Objects created on the primary DRA server not displayed on the secondary DRA servers. (NETIQKB3988)

  • Document ID:7703988
  • Creation Date:02-Feb-2007
  • Modified Date:10-Jan-2013
    • Micro Focus Products:
      Directory and Resource Administrator

Environment


NetIQ Directory and Resource Administrator 8.x
Microsoft Active Directory
Microsoft Windows Domain Controller

Situation

In a multi-DRA Sever Evniornment (also know as a Multi-Master Set); each DRA server can make changes to Acitve Directory Objects directly. If changes to AD objects are made on one DRA server, they may not imeddiatley be seen on the other DRA server.

Resolution

Wait for either a Full Accounts Cache Refresh or Incriminal Accounts Cache Refresh to complete on each DRA server for the specfic managed Domain.
 
The Accounts cache scheduale is set from the Delegation & Configuration Console, using the properties of the managed domain. DRA AA will need at least the DRA Configuration power in order to modify these properties.
 
Two things need to occur before all the secondary DRA servers will be aware of the changes:
  1. Active Directory replication must complete so that all the domain controllers are updated. This ensures that the local domain controller the secondary DRA server is connected to reflects the changes made on the other domain controllers.
  2. The secondary servers need to perform an Incremental Accounts Cache refresh (only in the case where a new object is created or if a cache property is changed).

For example:

Changes made to a non cached property -

If an Administrator updates a 'non cached property' field of a user account such as the Comments field on the primary DRA server, the change is written to a local domain controller.  Once Active Directory replication has completed the Administrator will be able to view the updated description while connected to any secondary DRA server.

Changes made to a cached property -

If an Administrator updates a 'cached property' field of a user account such as the Name field on the primary DRA server, the change is written to a local domain controller as well as to the cache on the primary DRA server.  The secondary DRA server will reflect any changes made to a cached property after Active Directory replicated has been completed and an Incremental Accounts Cache Refresh runs.



fix

 For more information on properties cached by DRA, please refer to the DRA Software Development Kit.

 



Cause

The Directory and Resource Administrator (DRA) server stores and maintains some information in memory for performance purpose; this is called the Cache. If an Administrator updates a non cached property of an existing object, the changes are written directly to Active Directory. Each DRA server in the Multi-Master Set binds to the a specfic domain controller for each managed domain. The DRA server then obtains the property of the object from this domain controller. Since the property is not cached by DRA the information is being read directly from the local domain controller that the secondary server is connected to.  If Active Directory replication has not completed the domain controller may not be aware of the change.
 
Each DRA Server will update its Domain Cache of AD objects on a specfic scheduale.
 
 

Additional Information

Formerly known as NETIQKB3988
 
For more details on the Accounts Cache Refresh see the DRA and ExA Admin Guide.