We have an environment where administrators are delegated Active Views based on geographic locations. The issue is that some times there are admins who are delegated administration over more than one geographic location. However, the default functionality in DRA is that you cannot add a member to a group unless they are in the SAME active view. So for this to work, we would either have to make a new active view containing every possible combination of geographic locations, or add a rule to that same active view that will allow the admin to see every user in the domain, just in case they need to be added to a group. I understand how the current configuration can be more secure, but there should also be an option on the Active View to override the default handling and allow members from another active view to be added to groups in the current AV.

by: Scott H. | over a year ago | Configuration