Synchronizing eDirectoryNDS with Active Directory


Synchronizing eDirectory/NDS with Active Directory

For organizations that have both a Windows Active Directory and a Novell eDirectory, or Novell Directory Service (NDS) environment, there are two primary methods of performing directory synchronization between the two directories. One method is using the Novell dirXML product, and the other method is using the Microsoft Directory Synchronization Service utility. With regard to synchronization of user accounts and passwords, both tools do the same job, and for the purpose of this book, the Microsoft solution will be the focus of this section. To configure and run the MSDSS utility, do the following:

Use the Bindery Option

Use the NDS option if Novell NetWare v4.x or later running NDS or eDirectory is used. Use the Bindery option if Novell NetWare v3.2 or lower bindery mode is running on the Novell network.


  1. Launch the MSDSS utility by choosing Start, Programs, Administrative Tools, Directory Synchronization.

  2. Right-click on the MSDSS tool option and select New Session.

  3. Click Next at the New Session Welcome screen.

  4. At the Synchronization and Migration Tasks screen, choose either Novell Directory Service (NDS) or Bindery for the type of service.

  5. Dependent on the synchronization option, choose either a one way (from Active Directory to NDS/Bindery), a two-way (AD to NDS/Bindery and back), or a migration from NDS/Bindery to Active Directory. Click Next.

  6. For the Active Directory container and domain controller, choose the AD container where objects will be synchronized to as well as the name of the domain controller that will be used to extract and synchronize information similar to the settings shown in Figure 17.3. Click Next.

    Figure 17.3. Setting server synchronization information settings.

    graphics/17fig03.jpg

  7. For the NDS Container and Password, select the NDS container where AD information will be synchronized from and/or to the Novell directory. Enter in a logon name and password for a supervisor account on Novell to access the Novell directory. Click Next.

  8. On the initial reverse synchronization screen, select the password option to either define passwords to be blank, same as the username, set to a random value (that can be viewed in the log file), or set to an organizational default. Click OK after making the password option, and then click Next to continue.

  9. Click Finish to begin the synchronization/migration process.

Best Practices Implementing MSDSS

MSDSS runs on a Windows 2000 or Windows 2003 domain controller and replicates user account and password information between the Active Directory environment and a Novell eDirectory or NDS environment. MSDSS is a Windows service that synchronizes user account information between Active Directory and NetWare. The following are best practices determined in the implementation of MSDSS in an enterprise environment:

  • Ensure the Microsoft MSDSS server that is running on a Windows Active Directory domain controller and the Novell directory server are on the same network segment or have limited hops between each other.

  • Because directory synchronization reads and writes information directly to the network directory, test the replication process between mirrored domain and directory services in a test lab environment before implementing MSDSS for the first time in a production environment.

  • Monitor directory and password synchronization processing times to confirm the transactions are occurring fast enough for users to access network resources. If users get an authentication error, consider upgrading the MSDSS server to a faster system.

  • Password characteristic policies (requiring upper/lowercase letters , numbers , or extended characters in the password, and password change times) should be similar on both the Microsoft and Novell environments to minimize inconsistencies in authorization and update processes.

Identifying Limitations on Directory Synchronization

While directory synchronization can provide common logon names and passwords, MSDSS does not provide dual client support or any application-level linkage between multiple platform configurations. This means that if a Novell server is running IPX as a communication protocol and Windows is running TCP/IP, the MSDSS does not do protocol conversion. Likewise, if an application is running on a Novell server requiring the Service Advertising Protocol (SAP), because Windows servers commonly use NetBIOS for device advertising, a dual client protocol stack must be enabled to provide common communications.

MSDSS merely links the logon names and passwords between multiple environments. The following are areas that need to be considered separate of the logon and password synchronization process:

  • Protocols like TCP/IP and IPX/SPX need to be supported by servers and clients .

  • Applications that require communication standards for logon authentication might require a client component to be installed on the workstations or servers in the mixed environment.

  • Applications that were written for Novell servers, such as Network Loadable Modules (NLMs) or Btrieve databases, need to be converted to support Windows.

  • Login scripts, drive mappings, or other access systems compatible with one networking environment might not work across multiple environments, so those components will need to be tested for full compatibility.

  • Backup utilities, antivirus applications, network management components, or system monitoring tools that work on one system will need to be purchased or re-licensed to support another network operating configuration.

Backing Up and Restoring MSDSS Information

MSDSS configuration, tables, and system configurations are critical to the operations of the MSDSS synchronization tool. Microsoft provides a backup and restore utility that allows for the storage and recovery of MSDSS information. To back up MSDSS, do the following:

  1. Select Start, Programs, Administrative Tools, MSDSS Backup & Restore Utility. You should see a screen similar to the one shown in Figure 17.4.

    Figure 17.4. Backing up MSDSS information.

    graphics/17fig04.jpg

  2. Either click on Backup Now to back up the MSDSS session directory, or change the default time when the MSDSS information should be backed up.

  3. If you choose to back up the session directory information you will be notified that the MSDSS service will need to be stopped . Choose Yes to continue.

  4. Upon completion of the backup, you will be prompted that the MSDSS service will need to be restarted. Choose Yes to restart the MSDSS service.

At any time, if the MSDSS session directory information gets corrupt or behaves erratically, the MSDSS information can be restored. To restore MSDSS, do the following:

  1. Select Start, Programs, Administrative Tools, MSDSS Backup & Restore Utility.

  2. Click on Restore Now to restore the MSDSS session directory.

  3. When notified that the MSDSS service will need to be stopped. Choose Yes to continue.

  4. Upon completion of the restoration, you will be prompted that the MSDSS service will need to be restarted. Choose Yes to restart the MSDSS service.



Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net