I wanted to ask if it is possible or advisable to replace NetIQ DRA with Usercube. Our customer has both tools installed in their environment, and some actions are overlapping.
We received the question of whether it would be possible to stop the NetIQ license and replace it with Usercube. I don’t know much about NetIQ and don’t have all the details on how they are using it, but the question is already on the table.
“NetIQ Directory and Resource Administrator (DRA) delivers an unparalleled ability to control who can manage what within Active Directory while protecting the consistency and integrity of its information by validating all administrative changes. Through granular delegation of permissions, robust change management policies, and automation that simplifies workflows, DRA reduces down time and operational risks to Active Directory that are posed by the consequences of malicious or accidental changes.”
I agree with you that we need information about what is happening with your customer with NetIQ DRA. Based on that, you will be able to validate the switch to Usercube and the effort required to do that.
Hello Kamil,
Another Netwrix product, GroupID, is purposely built for management in this manner.
Quick overview:
Identity Management: Manages identities across multiple platforms, including Active Directory, Entra ID, Google Workspace, and LDAP directories.
Entitlement Review: Provides detailed entitlement insights and review to ensure compliance with regulatory standards.
Account Provisioning: Automates user provisioning and deprovisioning in bulk.
Group and Identity Lifecycle Management: Automates the creation, management, and deprovisioning of users and groups.
Self-Service: Empowers users to manage their direct reports, their own identity and groups they own as well as group memberships in security groups and distribution lists.
Attestation: Ensures that identities and group memberships are regularly reviewed and attested to maintain security.
Reporting: Provides comprehensive reporting on group memberships and changes.
Thanks for the responses so far! I really appreciate the insights.
I’ve put together a small list of all the tasks currently being performed with NetIQ DRA. From what I can see, almost all of these tasks can be implemented in Usercube as well.
Would you agree that Usercube can fully replace NetIQ DRA in this case? Or should we consider looking at GroupID?
Task
Description
Unlocking AD Accounts
Process to unlock Active Directory accounts
AD password reset
Resetting the password for an AD account
Enabling AD Accounts
Enabling previously disabled AD accounts
Adding accounts to AD groups
Granting access to share folders and distribution lists (DL) by adding accounts to AD groups
Creating/adding to mailboxes and DL
Granting “Send As” and “Send on Behalf” permissions by creating or adding to mailboxes and distribution lists
Checking access groups
Verifying membership in groups such as M365 groups
Disabling machine account
Disabling a machine account if the machine is lost or stolen
Account management
Checking logon details (login dates, password change dates, etc.) and verifying owners of groups
When I look at the NetIQ/Microfocus Identity Products I would say it maps to the Netwrix products like this:
NetIQ/Microfocus
Netwrix
NetIQ Directory Resource Administrator
GroupID
OpenText Identity Governance
UserCube
OpenText Identity Manager
UserCube
OpenText Privileged Access Manager
Netwrix Privileged Secure
OpenText Data Access Governance
Netwrix Enterprise Auditor
If there are specific use cases in any of those products you wish to discuss, feel free to post them here and I can try to point you to the documentation in our products.
But to answer your original question. GroupID is the best product to replace NetIQ Directory Resource Administrator.