Resolution
goal
How do I ensure that password changes are made locally on a domain controller?
fact
Directory and Resource Administrator 6.x
fix
note
The ability to specify a domain controller during password resets operations has been included starting in Directory and Resource Administrator 7.0.
How do I ensure that password changes are made locally on a domain controller?
fact
Directory and Resource Administrator 6.x
fix
When changes are made using Directory and Resource Administrator (DRA), the changes are written to the domain controller that DRA is connected to. In many cases, this domain controller may not be may be in a different site. After the Active Directory replication occurs the local domain controller will be aware of the changes.
In order for remote domain controllers to know about password changes made using Directory and Resource Administrator the following options are available:
- A secondary Directory and Resource Administrator server can be configured in the remote site. The DRA server in the remote site will communicate with the local domain controller in that site.
- DRA can be configured to always communicate with a domain controller in a remote site. For more information on how to configure DRA to always communicate with a specific domain controller, please refer to the following knowledge base article:
- NETIQKB1885: How do I configure the Directory and Resource Administrator server to write all changes to a specific domain controller?
- Using the Automation feature in DRA, a script can be configured so that all password changes made using DRA, are performed on all domain controllers in the domain. The sample script can be downloaded from the DRA Knowledge Depot (requires username and password) under the Trigger and Policy scripts section.
- Using the Automation feature in DRA, a script can be configured so that all password changes made using DRA, are performed on the domain controllers specified in the Comment field. A sample script can be downloaded from the DRA Knowledge Depot (requires username and password) under the Trigger and Policy scripts section.
note
The ability to specify a domain controller during password resets operations has been included starting in Directory and Resource Administrator 7.0.
Additional Information
Formerly known as NETIQKB14164