What are benefits and features of DRA 8.7? (Part 1 of 2)

  • 7013320
  • 18-Sep-2013
  • 12-Aug-2016

Environment

NetIQ Directory & Resource Administrator 8.7

Situation

What are benefits and features of DRA 8.7?
DRA 8.7 Release Notes (Part 1 of 2)

Resolution

What's New?


The following outline the key features and functions provided by this version, as well as issues resolved in this release:



Operating System Support


Directory and Resource Administrator and Exchange Administrator include support for the following operating system and Microsoft Exchange Server versions:


  • Windows Server 2012
  • Windows Server 2008 and 2008 R2 (32-bit for DRA clients, including Web console, and 64-bit for all DRA components)
  • Windows Server 2003 and 2003 R2 (32-bit for DRA clients, including Web console, and 64-bit for all DRA components)
  • Windows 8
  • Windows 7
  • Exchange Server 2013
  • Exchange Server 2010
  • Exchange Server 2007
  • Exchange Server 2003 (limited support)


Performance Improvements


Directory and Resource Administrator and Exchange Administrator include the following performance improvements:



Enhanced Active Directory Data Cache


The cache has been rearchitected to reduce the time needed for DRA to display changes made outside of DRA. Because of the enhanced cache, DRA users will experience the following improvements:

  • Incremental accounts cache refreshes (IACRs) no longer fail because too many objects were found.
  • DRA console users will no longer be locked out of domains that are not being updated during IACRs.
  • DRA console users will experience much shorter lockout times for domains that are being updated during IACRs.



The full accounts cache refresh that in previous releases was scheduled for regular refreshes now runs when you add new managed domains in DRA. The incremental accounts cache refreshes run every 5 minutes by default and are designed to keep your DRA cache fully updated.


DRA Web Console Performance Improvements


Multiple code changes improve the performance of Web Console startup and during use.


Improved Reporting Performance and Additional Language Support


DRA Reporting now contains the following improvements:


  • The Active Directory Collector contains performance improvements that result in improved group membership collection.
  • The Active Directory Collector and reports now support using the Japanese language. (ENG283963)


Limitations to the Supported Operating Systems and Microsoft Exchange Server Versions


NetIQ is removing support for managing Microsoft Exchange Server 2003 objects. If you still need to manage Exchange Server 2003 objects, you can leave a secondary Administration server running DRA 8.6 in your DRA 8.7 environment.


NetIQ is removing support for installing the Administration server component on 32-bit operating systems. Now, you must install the Administration server component on a computer running a 64-bit operating system.


NetIQ has removed support for using NetIQ Reporting Center versions 1.0 and 1.5. The minimum suported version is now NetIQ Reporting Center 2.0.


Enhancements and Software Fixes


Directory and Resource Administrator and Exchange Administrator include enhancements and software fixes that resolve several previous issues.



New Installation Program Simplifies Installation Experience


The installation program has been rewritten to streamline and simplify Directory and Resource Administrator installation.


New Health Check Utility Eases Initial Configuration and Issue Diagnosis


A new Health Check utility makes first-time configuration simpler and allows you to monitor the health of your Directory and Resource Administrator environment.


Integration with NetIQ Aegis 3.0


DRA supports the following workflows for Aegis 3.0:


  • WorkflowEnum
  • WorkflowEventCreate
  • WorkflowEventGetInfo
  • WorkflowStart


Support for NetIQ Reporting Center 2.0


DRA now supports using NetIQ Reporting Center 2.0 for creating the optional DRA Management reports.


PowerShell Support for Triggers and Policies


DRA now supports using Windows PowerShell (x86) commands in triggers and policies.


Updated Documentation and New Documentation Support Page


This release contains an updated Installation Guide. The Installation Guide and the release notes are installed with the product, and the rest of the documentation is no longer installed with the product. All of the documentation for this product is now available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click Add Comment at the bottom of any page in the HTML versions of the documentation posted at www.netiq.com/documentation.


Power Names Updated


Several power names were updated for the DRA 8.6 SP 1 release. If you have any custom scripts in use in your environment, you should check to see if they use these powers:

