Solved

script to migrate novell groups to ad groups

Posted on 2011-03-07
2
543 Views
Last Modified: 2012-05-11
Can anybody provide a way of getting netware 6.5 groups out of netware and creating the same named groups in AD? powershell? VBS? Perl? either would be good.

Neil.
0
Comment
Question by:Neil Russell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
deroode earned 500 total points
ID: 35056621
There are a coupe of possibilities:

You can use Microsoft services for Netware to sync eDirectory groups to Active Directory groups, but it is mainly targetted at Server 2003:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=a819838d-acb2-4794-87eb-82a6a3af4be8

What i did on our Server 2008 domain is the following:

- Create a list of groups using the Nlist utility (it's on your Netware server in the SYS:Public directory)

NLIST group show member /r /s /c > C:\temp\groups.txt

It will give you a file in the form:

NAME: ap-group-acrobat
    Member: johnb
    Member: malolmx
    Member: sarahw
NAME: ap-group-ie7
    Member: joshp
    Member: malolmx
    Member: sarahw


- Then created a script with Autoitscript (http://www.autoitscript.com/site/)
- This script creates groups in OU=GROUPTEST,DC=EUR,DC=LOCAL Change as appropriate

Basically what it does is read the Nlist output, for every group after Name: create a group with that name:
'DSADD GROUP "CN='& $group & ',OU=GROUPTEST,DC=EUR,DC=LOCAL

then add the members to that group
DSquery user domainroot -name '& $line & ' | dsmod group "CN=' & $group & ',OU=GROUPTEST,DC=EUR,DC=LOCAL" -addmbr'

I guess it's quite easy to rewrite that in any other language...or even do it in Excel...

 

 
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_icon=C:\temp\ict.ico
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
$groupfilename = FileOpenDialog("select groups file", "C:\temp\", "any (*.txt)", 1)
$groupfile = FileOpen($groupfilename, 0)

Dim $group, $member

; Check if file opened for reading OK
If $groupfile = -1 Then
    MsgBox(0, "Error", "Unable to open groupfile.")
    Exit
EndIf

$fileout = FileOpen (EnvGet("TEMP")&"\adgroups.cmd" ,2)

; Check if file opened for writing OK
If $fileout = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf
			

; Read in lines of text until the EOF is reached
	
do 
	$line = FileReadLine($groupfile)
Until StringLeft ( $line, 5)="Name:"
MsgBox (0,"",$line)
$group= StringRight ($line,StringLen($line)-6)
MsgBox (0,"",$group)
Do
	FileWriteLine ($fileout, 'DSADD GROUP "CN='& $group & ',OU=GROUPTEST,DC=EUR,DC=LOCAL"')
	Do
		$line = FileReadLine($groupfile)
				;MsgBox(0,"readline",$line)
		$eof = @error
		if $eof <> -1 Then
			if StringInStr($line, "Member:") > 0 Then
				; remove "member"
				;MsgBox(0,"whole line",$line)
				$line=StringRight($line,Stringlen($line)-StringInStr($line,":")-1)
				;MsgBox(0,"without member",$line)
				; get username without trailing dots
				
				$firstdot=StringInStr($line,".")-1
				;MsgBox (0,"firstdot",$firstdot)
				if $firstdot=-1 then 
					$firstdot=Stringlen($line)
				EndIf
				;MsgBox(0,"whole line",$line)
				$line=StringLeft($line,$firstdot)
				;MsgBox(0,"removed dots",$line)
				FileWriteLine ($fileout, 'DSquery user domainroot -name '& $line & ' | dsmod group "CN=' & $group & ',OU=GROUPTEST,DC=EUR,DC=LOCAL" -addmbr')
			Else
				if StringLeft ( $line, 5)="Name:" Then
					$group= StringRight ($line,StringLen($line)-6)
				Else
					do 
						$line = FileReadLine($groupfile)
						$eof = @error
					Until StringLeft ( $line, 5)="Name:" or $eof = -1
					if StringLeft ( $line, 5)="Name:" Then
						$group= StringRight ($line,StringLen($line)-6)
					EndIf
				
				EndIf
				FileWriteLine ($fileout, 'DSADD GROUP "CN='& $group & ',OU=GROUPTEST,DC=EUR,DC=LOCAL"')
			EndIf
		EndIf
	until $eof = -1
until $eof = -1



FileClose($groupfile)

FileClose($fileout)

Run("Notepad.exe " & EnvGet("TEMP")&"\adgroups.cmd")

Open in new window

0
 
LVL 37

Author Closing Comment

by:Neil Russell
ID: 35057760
Excellant! Looks like just the job. Thanks for that. And a new tool I hadnt come across.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question