Administration Tips and Tricks

     

You can apply a number of tips and tricks to administrating your system. The following sections cover three different classes of tips and tricks: following guidelines and procedures, establishing standards, and considering disk space for DS replication and partitioning operations.

Following eDirectory Management Guidelines and Procedures

There are two types of guidelines you should follow when managing eDirectory. The first type of guideline, of course, is the eDirectory implementation guidelines published by Novell (for instance, the amount of disk space and RAM required for the server as well as the number of objects per container or partition). The hardware guidelines are there to help you to establish the minimum requirement, which means you should not only meet them but also exceed them.

Prior to NDS 8, the Novell-recommended number of objects per partition was a good rule of thumb to follow. However, with the advent of eDirectory, the limitation on the number of objects has practically been removed. The constraint now is mostly posed by the management utilities, such as ConsoleOne: The amount of time the utility will take to read and display the objects from a given container becomes a governing factor on how many objects you put in a container. Therefore, depending on your particular application requirement and your own patience (and this goes back to the earlier discussion in this chapter about saving time), you have to make a judgment call on the number of objects per container/partition, but you should use the Novell numbers as a guideline.

The second type of guideline you should follow when managing eDirectory has to do with procedures. You need to have a written set of rules and checklists for performing management tasks. The rules help identify how certain tasks should be done. For instance, there should be a rule that when a user calls the help desk to have his or her password reset, additional confirmation needs to be asked of and verified from the user. Otherwise, it would be easy for someone to impersonate a user, call the help desk to have the password changed, and gain unauthorized access to sensitive company information.

NOTE

We have actually come across some companies where if a user has intruder-locked his or her account, a note from the department manager is required for the help desk to reset the account.


You should have step-by-step checklists and data forms for performing nontrivial management tasks. For example, you should have a list of steps to take when creating a new user account. The data form may look like this:

User ID requested :

 

First name :

 

Last name:

 

Middle initial:

 

Department:

 

Telephone number:

 

Default/home server:

 

Additional groups to be member of:

 

Date ID expires :

 

Name of manager/Signature:

 

Having a form like this helps to ensure that all the required information is associated with the user object and that the required file system rights are properly assigned (through association of group memberships, for example). The most important items are the ID expiration date (in case the user is a seasonal appointment, such as a summer student) and the authorization signature of the user's manager.

TIP

We recommend that you create checklists and data forms for eDirectory partitioning and replication tasks. These checklists and data forms do not need to contain step-by-step instructions on how to create a partition or add a new replica but should include what steps or tasks need to be performed before and after the creation of a partition/replica. Here are some examples:

  • Perform time sync check

  • Check replica sync status

  • Check obit processing status

  • Check amount of free disk space available to DS on servers involved with the operation

  • Create replica

  • Check replica sync status

  • Check amount of free disk space left after operation

You should refer to the list every time you have to work with partitions and replicas and cross off each step as it is done so you don't miss anything. If you have other people helping you with the checklist or data form, have each person initial the steps they performed so you know who to ask questions of, if needed, at a later time.


Every company (and even different divisions within the same company) works differently. Having written rules and procedures helps new staff members to quickly learn what is expected of them and can dramatically reduce the learning curve. Also, having these rules and procedures in writing makes it easier to spot errors and to make improvements.

Establishing eDirectory Management Standards

When creating data files for a mass import, regardless of whether you are using the files for a single object or multiple objects, you should have a standardized way of mapping fields from one file to another. For example, if the new user information you receive contains the full name (consisting of the first and last name of each user), middle initial, employee number, and telephone extension for each user, you should ensure that the data is always presented in a consistent way in the data file. For instance, the fields should always appear in the same order in the data file, perhaps in the same order as the information that you are provided with, to make cross-checking between the two lists easier.

Also, you should ensure that your data conversion program performs the conversions in a consistent manner. Regardless of the programming language you use ”or if you use something like Excel to generate the data from another spreadsheet ”you need to ensure that the conversion process handles exceptions such as commas in the data fields and the use of special characters .

