Release notes

Frequently these improvements are made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the OpenText Directory and Resource Administrator forum, our online community that also includes product information, blogs, and links to helpful resources. You can also share your ideas for improving the product in the Ideas Portal.

What’s new

Support for Online Shared Mailbox

Online Shared Mailbox is now supported as a distinct object type and will not be listed with Entra ID users. Delegation operations for Online Shared Mailbox are now supported with distinct rules and powers. They are no longer supported with Entra ID User rules and powers, as Entra ID User rules return only Entra ID users and not Online Shared Mailboxes. For detailed information, see Managing Online Shared Mailbox section of the DRA User Guide.

The New-DRAOnlineSharedMailboxRule cmdlet is added to create the requested rule for Online Shared Mailbox in the specified ActiveView.

PowerShell operations for Online Shared Mailbox are now managed with new distinct PowerShell cmdlets and not with Entra ID user cmdlets.

PowerShell cmdlets for Online Shared Mailbox:

  • Get-DRAOnlineMailbox

  • New-DRAOnlineMailbox

  • Remove-DRAOnlineMailbox

  • Set-DRAOnlineMailbox

Support for Microsoft Entra ID Administrative Unit

Microsoft Entra Administrative Units (AUs) are containers within Microsoft Entra ID, that support Microsoft Entra ID objects such as Entra ID Users and Entra ID Groups. You can now define AUs in ActiveView rules for managing Entra ID users, Entra ID groups, and online shared mailboxes. For more information, see ActiveView Rules in the DRA Admin Guide.

  • New-DRAAzureUserRule

  • New-DRAAzureGroupRule

  • New-DRAAzureTenantRule

  • New-DRAOnlineSharedMailboxRule

Support for ExtensionAttribute

You can configure any one of ExtensionAttributes 1 to 15 in ActiveView rules for Microsoft Entra ID objects. This feature allows for more granular control and delegation of resource access based on the values stored in the configured ExtentionAttribute. The supported rule scope includes Entra ID users, Entra ID groups, Entra ID contacts, and online shared mailboxes. For detailed information, see ExtensionAttribute Integration section in the DRA Admin Guide.

The Delegation PowerShell command supports the creation of Microsoft Entra ID rules based on the ExtensionAttribute.

Support for DRA Continuous Cache Refresh Service

DRA Continuous Cache Refresh Service has been introduced to handle continuous monitoring of Entra ID group membership changes. This service spawns separate processes for each managed tenant, ensuring efficient and independent handling of membership updates. For detailed information, see DRA Continuous Cache Refresh Service in the DRA Admin Guide.

Support for Multi-Selection in Workflow Custom Forms

The DRA Web Console now supports creating workflow forms with the ability to search for and select multiple objects. Users can submit the selected objects to the workflow as input. For detailed information, see Managing Multiple Values for Attributes in the DRA Admin Guide.

Microsoft Azure Active Directory Renamed to Microsoft Entra ID

Microsoft has renamed Azure Active Directory (Azure AD) to Microsoft Entra ID to reflect its multi-cloud and multi-platform capabilities, distinguishing it from Windows Server Active Directory and unifying the Microsoft Entra product family.

  • Microsoft Entra ID is the new name for Azure AD.

  • The terms Azure Active Directory, Azure AD, and AAD are now replaced with Microsoft Entra ID.

  • Microsoft Entra represents the broader product family of identity and network access solutions, with Microsoft Entra ID as one of its key offerings.

  • Microsoft Entra ID (Microsoft Entra ID) ActiveView Rules, Powers and Roles are automatically renamed to Microsoft Entra ID ActiveView Rules, Powers and Roles; no manual intervention is required.

