?
Solved

novell groups

Posted on 2007-03-22
1
Medium Priority
?
462 Views
Last Modified: 2008-02-01
I need to get iformation from a  novell domain for migrations to our win2k domain.  is there a way to get list fo groups and permissions and users that belong to these group.  I hope this wiill be si
0
Comment
Question by:gabrielaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 35

Accepted Solution

by:
ShineOn earned 2000 total points
ID: 18774802
1)  Novell is a company, not a platform.  Assuming you mean NetWare, what version are you talking about?
2)  "domain" is a Windows thing.  NetWare has either a bindery or a tree.
3)  Depending on the version you supply for question 1, there are several ways to get groups and users, but how good that info is depends on many factors.  NetWare filesystem rights would have to be translated to NTFS permissions, which isn't that hard to do with available tools, but whether the stucture matches up to make it workable is the problem.

If the version of NetWare is 4.0 or later, then it uses NDS or eDirectory, which means you have to consider more than just users and groups when trying to translate rights to permissions.  Active Directory only has two object types that can act as filesystem permissions "principals:" users and groups.  To address inherent flaws in AD structure, there are now three types of groups you have to deal with, and groups can be nested within groups.  In NDS/eDirectory, in addition to the user and group, there are many more object types that can act as security principals, including the OU, the Organizational Role, and if you have ZENworks, the Application object and Workstation object, among others, also can be granted, and/or grant through inheritance, filesystem rights.  NDS/eDirectory groups cannot be nested.

If the version of NetWare is 3.2 or earlier, it's Bindery, making the translation simpler, as only Users and Groups are security principals in Bindery-only NetWare systems.

If the verison of NetWare is 5.1 or later, then it's more likely to use eDirectory, and as such, much of the info is available through LDAP.

I suggest you look at the TechNet info for the Services for NetWare, which is downloadable - make sure you download the version that matches your version of Windows/AD, though.  MSDSS and FMU, together, may be all you need, but you may have lots of up-front work to rearrange things in NDS/eDirectory so they match up with the limitations of AD security principal object types.

Inheritance is different, too.  NetWare filesystem rights inheritance is dynamic, both up and down the hierarchy.  Once established, NTFS permissions inheritance is static, and any changes have to be re-propagated manually to child folders/files.  Upward "inheritance" doesn't exist - it's also part of the static ACL.  To access child folders, permissions up the tree for all of the parent levels have to be established.  

Since the permissions are statically assigned to the parent ACL's at permission-granting time in NTFS, you can't just translate NWFS/NSS rights to NTFS permissions - the parent ACL's would not be present in the NetWare environment.  So, a utility like FMU should be used if you want to try to carry rights over into permissions rather than re-establishing them manually.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question