Environment
Situation
What are the new features and functions in Directory and Resource Administrator 8.5?
What are the issues from previous versions corrected in Directory and Resource Administrator 8.5?
Resolution
This version of the NetIQ Directory and Resource Administrator product (DRA) and the NetIQ Exchange Administrator product (ExA) provide several new features. This version also improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Directory and Resource Administrator forum on Qmunity (https://community.netiq.com), our community Web site that also includes product notifications, blogs, and the DRA user group.
This document outlines why you should install this version and identifies any known issues. We assume you are familiar with previous versions of these products. For more information about installing these products, see the Installation Guide.
For more information about this release and for the latest Release Notes, see the Directory and Resource Administrator Documentation web site at: https://www.netiq.com/support/dra/extended/documentation.asp
Why Install This Version?
Directory and Resource Administrator (DRA) and Exchange Administrator (ExA) provide highly secure and automated administration of Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, and Microsoft Exchange Server 2007. Through improved scalability, advanced delegation, and powerful policy-based management capabilities, DRA and ExA increase Active Directory security, dramatically reduce administrative efforts and costs while increasing efficiency, and protect the integrity of data in your Microsoft Windows Server 2003 Active Directory, Microsoft Windows Server 2008 Active Directory, and Microsoft Exchange directory. The following sections outline the key features and functions provided by this version, as well as issues resolved in this release.
New Logging for Audit Events
DRA logs all user operations in the log archive on the Administration server computer. Information logged includes before and after values of the audited events so that you have a record of exactly what changed in your environment. The log archive service tracks all DRA activity, compresses the data, and stores it on the Administration server in a secure, tamper-resistant repository. The service also categorizes the audit events and summarizes events based on these categories.
Activity Detail Reports
DRA uses the audit events stored in the log archive files to display Activity Detail reports, such as showing what changes have been made to an object during a specified time period. Activity Detail reports are available from the Delegation and Configuration Console and the Account and Resource Management Console.
Management Reports
You have the option of installing NetIQ Reporting Center as a component of DRA. You can configure DRA to export information from the log archive files to a SQL Server database that Reporting Center uses to display Management reports. These reports provide activity, configuration, and summarization information about events in your managed domains. Some reports are available as graphical representations of the data.
Integration with Aegis Adapter for DRA
DRA integrates with the NetIQ Aegis Adapter for DRA. This integration allows Aegis to communicate with DRA and automate manual processes associated with the administration and security of Microsoft Active Directory. The DRA adapter includes a library of workflow activities that Process Authors can use in the Workflow Designer.
Installation on Microsoft Windows Server 2008 and Management of Active Directory 2008
You can install DRA and ExA on servers running Microsoft Windows Server 2008. You can also manage Active Directory 2008 domains.
Removed Support for NetIQ Directory Security Administrator and NetIQ File Security Administrator
NetIQ no longer provides support for Directory Security Administrator or File Security Administrator.
Removed Support for Microsoft Exchange 5.5
NetIQ no longer provides support for using DRA and ExA to manage Microsoft Exchange 5.5 environments.
Resolved an Issue Where DRA Did Not Correctly Set Terminal Server Profile Properties
DRA correctly sets terminal server profile properties. ENG258683
Resolved an Issue Where an Error Occurs After Adding an SMTP Address that Contains the Forward Slash Character (/)
DRA allows an SMTP address that contains the forward slash character (/). ENG256495
Resolved an Issue Where an Error Occurs When Retrieving Mailbox Rights for Exchange 2007 User Accounts if any Trustee Name Contains the Hyphen Character (-)
DRA correctly displays mailbox rights for Exchange 2007 user accounts. ENG266205
Additions to Documentation
DRA No Longer Logs Object Operations in Windows Application Event Log
DRA logs object operations in log archive files, so these same operations are no longer logged in the Windows Application Event Log. If you have other log management processes that rely on these operations being logged in the Windows Application Event Log, you can enable having DRA duplicate these operations in the Windows Application Event Log. For more information, see the Administrator Guide.
Configuring data collectors on secondary Administration servers
When you schedule any of the data collectors on a secondary Administration server, schedule the data collectors to run after the first successful MMS synchronization occurs.
Changing Administration server service account after installation
If you want to specify a different Administration server service account after installation, delegate the Audit All Objects role on the All Objects ActiveView to the new Administration server service account. (DOC273785)
Active Directory Collector Requires Deleted Objects Container Privilege
The access account you specify for the Active Directory Collector must have the Deleted Objects Container privilege. By default, the built-in Administrator account has this privilege. If you have specified a different access account to run the Active Directory Collector, run the DraDelObjsUtil.exe in DRA installation folder to assign this privilege to the access account.