• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 330
  • Last Modified:

User Admin in NW6 got deleted

The netware 6 network has been up and running for a year now.
Can any one tells me how to re-create user object admin. The story was like this
One day ( months ago ) I was maintaining and deleting users who no longer worked in the Compnay, by mistake, I deleted the user admin. Fortunately my own account is having equivalent rights as user admin, so I got no problem so far in maintenance.
With the recent release of sp5 for nw6, I wanted to install it but till this moment I found out that I do not have sufficient right to do the job even though I was sure I set up my account in equivalent to admin ( supervisor ), is there a way to get the user admin back or what should I do to find out if I do have the administrator rights?
I know if I set up another server from the scratch it can be the answer but I really don't want to, please help
0
ppdsh
Asked:
ppdsh
  • 5
  • 4
  • 3
  • +1
3 Solutions
 
PsiCopCommented:
OK, first, in the NDS environment, there is no "Supervisor" user - that user was a creature of NetWare v3.x and earlier (Bindery). User "Admin" in the NDS environment is just another user account, it just happens to have the "S" NDS right at the root of the NDS tree. As you've unfortunately found out, "Admin" can be deleted just like any other user. This is good in that because the administration-privledge-level account does not have a fixed name, it makes it harder for an intruder to get in (this contrasts with the NT/AD environment, where 1/2 of the administration-level credentials - the user name - is unchangeable, so all the intruder has to do is guess/brute-force the password).

The mistake you made, and its unfortunately a common mistake, is that you made your account equivalent to Admin, instead of having the Admin account grant your account the "S" right at the root of the NDS tree. Thus, when you deleted Admin, you destroyed your privledges.

The fact that you did this a month ago means that even if you have an NDS-aware backup system (and I hope you do!), you probably don't want to back-rev the NDS database that far. At this point, you have two choices:

1) Destroy your current NDS installation and re-install the directory service from scratch. This means trashing the entire tree, all the user accounts, and loss of the filesystem trustee rights. The latter you could backup and then put back in with a script, and with something like JRB Utilities (http://www.jrbsoftware.com) you could automate restoration of the user accounts, but this is still a messy and brutal process.

2) Contact Novell TS (if you don't have a support contract, you're going to have to shell out some $$$) and get them to perform the necessary tree surgery to either re-create the Admin account or, better yet, assign your account the "S" privledge at the root of the tree.

Personally, I'd go for the second option unless I had a small, single-server tree with only a handful of user accounts.
0
 
ShineOnCommented:
There is always a way.

First, was your account set as equivalent to Admin, or do you have explicit rights to [ROOT]?

You should ALWAYS have at least ONE account with full EXPLICITLY-ASSIGNED rights to the root of the tree.  Equivalence goes away when the account you're equivalent to goes away.

If you have explicit rights, you should be able to create a new Admin user.  Problem there, is that if the licensing was installed by Admin, creating a new Admin account won't necessarily let that new Admin user manage them.

You may have to call Novell Support (and pay for the service,) but they have tricks for re-creating the Admin user.

There are hacker tools floating around that can create Admin accounts, but I don't know that it'd be my first choice with a supported OS.
0
 
ppdshAuthor Commented:
I am just a newbie in NDS, professional set up the server for me and disappeared
I just made my account equivalent to admin, so when admin is gone, my rights are gone! By deleting the tree, are all the print queues, print server things are destroyed too? My network has only about 15 users so re-build user accounts is not a big deal but I hate to set up the printing things. How do I rebuild the tree?
Just another thought, if I set up another server and migrate all the settings and files would that be an alternative?
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
ShineOnCommented:
Yes, you'd have to do it all over again.  Migration needs admin on both servers.  The best you could do is set everything up "the same" with a different tree name, then copy over the data files.  The users passwords will all have to change, too, unless you are like some installations where the Administrator assigns the passwords and keeps 'em on a piece of paper...which I DON'T recommend, no matter how small or "cozy" your organization is.
0
 
ShineOnCommented:
You can think of it as a good learning experience, and look forward to the successful completion, upon which you can pat yourself on the back and buy yourself a beer. ;)

 - Don't forget to grant your user ID "S" NDS rights to [ROOT].
0
 
PsiCopCommented:
"I am just a newbie in NDS, professional set up the server for me and disappeared"

Doesn't sound like they were too professional if they didn't at least offer to document their work.

Your options remain as I indicated earlier - toss out your current NDS database, including printing info, users, file permissions, all of it; and re-install from scratch - or contact Novell Technical Support and they may be able to do the necessary tree surgery that will get your account the access it needs.
0
 
DSPooleCommented:
Don't you guys ever read CoolSolutions?  ;)

Here - a solution WITHOUT a rebuild of the network:

http://www.novell.com/coolsolutions/tools/1674.html

0
 
PsiCopCommented:
Damn. No, I'd never seen that. That's way cool. Novell TS in a box.
0
 
PsiCopCommented:
ppdsh, no matter which way you go, one of the first things you need to do is grant another account "S" at the root of the tree,
0
 
ppdshAuthor Commented:
I downloaded the emadmin.nlm and created the account
Tried to install sp5, system tells 'username do not have the right to extend schema' so installation can't go on. Did I miss anything? How do I get the right to extend schema? I guess I have the right in root but still can't carry on this patch.
I've used the account I created to grant rights, but no luck
Any more ideas please
0
 
PsiCopCommented:
I've not used EMADMIN, so mebbe an Expert who has will chime in. In what context you create the account? If you are in ConsoleOne and right-click on your tree's Root object and select Trustees of this object, is the account listed there?
0
 
ppdshAuthor Commented:
Yes, the account is there, NDS rights of the object is

>xxxx CN
>Role Based Server.xxxx
>Security
>admin.xxxx
>[Public]
>[Root]

Do I miss anything?
0
 
ppdshAuthor Commented:
Thanks for all, I mixed all the clues in the answers from you guys, I worked it out finally, with a bit of luck
Thanks
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now