Cannot change password. (NETIQKB50706)

  • Document ID:7750706
  • Creation Date:02-Feb-2007
  • Modified Date:15-Nov-2011
    • Micro Focus Products:
      Directory and Resource Administrator

Environment

Directory & Resource Administrator 8.x

Secure Password Administrator 1.0

Situation

Error: 'Unable to perform this operation because of company policy.'

Cannot change password.

Resolution

To provide required access credentials:

  1. In the SPA Admin site, select Configure DRA Settings.
  2. Select Use override account.
  3. Specify a DRA admin account.
  4. Click Save changes.

Cause

The SPA service account does not have the required permissions to access DRA. Specifying an SPA service account is equivalent to that user logging in and running the DRA Win32 GUI. The Directory and Resource Administrator (DRA) security model restricts log in and run permissions to the SPA service account as it would any other account. The DRA server checks the credentials against its security model and only those powers that have been granted to those credentials are allowed.

The only combinations that allow access are:

  • Use service account is selected and service account is DRA admin
  • Use override account is selected and override account is DRA admin

Additional Information

Formerly known as NETIQKB50706

NetIQ Technical Support recommends you do not make the service account a DRA admin account, but instead select Use override account and specify a DRA admin account to ensure that if someone accesses the SPA service account they will not have DRA admin powers.