How do I create an ActiveView to manage 'User Properties and Group Membership' in a particular Organ (NETIQKB38840)

  • 7738840
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
How do I create an ActiveView to manage 'User Properties and Group Membership' in a particular Organizational Unit (OU), but also allow the Assistant Admin (AA) to add members to the groups that are outside of the OU?

fact
Directory and Resource Administrator 7.0

fact
Directory and Resource Administrator 7.0 SP1

fact
Directory and Resource Administrator 7.5

fix

Launch the Delegation and Configurationconsole while logged on as an Assistant Admin with DRA Administration role.

Example

  1. Expand Delegation Management
  2. Highlight ActiveViews and click New ActiveView
  3. Click Next.
  4. Click Add and select Select Target containers for create operations?
  5. Expand your Enterprise Schema to locate the specific OU you wish to apply the ActiveView to.
  6. Click Add.
  7. Click OK.
  8.  Right-click the OU and select Modify Rule?
  9. Under Include, click on the but do not allow these objects to be cloned, moved, or added to groups link.
  10. Select Do not restrict usage of these objects.
  11. Click the remaining link under Include and select Manage Specific Objects Types in OU?
  12. Check the boxes for Users and Groups and click OK.
  13. Click Add and select Objects that match a rule?
  14. Under Accounts, select Users.
  15. Click OK.
  16. Right-click User Rule and select Restrict Usage and then select Only allow these objects to be cloned, moved, or added to groups.
  17.  Click Next.
  18. Type in a name for the ActiveView and click Next.
  19. Ensure that the I want to delegate power over this ActiveView after I finish this wizard option is checked.
  20. Click Finish. (Note:  You will receive a Warning message that states: 'In large environments, the User Rule rule may slow down the performance of the Administration server. For more information about rules that provide optimal performance, see the Help.' This Warning results because one aspect of the ActiveView encompasses all users and is normal.)
  21. Click Next and Add.
  22. Select Users...
  23. Type in the name of the user account (Assistant Admin) that you want to delegate powers to and click Find Now.
  24.  Highlight the user and click Add and OK. 
  25. Click NextPAN style="FONT-WEIGHT: normal; FONT-FAMILY: Tahoma; mso-bidi-font-weight: bold">.
  26. Click Add and select Roles...
  27. Type in the Manage User Properties role and click Find Now.
  28. Next, type in the Manage Group Memberships role and click Find Now.
  29. Highlight Manage Group Memberships and click Add.
  30. Click Next.
  31.  Click Nextagain to review the summary and click Finish.

The above is an example of how to create an ActiveView and an Assistant Admin, and how to associate the Assistant Admin with the ActiveView.

.


Additional Information

Formerly known as NETIQKB38840