Back to Contents Page

Configuring Systems in a Heterogeneous Environment

Dell™ PowerVault™ 745N NAS Systems Administrator's Guide

  Server for Network File System (NFS)

  Services for Macintosh

  Services for the Novell NetWare Operating System

  Microsoft Directory Synchronization Services

This section provides information about configuring the Microsoft® Windows® Storage Server 2003 operating system to work with other operating systems.

To perform the procedures in this section, you must use the Remote Desktop. To access the Remote Desktop, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. From the NAS Manager, click Maintenance.
   
   
3. Click Remote Desktop.
   
   
4. Log on as an administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

Server for Network File System (NFS)

Server for NFS can be used to provide disk resources from systems running Windows NT, Windows 2000, and Windows Server 2003 to any system on your network that supports NFS. To administer Server for NFS, perform the following steps:

1. Log into the NAS Manager.
   
   
2. Click Maintenance, and then click Services.
   
   
3. Click Server for NFS, and then click Startup.
   
   
4. In the Set Service Properties window, select whether you want Server for NFS to start automatically, manually, or whether you want to disable it.
   
   
5. Click OK.
   
   

NFS Write Cache

NFS write cache is enabled on Windows Storage Server 2003 Standard Edition.

User Name Mapping

User Name Mapping provides mapping of names between the UNIX® and Windows environments. You can configure User Name Mapping from the MMC Console or by using the NAS Manager to configure properties for the NFS Sharing Protocol. With User Name Mapping, you can create simple maps between Windows user accounts and corresponding UNIX accounts. You can also use the Advanced Map feature to map accounts with dissimilar names. Because UNIX user names are case-sensitive, and Windows operating system names are not, the use of User Name Mapping can greatly simplify maintaining and managing accounts in the two environments. User Name Mapping uses Network Information Service (NIS) or local Personal Computer Network File System (PCNFS) user and group files to authenticate users. Also, User Name Mapping supports bidirectional one-to-many mapping, allowing you to map a single UNIX or Windows operating system account to multiple accounts in the other environment. For example, you can map more than one administrative account in a Windows operating system to the UNIX root account.

Special Mappings

By default, the root user for the UNIX client is mapped to an unmapped user. This setting is commonly known as "root squashing." When an NFS authentication request is made for a user name mapped to an unmapped user, the result is an anonymous user ID (UID) and group ID (GID). These IDs are typically -2 and -1, respectively. Any files created by such a user will show file ownership as an anonymous Windows user.

NOTE: To prevent root squashing for specific NFS shares, the UNIX root user and group must be mapped to the Windows administrator user and group. The access type for the NFS share's permissions must also be set to root for each applicable client or client group.

Configuring User and Group Mappings

To provide security for server files accessed from a UNIX environment, Server for NFS requires the system administrator to map UNIX user and group accounts to Windows accounts either on the server or in a Windows Domain. Users then have equivalent access rights under UNIX as they have under Microsoft Windows. Alternatively, Web sites with less stringent security needs can bypass the mapping procedure and treat all UNIX users as anonymous users.

User and Group Mapping lets you create maps between Windows and UNIX user and group accounts even though the user and group names in both environments may not be identical. You can use simple maps, which map Windows and UNIX accounts with identical names. You can also create advanced maps to associate Windows and UNIX accounts with different names. You can also use a combination of simple and advanced maps. With User and Group Mappings, you can obtain UNIX user and group information from one or more NIS servers or from imported passwd and group files.

NOTE: Only a user's primary GID is used by Server for NFS for user/group name mapping. Secondary GIDs are ignored. When adding a new user mapping, always create an associated group mapping for that user's primary GID. Users whose primary GIDs are not also mapped will be associated with the anonymous group.

To create user and group name maps, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. From the NAS Manager, click Shares.
   
