Solved

novell groups

Posted on 2007-03-22
1
460 Views
Last Modified: 2008-02-01
I need to get iformation from a  novell domain for migrations to our win2k domain.  is there a way to get list fo groups and permissions and users that belong to these group.  I hope this wiill be si
0
Comment
Question by:gabrielaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 35

Accepted Solution

by:
ShineOn earned 500 total points
ID: 18774802
1)  Novell is a company, not a platform.  Assuming you mean NetWare, what version are you talking about?
2)  "domain" is a Windows thing.  NetWare has either a bindery or a tree.
3)  Depending on the version you supply for question 1, there are several ways to get groups and users, but how good that info is depends on many factors.  NetWare filesystem rights would have to be translated to NTFS permissions, which isn't that hard to do with available tools, but whether the stucture matches up to make it workable is the problem.

If the version of NetWare is 4.0 or later, then it uses NDS or eDirectory, which means you have to consider more than just users and groups when trying to translate rights to permissions.  Active Directory only has two object types that can act as filesystem permissions "principals:" users and groups.  To address inherent flaws in AD structure, there are now three types of groups you have to deal with, and groups can be nested within groups.  In NDS/eDirectory, in addition to the user and group, there are many more object types that can act as security principals, including the OU, the Organizational Role, and if you have ZENworks, the Application object and Workstation object, among others, also can be granted, and/or grant through inheritance, filesystem rights.  NDS/eDirectory groups cannot be nested.

If the version of NetWare is 3.2 or earlier, it's Bindery, making the translation simpler, as only Users and Groups are security principals in Bindery-only NetWare systems.

If the verison of NetWare is 5.1 or later, then it's more likely to use eDirectory, and as such, much of the info is available through LDAP.

I suggest you look at the TechNet info for the Services for NetWare, which is downloadable - make sure you download the version that matches your version of Windows/AD, though.  MSDSS and FMU, together, may be all you need, but you may have lots of up-front work to rearrange things in NDS/eDirectory so they match up with the limitations of AD security principal object types.

Inheritance is different, too.  NetWare filesystem rights inheritance is dynamic, both up and down the hierarchy.  Once established, NTFS permissions inheritance is static, and any changes have to be re-propagated manually to child folders/files.  Upward "inheritance" doesn't exist - it's also part of the static ACL.  To access child folders, permissions up the tree for all of the parent levels have to be established.  

Since the permissions are statically assigned to the parent ACL's at permission-granting time in NTFS, you can't just translate NWFS/NSS rights to NTFS permissions - the parent ACL's would not be present in the NetWare environment.  So, a utility like FMU should be used if you want to try to carry rights over into permissions rather than re-establishing them manually.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question