This service pack for the Directory and Resource Administrator product improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Directory and Resource Administrator forum on Qmunity, our community Web site that also includes product notifications, blogs, and product user groups.

This document outlines why you should install this service pack, provides information about installing the service pack, and identifies known issues.

For more information about this release and for the latest Release Notes, see the Directory and Resource Administrator and Exchange Administrator Documentation web site.

Why Install This Service Pack?

Directory and Resource Administrator (DRA) and Exchange Administrator (ExA) provide highly secure and automated administration of Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server 2010. Through improved scalability, advanced delegation, and powerful policy-based management capabilities, DRA and ExA increase Active Directory security, dramatically reduce administrative efforts and costs while increasing efficiency, and protect the integrity of data in your Microsoft Windows Active Directory and Microsoft Exchange directory. The following sections outline the key features and functions provided by this version, as well as issues resolved in this release.

• New Options for Collecting Last Logon Statistics and Removal of DRA Agent
• Additional Options for Setting Home Directory Policies
• Support for NetIQ Reporting Center 1.5
• Support for Additional Microsoft Exchange Server Features
• New License Update Option and Exchange Administrator License Changes
• New Access Account Setting for Exchange Server 2010 Allows DRA to Manage Exchange Server 2010 Servers in Untrusted Domains
• New Platform Support and Prerequisite Change
• Updated Documentation Available
• Resolves Administration Server Issues
• Resolves User, Computer, and Group Account Administration Issues
• Resolves Exchange Administrator Issues
• Resolves DRA Reporting Issues
• Resolves Policy and Automation Issues
• Resolves Web Console Issues

New Options for Collecting Last Logon Statistics and Removal of DRA Agent

You can now choose whether to use the lastLogonTimestamp attribute on your domain controllers (updated every 14 days) or have DRA collect the lastLogon attribute for each user account in your managed domains (collected according to your schedule). DRA no longer uses an agent to gather last logon statistics.

When you install this service pack, DRA unregisters and uninstalls the DRA Agent from your domain controllers when the NetIQ Administration service restarts.

To configure last logon statistics collecting:

1. Open the Delegation and Configuration console.
2. In the Configuration Management node, click Managed Domains.
3. Select a domain, and click the Properties icon.
4. Click the Last logon statistics tab, and select the appropriate options for your needs. Additional text has been added to the window to guide you, and the context-sensitive help contains updated information for the new options on this window.

Additional Options for Setting Home Directory Policies

The Home Share/Directory Policies window has been updated to allow you to specify creating and moving home directories for existing users. Additional text has been added to the window to better explain the available options.

To configure home directory policies:

1. Open the Delegation and Configuration console.
2. In the Policy and Automation Management node, click Configure Home Directory Policies.
3. Select the appropriate options for your needs. Additional text has been added to the window to guide you, and the context-sensitive help contains updated information for the new options on this window.

Support for NetIQ Reporting Center 1.5

This version includes NetIQ Reporting Center (NRC) 1.5, which includes the following features:

• Support for SQL Server 2008 and 2008 R2 on all components
• Support for Windows Server 2008 and Windows Server 2008 R2 on all components
• Support for Windows 7 on the Reporting Center Console
• Compliant with FIPS 140 Inside Program and FIPS 180-3
• Removed requirement for IIS 6 Resource Kit Tools

Support for Additional Microsoft Exchange Server Features

This version provides additional support for the following Exchange Server features not previously managed by DRA:

• The new Membership approval tab on the Group Properties window allows you to manage settings for the Exchange 2010 group membership approval feature.
• A progress bar now displays when you move mailboxes between Exchange Servers. The progress bar displays on all moves to or from Exchange Server 2007 and to or from Exchange Server 2003 servers. (ENG239700)
• When managing group properties in the Web console, you can now access the Managed by properties. (ENG252766)
• The Web console now provides support for setting delivery restrictions for a group. (ENG300031)

New License Update Option and Exchange Administrator License Changes

You can now add licenses to the Administration server from a task on the Configuration Management task pad. You must start the Delegation and Configuration console from the Administration server and be connected to the same Administration Server to use this feature. If you have enabled user account control (UAC), you must start the Delegation and Configuration console using Run as Administrator to update the license. After you update the license, the NetIQ Administration service (McsAdminSvc) restarts.

ExA licensing is now consistent with the licensing for account management. The ExA licensing is based on the mailbox count and is checked and enforced when a new mailbox is created.

You can now see a mailbox count on the Statistics tab of the Domain Properties window.

New Access Account Setting for Exchange Server 2010 Allows DRA to Manage Exchange Server 2010 Servers in Untrusted Domains

When you specify Exchange 2010 management in Exchange Administrator, the new Exchange access tab on the Domain Properties window allows you to specify whether to use the Domain access account or another access account for all Exchange servers in your environment. This gives you the ability to configure DRA to manage Exchange Server 2010 servers in untrusted domains.

DRA now stores the credentials for the domain access account and the Exchange access account in AD LDS, so that once you specify these accounts on the primary Administration server, the information is available to all secondary Administration servers in the MMS after replication. Before installing this service pack, you had to specify the domain access account on each Administration server in the MMS.

