Splitting eDirectory Trees
Novell Cool Solutions: Trench
By Jim Henderson
Digg This -
Posted: 19 Oct 2001
In today's changing business world of acquisitions, mergers, and divisional sell offs, a very common question about eDirectory is how to split a tree in such a way that allows the two new businesses to continue operating independently rather than as part of the same eDirectory tree.
Novell published a solution for splitting eDirectory trees in the support Knowledgebase -- TID number 10050607. While this solution is clearly labeled as a solution that is not supported by Novell, it's definitely a solution that works, and has been used by several companies to split a tree successfully.
There are a couple of other methods for achieving the same end result without actually splitting the tree. One method is to export user information from the "source" tree and create an import process using UIMPORT or some other tool to create users in the new tree. (The ICE portion of ConsoleOne works good for this.) A third approach, if you have the resources available, is to use a synchronization tool like DirXML or Synchronicity.
By using these approaches you save more than just user objects, you preserve password information for the users; something that may be an important consideration for the newly-created company or sold-off division. In some cases, all you need is the user objects themselves -- particularly if the new organization already has a structure that they simply need to merge the new user information into (using DSMERGE or another utility) before reorganizing it into the new locations. Password preservation may or may not be important to the situation. Each tree split situation has unique business requirements that need to be examined before proceeding with the technical solution.
Here's an example: A large company is selling off a subsidiary organization to a competitor. The large company decided not to inform the technical staff of this change until a week before the sale was to be completed because the subsidiary is part of the competitor's network. Password preservation, in this case, is not considered to be an important enough reason to engage in a drawn out process of splitting the trees. With only about 100 users affected, the amount of information that needs to be preserved is limited to user and trustee information in the file system.
In this particular case, an object export/import can use NLIST to store the information in a text file. Then the text file can be manipulated to create a data file to be used with UIMPORT. A new server and a new tree can be built, and data can be backed up and restored to the new hardware (trustee information was not restored). New users are created using the scripts. With a relatively small number of users, trustee assignments can be made by the administrator of the new tree as he/she deems appropriate. The sale is completed, the networks disconnected, and the users in the larger remaining tree are not impacted.
One of the advantages of using a synchronization solution instead of the tree split method used in the example is the ability to pre-stage the changes. With a synchronization solution you can run several "dry runs" through the process to ensure that the information is synchronized properly and that when the separation takes place, the latest possible data is available for the portion of the tree being split off. Through the use of a transformational join engine (such as the one in DirXML), you can also restructure the tree if that's a requirement for the organization being split off. Generally speaking, you don't want to re-engineer at a time like this, but if the portion being split off is small enough, you may need to do some reorganization in order for things to work the way they need to in the new organization (for example, if the split off portion is to be merged into another eDirectory tree in the new organization).
In any case, the advantages and disadvantages of each option need to be weighed before deciding to move forward with a tree split. And no two sets of circumstances will be exactly the same.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com