Built-in eDirectory Tools: DSRepair and eMbox
Novell Cool Solutions: Feature
Digg This -
Posted: 10 Nov 2004
Two of the most useful eDirectory utilities are DSRepair and Hot Continuous Backup/Restore. Here are some handy tips to help you get familiar with these utilities and use them effectively. For the full BrainShare presentation (TUT 252) on these tools, click here.
Purpose of DSRepair
DSRepair provides low-level maintenance capabilities to address a wide range of problems that may arise in eDirectory. These problems may be originated by:
- Third-party products
- DIB (Data Information Base) inconsistencies
- Hardware failure
What DSRepair IS
DSRepair checks integrity of information stored in NDS and eDirectory databases (DIBs), both at the physical level and the logical level. It detects and fixes the majority of integrity problems that have been identified to occur in NDS and eDirectory DIBs. It also provides time synchronization diagnosis information for NDS and eDirectory.
What DSRepair IS NOT
- It is not magic
- It cannot re-create lost data, however it can initiate synchronization of lost data from a remote replica
- For security reasons, it does not re-create admin or supervisor objects
- It is not a day-to-day management tool
- It is not a partition or replica manager
- Repair functions are not meant for health checking
Important: You should only use advanced maintenance features to repair the tree.
Using DSRepair Appropriately
Most DSRepair options are used to fix problems, not to perform routine management operations. It's not uncommon for Novell support to have to clean up problems made far worse by well-intentioned misuse of DSRepair.
You should run DSRepair when you see specific problems. It is not recommended to run repair options every day or every week to check the tree health. For health check and diagnostics, use the iMonitor tool. See also TID 10060600.
Be aware that some DSRepair options are destructive (by necessity). For example: Removal of a replica from a server should be done via iManager or ConsoleOne. DSRepair allows you to forcibly remove a replica, but this is not the same removing a replica via iManager or ConsoleOne.
Use care with Rebuild Operational Schema - use it only to fix schema problems so severe that nothing else will get the schema back to a usable, known state. Misuse can cause the operational schema on older servers in your tree to be different from what they had at installation time and may lead to schema conflicts on older versions of eDirectory or NDS.
Misuse could undo schema modifications made by administrators or applications and may break the application or cause a security hole. Here's a common example: The PUBLIC flag is removed from an attribute for security reasons then gets added back by Rebuild Operational Schema.
Also, don't use an advanced (-a or --x switch) DSRepair option unless you understand what it does. Make sure you're doing it at the right time, for the right reason. Also, be sure time is in sync before using advanced options.
More DSRepair Tips and Tricks
- Use DSRepair functions from iMonitor - fix the problem when you see it.
- Limit the scope of your DSRepair operation.
- Deselect unneeded options.
- Only repair a single object or a single partition at a time.
- Partition operations are not allowed while repairing.
- Repairing network address only works where SAP, SLP, or DNS are properly configured.
- Use Hot Continous Backup instead of DSRepair for disaster recovery.
Hot Continuous Backup/Restore
eDirectory provides hot continuous backup with distribution across multiple sites and servers to ensure ongoing availability of security services. This keeps business data accessible and systems secure. The tool that provides hot continuous backup is the eDirectory Backup eMTool.
This feature is new in eDirectory 8.7 and is integrated with iManager. Hot continuous backup is:
- Highly-scalable ? it handles trees with millions of entries
- Highly-available ? it works on live eDirectory servers
- Able to maintain references between entries after recovery
According to the Novell documentation, "You can back up eDirectory on your server without closing the database, and you still get a complete backup that is a snapshot of the moment when the backup began. This feature means that you can create a backup at any time and eDirectory will be accessible throughout the process. (Hot continuous backup is the default behavior---you can specify a "cold" backup with the database closed, if required.)"
"The new backup also lets you turn on roll-forward logging to keep a record of transactions in the database since the last backup, so you can restore a server to the state it was in at the moment before it went down. You MUST turn on roll-forward logging for servers that participate in a replica ring, so that you can restore a server back to the synchronization state that the other servers expect. If you don't, when you try to restore from your backup files you will get errors and the database will not open. Roll-forward logging is off by default."
For more information on hot continuous backup and the Novell eMbox utility, see: http://www.novell.com/documentation/edir87/index.html?page=/documentation/edir87/edir87/data/a2n4mb7.html
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com