Directory and Resource Administrator and Exchange Administrator
Version 8.6 Service Pack 2
Date Published: February 2012
This service pack for the Directory and Resource Administrator product improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Directory and Resource Administrator forum on Qmunity, our community Web site that also includes product notifications, blogs, and product user groups.
This document outlines why you should install this service pack, provides information about installing the service pack, and identifies known issues.
For more information about this release and for the latest Release Notes, see the Directory and Resource Administrator and Exchange Administrator Documentation web site.
Why Install This Service Pack?
Directory and Resource Administrator (DRA) and Exchange Administrator (ExA) provide highly secure and automated administration of Microsoft Windows Server and Microsoft Exchange Server environments. Through improved scalability, advanced delegation, and powerful policy-based management capabilities, DRA and ExA increase Active Directory security, dramatically reduce administrative efforts and costs while increasing efficiency, and protect the integrity of data in your Microsoft Windows Active Directory and Microsoft Exchange directory. The following sections outline the key features and functions provided by this version, as well as issues resolved in this release. This release also includes all the features and fixes from DRA and ExA 8.6 SP1. For more information, see Previous Releases.
Additional Resource Types Available to Manage in Web Console
Using the Web console, you can now perform DRA operations on the following resource types:
For each of these resource types, you can perform management and configuration tasks, such as creating a resource or viewing resource properties.
Tree Element Added to Web Console Allows Selecting AD Containers
When searching for or creating items in a container, you can now select the container from a tree in the Web console instead of typing it in a text box. When you select a folder in the tree, the Web console sets the folder container as the default target for the operation. For example, when creating new user accounts, you can select the target OU in the tree to designate where DRA should create the user account.
Improved Reporting Performance and Additional Language Support
DRA Reporting now contains the following improvements:
Ability to Search Using LDAP Query in Web Console
When searching for items to display in the task pages, you can now select the option to specify an LDAP query from the Name list. The results of the query are listed in the Web console. You can run saved queries or select the Custom option to specify an ad hoc query. Search results are filtered by the selected container in the navigation tree.
Ability to Manage Group Membership Security in Web Console
Using the new Membership security link, you can now delegate group membership management to members of the domain.
To delegate group membership management in the Web console:
Ability to Specify Different Exchange Access Accounts on Secondary Administration Servers
When you specify Exchange 2010 management in Exchange Administrator, the Exchange access tab on the Domain Properties window allows you to specify whether to use the domain access account or another access account for all Exchange servers in your environment. DRA now allows you to specify the Exchange access account from secondary Administration servers in the Multi-Master Set (MMS). Before installing this service pack, you could enter the Exchange access account only on the primary Administration server in the MMS.
Removal of NetBIOS Requirement for DRA and AD Collectors
After applying this service pack, you can disable the NetBIOS over TCP/IP protocol on all Administration servers. The setup program requires NetBIOS to be enabled. After installation, all DRA functions are supported without this feature enabled.
To disable NetBIOS over TCP/IP:
Updated Documentation Available
This service pack contains an updated Administration Installation Guide.
