• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 471
  • Last Modified:

novell groups

I need to get iformation from a  novell domain for migrations to our win2k domain.  is there a way to get list fo groups and permissions and users that belong to these group.  I hope this wiill be si
0
gabrielaz
Asked:
gabrielaz
1 Solution
 
ShineOnCommented:
1)  Novell is a company, not a platform.  Assuming you mean NetWare, what version are you talking about?
2)  "domain" is a Windows thing.  NetWare has either a bindery or a tree.
3)  Depending on the version you supply for question 1, there are several ways to get groups and users, but how good that info is depends on many factors.  NetWare filesystem rights would have to be translated to NTFS permissions, which isn't that hard to do with available tools, but whether the stucture matches up to make it workable is the problem.

If the version of NetWare is 4.0 or later, then it uses NDS or eDirectory, which means you have to consider more than just users and groups when trying to translate rights to permissions.  Active Directory only has two object types that can act as filesystem permissions "principals:" users and groups.  To address inherent flaws in AD structure, there are now three types of groups you have to deal with, and groups can be nested within groups.  In NDS/eDirectory, in addition to the user and group, there are many more object types that can act as security principals, including the OU, the Organizational Role, and if you have ZENworks, the Application object and Workstation object, among others, also can be granted, and/or grant through inheritance, filesystem rights.  NDS/eDirectory groups cannot be nested.

If the version of NetWare is 3.2 or earlier, it's Bindery, making the translation simpler, as only Users and Groups are security principals in Bindery-only NetWare systems.

If the verison of NetWare is 5.1 or later, then it's more likely to use eDirectory, and as such, much of the info is available through LDAP.

I suggest you look at the TechNet info for the Services for NetWare, which is downloadable - make sure you download the version that matches your version of Windows/AD, though.  MSDSS and FMU, together, may be all you need, but you may have lots of up-front work to rearrange things in NDS/eDirectory so they match up with the limitations of AD security principal object types.

Inheritance is different, too.  NetWare filesystem rights inheritance is dynamic, both up and down the hierarchy.  Once established, NTFS permissions inheritance is static, and any changes have to be re-propagated manually to child folders/files.  Upward "inheritance" doesn't exist - it's also part of the static ACL.  To access child folders, permissions up the tree for all of the parent levels have to be established.  

Since the permissions are statically assigned to the parent ACL's at permission-granting time in NTFS, you can't just translate NWFS/NSS rights to NTFS permissions - the parent ACL's would not be present in the NetWare environment.  So, a utility like FMU should be used if you want to try to carry rights over into permissions rather than re-establishing them manually.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now