   
3. Click Sharing Protocols.
   
   
4. Click NFS Protocol, and then click Properties.
   
   
5. Click User and Group Mappings.
   
   
6. Use the User and Group Mappings window to define your user and group maps.
   
   

To configure the type of server to be used to access UNIX user and group names, perform the following steps:

1. On the User and Group Mappings window, click General.
   
   
2. Click Use NIS server, or click Use password and group files to select the server type.
   
   
3. Depending on whether you use an NIS server or password and group files, perform one of the following steps:
   
   
   • For password and group files, specify the location and filename of the UNIX password file and UNIX group file.
     
     

NOTE: The UNIX password file and group file formats must conform to the UNIX standard for these files.

• For NIS server, type the NIS domain and, optionally, the name of the NIS server.
  
  

4. Click OK to apply the configuration.
   
   

Simple Maps

If enabled, simple maps create automatic mappings between UNIX users and Microsoft Windows users that share the same user name. In a simple user map, users in a Windows domain are implicitly mapped one-to-one to UNIX users on the basis of user name. When the Windows domain and the UNIX passwd and group files or NIS domain are identified, the simple-maps function maps users who have the same name in the Windows and UNIX or NIS domain. If no match exists for a user name in either place, that user is not mapped.

To define simple maps, perform the following steps:

1. In the User and Group Mappings window, click Simple Mapping.
   
   
2. Click Enable Simple Mapping.
   
   
3. On the Windows domain list, select the server name, or the domain to which the server belongs.
   
   

If you select the server name, only the local users and groups will be mapped.

4. Click OK to create the maps.
   
   

Explicit User Maps

User and group mapping also allows an administrator to create cross-platform maps among Microsoft Windows and UNIX users and groups, even when the user and group names in both environments are not identical. These maps are called explicit mappings.

User and group mapping allows you set up one-to-one or one-to-many mappings among Windows and UNIX users and groups. For example, a Windows user name could be mapped to a UNIX user name, or a group of Windows users could be mapped to a single UNIX user account. You can also map a group of UNIX users to a single Windows user account; however, this can present problems that are detailed in the online help for Services for UNIX. Explicit user maps can also be used when the same person has different user names on Windows and UNIX accounts.

NOTE: Only a user's primary GID is used by Server for NFS for user/group name mapping. Secondary GIDs are ignored. When adding a new user mapping, always create an associated group mapping for that user's primary GID. Users whose primary GIDs are not also mapped will be associated with the anonymous group.

If you are defining explicit maps, you create user and group maps individually. To create explicit maps, perform the following steps:

1. On the User and Group Mappings window, click Explicit User Mapping to create user maps, or click Explicit Group Mapping to create group maps.
   
   
2. Specify the Windows Domain. If the server is configured as PCNFS, go to step 4.
   
   
3. Click List UNIX Users or List UNIX Groups button to populate the UNIX Users or Unix Group box.
   
   
4. Create map entries by selecting a Windows user or group and a UID or GID from the list and clicking Add.
   
   
5. Click OK to create the maps.
   
   

To delete explicit user maps, perform the following steps:

1. In the User and Group Mappings window menu, select the user or group mapping you want to delete from the Explicitly mapped users or group list
   
   
2. Click Remove.
   
   
3. Click OK.
   
   

Managing NFS Share Access

Access is granted or denied to each NFS share based on the client computer accessing the share. Client access can be granted based on an individual computer or a client group. A client group contains one or more client host names.

To create an NFS client group, perform the following steps:

1. Log into the NAS Manager.
   
   
2. Click Shares, and click Sharing Protocols.
   
   
3. Select NFS, and then click Properties.
   
   
4. Click Client Groups.
   
   
5. In the Tasks list, click New.
   
   
6. On the Create New NFS Client Group page, type the group name you want to add in the Group name box.
   
   
7. In the Client name or IP address box, type the system name or IP address you want to add to the group.
   
   
8. Click Add.
   
   
9. Click OK.
   
   

To add a client or client group to an NFS share, perform the following steps:

1. Log into the NAS Manager.
   
   
2. Click Shares.
   
   
3. On the Shares page, Click Shares.
   
   
4. Select the share for which you want to add an NFS client or client group.
   
   

For information on how to create a share, see "Using Shares" in "NAS Manager."

