Assistant Admins are unable to create computer accounts after running the EAmigrate utility. (NETIQKB36984)

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.0

fact
Directory and Resource Administrator 7.0 SP1

symptom
Assistant Admins are unable to create computer accounts after running the EAmigrate utility.

symptom
DRA Assistant Admins receive the error 'MCSStatus::StatusMSG::FormatMessage failed - unable to format message - Error (317) DLL=C:\Program files\netiq\dra\mcsadminmsgenu.dll' when trying to create computer accounts after running the EAMigrate utility.

symptom
Error: 'Exception occurred in AcctProv fetching object 'cn=1234567a' property '$McsDownlevelName' appears in the server logs when trying to create computer accounts.

cause
The EAMigrate utility in Directory and Resource Administrator (DRA) 7.0 and below generates computer rules based on the $McsDownlevelName property instead of the common name (CN) for the computer account.  These computer rules cause exceptions in Accounts Provider when used in conjunction with Computer Create power.  (See ENG135818 for more information on this issue).  The computer rules cannot be read by DRA 7.0 and cannot be generated by DRA 6.x or DRA 7.0 User Interfaces.

fix

This issue has been corrected with the release of Service Pack 1 (SP1) for Directory and Resource Administrator (DRA).  Please download and install the latest version of DRA to resolve this issue. Alternatively, the following workaround may be configured to resolve this problem with version 7.0:

The workaround is to identify all 'bad' rules, delete them, and recreate these computer rules using the DRA 6.x or 7.0 User Interface.  To identify the problem rules, save the security key and send it to NetIQ Technical Support for review.  Development has created a utility to identify 'bad' rules.  (See ENG135818 for more details.)

Formerly known as NETIQKB36984