Old Power Name New Power Name
Limited View of Exchange Mailbox Group Properties Limited View of Exchange Group Properties
Manage Exchange Mailbox Properties for Contacts Manage Exchange Properties for Contacts
Manage Exchange Mailbox Properties for Groups Manage Exchange Properties for Groups
Modify Advanced Exchange Mailbox Properties for Contact Modify Advanced Exchange Properties for Contact
Modify Advanced Exchange Mailbox Properties for Group Modify Advanced Exchange Properties for Group
Modify All Exchange Mailbox Properties for Contact Modify All Exchange Properties for Contact
Modify All Exchange Mailbox Properties for Group Modify All Exchange Properties for Group
Modify Exchange Mailbox Custom Attributes for Group Modify Exchange Custom Attributes for Group
Modify Exchange Mailbox Delivery Restrictions for Contact Modify Exchange Delivery Restrictions for Contact
Modify Exchange Mailbox Delivery Restrictions for Group Modify Exchange Delivery Restrictions for Group
Modify Exchange Mailbox Email Addresses for Contact Modify Exchange Email Addresses for Contact
Modify Exchange Mailbox ILS Settings for Contact Modify Exchange ILS Settings for Contact
Modify Exchange Mailbox Custom Attributes for Contact Modify Exchange Custom Attributes for Contact
Modify Exchange Mailbox Email Addresses for Group Modify Exchange Email Addresses for Group
Modify General Exchange Mailbox Properties for Contact Modify General Exchange Properties for Contact
Modify General Exchange Mailbox Properties for Group Modify General Exchange Properties for Group
View All Exchange Mailbox Group Properties View All Exchange Group Properties
View All Exchange Mailbox Properties for Contact View All Exchange Properties for Contact

If you use any of these powers in custom scripts, update the scripts to use the new names.


Additional Resource Types Available to Manage in Web Console


Using the Web console, you can now perform DRA operations on the following resource types:

  • Devices
  • Shares
  • Open files
  • Connected users
  • Event logs



For each of these resource types, you can perform management and configuration tasks, such as creating a resource or viewing resource properties.


Tree Element Added to Web Console Allows Selecting AD Containers


When searching for or creating items in a container, you can now select the container from a tree in the Web console instead of typing it in a text box. When you select a folder in the tree, the Web console sets the folder container as the default target for the operation. For example, when creating new user accounts, you can select the target OU in the tree to designate where DRA should create the user account.


Ability to Search Using LDAP Query in Web Console


When searching for items to display in the task pages, you can now select the option to specify an LDAP query from the Name list. The results of the query are listed in the Web console. You can run saved queries or select the Custom option to specify an ad hoc query. Search results are filtered by the selected container in the navigation tree.


Ability to Manage Group Membership Security in Web Console


Using the new Membership security link, you can now delegate group membership management to members of the domain.


To delegate group membership management in the Web console:


  1. From any group properties page, click Membership security.
  2. Click Add trustee or click X to remove a trustee.
  3. If you are adding a trustee, enter your search criteria for the trustee, select a result, specify the trustee's rights, and click Apply.


Removal of NetBIOS Requirement for DRA Collector and AD Collector


After applying this release, you can disable the NetBIOS over TCP/IP protocol on all Administration servers.


To disable NetBIOS over TCP/IP:


  1. Log on to the Administration server computer.
  2. Navigate to the Advanced TCP/IP settings for your Local Area Connection Properties.
  3. On the WINS tab, select Disable NetBIOS over TCP/IP.
  4. Click OK until you have closed all open windows.


Ability to Specify Different Exchange Access Accounts on Secondary Administration Servers


When you specify Exchange 2010 management in Exchange Administrator, the Exchange access tab on the Domain Properties window allows you to specify whether to use the domain access account or another access account for all Exchange servers in your environment. DRA now allows you to specify the Exchange access account from secondary Administration servers in the Multi-Master Set (MMS). Before installing this release, you could enter the Exchange access account only on the primary Administration server in the MMS.


New Options for Collecting Last Logon Statistics and Removal of DRA Agent


You can now choose whether to use the lastLogonTimestamp attribute on your domain controllers (updated every 14 days) or have DRA collect the lastLogon attribute for each user account in your managed domains (collected according to your schedule). DRA no longer uses an agent to gather last logon statistics.


When you install this release, DRA unregisters and uninstalls the DRA Agent from your domain controllers when the NetIQ Administration service restarts.

To configure collection of last logon statistics:


  1. Open the Delegation and Configuration console.
  2. In the Configuration Management node, click Managed Domains.
  3. Select a domain, and click the Properties icon.
  4. Click the Last logon statistics tab, and select the appropriate options for your needs. Additional text has been added to the window to guide you, and the context-sensitive help contains updated information for the new options on this window.



Additional Options for Setting Home Directory Policies


The Home Share/Directory Policies window has been updated to allow you to specify creating and moving home directories for existing users. Additional text has been added to the window to better explain the available options.

To configure home directory policies:


  1. Open the Delegation and Configuration console.
  2. In the Policy and Automation Management node, click Configure Home Directory Policies.
  3. Select the appropriate options for your needs. Additional text has been added to the window to guide you, and the context-sensitive help contains updated information for the new options on this window.