5. In the Tasks list, click Properties.
   
   
6. Click the UNIX Sharing tab.
   
   
7. Select the machine or group from the list on the left, or type an NFS client computer name or IP address in the box on the right.
   
   
8. Select the degree of control the specified client can exercise over files in the share from the Access Permissions list.
   
   
9. Select the Allow root access check box to grant root access to the selected group.
   
   
10. Click Add.
    
    
11. Click OK.
    
    

To remove a client or client group from an NFS share, perform the following steps:

1. On the Shares page, click Shares.
   
   
2. Select the share for which you want to remove an NFS client or client group.
   
   
3. In the Tasks list, click Properties.
   
   
4. Click the UNIX Sharing tab.
   
   
5. Select the system or client group from the list in the center of the page, and then click Remove.
   
   
6. Click OK.
   
   

Basic Scenarios

For UNIX and Windows NT® user name mapping, an NIS Server must already exist in the UNIX environment, or UNIX user and group files must exist on the NAS system. User name mapping associates UNIX users and groups to Windows NT users and groups. You can use two types of maps, simple and explicit. Simple maps define a one-to-one relationship between the same user names and groups. Explicit maps define a relationship between dissimilar user names and groups.

Workgroup

In the workgroup scenario, you configure user name mapping locally on the NAS system. All maps are contained on this system, and Windows NT pass-through authentication is performed locally on the NAS system.

Domain

In the domain scenario, you configure user name mapping locally on the NAS system. All maps are contained on this system, but Windows NT pass-through authentication for domain users is performed by the domain controllers. This scenario requires that the Services for NFS Authentication component of Microsoft Services for UNIX 3.0 is installed on all domain controllers.

NOTE: SFU 3.0 is an optional component that you must purchase separately from Dell.

Filename Character Translation

Although Windows and UNIX file systems do not allow certain characters in filenames, the characters that are prohibited by each operating system are not the same. For example, a valid Windows filename can not contain a colon (:), but a UNIX filename can. If a UNIX user attempts to create a file in an NFS share and that file contains an illegal character for Windows in its name, the attempt will fail.

You can use filename character translation to replace characters that are not allowed in a file system by mapping them to characters that are valid. To enable filename character translation, create a text file that maps Windows to UNIX characters, and then modify the registry entry that specifies the path and name of the translation file.

The filename character translation text file is a list of mapped characters in a format such as the following:

0xnn : 0xnn [ ; comment ]

where nn is the hexadecimal value of the character

The entry for a map from the UNIX character ":" to the Windows character "-" in the filename character translation text is as follows:

0x3a : 0x2d ; Map ':' (0x3a) to '-' (0x2d)

To map the character combination "()" to the character "^", add the following entry:

0x28 0x29 : 0x5e ; Map '()' to '^'

To set up the character translation, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. From the NAS Manager, click Maintenance.
   
   
3. Click Remote Desktop.
   
   
4. Log on as an administrator.
   
   

NOTE: The default administrator user name is administrator and the default password is powervault.

5. Double-click the NAS Utilities icon on the desktop of the NAS system.
   
   
6. Double-click Administrative Tools.
   
   
7. Double-click Microsoft Services for Network File Systems.
   
   
8. Click Server for NFS.
   
   
9. On the right pane, click Server Settings.
   
   
10. Set the desired filename character translation.
    
    

Services for Macintosh

Services for Macintosh (SFM) provides the tools needed to integrate Macintosh and Windows networks by leveraging existing Macintosh network resource and expertise. SFM is disabled by default on the NAS system. See "Enabling the AppleTalk Protocol" for information about enabling SFM.

Enabling the AppleTalk Protocol

The AppleTalk protocol is disabled on the NAS system by default. You must enable the AppleTalk protocol for Macintosh clients to access the NAS system.

To enable the AppleTalk protocol, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. Click Shares.
   
   
3. Click Sharing Protocols.
   
   
4. Click AppleTalk Protocol, and then click Enable.
   
   

Disabling the AppleTalk Protocol

To disable the AppleTalk protocol, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. Click Shares.
   
