Active Directory and Novell user compare

Posted on 2007-11-25
Last Modified: 2010-03-17

The company i work for is using AD and Novell.

They have one situation and would like to find out if it can be solved.

When users are added, they are added to both AD and Novell.

But when a user is deleted, sometimes the admin forgots to delete them from either the AD / Novell.
Thus, some accounts can reside on AD , and some on Novell.
Thus, causing redundancy.

What they are doing now is to compare them side by side which is quite stupid.

Is there any tools out there that can solve such problems? Removing user accounts that does not reside in both AD and Novell? Or even snippets of programming that could guide me along?

Please advice.
Question by:darenceang
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 16

Accepted Solution

2PiFL earned 50 total points
ID: 20346053
Microsoft Directory Synchronization Services (MSDSS), included with Services for NetWare 5.03.  It will work with NW 3 and above.

We used this for over a year while migrating away from Netware.
LVL 19

Expert Comment

ID: 20346480
...or if you want a GOOD product, have a look at Novell Identity Manager. It allows the syncronisation and association of users between eDirectory and legacy systems (like Active Directory). Create a user in one, it gets created in the other. Delete a user in one, it gets deleted in the other. Group memberships, passwords, everything can be synced to your desire.

PS. Novell is a company. You're referring to Netware. You wouldn't say "I installed Microsoft today" would you?

Author Comment

ID: 20347982
Dear alextoft!
ROger... ;) SOrrie if i caused a confusion here... hehehe.. ;)

But the company is looking for those "free" stuff... not like the novell identify manager which needs to be purchased.. ;(

I am trying to look into the MSDSS. Wondering if the system admins here can do that.

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

LVL 35

Expert Comment

ID: 20348205
If your company has reasonably current NetWare, IDM with AD connector comes with it.  

I suppose if you HAD reasonably current NetWare, you wouldn't find alextoft's recommendation amusing, but of course if you had TOLD us what VERSION of NetWare you were working with, that would help.  Hell, we don't even know if you have a current version of AD - you could have AD 2000 (v 1.0) - not that it's as critical.  There's a big difference between NetWare 3.11 and NetWare 4.11, between 4.11 and 5.x and between 5.x and 6.x, and another shift to OES2.  Kinda like the difference between IBM LanMan Server and Windows NT 3.51 and NT4 and Windows Server 2003 R2.   At least we know you've got AD - we don't know if, on the "novell" side", you have Bindery, NDS or eDirectory.

The assumption by alextoft is that perhaps you have currently-supported NetWare or OES, but that assumption wouldn't be made if we didn't have to assume.  It points up the reason why you should always give product versions in your question.

True, if the company has obsolete, no-longer-supported NetWare, then it's not free, but if they have a currently-supported version of NetWare, it's free.  It's also not a stripped-down version of the retail product - it simply doesn't have all the connectors.  To also manage other products via IDM you'd have to upgrade to retail licensing, but you wouldn't have to rip-n-replace.

If you like free stuff, and don't mind writing code, and your version of NetWare isn't from last century, you could use the administrative API and write a C++ or VB (not VBA) program that would do what you want.  Check out the Novell Developernet Wiki to get an idea of the APIs and code samples available.

Author Comment

ID: 20356219
Hi ShineOn!
This is the same guy that you helped a couple of weeks ago.

Anyway.. heres the version number:
eDirectory: 8.6.1
NDS: 10210.43
Novel: 5.1
Server Version Number: 5.00.09

I'll try to see wat version of AD they have... When i told them about the Secure LDAP that you were saying last time... they were like o.O??
LVL 35

Expert Comment

ID: 20359389
NetWare 5.1, although EOL, since it's been updated at least to eDirectory 8.6.x, should be able to work with the administrative API.  You could either code up a helpdesk app that does both the Windows and the NetWare side, or you could roll your own compare utility that would do an audit report of unmatched user IDs - which would be a whole lot better than manual desk-checking with both ConsoleOne and Users and Computers MMC open.

For that matter, you could probably use LDAP for the compare utility, if they ever got LDAP working... ;^)
LVL 19

Expert Comment

ID: 20362015
> Dear alextoft!
> hahaha!

Perhaps I did assume too much. After all, how many people still run NT4 Server these days? Because that's what Microsoft's offering was when Netware 5.1 was released...

You *could* spend a small sum on a Netware 6.5 server license, install it into your 5.1 tree, put a read/write replica of all partitions on it, make a few tweaks, then utilise the bundled identity manager to give yourself the best identity management solution currently available on the market (Gartner's words, not mine). You get what you pay for, or not as the case may be.


Author Comment

ID: 20362731
Cool.... LDAP.... Here i come again... They have not get back to me on the AD version. ;( But i will try my luck later in the afternoon. Lets hope that they have Secure LDAP on for the Novell... else i be running towards a brick wall. I let you knoe the results.

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question