Single-Object Management At first, it may seem obvious to use a tool such as ConsoleOne or NetWare Administrator for administering single objects: The interface is intuitive and easy to use for making single-object changes. Several techniques, however, can be applied to single-object administration. In addition, there are instances where using NetWare Administrator is possible, but a repetitive change made to users one by one (for example, during an office move) may make more sense to automate. Through simple automation of single-object changes, it is possible to reduce the time spent performing administrative tasks. Despite everything that ConsoleOne and NetWare Administrator do well, they do not excel at automated tasks . This is a key place where using UImport (for user objects) or JRBImprt from JRB Software makes more sense and can save you a lot of time. Generally, mass object modification (for example, setting a common password policy for all users in a given container) is something that can save some time because single-object modifications (where the change for each object is different) can take a lot of your time. A single change doesn't seem to be much, but compounded over time, these tasks added together can take more time than any other task you work on. Let's start by looking at techniques in ConsoleOne. NOTE The ConsoleOne template technique discussed in the following section can be applied using NetWare Administrator, unless otherwise indicated.
ConsoleOne One single-object trick is to create users by using ConsoleOne. As an administrator, you undoubtedly often get requests from managers to create new users that look exactly like other users: "We have a new Accounts Payable clerk named Carl who will be working alongside Jane and needs to access the same information Jane does." Normally, the administrator creates a new user ID for Carl and then spends time examining the group memberships and security equivalences and looking through the file system to make sure that Carl has the same rights as Jane. With ConsoleOne's support for templates, you have a quick way to accomplish this task through the use of a template. To use this shortcut, you start by creating a template object, as shown in Figure 14.1. Figure 14.1. Creating a template object. 
As you can see in Figure 14.1, you select to create the template with the Use Template or User option checked. This option enables you to create the template based on the values in another template object or in a user object. You simply create the template based on Jane's user ID. Once the template is created, we can then create Carl's ID using the new template object ( AP_template ), and we will have granted Carl the same (DS) rights that Jane has without having to take any extra steps. NOTE This technique does not create a security equivalence to Jane. Rather, it creates a user with the same security equivalences and group memberships that Jane has. This particular method does not duplicate rights in the file system, but if you assigned file system rights by using group objects, Carl would automatically receive many of the required file system rights through group memberships. As part of your management strategy, it is recommended that you keep explicit trustee assignments to a minimum and grant rights through a group or container membership whenever possible.
NETADMIN and Other DOS-Based Tools Earlier in this chapter, we discussed the use of the NetWare 4.x NETADMIN utility, which is not included with NetWare 5 and higher. The NETADMIN utility and the other DOS-based utilities included with some versions of NetWare are some of the most valuable tools for managing an eDirectory tree. The primary reasons these tools are so valuable are the time you save in launching them and the quick access they offer to various standard attributes used in the base class objects in the tree. NOTE A number of third-party vendors have developed Windows 32-bit operating system console-mode replacements for some of the DOS-based utilities supplied by Novell ”with more powerful features in some cases. An example is the suite of JRB utilities (see www.jrbsoftware.com ).
TIP You can use NETADMIN and the DOS utilities that come with NetWare against an eDirectory tree running on non-NetWare platforms.
Chapter 10 discusses the use of NList and UImport for disaster recovery and building UImport data files using information extracted from DS with NList to rapidly recover from large-scale mistakes. Administration on a large scale is just as effective as disaster recovery. UImport can actually serve as a tool for fast single-object modification as well. Many people know how to write quick programs in C/C++ or Visual Basic, or even how to use Perl scripts to create and manipulate text files. Rather than learn the NetWare API so you can create or modify users, you can cut a lot of time just by writing a script (using awk , for example) or develop a program to create the data file and use UImport (or ICE or JRBImprt) to make the changes for you. You can even create a single user very rapidly by using UImport, if you have a tool to create a standardized data file for the object creation. TIP Using a scripted object creation/modification process provides another means of disaster recovery. You should save the data files once you have finished with them; you never know when they might come in handy. The same data files can serve as a base for your network standards documentation.
Suppose you have a need to make a quick change to your own personal login script. You could start NETADMIN, locate your object, and maneuver through the different tabs to find the login script. If you followed the advice earlier in this chapter, you probably already have NETADMIN or one of your preferred management utilities running, so you've saved some time. You might even have the context your user is in open or use the built-in search feature. For many people, using the keyboard is more natural and faster than using the mouse. Zipping out to a DOS prompt, using the CX utility (shipped with NetWare) to change to the context your user object is contained in, and starting NETADMIN to make that script change will still be faster than mousing around using a GUI-based application such as NetWare Administrator or ConsoleOne, particularly if you can type quickly. TIP Some people have reported that some of the menu-driven DOS-based NetWare utilities do not work with NetWare 5 or higher. Specifically, the problems relate to using the utilities in a pure IP environment because some of the utilities may be hard-coded to use SAP to locate a service that is IPX dependent. When they do not work, you receive error messages that you would not expect. Try the utilities and see what works and what doesn't work. The better you know the limitations of each utility, the better able you will be to decide which tool is the best for the job in your environment.
For most administrators, management of single objects takes more time than any other task they perform. This is the best place to start with trying to find ways to save time by standardizing how you do things. After you standardize single-object management, you can apply the same techniques to multiple-object management. | 