   
3. Click Sharing Protocols.
   
   
4. Click AppleTalk Protocol, and then click Disable.
   
   

Configuring the AppleTalk Protocol

To configure the AppleTalk protocol, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. Click Shares.
   
   
3. Click Sharing Protocols.
   
   
4. Click AppleTalk Protocol, and then click Properties.
   
   
5. In the AppleTalk Service Properties window, type the log on message that will be displayed when the user logs on, click the Security check box if you allow workstations to save passwords and select the type of authentication to be used, and specify the number of concurrent sessions that are allowed.
   
   
6. Click OK to complete the configuration.
   
   

Adapter Bindings

SFM can bind to only one network adapter. By default, it is bound to the embedded 10/100 network adapter. To change the binding in systems with multiple network adapters, the AppleTalk protocol properties for the network adapter to be used by AppleTalk must be modified to accept inbound connections.

AppleTalk Protocol Adapter Binding

To modify the AppleTalk protocol adapter binding for systems with multiple network adapters, perform the following steps from the NAS Manager:

1. Log in to the NAS Manager.
   
   
2. Click Network.
   
   
3. Click Interfaces.
   
   
4. Click the radio button next to an enabled adapter to bind the AppleTalk protocol.
   
   

NOTE: The AppleTalk protocol must bind to an adapter that is enabled, regardless of whether the File Server for Macintosh is disabled.

5. On the Tasks menu, click AppleTalk.
   
   
6. Click the check box next to Enable inbound AppleTalk connections on this adapter.
   
   
7. Optionally, if you use AppleTalk zones, select the appropriate zone in the drop-down box.
   
   
8. Click OK.
   
   

Microsoft UAM Volume

A user authentication module (UAM) is a software program that prompts users for an account name and password before they log in to a server. The Macintosh Chooser has a standard UAM built in that uses the clear-text password or Apple's RandNum Exchange method of security.

Microsoft Authentication offers an additional level of security because the password is used as a key to encrypt a random number. If the system administrator has determined that encryption is an important security measure, you may be asked to use Microsoft Authentication in addition to Microsoft UAM authentication.

Requirements

To use Microsoft UAM 5.01, you must have a Macintosh client running AppleShare Client 3.8 or later or Macintosh 8.5 or later operating system. If you do not meet the minimum requirements, the Microsoft UAM Installer installs the old Microsoft UAM 1.0 module. If you upgrade your system software, you need to run the Microsoft UAM Installer again.

Installing User Authentication

Log in to the Microsoft UAM Volume on the system to access the MS UAM file, and then drag the file to the AppleShare Folder in your System folder.

To access the Microsoft authentication files on the system, perform the following steps:

1. Create a user with a password of less than eight characters.
   
   
   1. Log in to the NAS Manager.
      
      
   2. Click Users.
      
      
   3. Click Local Users.
      
      
   4. Click New.
      
      
   5. Complete the information in the Create New User window and click OK.
      
      

NOTE: The password can be no longer than eight characters. Passwords longer than eight characters cannot be used when mapping an Apple share without a UAM.

2. Click Chooser on the Macintosh Apple menu.
   
   
3. Double-click the AppleShare icon, and then click the AppleTalk zone in which the system with Services for Macintosh resides.
   
   

Ask your system administrator if you are not sure of the zone.

4. Select the system from the list of file servers, and click OK.
   
   
5. Click Registered User.
   
   
6. Enter the user name and password you created in step 1, and then click OK.
   
   
7. Select the Microsoft UAM Volume, and then click OK.
   
   
8. Close the Chooser dialog box.
   
   

To install the authentication files on the Macintosh workstation, perform the following steps:

1. Double-click Microsoft UAM Volume on the Macintosh desktop.
   
   
2. Double-click the Microsoft UAM Installer file on the Microsoft UAM volume.
   
   
3. Click Continue in the Installer Welcome screen.
   
   

The installer reports whether the installation succeeds.

If the installation succeeds, Macintosh users of this workstation are offered Microsoft Authentication when they connect to the system.

