How do I configure an ActiveView to allow Assistant Admins to modify group memberships only? (NETIQKB9512)

  • Document ID:7709512
  • Creation Date:02-Feb-2007
  • Modified Date:19-Jun-2007
    • Micro Focus Products:
      Directory and Resource Administrator

Resolution

goal
How do I configure an ActiveView to allow Assistant Admins to modify group memberships only?

fact
Directory and Resource Administrator 6.x

fix

In order to allow an Assistant Admin to only modify group membership, the ActiveView must be created on the primary Directory and Resource Administrator (DRA) server, as follows:

ActiveView Creation

  1. Launch 'Directory and Resource Administrator MMC' interface, logged in as a "Built-in Admin".
  2. Expand 'ActiveView management'.
  3. Highlight ActiveViews and click New.
  4. Type a name for the ActiveView and click Finish.
  5. Select Include Group, in the "Add objects" dialog box,  and click Next.
  6. Highlight in specific domain, select the domain, and click Next.
  7. Highlight Name Matching [wildname], click Wildname and type: xyz*, click Next.
  8. Select Users and Groups, click Next.
  9. Click Next.
  10. In the 'Add any exceptions' screen leave all options unchecked and click Next.
  11. Click Finish.
  12. Select Add more objects in the "What would you like to do next?" dialog box.
  13. Select Include User, in the "Add objects" dialog box,  and click Next.
  14. Highlight in any domain and click Next.
  15. Select All users and click Next.
  16. Click Next and Finish.
  17. Select Assign Assistant Admins, in the "What would you like to do next?" dialog box.
  18. Select Add users.
  19. Select the user account from the list and click Add.
  20. Click OK | Next.
  21. Select Add Powers.
  22. Expand 'Modify Group Membership under Groups'. 
  23. Select the Add a Member - Modify Group Memberships and the Remove a Member - Modify Group Memberships powers and click Add.
  24. Click Next | Finish.

The above ActiveView configuration will allow the Assistant Admin to modify the group membership of all groups with names matching the wildname specified in Step 7 and in domain specified in Step 6.  The Assistant Admin will be able to add any user account in the manage and\or trusted domains to these groups.



Additional Information

Formerly known as NETIQKB9512