Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active Directory and Novell user compare

Posted on 2007-11-25
8
Medium Priority
?
474 Views
Last Modified: 2010-03-17
Hi!

The company i work for is using AD and Novell.

They have one situation and would like to find out if it can be solved.

When users are added, they are added to both AD and Novell.

But when a user is deleted, sometimes the admin forgots to delete them from either the AD / Novell.
Thus, some accounts can reside on AD , and some on Novell.
Thus, causing redundancy.

What they are doing now is to compare them side by side which is quite stupid.

Is there any tools out there that can solve such problems? Removing user accounts that does not reside in both AD and Novell? Or even snippets of programming that could guide me along?

Please advice.
Cheers!
Darence
0
Comment
Question by:darenceang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 16

Accepted Solution

by:
2PiFL earned 150 total points
ID: 20346053
Microsoft Directory Synchronization Services (MSDSS), included with Services for NetWare 5.03.  It will work with NW 3 and above.

We used this for over a year while migrating away from Netware.
0
 
LVL 19

Expert Comment

by:alextoft
ID: 20346480
...or if you want a GOOD product, have a look at Novell Identity Manager. It allows the syncronisation and association of users between eDirectory and legacy systems (like Active Directory). Create a user in one, it gets created in the other. Delete a user in one, it gets deleted in the other. Group memberships, passwords, everything can be synced to your desire.

PS. Novell is a company. You're referring to Netware. You wouldn't say "I installed Microsoft today" would you?
0
 
LVL 4

Author Comment

by:darenceang
ID: 20347982
Dear alextoft!
hahaha!
ROger... ;) SOrrie if i caused a confusion here... hehehe.. ;)

But the company is looking for those "free" stuff... not like the novell identify manager which needs to be purchased.. ;(

I am trying to look into the MSDSS. Wondering if the system admins here can do that.

Cheers!
Darence
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 35

Expert Comment

by:ShineOn
ID: 20348205
If your company has reasonably current NetWare, IDM with AD connector comes with it.  

I suppose if you HAD reasonably current NetWare, you wouldn't find alextoft's recommendation amusing, but of course if you had TOLD us what VERSION of NetWare you were working with, that would help.  Hell, we don't even know if you have a current version of AD - you could have AD 2000 (v 1.0) - not that it's as critical.  There's a big difference between NetWare 3.11 and NetWare 4.11, between 4.11 and 5.x and between 5.x and 6.x, and another shift to OES2.  Kinda like the difference between IBM LanMan Server and Windows NT 3.51 and NT4 and Windows Server 2003 R2.   At least we know you've got AD - we don't know if, on the "novell" side", you have Bindery, NDS or eDirectory.

The assumption by alextoft is that perhaps you have currently-supported NetWare or OES, but that assumption wouldn't be made if we didn't have to assume.  It points up the reason why you should always give product versions in your question.

True, if the company has obsolete, no-longer-supported NetWare, then it's not free, but if they have a currently-supported version of NetWare, it's free.  It's also not a stripped-down version of the retail product - it simply doesn't have all the connectors.  To also manage other products via IDM you'd have to upgrade to retail licensing, but you wouldn't have to rip-n-replace.

If you like free stuff, and don't mind writing code, and your version of NetWare isn't from last century, you could use the administrative API and write a C++ or VB (not VBA) program that would do what you want.  Check out the Novell Developernet Wiki to get an idea of the APIs and code samples available.  http://developer.novell.com/wiki/index.php/Developer_Home
0
 
LVL 4

Author Comment

by:darenceang
ID: 20356219
Hi ShineOn!
This is the same guy that you helped a couple of weeks ago.

Anyway.. heres the version number:
eDirectory: 8.6.1
NDS: 10210.43
Novel: 5.1
Server Version Number: 5.00.09

I'll try to see wat version of AD they have... When i told them about the Secure LDAP that you were saying last time... they were like o.O??
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 20359389
NetWare 5.1, although EOL, since it's been updated at least to eDirectory 8.6.x, should be able to work with the administrative API.  You could either code up a helpdesk app that does both the Windows and the NetWare side, or you could roll your own compare utility that would do an audit report of unmatched user IDs - which would be a whole lot better than manual desk-checking with both ConsoleOne and Users and Computers MMC open.

For that matter, you could probably use LDAP for the compare utility, if they ever got LDAP working... ;^)
0
 
LVL 19

Expert Comment

by:alextoft
ID: 20362015
> Dear alextoft!
> hahaha!

Perhaps I did assume too much. After all, how many people still run NT4 Server these days? Because that's what Microsoft's offering was when Netware 5.1 was released...

You *could* spend a small sum on a Netware 6.5 server license, install it into your 5.1 tree, put a read/write replica of all partitions on it, make a few tweaks, then utilise the bundled identity manager to give yourself the best identity management solution currently available on the market (Gartner's words, not mine). You get what you pay for, or not as the case may be.










0
 
LVL 4

Author Comment

by:darenceang
ID: 20362731
Cool.... LDAP.... Here i come again... They have not get back to me on the AD version. ;( But i will try my luck later in the afternoon. Lets hope that they have Secure LDAP on for the Novell... else i be running towards a brick wall. I let you knoe the results.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question