Frequently these improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ Directory and Resource Administrator forum and the Aegis forum on Micro Focus Forums, our online community that also includes product information, blogs, and links to helpful resources. You can also share your ideas for improving the product in the Ideas Portal.
The following sections describe the new features and enhancements in DRA 10.2:
You can invite external users or guest users to an Azure tenant for collaboration. Guest users can accept the invitation to join the Azure tenant of your organization and access the configured applications using their credentials. You can manage these users from the DRA Web Console.
DRA includes the Azure Guest User Administration role to manage Azure guest users. The New-AzureDRAMSInvitation PowerShell cmdlet is introduced to invite guest users.
The UserTypes parameter is added to the following PowerShell cmdlets to distinguish Azure users of type Member and Guest:
New-DRAAzureUserRule
New-DRAAzureGroupRule
New-DRAAzureTenantRule
DRA supports multi-factor authentication using certificates to authenticate with Azure Active Directory. You can now manage an Azure tenant by using either certificate-based authentication or basic authentication. By default, DRA uses certificate-based authentication. DRA generates a self-signed certificate and assigns it to the Azure application. The Azure application is created offline by using the PowerShell script provided by DRA.
Certificate-based authentication requires Exchange Online V2 module version 2.0.3 or later to manage the Exchange Online tasks. The DRA Health Check utility includes the following new checks for Azure tenant validation:
Azure Application Permission
Validate Azure Tenant Certificate
To use certificate-based authentication after upgrading from an earlier version of DRA to 10.2, you must run the UpdateDraAzureApplicationPermission.ps1 script to apply the additional permissions that are required for certificate-based authentication. For more information, see Configuring Azure Tenants.
DRA PowerShell includes the following enhancements:
DRA PowerShell now includes the following new cmdlets for delegation enumeration:
Get-DRAActiveViewRules: Gets all the rules for an ActiveView.
Get-DRAAssistantAdminGroupMembers: Retrieves all members from an Assistant Admin group.
Get-DRAActiveViewAssignments: Gets all the assignments for an ActiveView.
The Remove-DRAAssignments cmdlet is updated to accept the wildcard character asterisk (*) to remove all powers and roles.
The Move-DRAContact cmdlet moves a contact object from one location in Active Directory to another.
The IncludeAllVAProperties parameter is added to the following cmdlets to return all the virtual attributes associated with the object:
Get-DRAUser
Get-DRAGroup
Get-DRAContact
Get-DRAComputer
Get-DRAOU
Get-DRADynamicDistributionGroup
Get-DRAResourceMailbox
Get-DRASharedMailbox
You can now specify certificates for REST service and DRA replication service from both the Personal store and WebHosting store.
The DRA Web Console includes several enhancements to improve usability:
Filter results in group membership tabs: In the Members and Member Of property pages, you can narrow down the scope of data that is displayed in the table view by searching for objects using the object name. The table view displays the number of objects that matches the search criteria along with the total number of objects. You can also remove objects from different pages in the table view. Objects to be added and removed are listed in the Unsaved Objects list.
Customize columns in object picker:You can now customize the columns that you want to be displayed in the search results view of the object picker.
Modal window enhancement: The windows are resized eliminating the need to scroll vertically to view the buttons in the window.
View properties of referenced objects: You can view properties of objects that are returned as a part of another object's property pages, Change History Report, and temporary group assignments. You can also view the properties of objects that have been selected for bulk operations.
Other UI enhancements:
The menus for Create and Bulk operations are moved above the left navigation pane.
In the Management > Search page, you can use the OBJECTS filter menu to filter object types. The OBJECTS filter menu replaces the FILTER button that was available in the earlier release.
The Web Console now displays validation messages consistently for every data entry issue on a page.
The Web Console enables you to modify and view objects without the use of the additionalAttributes prefix in the attribute name.
The Web Console displays consistent icons to indicate an object status in the different object views.
Workflow Automation 10.2 has the following enhancement:
The Workflow Automation Email adapter supports OAuth authentication for Exchange Web Services (EWS). You can monitor Azure email accounts with Azure client secret or certificate.
For detailed information on hardware requirements and supported operating systems and browsers, see the DRA Installation Guide or see the DRA Systems Requirement reference.
When upgrading from 10.0 to 10.2, systems that have the REST Service installed, without the DRA Server component, require a modified installation to remove the REST Service before proceeding with the upgrade.
For detailed information about installing or upgrading Directory and Resource Administrator components and modules, see the DRA Installation Guide.
