Resolution
fact
Directory and Resource Administrator 6.40
symptom
Error: 'Assistant Admin does not have enough power to run computer create operations'.
symptom
Admin Assistants cannot create a computer account in a Windows NT 4 domain if the ActiveView exception 'Do not allow computer to be added to group or moved to OU' is enabled.
cause
In a Windows NT 4 domain, DRA should ignore the ActiveView exception 'Do not allow computer to be added to group or moved to OU', because there are only domains in a Windows NT 4 domain, and computers cannot be a part of any OU. In 6.4, DRA does not ignore the rule and generates an error when the exception is enabled.
fix
Directory and Resource Administrator 6.40
symptom
Error: 'Assistant Admin does not have enough power to run computer create operations'.
symptom
Admin Assistants cannot create a computer account in a Windows NT 4 domain if the ActiveView exception 'Do not allow computer to be added to group or moved to OU' is enabled.
cause
In a Windows NT 4 domain, DRA should ignore the ActiveView exception 'Do not allow computer to be added to group or moved to OU', because there are only domains in a Windows NT 4 domain, and computers cannot be a part of any OU. In 6.4, DRA does not ignore the rule and generates an error when the exception is enabled.
fix
As a workaround, do not select the Do not allow computer to be added to group or moved to OU exception. There is no reason to turn this exception on when managing a NT4 domain. Upgrade to DRA version 6.5 or later. These versions ignore this exception for managed NT4 domains.
Additional Information
Formerly known as NETIQKB11022