How do I exclude a group from management in an ActiveView but not the group's members? (NETIQKB11684)

  • 7711684
  • 02-Feb-2007
  • 19-Jun-2007


How do I exclude a group from management in an ActiveView but not the group's members?

Directory and Resource Administrator 6.x

Directory and Resource Administrator 7.x


To exclude a group from management in an ActiveView so that Assistant Admins are not able to modify its membership:

For DRA 6.x versions:

  1. Launch the DRA MMC interface while logged in as as Assistant Admin with the Built-in Admin role.
  2. Expand the ActiveView management node.
  3. Select ActiveViews and highlight the ActiveView in question.
  4. Click the Add objects button under the Object rules tab.
  5. Select Exclude group and click Next.
  6. Select in specific domain and click the <domain> link in the Rule Description box.
  7. Select the correct managed domain and click OK.
  8. Click Next
  9. Select Specific<group> and click the <group> link in the Rule Description box.
  10. Select the group to be excluded and click OK.
  11. Click Next.
  12. Clear the checkboxes for all member objects except Groups and click Next.
  13. Select the Exclude the group and include its members option and click Next.
  14. Specify a name for the rule and click Finish.

For DRA 7.x versions:

  1. Launch Delegation and Configuration while logged on as a Assistant Admin with a minimum Built-In Security role.
  2. Expand Delegation Management.
  3. Click ActiveView on the left panel.
  4. Double click the ActiveView you wish to alter from the list that appears on the right.
  5. Select Rules and click Add.
  6. Select Objects that Match Rule.
  7. Select Groups.
  8. Click AnyGroup then click Specific Group.
  9. Type the desired group in the text box and click Find Now.
  10. Select the group and click OK.
  11. On the specify ActiveView rule screen right click the group and select Manage Group Member Only.
  12. Click OK.
  13. Click Apply.
  14. Click OK.

For more information, contact NetIQ Technical Support at .

By performing these steps, the group itself will be excluded from the ActiveView but its members will remain as managed objects.  Assistant Admins will not be able to modify the membership of the excluded group.

Additional Information

Formerly known as NETIQKB11684