Changes in DRA to Support Microsoft Entra ID

Previous Version

Current Version

Azure Objects

  • Azure Users
  • Azure Groups
  • Azure Contacts

Microsoft Entra ID Objects

  • Entra ID Users
  • Entra ID Groups
  • Entra ID Contacts
Roles
  • Azure Contact Administration
  • Azure Group Administration
  • Azure Guest User Administration
  • Azure User Administration
Roles
  • Entra ID Contact Administration
  • Entra ID Group Adminstration
  • Entra ID Guest User Administration
  • Entra ID User Administration

Powers

  • Azure Groups
    • Add Object to Azure Group
    • Remove Object from Azure Group
    • Create Azure Group and Modify All Properties
    • Modify All Azure Group Properties
    • View All Azure Group Properties
    • Delete Azure Group Account
  • Azure ID Contacts
    • Create Azure Contact and Modify All Properties
    • Delete Azure Contact Account
    • Modify All Azure Contact Properties
    • View All Azure Contact Properties
  • Azure User Account
    • Create Azure User and Modify All Properties
    • Delete Azure User Account Permanently
    • Enable Email for New Azure User
    • Invite Azure Guest User
    • Manage Sign-In for Azure Users
    • Manage Sign-In for Users Synced to Azure Tenant
    • Modify All Azure User Properties Azure User Account
    • Reset Azure User Account Password
    • View All Azure User Properties
  • DRA Reporting Configuration
    • Set Active Directory Collectors
    • DRA Collectors
    • Azure Tenant Collectors and Management Reporting Collectors Information

Powers

  • Entra ID Groups
    • Add Object to Entra ID Group
    • Remove Object from Entra ID Group
    • Create Entra ID Group and Modify All Properties
    • Modify All Entra ID Group Properties
    • View All Entra ID Group Properties
    • Delete Entra ID Group Account
  • Entra ID Contacts
    • Create Entra ID Contact and Modify All Properties
    • Delete Entra ID Contact Account
    • Modify All Entra ID Contact Properties
    • View All Entra ID Contact Properties
  • Entra ID User Account
    • Create Entra ID User and Modify All Properties

    • Delete Entra ID User Account Permanently

    • Enable Email for New Entra ID User

    • Invite Entra ID Guest User

    • Manage Sign-In for Entra ID Users

    • Manage Sign-In for Users Synced to Entra Tenant

    • Modify All Entra ID User Properties Entra ID User Account

    • Reset Entra ID User Account Password

    • View All Entra ID User Properties

  • DRA Reporting Configuration

    • Set Active Directory Collectors

    • DRA Collectors

    • Entra Tenant Collectors and Management Reporting Collectors Information



 

 

Active Directory Administrator for Service Accounts

The Active Directory Administrator, as a tool, is a one-stop solution for monitoring the service accounts in your domain and take the corrective measures within the Active Directory. It helps the Active Directory administrators of an organization to configure domains, discover service accounts, and monitor service account activities using the ADA dashboard.

  • For new features and capabilities to enhance the user experience and functionality, see the ADA Release Notes

  • For detailed information about configuring the domain, discovering and monitoring the service account, see the ADA Installation and Admin Guide.

  • For detailed information about monitoring the configured domain service accounts activities, see the ADA User Guide.

Service Accounts Discovery

Configuration of domains and the discovery of their service accounts enables the product administrators to get a list of all the service accounts in the domain. Apart from the administrator, a Chief Information Security Officer (CISO), who possesses the least privileged access can view the service accounts and their activities.

Service Account Monitoring

The product administrators and CISOs can monitor the activities of the service accounts and identify any suspicious activity occurring within them.

Dashboard for Service Account Visualization


The Overview dashboard offers a comprehensive view of all the service accounts, details, and insights related to the accounts in graphical form.

System requirements

For detailed information on hardware requirements and supported operating systems and browsers, see the DRA Installation Guide or see the DRA Systems Requirement reference.

Installing and upgrading this Version

For detailed information about installing or upgrading Directory and Resource Administrator components and modules, see the DRA Installation Guide.

Supported upgrade paths

Use the table below to determine your applicable upgrade path by version. Note that patch versions (x.x.x.x) are not listed. However, all patches for the versions shown are supported. For example, you can upgrade to DRA 10.2 from DRA 10.1 or any of its patches: 10.1.0.1, 10.1.0.2, and so forth.

