Novell LDAP to AD LDAP

[Stephen Moore]

Hi folks,

I've been tasked to figure out a way to port my
organization's current NDS LDAP to Active Directory.
This organization lives and dies by LDAP; it's probably
the most highly-utilized authentication directory, and
it's been centralized on Novell 5.1's eDirectory.

We already have an Active Directory setup, run by another
division. What we need to happen now is set up a game
plan for folding the NDS LDAP into that newer structure,
so we can turn down the Novell servers. (This is
something which should have been thought of long before
my arrival here, but this is how these things go.)

Does anyone know of any references out there I can turn
to?

Thanks,

Steve Moore

 

[Marc Scheuner]

We already have an Active Directory setup, run by another

division. What we need to happen now is set up a game
plan for folding the NDS LDAP into that newer structure,
so we can turn down the Novell servers.

Are you talking about migrating the existing directory objects and
files from eDirectory/Novell to Active Directory/Win Server? Or are
you talking about how your programming environment will look like?

If you're interested in moving directory objects and files and
preserving permissions as you go, have a look at Quest's NDS Migrator
- it is designed to do just that (disclaimer: I used to be the project
lead on this, so I might be biased):

http://www.quest.com/nds_migrator/

If you're talking about programming - well, both systems use LDAP,
which should be identical (in theory). However, once you've moved to
AD, you might want to look at some more high-level, more productive
programming interfaces, such as ADSI (Active Directory Service
Interfaces) or System.DirectoryServices (for .NET languages) instead
of straight, bare-bones LDAP calls.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

 

[Sandy]

Watch out for schema and functional differences.
Most schema extensions that are used by apps should be easily fixed by
extending AD's schema as required, however NDS eDirectory has some features
which are not available in Active Directory (e.g. dynamic groups).

-Sandy

 

[Marc Scheuner]

Most schema extensions that are used by apps should be easily fixed by

extending AD's schema as required, however NDS eDirectory has some features
which are not available in Active Directory (e.g. dynamic groups).

Several of which we modelled in NDS MIgrator to be mapped to AD
equivalents - or whatever was most appropriate in AD (e.g. NDS
Organizational Roles are mapped to AD groups).

Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

 

[Anon]

I think that Novell also offers a product called DirXML that will port AD to
eDir and vice versa. So to help you along you can maybe manage two seperate
directories that talk to each other?

Just a thought.

Luis

 

[Opti_mystic]

Keeping in mind that DirXML is a co-existence tool, which
would allow both Microsoft AD and Novell eDir to be
managed via the Novell management tools. If you are
certain that you are migrating to AD, perhaps the
Microsoft Directory Services Synchronization tool named
MSDSS is the right tool for this job.

Please see the links: (url's will wrap)

HOW TO: Migrate Users from NetWare to Windows 2000 with
the MSDSS Tool and One-Time Migration
http://support.microsoft.com/default.aspx?scid=kb;en-
us;301542

Novell DirXML Features and Benefits:
http://www.novell.com/products/dirxml/features.html

HTH. Good luck and keep us posted.

Opti_mystic