MSDSS-NDS-CSNW transparent logon problems

[Guest]

Hi
I’m bringing a (smaller) Novell Netware environment into a (larger) Windows 2000 environment. The Novell users will keep the NDS and file and print serves, but they will access mail and several applications in the AD domain

I want the logon to both environments to be as transparent as possible
I’ve set up MSDSS on the domain controller with one-way sync
My client PC have CSNW
First time I log on to a PC I must set the NDS tree and context or server (I can live with this
When a user changes the password, it must be done on both win and NDS. This is not good. Is not the whole point of MSDSS to avoid interacting with both NDS and AD
Is there a way to let the user only change the windows password, and the let MSDSS make sure it ends up in NDS
Also, with setting a user password in AD (as an admin) and forcing the user to change password on next login, this password (the noe set by admin) is not synced by MSDSS. Can I make this happen

Thanks
-Terr

 

[Stephen Carter]

Hi.
I’m bringing a (smaller) Novell Netware environment into a (larger) Windows 2000 environment. The Novell users will keep the NDS and file and print serves, but they will access mail and several applications in the AD domain.

I want the logon to both environments to be as transparent as possible.
I’ve set up MSDSS on the domain controller with one-way sync.
My client PC have CSNW.
First time I log on to a PC I must set the NDS tree and context or server (I can live with this)
When a user changes the password, it must be done on both win and NDS. This is not good. Is not the whole point of MSDSS to avoid interacting with both NDS and AD?
Is there a way to let the user only change the windows password, and the let MSDSS make sure it ends up in NDS?
Also, with setting a user password in AD (as an admin) and forcing the user to change password on next login, this password (the noe set by admin) is not synced by MSDSS. Can I make this happen?

Thanks,
-Terry

Password syncing is a little tricky, but does work. The most important
point to bear in mind is that MSDSS doesn't sync immediately, so
although you've changed their AD password, their NDS password won't
change until the next forward sync.
Also by default if you change a password in AD, MSDSS will expire the
password on the NDS account. You'll need to turn off password
expiration on all NDS accounts to fix this.

My personal experience has been that MSDSS has always a little flakey,
and doesn't tollerate errors well, in either directory.

Now that DirXML starter pack (AD - eDir sync) is a free option with
NW6.5 this is what I recommend and although it's a little more work to
setup it's been a lot more reliable.

There's no reason why MSDSS shouldn't work but make sure ALL NW servers
are running the absolute latest versions of DS available and you don't
have a big mix (NDS 6 on NW4, NDS7 on NW5, eDir 8.x on NW5-6.x) that
will increase changes of problems too.

SteveC