Environment
Directory and Resource Administrator 8.x
Directory and Resource Administrator 9.x
Situation
What data files do I need to backup for the Directory and Resource Administrator server so that I don't lose my configuration?
How do I transfer security model information from my lab environment to my production environment?
What registry keys contain the security model for DRA?
Resolution
HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ Security
This key and all sub-keys within contain all the ActiveView and Assistant Admin configurations as well as all Roles (Built-in and Custom) for the entire DRA environment. In the event that the DRA server does fail, reinstalling the operating system and DRA and, finally, importing that registry key will restore those configurations. This will preclude having to recreate them all manually. As a precaution, it is recommended to export the entire HKLM \ WOW6432 \ Software \ Mission Critical Software key, as well. This key is the parent key in the DRA registry hierarchy and contains all information pertaining to DRA and its components. This key should not be imported as a whole after a reinstallation of DRA but it can be used as a reference for rebuilding a complex multi-master environment. This method is successful for re-installations on the same Primary DRA server within the same domain. This method can also be used to transfer the security model from one Primary DRA server to another Primary DRA server within the same managed domain.
Note: This method is not successful in transferring the security model from a Primary DRA server in one domain to another DRA server in a different (unmanaged) domain. For example, transferring the security model from a lab network to a production network (both on their own separate domains) would fail because information on the ActiveViews and Assistant Admins is related to the managed domain and references SID information specific to that domain. Even if the lab environment exactly mimics that of a production environment, the SID information for all managed objects and domains is different. So while the basic information on the ActiveViews may transfer over successfully, the Rule and Assignment delegation would need to be re-created to match that of the new domain.
To Export/Save the security information in DRA perform the following steps:
- On the DRA server, launch a command prompt and run Regedit.
- Navigate to the hive HKEY_LOCAL_MACHINE \ WOW6432 \ SOFTWARE \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ Security.
- Click and highlight the Security key in the left pane.
- From the Registry menu select Export Registry File.
- Navigate to the location where you want the file to be saved and provide an appropriate name for the file.
- Leave the Save as type set to Registration Files.
- Make sure the Export range is set to Selected Branch.
- Click Save.
To import a previously saved security key into the registry perform the following steps:
- On the DRA server, launch a command prompt and run Regedit.
- Navigate to the hive HKEY_LOCAL_MACHINE \ WOW6432 \ SOFTWARE \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules.
- Click and highlight the Modules key in the left pane.
- From the Registry menu select Import Registry File.
- Navigate to the location where the saved registry file is located.
- Highlight the saved registry file.
- Click Open.
In addition to the registry key mentioned above, the following keys contain additional security model information and should also be backed up:
- HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ Accounts \ CloneExceptions - contains information on all Clone Exceptions
- HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ Accounts \ TGA - contains information on all Temporary Group Assignments
- HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ Operations \ PowerInfo \ Powers - contains information on all Built-in and Custom Powers
- HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ Policy - contains information on all Automation Policies, Home Directory Policies and Triggers
- HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ ServerConfiguration \ PasswordPolicy - contains information on Password Policy generation settings
- HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ ServerConfiguration \ HomeDirectoryRoots - contains information on all Allowable Parent Paths specified in Home Directory Policy configuration
- HKLM \ WOW6432 \ Software \ Mission Critical Software \ OnePoint \ Administration \ Data \ Modules \ UserInterface - contains information on all User Interface Extension Pages
An Enhancement Request has been opened with Development to better group together all security model information under one key in a future version of Directory and Resource Administrator.
Additional Information
DRA now performs a scheduled backup of the registry and stores the registry settings in a file under Program Files (x86)\NetIQ\DRA\BackupRegFiles. DRA maintains two backup files. If there is a change in the registry settings, you can use the DRARegRestore utility under the installation folder to restore the backed-up registry settings. If you want to change the backup schedule, you need to change the registry settings in the BackupRegistry.Freq key under HKEY_LOCAL_MACHINE\WOW6432\SOFTWARE\Mission Critical Software\OnePoint\Administration\Modules\ServerConfiguration\. In the BackupRegistry.Freq key, the default value is Weekly 6 00:00, where 6 indicates Saturday. You can change the day by using any number between and including 0 and 6, where 0 indicates Sunday. You need to use the 24-hour time format when specifying the time.
This method is NOT supported between different DRA Versions. Both Primary DRA Servers must be at the exact same DRA Version, Service Pack and Hotfix level.