Novell Home

Scanning eDirectory Data Into ZAM (ZENworks Asset Management)

Novell Cool Solutions: Feature
By Art Flores

Digg This - Slashdot This

Posted: 31 May 2007

Novell ZAM 7.5 server, Novell NetWare 6.5 SP5 server, and Windows XP clients.

Problem: Empty data fields on the workstation detail report.

Solution: Using variables, we can fill in those empty data fields with useful data.


Installing the ZAM 7.5 server in Standalone mode is very easy compared to Enterprise mode. After getting the ZAM client deployed, and performing some pilot inventories, I started examining the inventory data in the canned reports.

I was impressed with the Web browser-based interface (aka the Web Console), the software application usage data, and the many canned reports.

While looking over the workstation detail report, I noticed a lot of data fields were empty. The fields that I am referring to are the Department, Email, Telephone, Site, Building, Floor, Room, Cost Center, and Domain.

Pat Nurre of Novell shared some technical tips with me about how to fill in these empty fields with data from eDirectory.

I needed to update our login script to set some new DOS environment variables using data from the NetWare Login Identifier Variables.

In an effort to identify what data I had available to me from eDirectory, I built a new login script file called Net_Vars.dat. I got these identifier variables from TID 10020568.

I added the variable %INTERNET_EMAIL_ADDRESS to the list, after seeing that the variable %EMAIL_ADDRESS was not returning the data I was looking for. I found this other email variable using Nlist.exe.

To see how I found it, run the following command:
Nlist user /d

If you get the message "No User objects were found.", use the CX utility to change to the specific context of the container where you have your user objects, then try the command again.

If you would like to see what kind of data you can get from eDirectory, here is a paste of the Net_Vars.dat file.

;List of commonly used login script identifier variables.

