AppNote: eDirectory Administration on Windows
Novell Cool Solutions: AppNote
By Jeff Fischer
Digg This -
Posted: 11 Nov 2003
Wonder how to administer eDirectory running on a Windows Server and use the common NetWare tools on Windows 2000? Look no further. Jeff Fischer tells all.
Many long time NetWare enthusiasts, such as myself, may wonder where in the world is the "NetWare Server Console" on a Windows box running eDirectory.
Before you panic (or get excited) thinking that the NetWare tools for Windows are DOS based, you can rest easily because the tools have been graphically built. In fact, the tools have been integrated into the Windows Control Panel as a Control Panel applet called Novell eDirectory Services.
This provides a different interface for those of us diehard NetWare Console experts, but fits the architecture of Novell services running on the Windows platform. You can run Windows with or without the eDirectory services and you can configure the services from one location.
In order to access all eDirectory tools on Windows 2000, you go to the Start Menu > Settings > Control Panel > Novell eDirectory Services. This brings up a separate dialog box with a list of all the Novell eDirectory services and tools available on the box. It is the same box you use to start and stop Windows 2000 services so you may recognize it if you have managed services on Windows 2000. The following image is a screen shot of the Novell eDirectory Services window.
Most of the services in the eDirectory Services window will be familiar. Most of the services have just been ported directly over to Windows with an extension of .dlm instead of nlm. Just like Windows services, you can configure most eDirectory services to startup authomatically upon bootup, or start the service manually upon your command. Some services can provide additional configuration information by clicking on the Configuration button.
Let's take a look at some of the eDirectory .dlm's that run on Windows.
DConServ.dlm - This object represents the NCP server service that operates on a server running eDirectory. It is a core service of eDirectory that is managed by the system. It essentially represents the server object in the Directory tree.
DS.dlm - This service is the eDirectory service. This .dlm is the same as DS.nlm on a NetWare server. Stopping or starting this service is just like unloading and loading DS.nlm on a NetWare server since this service hosts the eDirectory tree. You can see additional configuration information by clicking the Configuration button. This brings up a dialog box as shown in the following screen shot.
On the Directory Agent tab, you see the eDirectory version, and local referral address for the eDirectory server. On the Directory Client tab, you see the bootstrap address that can be filled in if necessary and routing parameters that can be tuned.
The Bindery Emulation tab allows the eDirectory server to support legacy applications that require Bindery information instead of NDS information. You can enable Bindery emulation and input the contexts you need as bindery contexts for the server.
On the Trace tab, you can select to see miscellaneous information in the DSTrace screen. Click the button for the information you need to see. You should already have open DSTrace and enable the +Misc flag to see the information.
On the Triggers tab, you can select to run NDS background processes. The process will begin immediately after the button is pressed to begin the process.
On the Server States tab, you can see the threshold interval that an eDirectory server will use before contacting a down server.
In the Intervals tab, you can specify the default time interval for the NDS background processes to wait before they run.
DSBrowse.dlm - This is the same Browser program on NetWare. Highlight the option and click on Start. A window will appear like the following screen shot.
The DSBrowse on NetWare follows the same design as all other NetWare console applications, but navigating DSBrowse for Windows is a little different.
The Tree Browser view is the easiest the navigate. Go to the view menu and select Tree Browser and you will see tree views for objects and the schema. Highlight on an entry and you will see details about that entry. You can easily browse through the every object in the tree and through all the attributes as well.
Unlike DSBrowse for NetWare, you can synchronize and even delete and object in DSBrowse for Windows.
DSMerge.dlm - DSMerge is basically the same utility as well. You can merge trees, graft a server into a tree or rename a tree. You can see stats on the servers in the tree such as eDirectory version, eDirectory name, status and time sync type and status. Here is a screen shot of DSMerge.dlm.
DSRepair.dlm - "The Hammer" as it is sometimes called because of its power has also been ported over to Windows. It includes all of the functionality of DSRepair for NetWare, only in a different interface. It is similar to NDS Manager as far as look and functionality. The nice thing about DSRepair.dlm is that it supports the switches that you may have been accustomed to using on NetWare. Here is a screen shot of DSRepair.dlm.
