How do I create an ActiveView for user management? (NETIQKB35152)

  • 7735152
  • 02-Feb-2007
  • 10-Nov-2011

Environment

Directory & Resource Administrator 8.x

Situation

How do I create an ActiveView for user administration?

How do I configure an Assistant Admin to be able to create a user account in an ActiveView for user management?

Resolution

The following process describes the following:

  • How to create an ActiveView for User Management.
  • How to create an Assistant Admin.
  • How to associate the Assistant Admin with the ActiveView.

STEP ONE

  1. Start the Delegation and Configuration console while logged on as an Assistant Admin with the DRA Administration role.
  2. Expand Delegation Management.
  3. Highlight ActiveViews and click New ActiveView.
  4. Click Next.
  5. Click Add and select Objects that match a rule... .
  6. In the Accounts section, click the Users link.
  7. Click the any domain link.
  8. Select Specific Domain.... .
  9. Select the domain and click OK.
  10. Click OK and Next.
  11. Type in a name for the ActiveView and click Next.
  12. Ensure that the I want to delegate power over this ActiveView after I finish this wizard option is checked.
  13. Click Finish.
  14. Click Next and Add.
  15. Select Users... and search for the user account that you want to delegate powers to.
  16. Click Add and OK.
  17. Click Next, Add and select Roles...
  18. Select the User Administration role and click Add.
  19. Click OK and Next.
  20. Click Next again, review the summary, and click Finish.

STEP TWO

In order for an Assistant Admin to be able to create a user account in this ActiveView, you must define a Target Container.

  1. Define a Target Container.

    1. Select the ActiveView you created for user management in STEP ONE.
    2. Click the Add Managed Objects tab along the top toolbar.
    3. Click Add and select Target containers for create operations...
    4. Select the OU where you want the delegated Assistant Admin to be able to create user accounts.
    5. Click Add and OK.
    6. Click OK again.


Cause

DRA uses active views to control who can do specfic actions, where those actions can be done within AD, and what those specfic actions are. DRA Administrators can create Active Views on the Primary DRA Server.

Additional Information

Formerly known as NETIQKB35152

ActiveViews can only be created on the Primary DRA Server. Once an MMS Sync has occured, the ActiveViews will replicate FROM the Primary DRA Server TO all of the Secondary DRA Servers.