Write "Running Sys:Login\Net_Vars.dat"
WRITE "Access Server                       : %ACCESS_SERVER"
WRITE "Account Balance                  : %ACCOUNT_BALANCE"
WRITE "Administrative Assistant         : %ADMINISTRATIVE_ASSISTANT"
WRITE "Allow Unlimited Credit            : %ALLOW_UNLIMITED_CREDIT"
WRITE "Certificate Validity Interval     : %CERTIFICATE_VALIDITY_INTERVAL"
WRITE "CN (Common Name)             : %CN"
WRITE "Description                           : %DESCRIPTION"
WRITE "E-Mail Address                     : %EMAIL_ADDRESS"
WRITE "ERROR LEVEL                   : %ERROR_LEVEL"
WRITE "Equivalent To Me                : %EQUIVALENT_TO_ME"
WRITE "Fax Number                         : %FACSIMILE_TELEPHONE_NUMBER"
WRITE "File Server                           : %FILE_SERVER"
WRITE "Full Name                            : %FULL_NAME"
WRITE "Generational Qualifier          : %GENERATIONAL_QUALIFIER"
WRITE "Given Name                        : %GIVEN_NAME"
WRITE "Group Membership              : %GROUP_MEMBERSHIP"
WRITE "Higher Privileges                 : %HIGHER_PRIVILEGES"
WRITE "Home directory                    : %HOME_DIRECTORY"
WRITE "Initials                                  : %INITIALS"
WRITE "Internet Email Address         : %INTERNET_EMAIL_ADDRESS"
WRITE "L (Locality)                           : %L"
WRITE "Language                            : %LANGUAGE"
WRITE "Last Name                           : %LAST_NAME"
WRITE "Locked By Intruder              : %LOCKED_BY_INTRUDER"
WRITE "Login Alias context              : %LOGIN_ALIAS_CONTEXT"
WRITE "Login Context                      : %LOGIN_CONTEXT"
WRITE "Login Disabled                    : %LOGIN_DISABLED"
WRITE "Login Grace Limit                : %LOGIN_GRACE_LIMIT"
WRITE "Login Grace Remaining      : %LOGIN_GRACE_REMAINING"
WRITE "Login Maximum Simultaneous       : %LOGIN_MAXIMUM_SIMULTANEOUS"
WRITE "Login Name                        : %LOGIN_NAME"
WRITE "Machine                             : %MACHINE"
WRITE "Mailbox ID                          : %MAILBOX_ID"
WRITE "Mailbox Location                : %MAILBOX_LOCATION"
WRITE "Mailstop                             : %MAILSTOP"
WRITE "Message Server                 : %MESSAGE_SERVER"
WRITE "Minimum Account Balance          : %MINIMUM_ACCOUNT_BALANCE"
WRITE "Network Address                : %NETWORK"
WRITE "Network address restriction      : %NETWORK_ADDRESS_RESTRICTION"
WRITE "New Mail                            : %NEW_MAIL"
WRITE "Object Class                       : %OBJECT_CLASS"
WRITE "OS                                     : %OS"
WRITE "OS Version                        : %OS_VERSION"
WRITE "OU (Department)               : %OU"
WRITE "Password Allow Change            : %PASSWORD_ALLOW_CHANGE"
WRITE "Password Expires              : %PASSWORD_EXPIRES"
WRITE "Password Minimum Length          : %PASSWORD_MINIMUM_LENGTH"
WRITE "Password Required           : %PASSWORD_REQUIRED"
WRITE "Password Unique required         : %PASSWORD_UNIQUE_REQUIRED"
WRITE "Passwords Used                : %PASSWORDS_USED"
WRITE "Physical Delivery Office Name    : %PHYSICAL_DELIVERY_OFFICE_NAME"
WRITE "Physical Station                 : %P_STATION"
WRITE "Postal Address                   : %POSTAL_ADDRESS"
WRITE "Postal Code                       : %POSTAL_CODE"
WRITE "Postal Office Box               : %POSTAL_OFFICE_BOX"
WRITE "Private Key                        : %PRIVATE_KEY"
WRITE "Profile                                : %PROFILE"
WRITE "Requester Context            : %REQUESTER_CONTEXT"
WRITE "Requester Version            : %REQUESTER_VERSION"
WRITE "Revision                            : %REVISION"
WRITE "S (State)                            : %S"
WRITE "SA (Street Address)           : %SA"
WRITE "Security Equals                 : %SECURITY_EQUALS"
WRITE "Security Flags                   : %SECURITY_FLAGS"
WRITE "See Also                           : %SEE_ALSO"
WRITE "Server Holds                     : %SERVER_HOLDS"
WRITE "Shell Version                     : %SHELL_VERSION"
WRITE "Short machine type           : %SMACHINE"
WRITE "Station                              : %STATION"
WRITE "Supervisor                        : %SUPERVISOR"
WRITE "Surname                           : %SURNAME"
WRITE "Telephone number           : %TELEPHONE_NUMBER"
WRITE "Title                                  : %TITLE"
WRITE "User ID                             : %USER_ID"
WRITE "Greeting time                    : %GREETING_TIME"
WRITE "Hours                               : %HOURS"
WRITE "Hour in military                  : %HOUR24"
WRITE "Minutes                            : %MINUTE"
WRITE "Seconds                          : %SECOND"
WRITE "AM OR PM                      : %AM_PM"
WRITE "DAY                                 : %DAY"
WRITE "Day of the week              : %DAY_OF_WEEK"
WRITE "Number of day of the week        : %NDAY_OF_WEEK"
WRITE "Month                              : %MONTH"
WRITE "Name of Month                : %MONTH_NAME"
WRITE "Year by last two digits      : %SHORT_YEAR"
WRITE "Full Year                          : %YEAR"
WRITE "COMSPEC                      : "; <COMSPEC>
WRITE "TZ (Timezone)                : "; <TZ>
Write "Exiting Sys:Login\Net_Vars.dat\n"


After looking over the variables and data available from eDirectory, I decided that I would populate the following fields in ZAM: Department, Email, Telephone, Site, and Cost Center.

The ZAM Department, Email, and Telephone fields are being filled in with the DOS environment variables DEPT, MAIL, and PHONE, which are being set in our login script file called global.dat.

The system login script file global.dat, and the VB snippet listed later were written by code warrior Jason Low. I added in the call to LastLoginTime, and the new DOS environment variables.

Here is a paste of our system login script with the new variables being set.

;Sys:Login\Global.dat script launched by container login script.
;Login script to establish standard network drive mappings and
;environment variables for Windows desktops.
;Identifier variables enclosed in quotation marks and precede
;by a percent sign (%) must be uppercase!

