Active Directory and Novell user compare


The company i work for is using AD and Novell.

They have one situation and would like to find out if it can be solved.

When users are added, they are added to both AD and Novell.

But when a user is deleted, sometimes the admin forgots to delete them from either the AD / Novell.
Thus, some accounts can reside on AD , and some on Novell.
Thus, causing redundancy.

What they are doing now is to compare them side by side which is quite stupid.

Is there any tools out there that can solve such problems? Removing user accounts that does not reside in both AD and Novell? Or even snippets of programming that could guide me along?

Please advice.
Who is Participating?
2PiFLConnect With a Mentor Commented:
Microsoft Directory Synchronization Services (MSDSS), included with Services for NetWare 5.03.  It will work with NW 3 and above.

We used this for over a year while migrating away from Netware.
...or if you want a GOOD product, have a look at Novell Identity Manager. It allows the syncronisation and association of users between eDirectory and legacy systems (like Active Directory). Create a user in one, it gets created in the other. Delete a user in one, it gets deleted in the other. Group memberships, passwords, everything can be synced to your desire.

PS. Novell is a company. You're referring to Netware. You wouldn't say "I installed Microsoft today" would you?
darenceangAuthor Commented:
Dear alextoft!
ROger... ;) SOrrie if i caused a confusion here... hehehe.. ;)

But the company is looking for those "free" stuff... not like the novell identify manager which needs to be purchased.. ;(

I am trying to look into the MSDSS. Wondering if the system admins here can do that.

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

If your company has reasonably current NetWare, IDM with AD connector comes with it.  

I suppose if you HAD reasonably current NetWare, you wouldn't find alextoft's recommendation amusing, but of course if you had TOLD us what VERSION of NetWare you were working with, that would help.  Hell, we don't even know if you have a current version of AD - you could have AD 2000 (v 1.0) - not that it's as critical.  There's a big difference between NetWare 3.11 and NetWare 4.11, between 4.11 and 5.x and between 5.x and 6.x, and another shift to OES2.  Kinda like the difference between IBM LanMan Server and Windows NT 3.51 and NT4 and Windows Server 2003 R2.   At least we know you've got AD - we don't know if, on the "novell" side", you have Bindery, NDS or eDirectory.

The assumption by alextoft is that perhaps you have currently-supported NetWare or OES, but that assumption wouldn't be made if we didn't have to assume.  It points up the reason why you should always give product versions in your question.

True, if the company has obsolete, no-longer-supported NetWare, then it's not free, but if they have a currently-supported version of NetWare, it's free.  It's also not a stripped-down version of the retail product - it simply doesn't have all the connectors.  To also manage other products via IDM you'd have to upgrade to retail licensing, but you wouldn't have to rip-n-replace.

If you like free stuff, and don't mind writing code, and your version of NetWare isn't from last century, you could use the administrative API and write a C++ or VB (not VBA) program that would do what you want.  Check out the Novell Developernet Wiki to get an idea of the APIs and code samples available.
darenceangAuthor Commented:
Hi ShineOn!
This is the same guy that you helped a couple of weeks ago.

Anyway.. heres the version number:
eDirectory: 8.6.1
NDS: 10210.43
Novel: 5.1
Server Version Number: 5.00.09

I'll try to see wat version of AD they have... When i told them about the Secure LDAP that you were saying last time... they were like o.O??
NetWare 5.1, although EOL, since it's been updated at least to eDirectory 8.6.x, should be able to work with the administrative API.  You could either code up a helpdesk app that does both the Windows and the NetWare side, or you could roll your own compare utility that would do an audit report of unmatched user IDs - which would be a whole lot better than manual desk-checking with both ConsoleOne and Users and Computers MMC open.

For that matter, you could probably use LDAP for the compare utility, if they ever got LDAP working... ;^)
> Dear alextoft!
> hahaha!

Perhaps I did assume too much. After all, how many people still run NT4 Server these days? Because that's what Microsoft's offering was when Netware 5.1 was released...

You *could* spend a small sum on a Netware 6.5 server license, install it into your 5.1 tree, put a read/write replica of all partitions on it, make a few tweaks, then utilise the bundled identity manager to give yourself the best identity management solution currently available on the market (Gartner's words, not mine). You get what you pay for, or not as the case may be.

darenceangAuthor Commented:
Cool.... LDAP.... Here i come again... They have not get back to me on the AD version. ;( But i will try my luck later in the afternoon. Lets hope that they have Secure LDAP on for the Novell... else i be running towards a brick wall. I let you knoe the results.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.