Novell is now a part of Micro Focus

Single Object Recovery through DeTroubler

Novell Cool Solutions: Feature
By Roy Lopez

Digg This - Slashdot This

Posted: 23 Jun 2004

Single Object Recovery through DeTroubler

by Roy Lopez, Technology Client Advisor, Blackbird Group, Inc.

This article focuses on DeTroubler for NDS and eDirectory, the unique disaster recovery solution for Novell's Directory Services. As this article illustrates, one of DeTroubler's key abilities is restoring single objects.

With Novell's NDS, and eDirectory, organizations across a broad range of industries can easily implement the best directory service to act as the foundation for building business processes. But what happens when you discover that object corruption has occurred? How can you reduce the time needed for resolution? If you could rapidly recover any object within your Directory Service, how much could your organization save in time and money?

The technology that helps you to answer those questions is DeTroubler, and this article provides you with the technical details behind the DeTroubler solution. To get a more generalized view of DeTroublers' capabilities, see the Cool Solutions article written by Rob Sabey, former Novell eDirectory Partner Manager, at:

The Setup

For this article, the Novell NetWare 6.5 SP1 Digital Airlines Image CD serves as the Directory and Server environment. Here are the basic setup steps:

  1. Bring the CD image online.
  2. Because the Directory on this image has not been active for a while, you need to run an unattended dsrepair to repair the modification time stamp issues.
  3. To install DeTroubler onto your server, request an evaluation copy from After you have successfully downloaded the code, you will receive a license via the email address submitted.
  4. Apply the license into the ou=services.o=da container, which is the container where the server object exists.
  5. For purposes of learning the magic behind the DeTroubler technology, modify the specified .INI files in sys:\dt4nds, as shown below:

    Note: The default configuration works for normal usage. DeTroubler adds no schema modification or objects into the Directory. All configuration is done via the .INI files and are documented in the DeTroubler Configuration Guide.

  7. Access the server console and issue the command NDSB. This NLM will perform a user object license check, backup the directory schema, and then the rest of the objects within your Digital Airlines tree.
  8. Confirm that your workstation environment has a valid time zone variable for your location (tz=EST5EDT).
  9. To view your backup via the DeTroubler Restore Client, located in the sys:\public\win32 directory, run NDSBRNT.EXE.

Once you execute this file you will see the Digital Airlines Tree in the left panel, while in the right panel you will see a date and time of the backup performed. With that concluded, you're ready for object recovery.

The Issue

Our user AMark works in Marketing at the Salt Lake City location. Normally, when AMark logs into the directory he is given access to a local workstation, the home directory, and through group membership is assigned access to the collaboration system, which in this case is GroupWise 6.5. During the evening it is discovered that an operation failed, and the failure was determined to be caused by a few corrupted user objects, including the AMark object. In haste to get the operation to complete, the night administrator decides to delete the user objects. This allows the operation to continue but leaves the issue of deleted user objects unresolved.

In the morning, AMark cannot log in to the network. After several unsuccessful attempts, he logs in locally and tries to access GroupWise. GroupWise returns an LDAP failure, and then the phone rings at the corporate help desk.

In the meantime, while reading the night log, the morning administrator realizes that the deleted user objects need to be recovered. So he uses rconsole to access the servers that held replicas where the deleted user objects existed. Then he uses dsbrowse to determine whether the obituaries have cleared. If they have not, the user object will appear as a Deleted_Entry, so the backlinker process must be forced in order to remove the obituary. Then an NDS Health Check will be run to assure the present consistency of the Directory. Once the NDS Health Check successfully concludes, all systems are go to begin the restoration of the objects.

At this point the administrator accesses the DeTroubler Restore Client, clicks on the appropriate user objects, including AMark, and executes the restore operation. Within less than a minute, all the affected user objects are restored. Then the telephone rings. It's AMark, explaining his login problems. The administrator informs him that they are aware of the issue and have corrected the situation, and that he should retry his network login.

AMark now successfully logs into the directory with the existing password. Then he is given access to the local workstation and to the home directory and files, and he can access GroupWise 6.5. The issue is solved! Now let's look at how DeTroubler performs this magic ...

The Technology behind the Solution

It is important to note that several key things were just restored for user AMark:

  • User object
  • Encrypted password information
  • User object association to the everyone group
  • User object association to the post office
  • User object directory and file trustee rights

In the DeTroubler architecture there are two processes that automatically work to assure that you can restore any object within your directory tree. They are the Backup Engine and File Server Agent(s).