Write ""
Write "\nRunning Sys:Login\Global.dat"
Write "%OS %WINVER"

If OS="WIN98" or OS="WINNT" Then Goto Win98NT
Goto Exit

;Do not let login script sync WinNT PC time with NW server
If OS="WINNT" Then Set_Time Off

;Do not map root unless its explicit

Map          *1:=%FILE_SERVER\Sys:
Map Root      J:=%HOME_DIRECTORY
Map Root      K:=%FILE_SERVER\Vol1:Data\Shared
Map           M:=%FILE_SERVER\Mail:
Map Root      P:=%FILE_SERVER\Vol1:Data\General
Map           Q:=%FILE_SERVER\Vol1:
Map Root      T:=%FILE_SERVER\Vol1:Data
Map Root S16:=Y:=%FILE_SERVER\Vol1:Apps
Map      S16:=Z:=%FILE_SERVER\Sys:Public


;NET_ID is used for the ALPS-EC download
Dos Set DEPT="%OU"

; Run WSH script
If OS_VERSION="V5.01" Then #Wscript.exe Y:\Wsh\Xp\Login.vbs

Goto Exit


Write "Exiting Sys:Login\Global.dat\n"

The ZAM Site field is being filled in with the DOS environment variable SITE. The Site variable is being defined and set outside of global.dat.

Here is an example of how we are configuring the Site variable and the call to global.dat. This code is found in the properties of the server's container, in the Login Script tab.

DOS SET SITE="Austin, Office 701"

The ZAM Cost Center field is being filled in with the system environment variable IMGBLD. We are using the Cost Center field to track versions of our Windows XP standard image. The IMGBLD variable is being set using VB script.

Below is a print screen of our Novell Login prompt.

Here is the VB code that sets the variable IMGBLD.

'Set IMGBLD system environment variable to XP image build # for ZAM - Jason 4/6/07
On Error Resume Next
Set objEnv = objWS.Environment("System")
objEnv("IMGBLD") = Right (objWS.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NWGINA\Welcome Screen\Header Message"), 4)

As you can see from the print screen, the image build version information is set in the Novell Client Caption parameter, and can be read from the registry. After the above VB code runs, IMGBLD will be set to the value of 3.2a.

My first attempt to set the IMGBLD variable was done with the following login script code.

REGREAD "HKLM,SOFTWARE\Novell\NWGINA\Welcome Screen,Header Message"
IF "%99"<>"" THEN
Write "Found %99"
DOS SET IMGBLD="%99"<<26
Write "Image Build: ";<IMGBLD>

The above code works, however, after further testing, I found that this code only worked on users that had local Administrator level rights.

We use ZEN DLU (dynamic local user) policies to manage end users through membership in the Users, Power Users, and Administrator groups. Since most of our users are locked down with restricted permissions, we had to find another way to read the registry key.

The VB code works on locked down users because we run the script from a ZEN application object as "Unsecure System User". The "unsecure system user" uses the local System user account, which has local administrator rights, so the application inherits the credentials and has full rights to the registry and file system.

To configure the ZAM scanner to pick up the data being put into the environment variables after running the login script, make these changes.

  1. From the ZAM Manager, double click the Default Option Set, at the General tab, at the Run Collection Editor options, select the Always radio button.
  2. Next, click the Collection Editor tab, click the Configure button for the User Tab, for the Email and Phone fields, set the Default Value to the DOS environment variables %MAIL% and %PHONE%, set the AutoFill column option to Always.

  3. Click the Configure button for the Workstation Tab, set the Default Value to the DOS environment variables %SITE%, %DEPT%, %IMGBLD%, and %PHONE%, we use the Cost Center for IMGBLD, set the AutoFill column option to Always.

  4. After making the configuration changes, click the General tab, at the Run Collection Editor options, set this option back to Never, or however you have it configured for your environment, and save the changes.

Scan some PCs on demand, and check your workstation detail report. The workstation detail report should now have these fields filled with data.

If some of your machines workstation detail report show the Login Name as SYSTEM, and the fields are still empty, when the scanner ran, nobody was logged into the machine. When the scanner runs with the user logged in, the variables are set, and everything should work. I learned about this from TID 3977419 ZAM workstation shows SYSTEM for Login Name and [NetBIOS_Name] for User Name

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© 2014 Novell