Resolution
fact
Directory and Resource Administrator 7.x
symptom
Renaming the Pre-Windows 2000 logon name in the GUI adds the Administrators group to permissions.
symptom
cause
The Administrators group needs to be added to the security descriptor of the home directory while DRA is renaming the directory, but the permission should be removed after the directory is renamed. Removing the Administrators group is failing.
fix
NetIQ has recognized this as an issue and will resolve it in a future release of DRA.
Directory and Resource Administrator 7.x
symptom
Renaming the Pre-Windows 2000 logon name in the GUI adds the Administrators group to permissions.
symptom
Steps to reproduce:
- In the Directory and Resource Administrator (DRA) Delegation and Configuration console (D&C), create a home directory on a home folders share for a user.
- Use Windows Explorer to navigate to the newly created folder. Right-click the folder and select Properties. Click the Security tab and click the Advanced button at the bottom. Notice the permissions only show the user and any inherited permissions (by default this will be "Everyone").
- Right-click the user object in D&C and choose Rename. Be sure to change at least the Pre-Windows 2000 logon name at the bottom of the dialog box and click OK.
- Use Windows Explorer to navigate to the user's folder and notice the name has now changed to reflect the rename operation. Right-click the folder and select Properties. Click the Security tab and click the Advanced button once more. Notice the permissions now include the Local Administrators group.
cause
The Administrators group needs to be added to the security descriptor of the home directory while DRA is renaming the directory, but the permission should be removed after the directory is renamed. Removing the Administrators group is failing.
fix
NetIQ has recognized this as an issue and will resolve it in a future release of DRA.
Additional Information
Formerly known as NETIQKB42013