When using UImport (or ICE or JRBImprt) to create new user objects, you have the option of setting the initial password for the user. The initial password should be fairly easy to remember but should also have a requirement to be changed when the user first logs in. Creating long initial passwords can be difficult to manage; you have to remember that not all platforms support long passwords the way DS does. Whereas DS's password algorithm enables a maximum password length of 128 characters, Windows platforms typically enable 15 characters.

Another standard to consider is the default rights given to the user for his or her home directory. Depending on which utility is used for creating the accounts, you will have different rights granted to the home directory.

If you use a batch procedure to create the accounts, you can use the RIGHTS.EXE program (shipped with NetWare) to set the default rights to what you want them to be. Many administrators prefer that users not be able to grant rights to other users for their home directory; unfortunately , creation with many utilities grants the user Access Control rights for the user to his or her home directory, thus allowing the user to grant trustee rights to other users.

TIP

JRBImprt allows you to specify the file system rights that will be granted to the user's home directory.


In addition, disk space management is also important: If your environment permits , you should set space restrictions on the home directories and shared data directories. This will save you problems down the road when space starts to get a little thin.

Considering Disk Space for DS Replication and Partitioning

As a rule of thumb, you should create user home directories on a volume other than the SYS: volume. On NetWare, DS uses the SYS: volume exclusively, and if that volume fills up and you have home directories on it, you will run into synchronization problems that will be compounded by not being able to attach to the server to delete unnecessary files from the volume.

TIP

On non-NetWare platforms, you should install eDirectory to a dedicated disk whenever possible. For instance, on Windows servers, the default install location is C:\Novell . However, the C: drive is generally where the Windows operating system files and user applications are located. It would be best to have a separate disk (or volume) for your eDirectory installation to prevent the disk from being filled up too quickly.


When partitioning a DS tree, you need to use common sense and try to keep partitions from crossing multiple WAN links. Part of the reason for partitioning a tree is to cut down on traffic over the WAN. If you have only two sites, however, partitioning does not make a lot of sense because you still want to maintain three to five copies of each partition in an ideal fault-tolerance setup. If you have only two servers, you should leave just a single partition and keep two copies of the DS replicas.

When removing replicas from a NetWare server, you might receive the following error message:

 TTS Disabled because of an error growing the TTS memory tables. 

The way to fix this problem is to decrease the maximum number of transactions by using the SET MAXIMUM TRANSACTIONS console parameter. The default for this parameter is 10,000, but for systems with smaller amounts of memory, this can cause a problem. Decreasing the maximum number of transactions causes the Transaction Tracking System (TTS) backout file to grow more because the transactions are queued, but the server will not run out of memory while trying to process the transactions.

TIP

When deleting a replica from a server, always ensure that you have plenty of disk space on the volume where DS resides.


With regard to your SYS: volume's free space on a NetWare server, there are frequently several categories of files on the SYS: volume that you can delete to free up space. These include the following:

  • Extra language support for utilities. These files include Unicode files and multiple language support at the server. If you use only one language at the server, there is no need to keep the other languages on the server. These files are generally found under SYS:SYSTEM\NLS , SYS:PUBLIC\NLS , and SYS:LOGIN\NLS .

  • Utilities that you do not use or that you intend to use on a restricted basis (such as AUDITCON.EXE ).

  • Any backup files created by support pack installation. These files are generally found in SYS:SYSTEM\BACKUP.SP x .

  • Obsolete SYS:MAIL directories, especially the *.QDR folders in SYS:SYSTEM if the server was upgraded from previous versions of NetWare.

  • Obsolete QUEUE directories (on all volumes ).

  • LAN and DSK/HAM drivers in the SYS:SYSTEM directory that are not used at all.

TIP

If the server was upgraded from previous versions of NetWare, you should check for old Novell Client software in SYS:PUBLIC\CLIENT and for OS/2 utilities in SYS:LOGIN\OS2 and SYS:PUBLIC\OS2 . These files have not been included or installed automatically since NetWare 5.0 was released, but often they are found on servers that were upgraded from older versions of NetWare.


By deleting these files, you can get by with a smaller SYS: volume or at least free up space for larger NDS partitioning and replication operations where the extra disk space would be of use.



Novell's Guide to Troubleshooting eDirectory
Novells Guide to Troubleshooting eDirectory
ISBN: 0789731460
EAN: 2147483647
Year: 2003
Pages: 173

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net