Directory and Resource Administrator
Date Published: #Build_Month_Year#
This version of the NetIQ Directory and Resource Administrator product (DRA) and the NetIQ Exchange Administrator product (ExA) provide several new features. This version also improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Directory and Resource Administrator forum on Qmunity, our community Web site that also includes product notifications, blogs, and the DRA user group.
This document outlines why you should install this version and identifies any known issues. We assume you are familiar with previous versions of these products. For more information about installing these products, see the Installation Guide.
For more information about this release and for the latest Release Notes, see the Directory and Resource Administrator Documentation Web site.
Why Install This Version?
Directory and Resource Administrator (DRA) and Exchange Administrator (ExA) provide highly secure and automated administration of Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2008 R2, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server 2010. Through improved scalability, advanced delegation, and powerful policy-based management capabilities, DRA and ExA increase Active Directory security, dramatically reduce administrative efforts and costs while increasing efficiency, and protect the integrity of data in your Microsoft Windows Active Directory and Microsoft Exchange directory. The following sections outline the key features and functions provided by this version, as well as issues resolved in this release.
Support for Microsoft Exchange Server 2010
Exchange Administrator can manage environments with either Microsoft Exchange Server 2010 with Update Rollup 4 or Exchange Server 2010 Service Pack 1 installed.
Installation on Microsoft Windows Server 2008 R2
You can install DRA and ExA on servers running Microsoft Windows Server 2008 R2.
Support for Microsoft Internet Explorer 8
You can run the Web Console using Microsoft Internet Explorer 8.
Support for Additional Microsoft Exchange Server Features
Exchange Administrator provides management of the Reset Unified Messaging PIN feature and the Move Mailbox Status feature.
Improved Handling of Service Log Files
DRA now allows you to configure your environment to retain multiple copies of service log files. When a service log maximum file size is reached, DRA starts a new log file and retains 10 copies of log files, by default, before overwriting them. Previous versions of DRA cleared a log file when the maximum size was reached and began recording data in the same file. See the Additions to Documentation section for more information about configuring the number of backup logs to retain.
Log Archive Resource Kit (LARK) Included with DRA
The Log Archive Resource Kit (LARK) is now included with your DRA installation. If you select to install it during DRA installation, the LARK is installed in the Log Archive Resource folder under your DRA installation location, by default, C:\Program Files\NetIQ\DRA. Previously, this utility was only available by downloading it from the NetIQ Web site.
Installation Option to Not Cache Trusted Domains
New DRA installations provide the option to not cache trusted domains, resulting in improved performance in some environments.
Updated SDK Help
The Software Development Kit (SDK) Help has been updated with new content. The Customizing the Web Console Reference topic contains information about a new object, the DateTimeInput object. A new set of topics provides information about automating DRA operations by using the DRA Server COM object.
Removed Support for Microsoft Exchange 2000 Server and Microsoft Windows 2000 Server
NetIQ no longer provides support for using DRA and ExA to manage Microsoft Exchange 2000 Server environments or to install DRA and ExA on computers running Microsoft Windows 2000 Server.
Resolved an Issue Where the License Window Showed Incorrect Information After Upgrade
DRA shows the correct license information after an upgrade. (ENG274111)
Resolved an Issue Where DRA Did Not Recognize Manual Line Breaks in Description Fields
DRA now recognizes manual line breaks in description fields when the Carriage Return Option is set to allow carriage returns on the Client Options tab of the Administration Server Options window. (ENG286846)
Resolved an Issue Where Custom Tools Did Not Run on Computers Running a 64-bit Operating System
Some applications configured to run as Custom Tools did not run correctly on computers running a 64-bit operating system. An option on the Applications Settings tab of the Custom Tool wizard allows you to select to run applications in 64-bit native mode on computers running a 64-bit operating system. (ENG294455)
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Back Up Log Archive Files Before Uninstalling DRA
Before you uninstall DRA, back up the log archive files if you want to have access to them later. (ENG236491)
Domain Administrators Can Run Activity Detail Reports
Domain Administrators from managed domains have the ability to run Activity Detail Reports regardless of whether they have been granted the explicit right to do so within DRA. The DRA built-in group Administrators from Managed Domains, by default, has DRA Administration rights over an ActiveView that includes all Active Directory objects. Reporting Powers in DRA 8.5 and later are not constrained on a per ActiveView basis, and members of this group will be able to configure the reporting options and execute Activity Detail reports.