DRA Server Base Version

DRA Server Updated Version
10.1.1, 10.2, 10.2.1, 10.2.2, or  10.2.3 10.3

10.1, or 10.1.1

10.2

10.1

10.1.1

Addressed customer issues

This release includes the following stabilizing fixes: 

  1. Resolved an issue where the user properties page, under Management and Accounts tab of the DRA Web Console, fails to load if a password exists. (541008)
  2. Resolved an issue where LDAP query handler is unable to use AD values with more than 834 combined characters. (552209)
  3. Resolved an issue to set the default container search to Managed Domain. (556207)
  4. Resolved an issue when a DRA temporary group assignment flips to an orphaned state where cache does not exisit or is incomplete. (5858660)
  5. Resolved an issue where advanced WCF tracing allowed for sensitive information to be written to WFA Console Logs. (590418)
  6. Resolved an issue when dynamic group job logs flood a non-dynamic group job server. (607268)
  7. Resolved an issue when DRA cache updates fail due to an unhandled exception. (607269)
  8. Resolved an issue where DRA fails to license Cloud users. (629101)
  9. Resolved an issue where selecting attributes and navigating through the Managed Object Browser and Managed Object List controls pages in customization, closes the dialog box automatically. (634006).
  10. Resolved an issue to set MMS access account to use Directory Resource Administrator Service account fails. (660039)
  11. Resolved an issue where memory leaks cause DRA to be unvailable. (663025)
  12. Resolved an issue where DRA Search results fail to list company attribute for Managed Contact Objects. (674026)
  13. Resolved an issue where the DRA dynamic group number is incorrect after you run the dynamic group report in the Reporting Center. (674109)
  14. Resolved an issue where DRA Delegation and Configuration Console fails to update the Admin server. (679498)
  15. Resolved an issue where adding a URL Attribute to the DRA Web Console does not display all URL attributes. (690077)

Known issues

We strive to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support.


Equipment mailboxes appear in user search results on landing page

Issue: When searching for a user with the condition "description contains upd," both users and equipment mailboxes are returned. Ideally, only users should be listed, as the search criteria specify only users.
Workaround: No workaround.

Mailbox delegation permission Send As not available after creating a remote shared mailbox

Issue: The Send As permission in the Mailbox Delegation tab that is available while creating a remote shared mailbox is not available after creating the mail box. (538960)

Workaround:To view or modify the Send As permission for a remote shared mailbox, go to the Exchange Online Mailbox Delegation tab for the mailbox.

Exchange online operations fail after resetting the client secret for the Azure application

Issue: Exchange online operations of Azure and synced objects fail after resetting client secret using ResetDraAzureApplicationClientSecret.ps1 script and updating it in the Delegation and Configuration Console. (540057)

Workaround: Kill existing Exchange shells and restart the Administration Service.

Compatibility issue with Exchange Online Management PowerShell Module and Microsoft Graph Module

Issue: The Exchange Online Management PowerShell module, version above 3.4, is not compatible with Microsoft Graph module version 2.19 for managing tenants in DRA.
Workaround: No Workaround.

The Microsoft Entra Tenant Certificate for a group Managed Service Account (gMSA) displays as expired in DRA Health Check.

Issue: DRA stores certificates in the personal store of the DRA service account. However, if we configure DRA services to run as a group Managed Service Account (gMSA), the tenant authentication certificate is stored in the gMSA's personal certificate store.  For example, if  we launch DRA Health Check from another user account, namely DRAServ01, a member of the ADAM group, the utility looks for the certificate in DRAServ01's personal store and does not find it as it's in the gMSA's personal store and displays the expired certificate message. (696256)
Workaround: No Workaround.

Contact information

We want to hear your comments and suggestions about this book and the other documentation included with this product. You can use the comment on this topic link at the bottom of each page of the online documentation, or send an email to  MFI-Documentation-Feedback@opentext.com.

For specific product issues, contact Micro Focus Customer Care at https://www.microfocus.com/support-and-services/.