The Backup Engine is responsible for the on-line backup and restoration of your NDS objects, which includes detecting the associations, and links between objects. Once triggered by the scheduler, the Backup Engine amasses this information into either a Btrieve or a Pervasive SQL database on your Backup Engine Server. Then through NDSBRLA.NLM, it provides for the restoration of objects back into your tree.

The File Server Agent is responsible for the on-line backup and restoration of your directory, file trusteeships, server-specific information, and bindery object information on individual servers within your tree. Once triggered by the scheduler, the File Server Agent amasses this information and communicates it through the connection endpoint (CONNENDPT.NLM) back to the backup engine server. From there the information is integrated into the respective object records.

By modifying the .INI files as mentioned earlier, you now have a better view of the mechanics behind the backup and subsequent, successful restore of the AMark user object.

Log Excerpts: Backup and Restore

Sample excerpts from Backup and Restore logs are shown below for your reference.


Backing up .CN=AMark.OU=MARKETING.OU=SLC.O=DA (User)
Sending link for .CN=AMark.OU=MARKETING.OU=SLC.O=DA, remote object=[Root] to server NW65DA2
Sending link for .CN=AMark.OU=MARKETING.OU=SLC.O=DA, remote
object=.CN=Everyone.OU=GW65.OU=Services.O=DA to server NW65DA2
Sending link for .CN=AMark.OU=MARKETING.OU=SLC.O=DA, remote
object=.CN=NW65DA2_SYS.OU=Services.O=DA to server NW65DA2
Sending link for .CN=AMark.OU=MARKETING.OU=SLC.O=DA, remote
object=.CN=NW65DA2.OU=Services.O=DA to server NW65DA2
Sending link for .CN=AMark.OU=MARKETING.OU=SLC.O=DA, remote
object=.CN=PO.OU=GW65.OU=Services.O=DA to server NW65DA2
Adding file trustee for .CN=AMark.OU=MARKETING.OU=SLC.O=DA on server .CN=NW65DA2.OU=Services.O=DA for file SYS:\USERS\AMARK with rights 000000DB


Reading history for .CN=AMark.OU=MARKETING.OU=SLC.O=DA
Restore request received for .CN=AMark.OU=MARKETING.OU=SLC.O= DA, flags = 00000000, utc = FFFFFFFE
Restore request forwarded to NW65DA2
Restore request for .CN=AMark.OU=MARKETING.OU=SLC.O=DA, Flags = 00000000
Setting File trustee assignment on server nw65da2 for Serial number 0
Object .CN=AMark.OU=MARKETING.OU=SLC.O=DA(User) had old ID 32 840000 on Server .cn=nw65da2.ou=services.o=da, information came from SerialNumber 0
Informing .cn=po.ou=gw65.ou=services.o=da for Serialnumber 0, remote Object is .CN=AMark.OU=MARKETING.OU=SLC.O=DA
Informing .cn=everyone.ou=gw65.ou=services.o=da for Serialnumber 0, remote Object is .CN=AMark.OU=MARKETING.OU=SLC.O=DA
Restore successful.

Reading through the above log excerpts, you now have the technical insight into how DeTroubler performs its backup and restoration of a single object. And that was just for a single object. The reality is that DeTroubler can do the same for any single object, any container, and all the way up to an automated, full tree restore.

Benefits for eDirectory Customers

DeTroubler provides solid benefits to all Novell NDS and eDirectory customers, as the basis of their production environment:

  • Supports NetWare 4.11 through 6.5, and NDS 6.21c through eDirectory 8.73 SPx
  • Automates the in-place restore of your entire tree, including all partitioning and replica information
  • Recovers single objects or portions of the tree, including all links between the objects, with a single mouse click
  • Easily restores encrypted information from Novell SecretStore, Novell Certificate Server objects, Novell iChain, NMAS and public/private key pairs
  • Enables off-line, production tree implementation into your lab environment
  • Easily undoes changes made to your tree

DeTroubler has been developed by Future Gate in Germany and is under exclusive distribution in the Americas and Scandinavia by the Blackbird Group. If you'd like to learn more about DeTroubler, which provides Disaster Recovery of your NDS and eDirectory objects, visit its Web site at:

Send us your feedback regarding additions to the existing supported feature set, or for other products that you think can use our services to expand their market reach. Contact us at:

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates