How do I exclude a domain controller from the pick list, so Assistant Admins cannot select it when p (NETIQKB33072)

  • 7733072
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
How do I exclude a domain controller from the pick list, so Assistant Admins cannot select it when performing password reset operations?

fact
Directory and Resource Administrator 7.x

fix

When performing certain operations such as Reset PasswordsEnabling\Disabling, or Unlocking a user account using the Directory and Resource Administrator (DRA) client interfaces, Assistant Admins have the option to check the Specify domain controller option.  Checking this option enumerates a list of all domain controllers in an Active Directory domain, allowing the Assistant Admin to select a domain controller on which the change should be made.  In many cases, it is desirable to exclude specific domain controllers from the list that is presented to the Assistant Admin.  In order to exclude a particular domain controller from the picklist so that Assistant Admins are unable to select the domain controller, please perform the following steps:

  1. Launch Regedt32.
  2. Select the ExcludedDCs key under Hkey_Local_Machine|Software|Mission Critical Software|OnePoint|Administration|Modules|Accounts|Domains.Dns|<domain name>.
  3. Select Add value from the Edit menu.
  4. In the Value Name: field, type ExcludedDCs.
  5. In the Data Type: field, select Multi_SZ.
  6. Click OK.
  7. In the String: field, type the NetBIOS names of the domain controllers that should be excluded. Multiple domain controller names must be listed on separate lines.
  8. Click OK.

Once the above steps have been completed perform a Domain Cache refresh.



note
Each domain managed by Directory and Resource Administrator maintains its own list of excluded domain controllers.  You can also specify more than one domain controller to be excluded from the list for each managed domain.

Additional Information

Formerly known as NETIQKB33072