Solved

Active Directory and Novell user compare

Posted on 2007-11-25
8
460 Views
Last Modified: 2010-03-17
Hi!

The company i work for is using AD and Novell.

They have one situation and would like to find out if it can be solved.

When users are added, they are added to both AD and Novell.

But when a user is deleted, sometimes the admin forgots to delete them from either the AD / Novell.
Thus, some accounts can reside on AD , and some on Novell.
Thus, causing redundancy.

What they are doing now is to compare them side by side which is quite stupid.

Is there any tools out there that can solve such problems? Removing user accounts that does not reside in both AD and Novell? Or even snippets of programming that could guide me along?

Please advice.
Cheers!
Darence
0
Comment
Question by:darenceang
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 16

Accepted Solution

by:
2PiFL earned 50 total points
ID: 20346053
Microsoft Directory Synchronization Services (MSDSS), included with Services for NetWare 5.03.  It will work with NW 3 and above.

We used this for over a year while migrating away from Netware.
0
 
LVL 19

Expert Comment

by:alextoft
ID: 20346480
...or if you want a GOOD product, have a look at Novell Identity Manager. It allows the syncronisation and association of users between eDirectory and legacy systems (like Active Directory). Create a user in one, it gets created in the other. Delete a user in one, it gets deleted in the other. Group memberships, passwords, everything can be synced to your desire.

PS. Novell is a company. You're referring to Netware. You wouldn't say "I installed Microsoft today" would you?
0
 
LVL 4

Author Comment

by:darenceang
ID: 20347982
Dear alextoft!
hahaha!
ROger... ;) SOrrie if i caused a confusion here... hehehe.. ;)

But the company is looking for those "free" stuff... not like the novell identify manager which needs to be purchased.. ;(

I am trying to look into the MSDSS. Wondering if the system admins here can do that.

Cheers!
Darence
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 20348205
If your company has reasonably current NetWare, IDM with AD connector comes with it.  

I suppose if you HAD reasonably current NetWare, you wouldn't find alextoft's recommendation amusing, but of course if you had TOLD us what VERSION of NetWare you were working with, that would help.  Hell, we don't even know if you have a current version of AD - you could have AD 2000 (v 1.0) - not that it's as critical.  There's a big difference between NetWare 3.11 and NetWare 4.11, between 4.11 and 5.x and between 5.x and 6.x, and another shift to OES2.  Kinda like the difference between IBM LanMan Server and Windows NT 3.51 and NT4 and Windows Server 2003 R2.   At least we know you've got AD - we don't know if, on the "novell" side", you have Bindery, NDS or eDirectory.

The assumption by alextoft is that perhaps you have currently-supported NetWare or OES, but that assumption wouldn't be made if we didn't have to assume.  It points up the reason why you should always give product versions in your question.

True, if the company has obsolete, no-longer-supported NetWare, then it's not free, but if they have a currently-supported version of NetWare, it's free.  It's also not a stripped-down version of the retail product - it simply doesn't have all the connectors.  To also manage other products via IDM you'd have to upgrade to retail licensing, but you wouldn't have to rip-n-replace.

If you like free stuff, and don't mind writing code, and your version of NetWare isn't from last century, you could use the administrative API and write a C++ or VB (not VBA) program that would do what you want.  Check out the Novell Developernet Wiki to get an idea of the APIs and code samples available.  http://developer.novell.com/wiki/index.php/Developer_Home
0
 
LVL 4

Author Comment

by:darenceang
ID: 20356219
Hi ShineOn!
This is the same guy that you helped a couple of weeks ago.

Anyway.. heres the version number:
eDirectory: 8.6.1
NDS: 10210.43
Novel: 5.1
Server Version Number: 5.00.09

I'll try to see wat version of AD they have... When i told them about the Secure LDAP that you were saying last time... they were like o.O??
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 20359389
NetWare 5.1, although EOL, since it's been updated at least to eDirectory 8.6.x, should be able to work with the administrative API.  You could either code up a helpdesk app that does both the Windows and the NetWare side, or you could roll your own compare utility that would do an audit report of unmatched user IDs - which would be a whole lot better than manual desk-checking with both ConsoleOne and Users and Computers MMC open.

For that matter, you could probably use LDAP for the compare utility, if they ever got LDAP working... ;^)
0
 
LVL 19

Expert Comment

by:alextoft
ID: 20362015
> Dear alextoft!
> hahaha!

Perhaps I did assume too much. After all, how many people still run NT4 Server these days? Because that's what Microsoft's offering was when Netware 5.1 was released...

You *could* spend a small sum on a Netware 6.5 server license, install it into your 5.1 tree, put a read/write replica of all partitions on it, make a few tweaks, then utilise the bundled identity manager to give yourself the best identity management solution currently available on the market (Gartner's words, not mine). You get what you pay for, or not as the case may be.










0
 
LVL 4

Author Comment

by:darenceang
ID: 20362731
Cool.... LDAP.... Here i come again... They have not get back to me on the AD version. ;( But i will try my luck later in the afternoon. Lets hope that they have Secure LDAP on for the Novell... else i be running towards a brick wall. I let you knoe the results.
0

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now