Reports on user unlock operations are inaccurate. (NETIQKB53086)

  • 7753086
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

fact
Directory and Resource Administrator 7.x

symptom
Reports on user unlock operations are inaccurate.

symptom
DRA records the user unlock operation as a password reset operation in the Application Event Log.

symptom

DRA records user unlock operations  in the Application Event Log either correctly as unlock operations or incorrectly as password reset operations depending on the method used to unlock the user account.  You can unlock user accounts in DRA using five different methods in the Account and Resource Management (ARM) Console:

  1. Click on the user account and on the Tasks menu select Unlock User Account.
  2. Right-click on the user account and on the context menu select Unlock User Account.
  3. Click on the user account and then click the Unlock the account link in the details pane at the bottom of the window. 
  4. Right-click on the user account and on the context menu select Properties, click Account on the Properties window, and then clear the Account is locked out check box.
  5. Right-click on the user account and on the context menu select Reset Password, then select the Unlock this account check box.

Methods 1, 2, and 3 record the unlock operation as an Event ID 16156 in the Application Event Log.  This event has the "Action" field set to "SetPassword" and the "Operand" set to the name of the DRA server. This is incorrect.

Methods 3 and 4 record the operation as an Event ID 16020 in the Application Event Log.  This event has the "Action" field set to "SetInfo" and the "Operand" set to "Is AccountLocked." This is correct.



symptom
The DRA Reporting Tool cannot accurately report on user unlock operations.

cause
The ARM Console is not consistent in how it records user unlock operations in the Application Event Log.

fix
At this time no fix is available for this issue.  A request has been made to Development and it has been decided to correct this problem in the next product release of DRA.  Contact NetIQ Technical Support for further information.

Additional Information

Formerly known as NETIQKB53086