Directory and Resource Administrator 6.60
Directory and Resource Administrator 7.x
Changes made to objects in a managed Organizational Unit using Native Tools are not reflected, even after an Accounts Cache Refresh.
Incremental Accounts Cache Refresh does not detect any changes made using Native Tools after enabling Departmental Support.
The following event is written to the Application log on the Directory and Resource Administrator server:
Event Type: Error
Event Source: MCSAdminSvc
Event Category: AcctProvDomain
Event ID: 14081
Domain fully_qualified_domain_name(domain_name) (Subset-Managed,AD) (Customer-requested incremental accounts cache refresh) began at 2003-03-14 15:36:44 and ended at 2003-03-14 15:36:45, contents unsuccessfully loaded, hr=c0043708=(The Administration server service account or domain override account does not have permission to access deleted objects in the Active Directory for this domain. Use the Deleted Objects Utility to ensure this account has the appropriate permissions. The Administration server will continue to attempt an incremental accounts cache refresh) The Administration server did not successfully update the accounts cache. The cache may not contain all recent changes.
When using the Departmental Support feature in Directory and Resource Administrator to manage a specific OU the Incremental Accounts Cache Refresh is disabled if the domain access account does not have read permissions on the Deleted Objects container in the domain.
To resolve this issue, the domain access account must be granted at a minimum read permissions to the Deleted Objects container to enable the Incremental Accounts Cache Refresh. Directory and Resource Administrator includes a utility called Deleted Objects Utility, which can be used to verify and grant access to the Deleted Objects container.
In order to grant the domain access account read permissions to the Deleted Objects container using the Deleted Objects Utility, please perform the following steps:
1. Launch Command Prompt on the Directory and Resource Administrator server, logged in as a user with Administrator permissions in the domain where the Deleted Objects container is located.
2. Connect to the Program Files\NetIQ\DRA folder on your Administration server.
3. Type the following syntax:
DRADELOBJSUTIL /DOMAIN:domain_name /DELEGATE:domain_name\domain_access_account
4. Press Enter
By default, you can run the Deleted Objects Utility from the Program Files\NetIQ\DRA folder on your Administration server. You can install and run the Deleted Objects Utility on a computer that is not an Administration server. To install this utility, choose custom installation in the setup program. For more information about performing a custom installation, see the Installation Guide.
For more information on the Deleted Objects Utility, please refer to the following Knowledge Base article:
What is the purpose of the DRADelObjsUtil.exe (Deleted Objects Utility)?