How do I create a ActiveView to manage all users in an Organizational Unit (OU) and its sub OUs? (NETIQKB22879)

  • Document ID:7722879
  • Creation Date:02-Feb-2007
  • Modified Date:07-May-2018
    • Micro Focus Products:
      Directory and Resource Administrator

Environment

NetIQ Directory and Resource Administrator 8.x
NetIQ Directory and Resource Administrator 9.x

Situation

How do I create a ActiveView to manage all users in an Organizational Unit (OU) and its sub OUs?

How do I manage all users in an Organizational Unit (OU) and its sub OUs with an ActiveView?

Resolution


  1. Launch the DRA Delegation and Configuration Console on the Primary DRA server with an account that has, at minimum, the Built-in Security Role.
  2. Expand Delegation Management.
  3. Select ActiveViews, right click, then select New Active View.
  4. Click Next.
  5. Click Add and select Objects that match a rule.
  6. Select Users.
  7. On the Specify ActiveView Rule page, under Rule Description, select "any OU," then "specific OU".
  8. Select the OU that will be managed by this ActiveView (Child OUs are managed by default) and click OK and OK again.
  9. Click Add.
  10. Select Target containers for create operations...
  11. Select the domain or OU in which user accounts will be managed.
  12. Click Add and OK.
  13. Click Next.
  14. Give the ActiveView a name and click Next.
  15. On the Summary page, make sure the box is checked next to "I want to delegate power over this ActiveView after I finish the wizard.
  16. Click Finish.
  17. Click Next.
  18. Click Add and select either Users, Groups, or Advanced (Assistant Admin Groups).
  19. On the Object Selector page, find the appropriate Users or Groups and select Add and then OK.
  20. Click Next.
  21. On the Roles and Powers page, click Add, then click Roles.
  22. Type Manage User Properties and click Find Now.
  23. Select Manage User Properties, click Add, then click OK.
  24. Click Next.
  25. Click Next again and Finish.

Note: In order for an Assistant Admin to be able to create or delete user accounts in this ActiveView, you should also add the role named "Create and Delete User Accounts" in steps 22 and 23.


Cause

DRA provides a very granular security model. Within this security model it is possible to restrict an active view to control only specific AD object types. Its also possible to restrict the active view to control only certain object types located in a specfic Active Directory Organizational Unit.

Additional Information

The same steps can be applied to different object types, other than user objects. Once complete the AV will apply the roles / power assignments only to objects that match the criteria of the AV rule.