Solved

novell groups

Posted on 2007-03-22
1
456 Views
Last Modified: 2008-02-01
I need to get iformation from a  novell domain for migrations to our win2k domain.  is there a way to get list fo groups and permissions and users that belong to these group.  I hope this wiill be si
0
Comment
Question by:gabrielaz
1 Comment
 
LVL 35

Accepted Solution

by:
ShineOn earned 500 total points
ID: 18774802
1)  Novell is a company, not a platform.  Assuming you mean NetWare, what version are you talking about?
2)  "domain" is a Windows thing.  NetWare has either a bindery or a tree.
3)  Depending on the version you supply for question 1, there are several ways to get groups and users, but how good that info is depends on many factors.  NetWare filesystem rights would have to be translated to NTFS permissions, which isn't that hard to do with available tools, but whether the stucture matches up to make it workable is the problem.

If the version of NetWare is 4.0 or later, then it uses NDS or eDirectory, which means you have to consider more than just users and groups when trying to translate rights to permissions.  Active Directory only has two object types that can act as filesystem permissions "principals:" users and groups.  To address inherent flaws in AD structure, there are now three types of groups you have to deal with, and groups can be nested within groups.  In NDS/eDirectory, in addition to the user and group, there are many more object types that can act as security principals, including the OU, the Organizational Role, and if you have ZENworks, the Application object and Workstation object, among others, also can be granted, and/or grant through inheritance, filesystem rights.  NDS/eDirectory groups cannot be nested.

If the version of NetWare is 3.2 or earlier, it's Bindery, making the translation simpler, as only Users and Groups are security principals in Bindery-only NetWare systems.

If the verison of NetWare is 5.1 or later, then it's more likely to use eDirectory, and as such, much of the info is available through LDAP.

I suggest you look at the TechNet info for the Services for NetWare, which is downloadable - make sure you download the version that matches your version of Windows/AD, though.  MSDSS and FMU, together, may be all you need, but you may have lots of up-front work to rearrange things in NDS/eDirectory so they match up with the limitations of AD security principal object types.

Inheritance is different, too.  NetWare filesystem rights inheritance is dynamic, both up and down the hierarchy.  Once established, NTFS permissions inheritance is static, and any changes have to be re-propagated manually to child folders/files.  Upward "inheritance" doesn't exist - it's also part of the static ACL.  To access child folders, permissions up the tree for all of the parent levels have to be established.  

Since the permissions are statically assigned to the parent ACL's at permission-granting time in NTFS, you can't just translate NWFS/NSS rights to NTFS permissions - the parent ACL's would not be present in the NetWare environment.  So, a utility like FMU should be used if you want to try to carry rights over into permissions rather than re-establishing them manually.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Know what services you can and cannot, should and should not combine on your server.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now