Resolves an Issue With the Manage My Account Power
This service pack resolves an issue where the Manage My Account power does not allow the owner of the account to update the phone numbers or some address fields. (ENG309426)
Resolves an Issue With Web Console Display When Computer Browser Service is Disabled
This service pack resolves an issue where some computers appear available and other computers appear unavailable in the Web console when the computer browser service is disabled. (ENG313040)
Resolves an Issue With Displaying Mailbox Status
This service pack resolves an issue where a user's mailbox status is not displayed when the mailbox has been moved from a mailbox store that has since been deleted. (ENG313686)
Resolves an Issue With the NetIQ DRA Core Service
This service pack resolves an issue where the NetIQ DRA Core service fails to start if the Windows event logs are full. (ENG309261)
Resolves an Issue With Deleting Groups
This service pack resolves an issue with deleting groups where DRA displays an error that the object already exists. (ENG305456)
Resolves an Issue With Memory Consumption in the Account and Resource Management Console
This service pack resolves an issue where searching for all objects results in increased memory consumption in the Account and Resource Management console. The console does not release the memory when the search is complete. (ENG313272)
Resolves Issues With the AD Collector
This service pack resolves the following issues with the Active Directory Collector:
Resolves Issues With DRA Management Reports
This service pack resolves the following issues with DRA Management reports:
Resolves Issues With DRA Activity Reports
This service pack resolves the following issues with DRA activity reports:
Resolves an Issue With the Save As Window Display
This service pack resolves an issue where the Save As confirmation window is partially off the screen when saving configuration changes for the Account and Resource Management console to the .arm file. (ENG310306)
Resolves an Issue With Temporary Group Assignments
This service pack resolves an issue where DRA displays an error message if a temporary group membership is recalculated while DRA is performing a cache refresh. (ENG307991)
Resolves an Issue With Web Console Initialization
This service pack resolves an issue where the Web console is unable to initialize when the locale is set to a language where commas and decimals are the reverse of English. (ENG306194)
Resolves an Issue With Updating ActiveView Descriptions Using the EA Command
This service pack resolves an issue where the ActiveView description field is not updated properly when creating objects using the EA command. (ENG313718)
Resolves an Issue With Memory Consumption on the Administration Server
This service pack resolves an issue where running scripts causes the memory consumption of the Administration server to grow continuously. (ENG312876)
Resolves Issues With Cloning Users
This service pack resolves the following issues with cloning users:
Resolves an Issue With Cloning Contacts
This service pack resolves an issue where DRA copies the legacyExchangeDN of the source contact to the new contact when cloning a contact, which causes a Microsoft Exchange error. (ENG312305)
Resolves an Issue With Windows Terminal Service Path Names
This service pack resolves an issue where DRA does not save a new Windows Terminal Service (WTS) property path for user accounts. (ENG317373)
Resolves an Issue With Restoring Groups
This service pack resolves an issue where DRA cannot locate the original path for the group being restored from the NetIQ Recycle Bin and cannot restore the group to its original location. (ENG315620)
Resolves an Issue With User Interface Extensions
This service pack resolves an issue where a default value for an item on a user interface extension page is not displayed. (ENG310529)
Resolves an Issue With Creating Shares
This service pack resolves an issue where DRA uses the path name for the share name when creating a share. (ENG310619)
Resolves an Issue With Performing Exchange Operations
This service pack resolves an issue where Exchange Administrator could not complete retrieving user mailbox rights or policy lists from Microsoft Exchange Server. (ENG315005)
Resolves an Issue With Saving Changes to Terminal Service Settings
This service pack resolves an issue where DRA does not save changes to Terminal Service settings. (ENG317182)
Resolves an Issue With Last Logon Statistics
This service pack resolves an issue where DRA displays incorrect information for last logon statistics when a DRA administrator views the statistics from a secondary Administration server. (ENG304075)
Resolves an Issue With Delegation Rights in the Web Console
This service pack resolves an issue where users appear to have powers in the Web console that are not delegated to them. (ENG314564)
Installing This Service Pack
To benefit from the new features and fixes provided in this version, install it on each Administration server computer and on each computer where you installed an Account and Resource Management console or Delegation and Configuration console. This service pack contains all the features and fixes included in DRA and ExA 8.6 SP1.
You must have DRA and ExA 8.6 or 8.6 SP1 already installed.
To install this version:
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Exchange Tasks Not Available When Managed Domain Added to DRA
When a new domain is added to an existing DRA environment that is already configured for Exchange administration, Exchange Administrator does not display Exchange tasks for objects in the new domain because the Exchange provider is not aware of the newly added domain. (ENG305226)
To see Exchange tasks for objects in newly added domains, restart the Administration server computer or follow these steps:
DRA Displays Error Message When Checking Exchange Server 2003 Credentials
When the Administration server encounters any problem in checking service account credentials for Exchange Server 2003, DRA displays the following error message:
DRA may not have access to hidden groups in domains supporting Exchange 2003 or later. If accountName is not a member of the group, unexpected results can occur. If you use group memberships to delegate administration of this domain, ensure your access account is a member of the Exchange Domain Servers or Account Operators group.