New Platform Support and Prerequisite Change

This version adds support for the following platforms:

• SQL Server 2008 and SQL Server 2008 R2
• Internet Explorer 9

DRA no longer requires installation of Exchange Server 2010 management tools on the Administration server computer. DRA now only requires Powershell 2.0 and Windows Remote Management (WinRM) 2.0 to be installed on the Administration server to remotely manage an Exchange Server 2010 server.

Updated Documentation Available

This service pack contains the following updated documentation:

• Updated context-sensitive help for all changes to windows
• Updated Installation Guide available on the Directory and Resource Administrator and Exchange Administrator Documentation web site

Resolves Administration Server Issues

This service pack resolves the following Administration server issues:

Resolves an Issue Where the Delegation Model Did Not Work After Upgrading DRA 8.5 SP 1 to DRA 8.6

When wildcards are used to associate Assistant Admins with groups in the delegation model, DRA 8.6 now processes group memberships correctly. (ENG302108)

Resolves an Issue Where the Log Archive Data Viewer Shows No Records

The Log Archive Data Viewer now displays records from DRA. (ENG297374)

Resolves an Issue Where DRA Does Not Retain Changes to the Incremental Schedule Settings

DRA now retains changes to the Maximum number of minutes to attempt field. (ENG299443)

Resolves an Issue Where the ADAM or AD LDS Instance on a Secondary Administration Server Does Not Load LDAP

DRA can now connect to the ADAM or AD LDS instance on secondary Administration servers. (ENG298659)

Resolves an Issue Where ActiveViews Created Using the CLI Contain Blank Rule Descriptions

DRA now correctly generates ActiveView rule descriptions that you create using the CLI. (ENG292335)

Resolves User, Computer, and Group Account Administration Issues

This service pack resolves the following user, computer, and group account administration issues:

Resolves an Issue Where Users Are Unable to Create a Share

DRA now correctly sets the path value and users are able to create shares. (ENG300374)

Resolves an Issue Where Users Cannot Reset a Computer Account

DRA no longer incorrectly displays an error message stating This computer is not currently available when a user resets a computer account. (ENG302836)

Resolves an Issue Where Scheduling a Temporary Group Assignment Does Not Allow Specifying an End Time

When you select Immediately to schedule a temporary group assignment, DRA now enables the End time field. (ENG300532)

Resolves Exchange Administrator Issues

This service pack resolves the following Exchange Administrator issues:

Resolves an Issue Where Exchange Parameters for Recycle Bin Objects Can Be Modified

DRA no longer allows objects in the Recycle Bin to be modified. (ENG302230)

Resolves an Issue Where the Move Mailbox Status is Not Available

When a user moves a mailbox from Exchange Server 2010 to Exchange Server 2003, the Move Mailbox Status tab now displays in DRA Exchange Tasks. (ENG301911)

Resolves an Issue Where DRA Displays the Mailbox Storage Limit in Kilobytes Rather Than Megabytes

DRA now displays the Mailbox Storage Limits in megabytes. (ENG295570)

Resolves an Issue Where DRA Allows Spaces and Special Characters in Alias Name Field

DRA no longer allows spaces and special characters to be entered in the Alias name field. (ENG303244)

Resolves DRA Reporting Issues

This service pack resolves the following DRA reporting issues:

Resolves an Issue Where DRA Reporting Installation is Unsuccessful

DRA no longer incorrectly displays a message that the SMCubeDepot database cannot be opened. (ENG301622)

Resolves an Issue Where Change Activity Reports Are Not Available for Objects in the Recycle Bin

DRA now creates change activity reports for objects in the recycle bin. (ENG271775)

Resolves an Issue Where Management Reports Are Not Available

The AD collector no longer writes corrupted data to the DRA Reporting database. (ENG301015, ENG301041)

Resolves an Issue Where the AD Collector Data Collection Did Not Finish or Took More Than 40 Hours to Complete

DRA now completes AD data collection jobs. (ENG307475)

Resolves an Issue Where the AD Collector Does Not Use the Preferred Domain Controller for the Managed Domain

The AD collector now uses the preferred DC for the managed domain. (ENG304685)

Resolves an Issue Where the AD Collector Cannot Collect the proxyAddresses Attribute

The AD collector now collects the proxyAddresses attribute when configured to collect it. (ENG305785)

Resolves an Issue Where the NetIQ Product License Report Contains No Data

The NetIQ Product License Report now contains correct data. (ENG305306)

Resolves an Issue Where the Triggers Table Is Not Updated

The DRA Collector now updates the Triggers table as expected. (ENG299728)

Resolves Policy and Automation Issues

This service pack resolves the following policy and automation issues:

Resolves an Issue Where the Password Generation Policy Does Not Function as Expected

DRA now correctly enforces the password generation policy for minimum and maximum password length and for character restrictions. (ENG297971)

Resolves an Issue Where Triggers No Longer Execute in Alphanumeric Order

DRA now executes triggers in alphanumeric order. (ENG297639, ENG299401)

Resolves an Issue Where Triggers Are Not Executed

DRA now executes triggers as expected. (ENG235155)

