Why can I not add a new domain to the Repository in Group Policy Administrator after configuring a u (NETIQKB12981)

goal
Why can I not add a new domain to the Repository in Group Policy Administrator after configuring a user in the Remote User Settings?

goal
What permissions do I need to add a new domain to the Group Policy Administrator (GPA) repository?

goal
How do I add Create New Domain permissions to the remote user account?

fact
NetIQ Group Policy Administrator 3.0

fact
NetIQ Group Policy Administrator 4.x

fact
NetIQ Group Policy Administrator 5.0

symptom
Cannot add a domain to the repository.

cause
The specified remote user account does not have sufficient permissions. 

fix

By default, the remote user account is only given Manage GPR Security permissions. To add a new domain to the Group Policy Administrator (GPA) repository, the remote user account specified from a non-trusted domain must have Create New Domain permissions.

To add Create New Domain permissions to the remote user account, complete the following steps:

1. Log in to the NetIQ GPA Console with an account that has Full control  of the Repository.
2. Right-click the GPA Repository node and select Connect to Database.
3. Select the SQL server name where the repository database resides.
4. Select the desired authentication and click OK.
5. Select the Repository Server [repository server_name]node.
6. Select Manage GPR Security from the task bar (the icon is similar to a lock).
7. Right-click the Repository Server [repository server_name]and select Properties.
8. Select the GPR Security tab.
9. Select the user account or SID referencing the user account from the non-trusted domain.
10. Select the Create New Domain checkbox in the Allow column of the Permission section at the bottom of the dialog box.
11. Click Apply and OK. 

 

Formerly known as NETIQKB12981