Support for Additional Microsoft Exchange Server Features


This version provides additional support for the following Exchange Server features not previously managed by DRA:

  • The new Membership approval tab on the Group Properties window allows you to manage settings for the Exchange 2010 group membership approval feature.
  • A progress bar now displays when you move mailboxes between Exchange Servers. The progress bar displays on all moves to or from Exchange Server 2007 and to or from Exchange Server 2003 servers. (ENG239700)
  • When managing group properties in the Web console, you can now access the Managed by properties. (ENG252766)
  • The Web console now provides support for setting delivery restrictions for a group. (ENG300031)
  • DRA now allows you to add multiple managers to a distribution group.
  • DRA now allows you to create and delete archive mailboxes for users with Exchange Server 2010 mailboxes.



New Access Account Setting for Exchange Server 2010 Allows DRA to Manage Exchange Server 2010 Servers in Untrusted Domains


When you specify Exchange 2010 management in Exchange Administrator, the new Exchange access tab on the Domain Properties window allows you to specify whether to use the Domain access account or another access account for all Exchange servers in your environment. This gives you the ability to configure DRA to manage Exchange Server 2010 servers in untrusted domains.


DRA now stores the credentials for the domain access account and the Exchange access account in AD LDS, so that once you specify these accounts on the primary Administration server, the information is available to all secondary Administration servers in the MMS after replication. Before installing this release, you had to specify the domain access account on each Administration server in the MMS.


License Changes


This version contains the following licensing changes:


  • You can now add licenses to the Administration server from a task on the Configuration Management task pad. You must start the Delegation and Configuration console from the Administration server and be connected to the same Administration Server to use this feature. If you have enabled user account control (UAC), you must start the Delegation and Configuration console using Run as Administrator to update the license. After you update the license, the NetIQ Administration service (McsAdminSvc) restarts.
  • ExA licensing is now consistent with the licensing for account management. The ExA licensing is based on the mailbox count and is checked and enforced when a new mailbox is created.
  • You can now see a mailbox count on the Statistics tab of the Domain Properties window.
  • The DRA installation program no longer contains an option to update your license. You can update your license or apply a new license using the Health Check utility or from the Delegation and Configuration console.


Resolves Issues With the AD Collector


This release resolves the following issues with the Active Directory Collector:


  • The Active Directory Collector always runs during server startup when the collection schedule has been changed. (ENG307285)
  • The Active Directory Collector fails for an untrusted managed domain. (ENG314259)
  • The Active Directory Collector Configuration reports cannot access the Deleted Objects container. (ENG315517)


Resolves Issues With DRA Management Reports


This release resolves the following issues with DRA Management reports:


  • Some DRA Management reports that have a context to show success and/or failure report only failures. (ENG294473)
  • The Summary of Managed Domains Information report does not show all domains in the environment when an OU name occurs multiple times across the domains. (ENG313496)
  • The datetime values are not stored properly if the default format for the database is not set to US English. (ENG307265)
  • DRA Management reports do not display data if the text contains double-byte characters. (ENG283963)


Resolves Issues With DRA Activity Reports


This release resolves the following issues with DRA activity reports:


  • Running an activity report in the Account and Resource Management console may fail if the report contains a user with a newly created mailbox. (ENG308991)
  • The activity reporting for an OU displays the Objects Deleted report option twice. (ENG308899)


Resolves User, Computer, and Group Account Administration Issues


This release resolves the following user, computer, and group account administration issues:


  • DRA now correctly sets the path value and users are able to create shares. (ENG300374)
  • DRA no longer incorrectly displays an error message stating This computer is currently not available when a user resets a computer account. (ENG302836)
  • When you select Immediately to schedule a temporary group assignment, DRA now enables the End time field. (ENG300532)
  • When Assistant Admins without Exchange rights attempt to clone users having Exchange Server 2003 mailboxes, the clone operation results in an error message or creates the users in a disabled state. (ENG313183)
  • Cloning a user having the HomeDir and samAccountName in different case replicates the home directory path of the source user instead of resolving to the appropriate path for the target user. (ENG312023)
  • When cloning a user in the Web console, DRA does not create the alias name according to the autonaming policy for Exchange Server 2010 mail-enabled user accounts. (ENG307205)
  • When restoring or cloning an Exchange Server 2010 mail-enabled group account and selecting Send delivery report to group owner in the Exchange Advanced tab, DRA displays an error message. DRA restores or clones the group but does not correctly set all Exchange properties. (ENG307319)
  • The Manage My Account power now allows the owner of the account to update the phone numbers and address fields. (ENG309426)
  • DRA no longer copies the legacyExchangeDN of the source contact to the new contact when cloning a contact, which causes a Microsoft Exchange error. (ENG312305)
  • DRA now saves a new Windows Terminal Service (WTS) property path for user accounts. (ENG317373)
  • DRA now locates the original path for the group being restored from the NetIQ Recycle Bin and restores the group to its original location. (ENG315620)
  • DRA now displays all default values for an item on a user interface extension page. (ENG310529)
  • DRA now uses the path name for the share name when creating a share. (ENG310619)
  • DRA now saves changes to Terminal Service settings. (ENG317182)
  • DRA now displays correct information for last logon statistics when a DRA administrator views the statistics from a secondary Administration server. (ENG304075)
  • DRA no longer displays an error that the object already exists when deleting groups. (ENG305456)
  • DRA no longer displays an error message if a temporary group membership is recalculated while DRA is performing a cache refresh. (ENG307991)
  • The ActiveView description field is now updated properly when creating objects using the EA command. (ENG313718)
  • Running scripts no longer causes the memory consumption of the Administration server to grow continuously. (ENG312876)


