What are the new features and benefits in Directory and Resource Administrator 8.5? (NETIQKB71771)

  • 7771771
  • 27-Aug-2009
  • 04-Sep-2009


Directory and Resource Administrator 8.5


What are the new features and benefits in Directory and Resource Administrator 8.5?

What are the new features and functions in Directory and Resource Administrator 8.5?

What are the issues from previous versions corrected in Directory and Resource Administrator 8.5?


This version of the NetIQ Directory and Resource Administrator product (DRA) and the NetIQ Exchange Administrator product (ExA) provide several new features. This version also improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Directory and Resource Administrator forum on Qmunity (https://community.netiq.com), our community Web site that also includes product notifications, blogs, and the DRA user group.

This document outlines why you should install this version and identifies any known issues. We assume you are familiar with previous versions of these products. For more information about installing these products, see the Installation Guide.

For more information about this release and for the latest Release Notes, see the Directory and Resource Administrator Documentation web site at: https://www.netiq.com/support/dra/extended/documentation.asp

Why Install This Version?

Directory and Resource Administrator (DRA) and Exchange Administrator (ExA) provide highly secure and automated administration of Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007. Through improved scalability, advanced delegation, and powerful policy-based management capabilities, DRA and ExA increase Active Directory security, dramatically reduce administrative efforts and costs while increasing efficiency, and protect the integrity of data in your Microsoft Windows Server 2003 Active Directory, Microsoft Windows Server 2008 Active Directory, and Microsoft Exchange directory. The following sections outline the key features and functions provided by this version, as well as issues resolved in this release.

New Logging for Audit Events

DRA logs all user operations in the log archive on the Administration server computer. Information logged includes before and after values of the audited events so that you have a record of exactly what changed in your environment. The log archive service tracks all DRA activity, compresses the data, and stores it on the Administration server in a secure, tamper-resistant repository. The service also categorizes the audit events and summarizes events based on these categories.

Activity Detail Reports

DRA uses the audit events stored in the log archive files to display Activity Detail reports, such as showing what changes have been made to an object during a specified time period. Activity Detail reports are available from the Delegation and Configuration Console and the Account and Resource Management Console.

Management Reports

You have the option of installing NetIQ Reporting Center as a component of DRA. You can configure DRA to export information from the log archive files to a SQL Server database that Reporting Center uses to display Management reports. These reports provide activity, configuration, and summarization information about events in your managed domains. Some reports are available as graphical representations of the data.

Integration with Aegis Adapter for DRA

DRA integrates with the NetIQ Aegis Adapter for DRA. This integration allows Aegis to communicate with DRA and automate manual processes associated with the administration and security of Microsoft Active Directory. The DRA adapter includes a library of workflow activities that Process Authors can use in the Workflow Designer.

Installation on Microsoft Windows Server 2008 and Management of Active Directory 2008

You can install DRA and ExA on servers running Microsoft Windows Server 2008. You can also manage Active Directory 2008 domains.

Removed Support for NetIQ Directory Security Administrator and NetIQ File Security Administrator

NetIQ no longer provides support for Directory Security Administrator or File Security Administrator.

Removed Support for Microsoft Exchange 5.5

NetIQ no longer provides support for using DRA and ExA to manage Microsoft Exchange 5.5 environments.

Resolved an Issue Where DRA Did Not Correctly Set Terminal Server Profile Properties

DRA correctly sets terminal server profile properties. ENG258683

Resolved an Issue Where an Error Occurs After Adding an SMTP Address that Contains the Forward Slash Character (/)

DRA allows an SMTP address that contains the forward slash character (/). ENG256495

Resolved an Issue Where an Error Occurs When Retrieving Mailbox Rights for Exchange 2007 User Accounts if any Trustee Name Contains the Hyphen Character (-)

DRA correctly displays mailbox rights for Exchange 2007 user accounts. ENG266205

Additions to Documentation

DRA No Longer Logs Object Operations in Windows Application Event Log

DRA logs object operations in log archive files, so these same operations are no longer logged in the Windows Application Event Log. If you have other log management processes that rely on these operations being logged in the Windows Application Event Log, you can enable having DRA duplicate these operations in the Windows Application Event Log. For more information, see the Administrator Guide.

Configuring data collectors on secondary Administration servers

When you schedule any of the data collectors on a secondary Administration server, schedule the data collectors to run after the first successful MMS synchronization occurs.

Changing Administration server service account after installation

If you want to specify a different Administration server service account after installation, delegate the Audit All Objects role on the All Objects ActiveView to the new Administration server service account. (DOC273785)

Active Directory Collector Requires Deleted Objects Container Privilege

The access account you specify for the Active Directory Collector must have the Deleted Objects Container privilege. By default, the built-in Administrator account has this privilege. If you have specified a different access account to run the Active Directory Collector, run the DraDelObjsUtil.exe in DRA installation folder to assign this privilege to the access account.


Additional Information

Formerly known as NETIQKB71771

Feedback service temporarily unavailable. For content questions or problems, please contact Support.