You can use the ModifyManagedDomainAA utility to disable the built-in Assistant Admin Group if you do not want Domain Administrators to have the ability to run Activity Detail reports by default. The ModifyManagedDomainAA utility restarts the NetIQ Administration service when you use the utility to remove or restore the Administrators from Managed Domains AA group. By default, the ModifyManageDomainAA.exe file is located in the Program Files\NetIQ\DRA folder. (ENG272798)
DRA Shows Size in Kilobytes on Storage Limits Tab
DRA shows size in kilobytes (KB) on the Storage Limits Tab. The Microsoft Exchange Management Console shows the corresponding data in megabytes (MB). If you enter a value less than 1024 in DRA, the Exchange Management Console shows a value of 0. (ENG295570)
Exchange Tasks Unavailable After Computer Restart
When a computer has the WinRM service configured for an automatic delayed start, DRA does not enable Exchange tasks after a restart. (ENG295552)
To prevent this issue, complete the following steps:
DRA Collector Access Account Needs Specific Permissions to the DRAReporting Database
In some situations the DRA Collector access account cannot connect to the DRAReporting database. Ensure that the access account you specify in the DRA Collector configuration has the following permissions on the DRAReporting database: (ENG274886)
DRA Web Console Does Not Start After Security Manager Installation
If you install NetIQ Security Manager after you install DRA, the DRA Web console might not start. Security Manager uses the same default port as the DRA Web console for SharePoint communication. (DOC293607)
To prevent this issue, use the IIS management tools to change the port used by either Security Manager or the DRA Web console.
DRA API Allows Invalid Country Codes Added with Aegis Adapter
The DRA API does not validate country codes added with the Aegis Adapter. (ENG274478)
DRA Reporting and Security Manager Reporting Cannot Share a SQL Server Instance
DRA Reporting and Security Manager Reporting must be installed on different SQL Server instances to avoid a naming conflict with the SMCubeDepot database that both products use.
Move Mailbox Status Window Shows Incorrect Information
When you have enabled support for both Microsoft Exchange Server 2007 and Exchange Server 2010 in DRA, DRA allows you to move a mailbox with a previous move request that has not been cleared. When this happens, the Move Mailbox Status Window displays incorrect information for the mailboxes that have been moved. (ENG296054)
Additions to Documentation
Updated Installation Requirements
The following information supersedes information in the Administration Installation Guide:
Restricting DCOM Port Range to Enable DRA Communications Through a Firewall
To enable DRA communications through the Windows firewall, you must open a range of ports on the DCOM server and add a list of exceptions to the Windows firewall configuration.
To configure the DCOM restriction on the DCOM server:
To configure the Windows firewalls exceptions:
Configuring Service Logs
When you install DRA, the default configuration is for DRA to retain 10 versions of the following service log files before overwriting them:
When the tenth version of a log file reaches its maximum size, DRA opens the first file and overwrites it with new log details. If you want to change the number of log files DRA retains, change the value of FileBackupsPerStartup in the registry to the number of files you want DRA to retain. Each service contains this registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Administration\Logging, so you can configure each service log separately.
Diagnostic Utility Requires Run as Administrator On Windows Server 2008
When you use the DRA Diagnostic Utility on Windows Server 2008 servers, start the program using the Run as option and specify Administrator.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and user groups.
NetIQ Directory Resource Administrator and Exchange Administrator are protected by United States Patent No: 6,792,462.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 2010 NetIQ Corporation. All Rights Reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
ActiveAgent, ActiveAnalytics, ActiveAudit, ActiveReporting, ADcheck, Aegis, AppAnalyzer, AppManager, the cube logo design, Change Administrator, Change Guardian, Compliance Suite, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowing is Everything, Knowledge Scripts, Mission Critical Software for E-Business, MP3check, NetConnect, NetIQ, the NetIQ logo, the NetIQ Partner Network design, Patch Manager, PSAudit, PSDetect, PSPasswordManager, PSSecure, Risk and Compliance Center, Secure Configuration Manager, Security Administration Suite, Security Analyzer, Security Manager, Server Consolidator, VigilEnt, Vivinet, Vulnerability Manager, Work Smarter, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.