Restarting Workstation Services

If File Services for Macintosh cannot establish communications to the local remote procedure call (RPC) service, you may need to restart the Workstation Service.

To restart the Workstation Service, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. Click Maintenance, and then click Services.
   
   
3. Click Workstation, and then click Startup.
   
   
4. In the Set Service Properties window, select whether you want Server for NFS to start automatically, manually, or whether you want to disable it.
   
   
5. Click OK.
   
   

Services for the Novell NetWare Operating System

Services for NetWare (SFN) are compatible with Novell® NetWare® Bindery service for authentication and file access using the internetwork packet exchange/sequenced packet exchange (IPX/SPX) network protocol. Services for NetWare are disabled by default.

For information about enabling SFN, see the file install.rtf, which is located in the c:\sfn directory of your NAS system.

NOTE: SFN is not installed by default.

Sharing Netware Volumes

To add Netware volume shares on Windows Storage Server 2003, perform the following steps:

1. From a Remote Desktop session, click Start, point to Programs→ Administrative Tools, and click Server Manager.
   
   
2. In the Server Manager, click the FPNW menu, and then click Shared Volumes.
   
   
3. Click Create Volume.
   
   
4. In the Create Volume window, specify the volume name and path to share, and click OK.
   
   

NOTE: The specified volume must have been created earlier.

5. Click Close.
   
   

NOTE: You cannot use the NAS Manager to manage NetWare shares.

Viewing Netware System Properties

To view Netware system properties on Windows Storage Server 2003, perform the following steps:

1. From a Remote Desktop session, click Start, point to Programs→ Administrative Tools, and click Server Manager.
   
   
2. In Server Manager, click the FPNW menu, and then click Properties
   
   

Configuring the NWLink IPX/SPX Compatible Protocol

To configure this protocol, you need the internal network number, frame type, and network number.

Internal Network Number

Internal network numbers are used for internal routing and are generally needed only for servers. You should not need to change this option on your system.

Frame Type and Network Number

Frame types define the packet formats that are used by different networks. All systems in a network must have the same frame type so that they can communicate with the rest of the network.

When you are configuring your system, it attempts to automatically detect the frame type for the client. In most cases, this is successful. However, the automatic detection feature occasionally selects an inappropriate frame type, usually because more than one frame type exists on the network. If this happens, you should manually set the frame type to match the one specified on the server running NetWare.

NOTE: If more than one frame type exists, select the one that is detected first. For example, if the frame types Ethernet 802.2 and Ethernet 802.3 are bound to the same segment, configure frame type Ethernet 802.2. The order of detection is Ethernet 802.2, Ethernet 802.3, Ethernet II, and then Ethernet SNAP.

Configuring the IPX Protocol

By default, the Internet Packet Exchange (IPX) protocol is configured on the NAS system to automatically detect frame types. To use the IPX protocol, you must change your NAS system's IPX properties to manually detect frame types.

To configure IPX to manually detect frame types, perform the following steps:

1. Log in to the NAS Manager.
   
   
2. Click Maintenance, and then click Remote Desktop.
   
   
3. Log in to the NAS system as an administrator.
   
   

NOTE: The default administrative user name is administrator and the default password is powervault.

4. Right-click Network Places on the NAS system's desktop, and then click Properties.
   
   
5. In the Network Connections window, right-click the network adapter used by the NAS system and select Properties.
   
   
6. In the Local Area Connection Properties window, click NWLink/IPX/NetBIOS Compatible Transport Protocol, and click Properties.
   
   
7. In the NWLink/IPX/NetBIOS Compatible Transport Protocol window, select Manual Frame type detection.
   
   
8. Click Add.
   
   
9. In the Manual Frame Detection window, select a frame type, enter a network number for the IPX network, and then click OK.
   
   
10. Click OK.
    
    
11. Click OK to close the Local Area Connection window.
    
    
12. Close the Network and Dial-Up Connections window.
    
    

The IPX protocol is now configured on the NAS system to manually detect frame types.

