Directory and Resource Administrator
Exchange Administrator

Version 8.6

Release Notes

Date Published: #Build_Month_Year#



This version of the NetIQ Directory and Resource Administrator product (DRA) and the NetIQ Exchange Administrator product (ExA) provide several new features. This version also improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Directory and Resource Administrator forum on Qmunity, our community Web site that also includes product notifications, blogs, and the DRA user group.

This document outlines why you should install this version and identifies any known issues. We assume you are familiar with previous versions of these products. For more information about installing these products, see the Installation Guide.

For more information about this release and for the latest Release Notes, see the Directory and Resource Administrator Documentation Web site.

Why Install This Version?

Directory and Resource Administrator (DRA) and Exchange Administrator (ExA) provide highly secure and automated administration of Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server 2010. Through improved scalability, advanced delegation, and powerful policy-based management capabilities, DRA and ExA increase Active Directory security, dramatically reduce administrative efforts and costs while increasing efficiency, and protect the integrity of data in your Microsoft Windows Active Directory and Microsoft Exchange directory. The following sections outline the key features and functions provided by this version, as well as issues resolved in this release.

Support for Microsoft Exchange Server 2010

Exchange Administrator can manage environments with either Microsoft Exchange Server 2010 with Update Rollup 4 or Exchange Server 2010 Service Pack 1 installed.

Installation on Microsoft Windows Server 2008 R2

You can install DRA and ExA on servers running Microsoft Windows Server 2008 R2.

Support for Microsoft Internet Explorer 8

You can run the Web Console using Microsoft Internet Explorer 8.

Support for Additional Microsoft Exchange Server Features

Exchange Administrator provides management of the Reset Unified Messaging PIN feature and the Move Mailbox Status feature.

Improved Handling of Service Log Files

DRA now allows you to configure your environment to retain multiple copies of service log files. When a service log maximum file size is reached, DRA starts a new log file and retains 10 copies of log files, by default, before overwriting them. Previous versions of DRA cleared a log file when the maximum size was reached and began recording data in the same file. See the Additions to Documentation section for more information about configuring the number of backup logs to retain.

Log Archive Resource Kit (LARK) Included with DRA

The Log Archive Resource Kit (LARK) is now included with your DRA installation. If you select to install it during DRA installation, the LARK is installed in the Log Archive Resource folder under your DRA installation location, by default, C:\Program Files\NetIQ\DRA. Previously, this utility was only available by downloading it from the NetIQ Web site.

Installation Option to Not Cache Trusted Domains

New DRA installations provide the option to not cache trusted domains, resulting in improved performance in some environments.

Updated SDK Help

The Software Development Kit (SDK) Help has been updated with new content. The Customizing the Web Console Reference topic contains information about a new object, the DateTimeInput object. A new set of topics provides information about automating DRA operations by using the DRA Server COM object.

Removed Support for Microsoft Exchange 2000 Server and Microsoft Windows 2000 Server

NetIQ no longer provides support for using DRA and ExA to manage Microsoft Exchange 2000 Server environments or to install DRA and ExA on computers running Microsoft Windows 2000 Server.

Resolved an Issue Where the License Window Showed Incorrect Information After Upgrade

DRA shows the correct license information after an upgrade. (ENG274111)

Resolved an Issue Where DRA Did Not Recognize Manual Line Breaks in Description Fields

DRA now recognizes manual line breaks in description fields when the Carriage Return Option is set to allow carriage returns on the Client Options tab of the Administration Server Options window. (ENG286846)

Resolved an Issue Where Custom Tools Did Not Run on Computers Running a 64-bit Operating System

Some applications configured to run as Custom Tools did not run correctly on computers running a 64-bit operating system. An option on the Applications Settings tab of the Custom Tool wizard allows you to select to run applications in 64-bit native mode on computers running a 64-bit operating system. (ENG294455)

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

Back Up Log Archive Files Before Uninstalling DRA

Before you uninstall DRA, back up the log archive files if you want to have access to them later. (ENG236491)

Domain Administrators Can Run Activity Detail Reports

Domain Administrators from managed domains have the ability to run Activity Detail Reports regardless of whether they have been granted the explicit right to do so within DRA. The DRA built-in group Administrators from Managed Domains, by default, has DRA Administration rights over an ActiveView that includes all Active Directory objects. Reporting Powers in DRA 8.5 and later are not constrained on a per ActiveView basis, and members of this group will be able to configure the reporting options and execute Activity Detail reports.

