Why are native Windows groups or users not available for selection when setting the Apply to action (NETIQKB49806)

  • 7749806
  • 02-Feb-2007
  • 19-Jun-2007


Why are native Windows groups or users not available for selection when setting the "Apply to actions performed by" option to an AA group in a policy?

Directory and Resource Administrator 7.x

When I create a policy to validate a specific property, the object picker shows only Assistant Admin groups, not native Windows groups or users.

Unable to select native Windows groups or users when creating policies.


Directory and Resource Administrator (DRA) recognizes only DRA-created Assistant Admin (AA) logical groups as valid selection choices to add to policies. Although individual user accounts and native Windows groups can be delegated to ActiveViews and listed as AAs, they are not DRA-created AA groups and are therefore not available for selection. The Scope for Policies to "Apply to actions performed by" for all or specific AA groups was not intended to be applied to anything other than AA groups.

When you create an ActiveView in the Delegation Wizard, if you choose a native Windows group rather than an existing AA group, ensure you select the option to save the group as an AA group. Otherwise, the icon for the native group appears in the AAs node, but is not searchable when setting up a policy.

Technical Support has opened an enhancement request to include this functionality in a future version of Directory and Resource Administrator.

Additional Information

Formerly known as NETIQKB49806