How can I hide a DRA server from being seen by Assistant Admins?

  • Document ID:7018823
  • Creation Date:21-Apr-2017
  • Modified Date:25-Apr-2017
    • Micro Focus Products:
      Directory and Resource Administrator

Environment

NetIQ Directory & Resource Administrator 8.7.x
NetIQ Directory & Resource Administrator 9.0.x

Situation

How can I hide a DRA server from being seen by Assistant Admins?
Is it possible to prevent Admins from connecting to specific DRA servers?
How do I hide a DRA server in the MMS from being connected to by Admins?

Resolution

While not recommended for long-term purposes, these steps can be used to temporarily "hide" a DRA server (or servers) so that they are not used for connections as part of the MMS.
 
  1. Goto ADUC (show advanced features) and browse to system |DRAserver
  2. Right click on the name of the DRA server you wish to hide and go to properties
  3. Click Security tab | Advanced Button
  4. Uncheck the “Allow inheritable permissions from parent to propagate to this object and all child objects, including these with entries explicitly defined here and then click “Remove” button when prompted
  5. Modify the security so that no user can access the SCP
  6. Right click on the DRAserver node in ADUC and go to properties
  7. Click Security tab | Advanced Button
  8. Uncheck the “Allow inheritable permissions from parent to propagate to this object and all child objects, including these with entries explicitly defined here and then click “COPY” button when prompted
  9. Click Add and add the DRA service account
  10. Highlight the DRA service account and click Advanced
  11. Hightlight the DRAservice account and click Edit
  12. Change the apply to “This object and all child objects”
  13. Set deny permission for Delete/Delete subtree/delete all child objects