You can use the ModifyManagedDomainAA utility to disable the built-in Assistant Admin Group if you do not want Domain Administrators to have the ability to run Activity Detail reports by default. The ModifyManagedDomainAA utility restarts the NetIQ Administration service when you use the utility to remove or restore the Administrators from Managed Domains AA group. By default, the ModifyManageDomainAA.exe file is located in the Program Files\NetIQ\DRA folder. (ENG272798)

DRA Shows Size in Kilobytes on Storage Limits Tab

DRA shows size in kilobytes (KB) on the Storage Limits Tab. The Microsoft Exchange Management Console shows the corresponding data in megabytes (MB). If you enter a value less than 1024 in DRA, the Exchange Management Console shows a value of 0. (ENG295570)

Exchange Tasks Unavailable After Computer Restart

When a computer has the WinRM service configured for an automatic delayed start, DRA does not enable Exchange tasks after a restart. (ENG295552)

To prevent this issue, complete the following steps:

  1. On the Administration server, start the registry editor.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MCSAdminSvc.
  3. Double-click DependOnService and add WinRM to the existing list of services.
  4. Restart the Administration server computer.

DRA Collector Access Account Needs Specific Permissions to the DRAReporting Database

In some situations the DRA Collector access account cannot connect to the DRAReporting database. Ensure that the access account you specify in the DRA Collector configuration has the following permissions on the DRAReporting database: (ENG274886)

  • db_datawriter
  • db_ddladmin
  • execute permission on DRAReporting stored procedures

DRA Web Console Does Not Start After Security Manager Installation

If you install NetIQ Security Manager after you install DRA, the DRA Web console might not start. Security Manager uses the same default port as the DRA Web console for SharePoint communication. (DOC293607)

To prevent this issue, use the IIS management tools to change the port used by either Security Manager or the DRA Web console.

DRA API Allows Invalid Country Codes Added with Aegis Adapter

The DRA API does not validate country codes added with the Aegis Adapter. (ENG274478)

DRA Reporting and Security Manager Reporting Cannot Share a SQL Server Instance

DRA Reporting and Security Manager Reporting must be installed on different SQL Server instances to avoid a naming conflict with the SMCubeDepot database that both products use.

Move Mailbox Status Window Shows Incorrect Information

When you have enabled support for both Microsoft Exchange Server 2007 and Exchange Server 2010 in DRA, DRA allows you to move a mailbox with a previous move request that has not been cleared. When this happens, the Move Mailbox Status Window displays incorrect information for the mailboxes that have been moved. (ENG296054)

Return to Top

Additions to Documentation

Updated Installation Requirements

The following information supersedes information in the Administration Installation Guide:

  • You must have at least 600 MB free on the C: drive when you install DRA for temporary storage of installation files. The Installation Guide states this requirement as 500 MB.
  • Exchange Administrator supports managing environments with either Microsoft Exchange Server 2010 with Update Rollup 4 or Exchange Server 2010 Service Pack 1 installed.
  • For more information about calculating memory usage for your environment, see NetIQ Knowledge Base article NETIQKB72582

Restricting DCOM Port Range to Enable DRA Communications Through a Firewall

To enable DRA communications through the Windows firewall, you must open a range of ports on the DCOM server and add a list of exceptions to the Windows firewall configuration.

To configure the DCOM restriction on the DCOM server:

  1. Log in to the Domain Controller(s) for the managed domain.
  2. Click Start > Run and type dcomcnfg, and then click OK.
  3. Select Component Services.
  4. Click Configure My Computer.
  5. Select the Default Protocols tab.
  6. Select Connection-oriented TCP/IP.
  7. Click Properties.
  8. Click Add.
  9. Enter the port range you want the DCOM server to pick (for example, 60000-60100).
  10. Click OK until all the windows are closed.

To configure the Windows firewalls exceptions:

  1. Log in to the Domain Controller(s) for the managed domain.
  2. Start the Windows firewall configuration.
  3. Add the following exceptions:
    • DCOM 135 - End-point mapper, a basic requirement for DRA communication; allows Administration server to locate the DRA Agent
    • NetBIOS 139 - Agent deployment check (disabled, but performed on service start)
    • DCOM 445 - Agent deployment disabled, but can be enabled from the user interface)
    • LDAP 389 - Active Directory object management
    • RPC xxxxx-xxxxx - DCOM Service communication (enter the port range you specified in your DCOM configuration)
  4. Close the Windows firewall configuration.

Configuring Service Logs

When you install DRA, the default configuration is for DRA to retain 10 versions of the following service log files before overwriting them:

  • DRA Service
  • DRA Core Service
  • DRA DOM Files

When the tenth version of a log file reaches its maximum size, DRA opens the first file and overwrites it with new log details. If you want to change the number of log files DRA retains, change the value of FileBackupsPerStartup in the registry to the number of files you want DRA to retain. Each service contains this registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Administration\Logging, so you can configure each service log separately.

Diagnostic Utility Requires Run as Administrator On Windows Server 2008

When you use the DRA Diagnostic Utility on Windows Server 2008 servers, start the program using the Run as option and specify Administrator.

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and user groups.

Return to Top

Legal Notice

Return to Top