Use the table below to determine your applicable upgrade path by version. Note that patch versions (x.x.x.x) are not listed. However, all patches for the versions shown are supported. For example, you can upgrade to DRA 10.2 from DRA 10.1 or any of its patches: 10.1.0.1, 10.1.0.2, and so forth.
|
DRA Server Base Version |
DRA Server Updated Version |
|---|---|
|
10.0, 10.0.1, 10.0.2, 10.1, or 10.1.1 |
10.2 |
|
10.0, 10.0.1, 10.0.2, or 10.1 |
10.1.1 |
|
9.2.1, 10.0, 10.0.1, or 10.0.2 |
10.1 |
|
9.1, 9.1.1, 9.2, 9.2.1, 10.0, or 10.0.1 |
10.0.2 |
|
9.1, 9.1.1, 9.2, 9.2.1, or 10.0 |
10.0.1 |
|
9.1, 9.1.1, 9.2, or 9.2.1 |
10.0 |
|
9.1, 9.1.1, or 9.2 |
9.2.1 |
|
9.0, 9.0.1, 9.0.2, 9.0.3, 9.1, or 9.1.1 |
9.2 |
|
9.0, 9.0.1, 9.0.2, 9.0.3, or 9.1 |
9.1.1 |
|
9.0, 9.0.1, 9.0.2, or 9.0.3 |
9.1 |
|
9.0, 9.0.1, or 9.0.2 |
9.0.3 |
|
9.0 or 9.0.1 |
9.0.2 |
|
9.0 |
9.0.1 |
This release includes the following stabilizing fixes:
Resolved an issue where terminating a WFA process did not terminate the PowerShell scripts. (321356)
Resolved an issue where creating a workflow with the Find Active Directory Objects activity caused a memory leak in the PG Activity Broker process. (322342).
Resolved an issue in the Web Console where the object picker did not display the Description field when adding objects to a group. (329305)
Resolved an issue where the DRA Installer incorrectly installed Web features when the IIS installation location is different from the default installation location. (376025)
Resolved an issue that caused the health check for the Azure tenant accounts to fail. (377066)
Resolved an issue in the Web Console that produced an error when trying to view the BitLocker password. (401002)
Resolved an issue in the Web Console that caused an LDAP query to return an error when the results were not found. (413076)
Resolved an issue in the Web Console where setting static values for the Select field in the customized user properties page did not work as expected. (413325)
Resolved an issue in the Web Console where the custom page did not apply the defined filters. (413440)
Resolved an issue in the Web Console where the container value set by using a custom handler script is not displayed. (414322)
Resolved an issue in the Web Console that produced an error when trying to transform a user object. (434049)
Resolved an issue that prevented DRA installation when the root folder is specified as the installation location and log file location. (448013)
Resolved an issue that caused the health check for the AD LDS configuration to fail when the service account is a member of a nested group. (449015)
Resolved an issue related to PostgreSQL log file location. (450016)
Resolved an issue where customized pages did not display the member count correctly. (476001)
Resolved an issue in the Web Console where the sAMAccountName attribute displayed a random string when the value for the mailbox alias attribute exceeded 20 characters. (479073)
Resolved an issue in the Web Console that prevented the display of extension attributes for objects. (483035)
Resolved an issue that displayed the user name incorrectly in the TGA member list when the user name contained a forward slash (/). (496065)
We strive to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support.
After upgrading from DRA 10.1 to 10.2, DRA fails to display the Skype access account on the secondary server.
Workaround: Reenter the Skype access account or select the Use the primary Administrator server Skype access account option.
The data collection fails when NTLM is denied and the data collectors are configured using the domain override account.
Workaround: When configuring the data collector, use the Directory Resource Administrator Core service account option. Ensure that the account used with this option is either a least privilege account or an account with the domain administrator privilege.
The form handler automatically updates the configured LDAP authentication type to Anonymous after upgrading DRA from 10.1 to 10.1.1 or later.
Workaround: After upgrading, you must configure the required LDAP authentication type in the form handler manually.
A 404 error is returned when you refresh the Web Console in a STIG compliant environment.
Workaround: Repair the IIS URL Rewrite Module 2 program using the Windows Add or Remove Programs feature.
After installing DRA, when you launch the Delegation and Configuration console for the first time, the option to search for ActiveViews does not appear for the Search for field in the Delegation Management > ActiveViews area.
Workaround: To search for ActiveViews in the Delegation Management > ActiveViews area, click the hyphen that is displayed for the Search for field, then select activeviews from the list.
After configuring an Azure tenant, the full account cache refresh for the Azure tenant fails with the following message: AADSTS700027: Client assertion contains an invalid signature - Thumbprint of key used by client.
Workaround: To resolve this error, you can either run the full account cache refresh manually or wait for the next full accounts cache refresh scheduled to run. Performing a full accounts cache refresh can require several minutes.
NetIQ Administration Service crashes when the manual certificate that you specify for certificate-based authentication is protected with a weak password.
Workaround: Ensure that the manual certificate that you specify for certificate-based authentication is protected with a strong password.
NetIQ DRA Log Archive service fails to start when the service account password contains a double quotation mark (").
Workaround: The service account password can contain the following special characters:
~ ` ! @ # $ % ^ & * ( ) - _ = + { } [ ] | \ : ; ’ < > , . ? /
Ensure that the service account password does not contain a double quotation mark (").
We want to hear your comments and suggestions about this book and the other documentation included with this product. You can use the comment on this topic link at the bottom of each page of the online documentation, or send an email to Documentation-Feedback@microfocus.com.
For specific product issues, contact Micro Focus Customer Care at https://www.microfocus.com/support-and-services/.
© Copyright 2007-2022 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.