This error message may be inaccurate. (ENG304359)
DRA May Not Create Home Directories Correctly for User Accounts Created Using the CLI
When you create a user account using the CLI, the home directory may not be created. (ENG307267)
If you encounter this problem, use the Delegation and Configuration console to create a new user account with a home directory.
Exchange Option Unavailable when Assistant Admin has Appropriate Powers
On the Delivery restrictions tab for mailboxes, distribution lists, and contacts, the option Require that all senders are authenticated is disabled even when the Assistant Admin has the appropriate powers to modify this option. (ENG317291)
To work around this issue:
This service pack also includes enhancements and fixes added in DRA and ExA 8.6 SP 1.
New Options for Collecting Last Logon Statistics and Removal of DRA Agent
You can now choose whether to use the lastLogonTimestamp attribute on your domain controllers (updated every 14 days) or have DRA collect the lastLogon attribute for each user account in your managed domains (collected according to your schedule). DRA no longer uses an agent to gather last logon statistics.
When you install this service pack, DRA unregisters and uninstalls the DRA Agent from your domain controllers when the NetIQ Administration service restarts.
To configure collection of last logon statistics:
Additional Options for Setting Home Directory Policies
The Home Share/Directory Policies window has been updated to allow you to specify creating and moving home directories for existing users. Additional text has been added to the window to better explain the available options.
To configure home directory policies:
Support for NetIQ Reporting Center 1.5
This version includes NetIQ Reporting Center (NRC) 1.5, which includes the following features:
Support for Additional Microsoft Exchange Server Features
This version provides additional support for the following Exchange Server features not previously managed by DRA:
New License Update Option and Exchange Administrator License Changes
You can now add licenses to the Administration server from a task on the Configuration Management task pad. You must start the Delegation and Configuration console from the Administration server and be connected to the same Administration Server to use this feature. If you have enabled user account control (UAC), you must start the Delegation and Configuration console using Run as Administrator to update the license. After you update the license, the NetIQ Administration service (McsAdminSvc) restarts.
ExA licensing is now consistent with the licensing for account management. The ExA licensing is based on the mailbox count and is checked and enforced when a new mailbox is created.
You can now see a mailbox count on the Statistics tab of the Domain Properties window.
New Access Account Setting for Exchange Server 2010 Allows DRA to Manage Exchange Server 2010 Servers in Untrusted Domains
When you specify Exchange 2010 management in Exchange Administrator, the new Exchange access tab on the Domain Properties window allows you to specify whether to use the Domain access account or another access account for all Exchange servers in your environment. This gives you the ability to configure DRA to manage Exchange Server 2010 servers in untrusted domains.
DRA now stores the credentials for the domain access account and the Exchange access account in AD LDS, so that once you specify these accounts on the primary Administration server, the information is available to all secondary Administration servers in the MMS after replication. Before installing this service pack, you had to specify the domain access account on each Administration server in the MMS.
New Platform Support and Prerequisite Change
This version adds support for the following platforms:
DRA no longer requires installation of Exchange Server 2010 management tools on the Administration server computer. DRA now requires only Powershell 2.0 and Windows Remote Management (WinRM) 2.0 to be installed on the Administration server to remotely manage an Exchange Server 2010 server.
Resolves Administration Server Issues
This service pack resolves the following Administration server issues:
Resolves User, Computer, and Group Account Administration Issues
This service pack resolves the following user, computer, and group account administration issues:
Resolves Exchange Administrator Issues
This service pack resolves the following Exchange Administrator issues:
Resolves DRA Reporting Issues
This service pack resolves the following DRA reporting issues:
Resolves Policy and Automation Issues
This service pack resolves the following policy and automation issues:
Resolves Web Console Issues
This service pack resolves the following Web console issues:
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.
NetIQ Directory Resource Administrator and Exchange Administrator are protected by United States Patent No: 6,792,462.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 2012 NetIQ Corporation. All rights reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, VPN-1, Provider-1, and SiteManager-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the USA. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.