What is the NetIQ DRA Agent and how does it work?
Directory and Resource Administrator 6.x
Directory and Resource Administrator 7.x
What is the NetIQ DRA Agent?
The NetIQ DRA Agent installs and then runs as a service on all domain controllers in a managed domain and serves two purposes:
- It ensures that the Directory and Resource Administrator client interfaces, such as the MMC, Web Console and CLI, can locate and connect to the Administration server in a managed domain.
- Each agent service collects logon and logoff statistics from the domain controller it is running on and sends them to the Administration server managing that domain.
Why is the NetIQ DRA Agent required in order to have reliable logon/logoff data?
When a user logs on, any domain controller can process the logon request. The domain controller that processes the logon is where Windows records the account?s last logon date/time. The last logon server is also where Windows stores the last logoff date/time. Neither the last logon nor last logoff data is replicated to the other domain controllers. Therefore, last logon/logoff data is scattered across the domain?s domain controllers. The only way to get accurate last logon/logoff statistics is to consolidate the data from all of the domain controllers. The NetIQ DRA Agent facilitates the consolidation of this data.
How is the NetIQ DRA Agent installed?
DRA Server handles installation of the NetIQ DRA Agent if the checkbox is checked for Automatically install the NetIQ DRA Agents on all domain controllers. For more information on how to enable the installation of the Agents on all domain controllers refer to the following Knowledge Base article:
NETIQKB212 - How is Directory and Resource Administrator configured to automatically install agents on all domain controllers?
Does the NetIQ DRA Agent require a service account?
No, the NetIQ DRA Agentruns under each domain controller?s System account.
How do I update the NetIQ DRA Agent when I get a new release of DRA?
If a new release of DRA Server requires an updated version of the NetIQ DRA Agent, DRA Server will automatically update the domain controllers with the new NetIQ DRA Agent version.
How do I uninstall the NetIQ DRA Agent?
DRA Server?s uninstall procedure will seek out and remove the NetIQ DRA Agentfrom the managed domain?s domain controllers. Also refer to the following Knowledge Base article, which discusses a utility that can be used to manually uninstall the NetIQ DRA Agent:
NETIQKB322 - Is there a utility for troubleshooting the Directory and Resource Administrator agent service?
If the NetIQ DRA Agent is not installed, will DRA Server install and start the NetIQ DRA Agent when DRA Server polls a DC?
If the NetIQ DRA Agent is installed on a DC but not running, will DRA Server start it when DRA Server polls the NetIQ DRA Agent?
How do I configure the NetIQ DRA Agent?
The NetIQ DRA Agent is not configured. The configuration parameters for gathering last logon and logoff data are for DRA Server.
What is the NetIQ DRA Agent's load on the domain controllers?
The NetIQ DRA Agent's server load is nil. In between requests from the DRA Server, the NetIQ DRA Agent?sleeps?. During this stage, Task Manager reports the NetIQ DRA Agent'sCPU utilization to be zero. Likewise, memory consumption is low. When polled by the DRA Server, the NetIQ DRA Agent?wakes up? and scans the domain controller?s database. This process takes only a few seconds. Therefore, the NetIQ DRA Agentintr.
oduces a very small server load for only a few seconds per polling period.
How much network bandwidth does the NetIQ DRA Agent consume?
Refer to the following Knowledge Base article for more information:
NETIQKB6919 - How much network traffic does the NetIQ DRA Agent generate or how much bandwidth does it consume?
Does the connection between DRA Server and the NetIQ DRA Agent remain open between requests for data?
No. After the DRA Server receives the data from the NetIQ DRA Agentthe connection is closed.
Is the NetIQ DRA Agent required for registry replication between DRA servers in a multi-master set?
The NetIQ DRA Agent does not need to be installed for replication of DRA registry entries. The agent plays no part in the synchronization process.
Does the NetIQ DRA Agent transmit sensitive data?
No. As mentioned previously, the NetIQ DRA Agenttransmits only the computer name where the NetIQ Administration Service (DRA Server) is running and last logon/logoff data.
Does DRA install the NetIQ DRA Agent on any of the domain?s member/standalone servers?
DRA does not install the NetIQ DRA Agent on member/standalone servers unless it is being managed. For more information refer to the following Knowledge Base article :
NETIQKB357 - Is the NetIQ DRA Agent service installed on member servers and workstations?
Does the NetIQ DRA Agent play a role in the replication of Active Directory or SAM data between domain controllers?
No. The NetIQ DRA Agent has absolutely nothing to do with replication of Active Directory or SAM data between domain controllers.