How do I specify which properties to exclude during clone operations? (NETIQKB3604)

  • 7703604
  • 02-Feb-2007
  • 19-Jun-2007


How do I specify which properties to exclude during clone operations?

What is a clone exception?

How do I clone a user account without including certain attribute fields?

Directory and Resource Administrator 6.50

Directory and Resource Administrator 6.60

Directory and Resource Administrator 7.x


You can configure Directory and Resource Administrator (DRA) version6.5 and later to exclude certain properties during any clone operation. Normally, when you clone a user account, certain attribute fields are not available during the clone operation and DRA clones these fields from the source object to the new object. However, DRA has the ability to set clone exceptions. Clone exceptions allow you to specify attribute fields such as Description, Notes, or Fax when cloning user objects.

Clone exceptions are string values that you add to the Registry on the primary Administration server.

Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be resolved. Ensure that you backup your Registry prior to making any changes.

To create a clone exception for an attribute field when cloning a user account:

  1. On the primary Administration server, open the Registry Editor.
  2. Expand the HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Administration\Data\Modules hive and select the Accounts key.
  3. On the Edit menu, click New > Key.
  4. Type CloneExceptions for the key name.
  5. Select the CloneExceptions key.
  6. Complete the following steps for each required string value:
    1. On the Edit menu, click New > String Value (String Value or REG_SZ).
    2. In the Name field and in the Data field, type the appropriate string value for the attribute. For example, to exclude the Description attribute field, type Description in both fields.
  7. If you want to exclude more than one attribute field from cloning, repeat Step 6 for each attribute.
  8. Stop and then restart the NetIQ Administration Server (MCS  OnePoint Administration Service) service.

After you restart the NetIQ Administration server service, when cloning a user account DRA will exclude any attribute fields you configured under the Clone Exceptions key.


The DRA 7.x Account and Resource Management (ARM) console passes the properties to the server in a different manner from DRA 6.x versions. In DRA 7.x, you cannot use the CloneExceptions key to exclude any properties that are displayed in the UserClone wizard. However, other properties will still work with the CloneExceptions key. 


Clone exception information is replicated to all other DRA servers in the Multi-Master Set.

Additional Information

Formerly known as NETIQKB3604