1.2 Understanding Directory and Administrator Components

The DRA Administration server stores configuration data (environmental, delegated access, and policy), executes operator and automation tasks, and audits system wide activity. While supporting several console and API level clients, the server is designed to provide high availability for both redundancy and geographic isolation through a Multi-Master Set (MMS) scale-out model. In this model, every DRA environment will require one primary DRA Administration server that will synchronize with a number of additional secondary DRA Administration servers.

We strongly recommend that you do not install Administration servers on Active Directory domain controllers. For each domain that DRA manages, ensure there is at least one domain controller in the same site as the Administration server. By default, the Administration server accesses the closest domain controller for all read and write operations; when performing site-specific tasks, such as password resets, you can specify a site specific domain controller to process the operation. As a best practice, consider dedicating a secondary Administration server for your reporting, batch processing, and automated workloads.

The Account and Resource Management Console is an installable user interface for DRA Assistant Administrators to view and manage delegated objects of connected domains and services.

The Web Console is a web-based user interface that provides quick and easy access to DRA Assistant Administrators to view and manage delegated objects of connected domains and services.

Administrators can customize the look and use of the Web Console to include customized enterprise branding and customized object properties, as well as configure integration with Change Guardian servers to enable change auditing that occurs outside of DRA.

The DRA Administrator can also create and modify automated workflow forms to run routine automated tasks when triggered.

Unified Change History is another feature of the Web Console that enables integration with Change History servers to audit changes made to AD objects outside of DRA. Change History report options include the following:

DRA Reporting provides built-in, customizable templates for DRA management and details of DRA managed domains and systems:

DRA reports can be scheduled and published through SQL Server Reporting Services for convenient distribution to stakeholders.

DRA integrates with the Workflow Engine to automate workflow tasks via the Web Console where Assistant Administrators can configure the Workflow Server and execute customized workflow automation forms, and then view the status of those workflows. For more information about the Workflow Engine, see Workflow Automation documentation on the DRA Documentation site.