Microsoft Directory Synchronization Services

Microsoft Directory Synchronization Services (MSDSS) allows you to synchronize a wide variety of data stored in the Active Directory service with Novell Directory Service (NDS) and NetWare 3.x binderies.

MSDSS is a highly flexible service that helps Novell users to perform the following tasks:

• Adopt Windows 2000 Server and the Active Directory service
  
  
• Reduce directory management through two-way synchronization
  
  
• Migrate NDS and bindery information to Windows 2000 Server
  
  

MSDSS supports two-way synchronization with NDS and one-way synchronization with NetWare 3.x binderies to provide a complete directory interoperability solution. MSDSS also supports password synchronization and provides a directory migration service.

MSDSS allows NetWare users to deploy Active Directory without having to replace existing directories or bear the cost of managing two separate directories. As a result, users have the flexibility to:

• Consolidate directory management when multiple directories are required
  
  
• Manage accounts from either directory
  
  
• Use directory-enabled applications, devices, and services based on the Windows 2000 Active Directory service
  
  

MSDSS is easy to use and makes synchronization and Active Directory setup easy through its management interface. It is fully featured to allow users a choice of management, synchronization, and migration options.

MSDSS supports all major NetWare platforms and most Novell directories and binderies, and it includes support for IPX/SPX and TCP/IP network protocols.

Windows Server 2003 MSDSS Domain Controller

To implement MSDSS, you must install the Windows Server 2003 operating system and the MSDSS software (available on the Microsoft Services for NetWare Version 5 or later CD) on at least one system. In Windows Server 2003, when you promote a system running Windows Server 2003 to an Active Directory server, it becomes a domain controller. You use this domain controller to configure Active Directory, install MSDSS, and then import information from the existing NetWare environment.

The larger the environment, the more new servers you need. If you are planning to have more than one domain, then you need new hardware for the first domain controller in each domain.

You must also install Novell Client Access software on the MSDSS server or servers. MSDSS uses Novell Client Access to authenticate and to access NDS. While accessing NDS, it authenticates, but does not use a license. MSDSS also uses Novell Client Access to map one directory's contents to another, taking into account the fact that the object classes in Novell's NDS or bindery directories are different from Active Directory object classes. Novell Client Access is also required to use the File Migration utility to migrate files.

You can install Novell Client Access in four modes: IP only, IPX only, IP and IPX combined, and IP with IPX Compatibility. Most NetWare environments still use IPX. MSDSS works in all the modes because it uses Novell Client Access to access the lower layers.

If you are migrating NDS, you can import the user and group information from one NDS server to the MSDSS server because you have one user database per tree. You can then migrate the file system. Remember that each Novell server has its own file system, which is not replicated to other servers (whereas NDS is replicated to other servers). After the files are migrated, you can uninstall NDS from the server to provide more space for the Windows Server 2003 operating system.

Outline of the MSDSS Deployment Procedure

The next two sections describe the procedures for implementing MSDSS in a smaller (local area network [LAN] only) or larger (wide area network [WAN]) network. You should adapt the guidelines to suit your environment and goals.

Small Environment

A small company with a LAN-based, simple network is often a likely candidate for a quick migration. After doing all the preparations described in the previous section, perform the following steps (adjusted, if necessary, to your situation):

1. Back up your NetWare system and user data.
   
   
2. Install and configure a Windows domain controller (see the documentation that came with your operating system software).
   
   
3. Install the Novell Client for Windows from the Novell website at www.novell.com/download.
   
   
4. Replace services or applications that require NDS with software that is compatible with Active Directory. (Remove NDS applications before you begin using MSDSS, except for ZENworks, which can be replaced by IntelliMirror at any time.)
   
   
5. Install MSDSS from the system DomainUtils share.
   
   

NOTE: To access MSDSS software, map a network drive to \\Dellxxxxxxx\DomainUtils, where xxxxxxx is the system's service tag number. For example, if your service tag number is 1234567, type http://DELL1234567.

