Environment
NetIQ Directory & Resource Administrator 8.7.x
NetIQ Directory & Resource Administrator 9.0.x
NetIQ Directory & Resource Administrator 9.0.x
Situation
How can I hide a DRA server from being seen by Assistant Admins?
Is it possible to prevent Admins from connecting to specific DRA servers?
How do I hide a DRA server in the MMS from being connected to by Admins?
Is it possible to prevent Admins from connecting to specific DRA servers?
How do I hide a DRA server in the MMS from being connected to by Admins?
Resolution
While not recommended for long-term purposes, these steps can be used to temporarily "hide" a DRA server (or servers) so that they are not used for connections as part of the MMS.
-
Goto ADUC (show advanced features) and browse to system |DRAserver
-
Right click on the name of the DRA server you wish to hide and go to properties
-
Click Security tab | Advanced Button
-
Uncheck the “Allow inheritable permissions from parent to propagate to this object and all child objects, including these with entries explicitly defined here and then click “Remove” button when prompted
-
Modify the security so that no user can access the SCP
-
Right click on the DRAserver node in ADUC and go to properties
-
Click Security tab | Advanced Button
-
Uncheck the “Allow inheritable permissions from parent to propagate to this object and all child objects, including these with entries explicitly defined here and then click “COPY” button when prompted
-
Click Add and add the DRA service account
-
Highlight the DRA service account and click Advanced
-
Hightlight the DRAservice account and click Edit
-
Change the apply to “This object and all child objects”
-
Set deny permission for Delete/Delete subtree/delete all child objects