Resolution
Directory and Resource Administrator 7.0 SP1
symptom
Error: 'Could not modify security descriptor' when attempting to clone\create a user account with the home directory on a NetApp filer.
symptom
Assistant Admins receive the following error message when they attempt to create or clone a user account with the home directory on a NetApp filer:
Could not modify security descriptor \\servername\C$\Vol\share_name\user_name
The home directory for the new user account is created correctly, but the permissions are not applied correctly and the user does not have any permissions to the home directory.
cause
The above error message is a result of the order in which the API calls are made. The FILE_FLAG_BACKUP_SEMANTICS is not being set before the CreateFile API to get a handle to the directory which was just created.
fix
This issue is addressed in NetIQ Directory and Resource Administrator and Exchange Administrator version 7.0 SP1 Hotfix 39222.
Hotfix 39222 corrects the above described issue when creating home directories on a NetApp storage appliance.
Note: This Hotfix requires DRA version 7.0 SP1.
To download and install this hotfix:
- Run the DRA70001_Hotfix39222.msi file on all servers running the NetIQ Administration Server service.
This hotfix modifies the McsHomeShareTriggers.dll file on your Adminisitration server computers. By default, this file is located in the \Program Files\NetIQ\DRA folder.
For more information, please contact NetIQ Technical Support at www.netiq.com/support.