Resolves Several Issues Where DRA Does Not Correctly Create or Rename Home Directories

This version resolves several issues where DRA does not correctly create or rename home directories. (ENG265703, ENG301009, ENG246449)

Resolves an Issue Where Existing Triggers Do Not Run on Windows Server 2008 R2 Servers

Triggers now work on Windows Server 2008 R2 servers. (ENG297906)

Resolves Web Console Issues

This service pack resolves the following Web console issues:

Resolves an Issue Where the Web Console Does Not Correctly Display the Previous Search term

When searching in the Web console, after completing a search, DRA no longer removes the spaces from the search term. (ENG301632)

Resolves an Issue Where Users Are Unable to Remove Home Directory Path Using the Web console

When the home directory path is blank, the Web console now displays the path in the Connect to field. (ENG299048)

Resolves an Issue Where the Web Console Displays an Incorrect Symbol

When viewing license information in the Web console, the symbol for collapsing information is now the minus sign (-). (ENG304153)

Resolves an Issue Where the Mailbox Store Is Not Displayed

The Web console now displays the full path of the mailbox store for mailboxes. (ENG262402)

Return to Top

Installing This Service Pack

To benefit from the new features and fixes provided in this version, install it on each Administration server computer and on each computer where you installed an Account and Resource Management console or Delegation and Configuration console.

You should have DRA and ExA 8.6 already installed.

Note To compute the mailbox count correctly for ExA license enforcement, DRA rebuilds the DOM files when the Administration server initializes after the installation. The Administration server may not be able to process requests until DRA completes this process. The amount of time required to rebuild the DOM files varies by environment.

To install this version:

1. Download the NetIQ Directory and Resource Administrator and Exchange Administrator 8.6 Service Pack 1 installation program.
2. Double-click the DRA860_SP1_setup.exe file.
3. Follow the on-screen instructions to complete the installation.

Note If you log on to the primary Administration server with a user account other than the Administration server service account, the installation program prompts you for the service account credentials to be able to extend the AD LDS schema and to update the DRA Reporting database schema.

Return to Top

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

• Exchange Tasks Not Available When Managed Domain Added to DRA
• DRA Displays Error Message When Checking Exchange Server 2003 Credentials
• Alias Name Not Created When Cloning an Exchange Server 2010 User Account in the Web Console
• Exchange Server 2010 Group Restore or Clone Operations Are Not Complete when You Enable Specific Advanced Options
• DRA May Not Create Home Directories Correctly for User Accounts Created Using the CLI

Exchange Tasks Not Available When Managed Domain Added to DRA

When a new domain is added to an existing DRA environment that is already configured for Exchange administration, Exchange Administrator does not display Exchange tasks for objects in the new domain because the Exchange provider is not aware of the newly added domain. (ENG305226)

To see Exchange tasks for objects in newly added domains, restart the Administration server computer or follow these steps:

1. Select Policy and Automation Management in the Delegation and Configuration Console.
2. Click Configure Exchange Policies.
3. Clear Enable Exchange Policy and click Apply.
4. Select Enable Exchange Policy and click Apply.
5. Select the appropriate Exchange version support and click OK.

DRA Displays Error Message When Checking Exchange Server 2003 Credentials

When the Administration server encounters any problem in checking service account credentials for Exchange Server 2003, DRA displays an error message that may be inaccurate. (ENG304359)

DRA displays the following error message: DRA may not have access to hidden groups in domains supporting Exchange 2003 or later. If accountName is not a member of the group, unexpected results can occur. If you use group memberships to delegate administration of this domain, ensure your access account is a member of the Exchange Domain Servers or Account Operators group.

Alias Name Not Created When Cloning an Exchange Server 2010 User Account in the Web Console

When cloning a user in the Web console, DRA does not create the alias name according the autonaming policy for Exchange Server 2010 mail-enabled user accounts. (ENG307205)

Exchange Server 2010 Group Restore or Clone Operations Are Not Complete when You Enable Specific Advanced Options

When you restore or clone an Exchange Server 2010 mail-enabled group account and select Send delivery report to group owner in the Exchange Advanced tab, DRA displays an error message. DRA restores or clones the group but does not correctly set all Exchange properties. (ENG307319)

DRA May Not Create Home Directories Correctly for User Accounts Created Using the CLI

When you create a user account using the CLI, the home directory may not be created. (ENG307267)

If you encounter this problem, use the Delegation and Configuration console to create a new user account with a home directory.

Return to Top

Additions to Documentation

Administration Guide Information Superseded

The discussion of last logon statistics in Chapter 17 of the Administration Guide is no longer accurate with this service pack release. Refer to information on the Last logon statistics tab of the Domain Properties window and in the context-sensitive help for updated information about collecting last logon statistics.

Updated Installation Guide Available

An updated Installation Guide is available on the Directory and Resource Administrator and Exchange Administrator Documentation web site.

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.

Return to Top

Legal Notice

NetIQ Directory Resource Administrator and Exchange Administrator are protected by United States Patent No: 6,792,462.

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

© 2011 NetIQ Corporation. All rights reserved.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.

For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.

Return to Top