Cloning a disabled user account results in the target account being disabled. (NETIQKB39240)

fact
Directory and Resource Administrator 7.0

fact
Directory and Resource Administrator 7.0 SP1

symptom
Cloning a disabled user account results in the target account being disabled.

symptom
When an Assistant Admin, who is delegated the 'Clone User and Modify All Properties' power, clones a disabled user account, the new account that is created is automatically set to disabled.  During the cloning process the 'Account disabled' flag is not checked and thus cannot be unchecked.

symptom
The 'Account disabled' flag is not checked when cloning a user account, however the newly cloned account is disabled

fix

This is corrected in DRA 7.5 and later. To resolve this issue, upgrade to the latest version of DRA.

The following workaround can be implemented to prevent the Account disabled flag property from being cloned when a user account is cloned:

1. Launch Regedit.
   
2. Highlight the Accounts key under the HKEY_Local_Machine\Software\Mission Critical Software\OnePoint\Administration\Data\Modules hive.
   
3. From the Edit menu select New | Key.
   
4. Enter CloneExceptions for the key name.
    
5. Select the CloneExceptions key and from the Edit menu select New | String Value (String Value or REG_SZ) option .
   
6. Enter UserAccountControl in the Name field and in the Data field.
   
7. From the Edit menu select New | String Value (String Value or REG_SZ) option .
   
8. Enter AccountDisabled in the Name field and in the Data field.
   
9. Stop and the restart the NetIQ Administration Server service.

After the Directory and Resource Administrator server service is restarted, the AccountDisabled flag will not be cloned when a user account is cloned.

Formerly known as NETIQKB39240