Custom scripts used with DRA return incorrect data and an error indicating that the Assistant Admin (NETIQKB2893)

  • 7702893
  • 02-Feb-2007
  • 19-Jun-2007


Directory and Resource Administrator 6.40

Custom scripts used with DRA return incorrect data and an error indicating that the Assistant Admin does not have enough powers to run the operation.


These symptoms are seen if the DRA security model configuration includes the following parameters:

  • A restriction prevents objects from being added to groups or moved to OUs in one or more ActiveViews.
  • A custom policy, user interface, automation trigger, or application script has been implemented that reads specific properties of the restricted objects. For example, a script that customizes a Web Console task may use the GetInfoEx method to return the logon name of all user accounts in a restricted group.

This issue is caused by the security provider attempting to validate an ActiveView rule by source instead of by source or target.  A rule defined by an exception is a target rule and DRA does not try to match the target rules. 


Hotfix 2893 for DRA 6.4 resolves this issue. To install this hotfix:

  1. Ensure Directory and Resource Administrator 6.4 is installed on the Administration server computer.
  2. Run the DRA64000_Hotfix2893.exe file on the Administration server computer.

This hotfix modifies the EaSec.dll file on the Administration server computer. By default, this file is located in the NetIQ\DRA folder of the Program Files folder.

Click on the following link to download Hotfix 2893:

Additional Information

Formerly known as NETIQKB2893