For example, the -A option is supported to allow for the Advanced options like declaring a new epoch. Running DSRepair.dlm with the -A is the same as running DSRepair.nlm with the -A. To run DSRepair.nlm with a switch, just hightlight DSRepair.dlm and type -A in the Startup Parameters box. Then click Start and DSRepair.dlm will run with the option you specified. Here is a table for other switches that DSRepair supports. With other switches, the application may not necessarily launch the window, but will run in the background and you can check the log file for results of the operation.
|D||Specifies a Dib set other than NDS|
|L||Specify a different log file|
|A||Opens Advanced options|
|N||Number of days a Net Address property is allowed for a user object|
|P||Marks all unknown classes as referenced|
|U||Runs an unattended full repair|
|RC||Creates a database dump file called DSRepair.dib|
|RD||Repairs local database|
|RI||Repairs remote server ID's|
|RL||Specifies an alternate log file. The existing file is deleted first instead of appended to like the -L option|
|RM||Sets this server as the master in the replica ring of the specified replica|
|RN||Repairs network addresses|
|RR||Repairs the specified partition root|
|RV||Performs a volume object repair|
|RVT||Volume object repair and trustee check of all trustees on the volume|
|INS||Performs a post NetWare 5 schema update|
|XK2||Removes all the replicas from the server. Use extreme caution when you use this switch. Call Novell Technical Support for help|
|XK3||(Updated 02/23/2010): Removes all backlinks from the server. Any that are required will be recreated next time the backlinker runs. This switch can help resolve stuck obituaries and -618 errors, and won't cause any harm.|
To check a log file, open the DSRepair window and go to the file menu. Click Open Log File and select the DSRepair log in the File/Open dialog box. The results of the log file will be displayed.
You can also edit the options for the log file. You can select to overwrite to the log file or append to it each time an operation is run. You can also select to clear all of the contents of the log file. You can also select a different file to be the log file DSRepair sends output to. Here is a screen shot of the Log file Options dialog.
Within DSRepair, you can select and expand the partitions or servers. Obviously, you will see the servers in the tree by expanding the Servers category and likewise for the partitions. You can then select a server or a partition and perform an operation on it such as a synchronization or a repair, just as you would use DSRepair on NetWare.
DSTrace.dlm - DSTrace is a great tool for monitoring Directory traffice and Directory output. It allows you to monitor eDirectory server-server commnication and synchronization. The following image is a screen shot of DSTrace.dlm.
The nice thing about DSTrace.dlm is that DSTrace is now graphical. This means that you don't have to memorize all the DSTrace flags, but you can select which flags you need to see. To specify the flags to see eDirectory output on the DSTrace screen, open the Edit menu and click options and you will see the following screen. Check the options you want to see and click OK to see the output on the DSTrace screen. Here is a screen shot of the Options box.
One other nice feature of the DSTrace screen on Windows is the ability to pause the output on the screen. If you double-click on the status bar on the bottom of the window, the screen will pause so that the output on the screen can be read. It can then be unpaused by again double clicking on the screen and DSTrace will resume normally.
Install.dlm - The last utility we'll discuss for now is the Install.dlm utility. This utility provides the ability to make a backup of the eDirectory DIB set and to add to the eDirectory schema by using schema extension (.sch) files. Here is a screen shot of the Install.dlm utility.
Using this utility, you can make a backup of your eDirectory information for a hardware upgrade or migration or backup your server information for fault tolerance. After you backup your information, you can specify to restore it as well.
To backup your eDirectory tree, follow the steps below.
- Launch the Install.dlm window.
- Choose the appropriate option to backup the server information or backup the Directory before a hardware migration.
- Click Next.
- Enter the admin user, context and password.
- Click Next.
- Specify the location on the file system where the DIB set will be written to.
- Click Next.
- Check the status of the backup on the screen and click Done.
We have just covered how to use the eDirectory tools on a Windows server. eDirectory administration isn't a whole lot different on Windows than on NetWare, other than the different look of the tools. Next month, we'll talk about running eDirectory tools on Linux and Linux as a desktop on an eDirectory network.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com