation triggers

When naming policies and automation triggers, you cannot use the backslash (\).

You can include wildcard characters (*, ?, and #) when naming Microsoft Windows objects. Use wildcard characters when creating rules to narrow or broaden the context of a rule.

2.7.16 Using Wildcard Characters

DRA and ExA support wildcard characters in many fields in the DRA consoles and in CLI commands. Wildcards allow you to define rules that match multiple objects to a specific condition or standard, such as a naming convention. You can use wildcards instead of regular expressions to narrow or broaden the scope of the rule. Wildcard matching is not case‑sensitive. You can also use the question mark (?), asterisk (*), or number sign (#) wildcard characters as normal characters by prefixing a backslash (\) to the particular wildcard character. For example, to search for abc*, type the search text abc\*.

DRA and ExA support the following wildcard characters. You cannot use wildcard characters in names.

Match Item

Character

Definition

Any character

Question mark   ?

Matches exactly one character

Any digit

Number sign      #

Matches one digit

Any character, 0 or more matches

Asterisk            *

Matches zero or more characters

The following table provides examples of wildcard character specifications and what they match and do not match.

Example

Matches

Does Not Match

Den???

Denton and Dennis

Denison

El ????o

El Campo and El Indio

El Paso

Houston, TX #####

Houston, TX 77024

Houston, TX USOFA

DRA and ExA do not support wildcard specifications that contain logical operations.

2.7.17 Viewing Your Assigned Powers and Roles

Roles and powers define how you manage objects. A role is a set of powers that provides the permissions required to perform a specific administration task, such as creating a user account or moving shared directories.

The DRA Admin assigns roles, adds you to specific AA groups, and associates you with ActiveViews (sets of domain objects you can manage). You can view these assignments through the Account and Resource Management console and the Delegation and Configuration console. You do not need any auxiliary powers to view the roles and powers assigned to you.

For more information about the DRA security model, see the Administrator Guide for Directory and Resource Administrator and Exchange Administrator.

To view your assigned powers and roles:

  1. On the File menu, click DRA Properties.

  2. Click Powers.

  3. Select the appropriate view. For example, click Flat View to see a table of your AA group memberships, assigned powers and roles, and associated ActiveViews.

  4. Expand the appropriate item. For example, under Has Power column, expand Roles and Powers to view the individual roles or powers assigned to you.

  5. Click OK.

2.7.18 Viewing the Product Version Number and Installed Hotfixes

You can view the product version number and installed hotfixes from the DRA Properties window. This window provides version numbers and lists of installed hotfixes for the Administration server and the DRA client computer.

To view the product version number and installed hotfixes:

  1. On the File menu, click DRA Properties.

  2. Click General.

  3. View the information you need. For more information about a particular field, click the ? icon.

  4. Click OK.

2.7.19 Suppressing the License Warning Message

DRA provides you with an option to suppress the license warning message that appears when you reach the remaining user count threshold limit. DRA allows you to set the threshold limit for the number of remaining licensed users in the registry, which overrides the remaining user count threshold limit value available in the license file. DRA suppresses the license warning message until you reach the threshold limit you have set in the registry. The value you set as the threshold limit in the registry is optional and you can still use the threshold limit available in the license file.

WARNING:Be careful when editing your Windows Registry. If there is an error in your Registry, your computer may become nonfunctional. If an error occurs, you can restore the Registry to its state when you last successfully started your computer. For more information, see the Help for the Windows Registry Editor.

To update the threshold limit value in the registry:

  1. Click Start > Run. The Run dialog box is displayed.

  2. In the Open field, type regedit and then click OK. The Registry Editor window is displayed.

  3. In the left pane, expand HKLM\SOFTWARE\Mission Critical Software\OnePoint\Administration\License.

    NOTE:If you are editing the registry on a 64-bit operating system, expand HKLM\Software\WOW6432Node instead of HKLM\Software. The rest of the path remains the same.

  4. In the right pane, right-click and select New > DWORD value.

  5. Name the DWORD value as “WarnThreshold” and set the value that you wish to warn at. For example, if you set this value to 10, then DRA will not warn you until your license has less than 10 users left.

2.7.20 Viewing Your Current License

DRA and ExA require a license key file. You can view your product license from any Administration server computer. You do not need any auxiliary powers to view the product license.

To view your license:

  1. On the File menu, click DRA Properties.

  2. Click License.

  3. Review the license properties, and then click OK.

2.7.21 Upgrading Your License

DRA and ExA require a license key file. This license key file contains your license information. DRA installs the license key file on the Administration server. When you install the Administration server, the setup program allows you to use the default (trial) license key file or a production license key file (CustomLicense.lic) provided for you by NetIQ Corporation. As your administration needs change, you can upgrade your license to accommodate your new requirements.

NOTE:

  • If you are upgrading your DRA installation, ensure you schedule your upgrade during off-peak hours.

  • If you are using multiple Administration servers, you must upgrade your license key file on the primary Administration server and all secondary Administration servers.

  • Close all open applications on the Administration server you are upgrading before you start the setup program.

To upgrade your license:

  1. Log on to the primary Administration server computer using an administrator account for that computer.

  2. Open Control Panel.

  3. Open the Add/Remove Programs application.

  4. Select NetIQ Administration Products, and then click Change/Remove.

  5. On the Add/Remove Application window, click Advanced Configuration.

  6. Select the Upgrade license check box, and then click Next.

  7. On the Licenses window, click Add Licenses.

  8. Specify the path for the new license key file and then click Open.

  9. Compare the terms of your new license with those of your current license.

    • To use your new license, click Next.

    • To continue using your old license, click Cancel.

  10. Review the terms of the License Agreement. If you agree to the terms of the License Agreement, click Accept.

  11. Click Yes to restart the NetIQ Administration service.

  12. Review your changes, and then click Next.

  13. Click Finish.

    NOTE:

    • If you are using a trial license and upgrading to a production license, DRA will replace your trial license with your production license.

    • If you are using a production license and upgrading to a new production license, DRA will add your new production license to your existing production license.

    • If you are using an existing trial license and you would like to extend your trial license please contact your NetIQ sales representative or an authorized NetIQ reseller or partner to obtain a new trial license.