Accounts excluded by specific ActiveViews are enumerated in the All my managed objects account views (NETIQKB15530)

fact
Directory and Resource Administrator 6.50

symptom
Accounts excluded by specific ActiveViews are enumerated in the All my managed objects account views.

cause
The issue is caused by the way Directory and Resource Administrator (DRA) processes multiple ActiveViews, each excluding the same ActiveView's managed objects, for a single Assistant Admin.  When enumerating users for the All my managed objects snap-in node, DRA processes the exculsion rule once for the first ActiveView and then ignores identical exclusion rules in each consecutive ActiveView containing that rule.

fix

Hotfix 15530 improves the handling of exclusions across multiple ActiveViews by the DRA server.

If your security model includes the following configuration, apply this hotfix:

• Excludes the contents of specific ActiveViews to restrict object management. For example, you can configure the Sales and Marketing ActiveViews to exclude objects from the Houston ActiveView.
• Manages objects through the All my managed objects node under My ActiveViews in the MMC interface.

To install this hotfix, run the DRA65000_Hotfix15530.exe  file on the Administration server computer.

This hotfix modifies the EaSec.dll file on the Administration server computer.  The default location for this file is the Program Files\NetIQ\DRA folder.

note
Hotfix 15530 also includes improvements provided in Hotfix 11200.

Formerly known as NETIQKB15530