What data is stored in the LDS instance created by DRA

NetIQ Directory and Resource Administrator (DRA) uses a Microsoft Lightweight Directory Services instance to store various configuration data used by DRA. This data is replicated to all DRA Servers using an internal replication method local to LDS.

The default Partition Name within the LDS instance is DC=DRA, DC=COM . Within that partition there are multiple containers.

1. Credential Storage Root -- This container is used to store the Domain and Exchange Access credentials of every managed domain on every DRA Server.
   1. The access account data is stored in a netiq-credential class object.
   2. The account names and passwords are encrypted within the object properties.
2. DomainConfigurationRoot -- This container is used to store some of the managed domain configuration within DRA.
   1. Within this container, the sub-container of DRA Domains lists the flat name of each managed domain
      • Within this container, the DRA-ManagedDomainDomain class Object's attributes also contain the DRA Last Logon attribute collection schedule for each managed domain.
   2. There are additional sub-containers within this container used to link each managed domain and Exchange server to each DRA Server.
3. DRADynamicGroup -- This container is new to DRA 8.7.2, and is used by DRA to track Dynamic Distribution Group memberships created in DRA.
   1. This container is required by the DRA Cache service, regardless of if dynamic group membership is used or not within DRA.
4. DRAQueriesRoot -- This container stores the Advanced Queries created in DRA.
   1. These queries are LDAP queries that only exist in DRA.
      
5. DRAVARoot  -- This container stores Virtual Attributes -- Object Attributes that are only visible in DRA.
   1. This container also stores the LastLogon Time stamp attribute data for all users within each managed domain.
      • This data is update or recreated each time the lastlogon data collector runs within DRA
6. ReportingConfigurationRoot -- This container stores configuration data about DRA Reporting Services.
   1. The data collected by DRA Reporting Services is stored within the DRAReporting database hosted on a SQL Server.

Before attempting to remove an existing LDS partition it's important to have an understanding of what is stored in LDS. Data related to dynamic group memberships, virtual attributes and custom advanced queries will be permanently deleted if the Primary DRA Server's LDS instance is removed. Other configuration data related to DRA Reporting Services and Last Logon time stamp attribute collection will need to be reconfigured. The data collected by the DRA Reporting Services is not stored in LDS.