Resolves Administration Server Issues


This release resolves the following Administration server issues:


  • When wildcards are used to associate Assistant Admins with groups in the delegation model, DRA 8.6 now processes group memberships correctly. (ENG302108)
  • The Log Archive Data Viewer now displays records from DRA. (ENG297374)
  • DRA now retains changes to the Maximum number of minutes to attempt field in the incremental schedule settings. (ENG299443)
  • DRA can now connect to the ADAM or AD LDS instance on secondary Administration servers. (ENG298659)
  • DRA now correctly generates ActiveView rule descriptions that you create using the CLI. (ENG292335)
  • The NetIQ DRA Core service now starts even when the Windows event logs are full. (ENG309261)


Resolves Account and Resource Management Console Issues


This release resolves the following Account and Resource Management console issues:


  • The Save As confirmation window is now displayed correctly when saving configuration changes for the Account and Resource Management console to the .arm file. (ENG310306)
  • Searching for all objects no longer results in increased memory consumption in the Account and Resource Management console. The console now releases the memory when the search is complete. (ENG313272)


Resolves Exchange Administrator Issues


This release resolves the following Exchange Administrator issues:


  • DRA no longer allows objects in the Recycle Bin to be modified. (ENG302230)
  • When a user moves a mailbox from Exchange Server 2010 to Exchange Server 2003, the Move Mailbox Status tab now displays in DRA Exchange Tasks. (ENG301911)
  • DRA now displays the Mailbox Storage Limits in megabytes. (ENG295570)
  • DRA no longer allows spaces and special characters to be entered in the Alias name field. (ENG303244)
  • DRA now displays a user's mailbox status when the mailbox has been moved from a mailbox store that has since been deleted. (ENG313686)
  • Exchange Administrator now completes retrieving user mailbox rights or policy lists from Microsoft Exchange Server. (ENG315005)


Resolves DRA Reporting Issues


This release resolves the following DRA reporting issues:


  • DRA no longer incorrectly displays a message that the SMCubeDepot database cannot be opened when installing DRA Reporting. (ENG301622)
  • DRA now creates change activity reports for objects in the Recycle Bin. (ENG271775)
  • The AD collector no longer writes corrupted data to the DRA Reporting database. (ENG301015, ENG301041)
  • DRA now completes AD data collection jobs. (ENG307475)
  • The AD collector now uses the preferred DC for the managed domain. (ENG304685)
  • The AD collector now collects the proxyAddresses attribute when configured to collect it. (ENG305785)
  • The NetIQ Product License Report now contains correct data. (ENG305306)
  • The DRA Collector now updates the Triggers table as expected. (ENG299728)


Resolves Policy and Automation Issues


This release resolves the following policy and automation issues:


  • DRA now correctly enforces the password generation policy for minimum and maximum password length and for character restrictions. (ENG297971)
  • DRA now executes triggers in alphanumeric order. (ENG297639, ENG299401)
  • DRA now executes triggers as expected. (ENG235155)
  • DRA now correctly creates or renames home directories. (ENG265703, ENG301009, ENG246449)
  • Triggers now run on Windows Server 2008 R2 servers. (ENG297906)


Resolves Web Console Issues


This release resolves the following Web console issues:


  • The Web console is now able to initialize when the locale is set to a language where commas and decimals are the reverse of English. (ENG306194)
  • When searching in the Web console, after completing a search, DRA no longer removes the spaces from the search term. (ENG301632)
  • When the home directory path is blank, the Web console now displays the path in the Connect to field so users can remove it. (ENG299048)
  • When viewing license information in the Web console, the symbol for collapsing information is now the minus sign (-) instead of the plus sign (+). (ENG304153)
  • The Web console now displays the full path of the mailbox store for mailboxes. (ENG262402)
  • When using the Web console, users no longer appear to have powers that are not delegated to them. (ENG314564)
  • Some computers no longer appear available while other computers appear unavailable in the Web console when the computer browser service is disabled. (ENG313040)

Additional Information

See Knowledge Base article 7013321 for Part 2 (of 2) of full Release Notes.