6. Log in to the NDS tree or bindery server as administrator.
   
   
7. Log in to the appropriate Windows domain as a member of the Domain Admins group.
   
   
8. On the MSDSS server, open the Help files, and then print out the procedures "To perform a one-time migration" and "To migrate files."
   
   
9. Click the Start button, and then point to Programs→ Administrative Tools→ Directory Synchronization to start MSDSS.
   
   
10. Follow the instructions as described in the help topic "To perform a one-time migration." The prompts guide you through the following steps:
    
    
    1. Right-click MSDSS in the console tree, and then click New Session to start the New Session Wizard.
       
       
    2. Specify whether objects are to be copied from NDS or Bindery.
       
       
    3. Click Migration.
       
       
    4. If you plan to migrate files as well as directory objects, click the Migrate Files check box.
       
       

You must also run the File Migration utility.

5. Specify the path to the Active Directory container in which you want to copy items.
   
   
6. Accept the default domain controller in which to store the migration log.
   
   
7. Specify the NDS Container or Bindery Container from which to copy items.
   
   
8. Provide the name and password of the Novell administrative account.
   
   
9. On the Initial Reverse Synchronization page, specify the password options (such as Set passwords to the user name.)
   
   

When you are performing a migration, this page does not include the option to actually perform an initial reverse synchronization, but it is the page where you specify which password option you want to use.

10. Set Synchronization mode to Default object mapping or to Custom object mapping.
    
    
11. If you selected Custom object mapping, you are prompted to manually establish one-to- one relationships between pairs of objects.
    
    
12. Click Finish.
    
    

NOTE: The following step is optional.

11. After the user accounts are migrated, you can migrate the file system (migrating the users before the files allows you to migrate file-system permissions). Follow the instructions in the help topic "To migrate files." The prompts guide you through the following steps:
    
    
    • To start the File Migration Utility, click the Start button and point to Programs→ Administrative Tools→ File Migration Utility.
      
      

To view mapping relationships, click View Maps.

• To view mapped access rights for the users, groups, organization units, and organizations to be migrated, click Access Rights.
  
  

The NDS Modify option converts, by default, to Read because it does not have an equivalent NFTS right. You might want to click the Write check box to allow read/write access.

• On the Step 2 — Security Accounts tab, verify that you are logged on with the correct Active Directory, NDS, or Bindery credentials.
  
  
• On the Step 3 — Source and Target tab under Source (NDS/Bindery), click the volume or directories from which you want to migrate files. Under Target (Active Directory), click the shares or directories to which you want to migrate files, click the Map button, and then click Next.
  
  

If the NDS or Bindery volume you selected in the source tree displays Unavailable, you are not currently logged in to that tree or Bindery server. Log in, and then press <F5> after reselecting the volume to view the directories within the displayed volume.

• On the Step 4 — Log File tab, select your logging options, and then click Next.
  
  
• On the Step 5 — Scan tab, click Scan, and then click Next.
  
  

The utility scans all source volumes and counts and displays the number of directories and files in each. It ensures that proper access has been given to each source volume, directory, and file. If any errors occur, the utility displays them under NetWare scan logs and Windows scan logs, respectively. You can select a number of acceptable errors; if this number is exceeded, the process aborts, allowing you to return to previous steps to correct the errors.

• On the Step 6 — Migrate tab, click Migrate.
  
  

Manually migrate (or use third-party utilities to migrate) object security permissions and system accounts, printer objects, application objects, and other objects that MSDSS does not migrate from Bindery or NDS to Active Directory. (MSDSS migrates NetWare user accounts, groups, and distribution lists for Bindery and NDS, and, for NDS only, MSDSS also migrates NDS organizational units and organizations.)

12. Upgrade your server(s) running NetWare to the Windows 2000 Server or Professional, or Windows Storage Server 2003, operating system.
    
    
13. On each Windows desktop in your NetWare network, uninstall Novell Client Access.
    
    

You must configure the desktops to join the Windows 2000 domain.

14. Optionally, upgrade NetWare clients (workstations) to the Windows 2000 Professional operating system.
    
    
15. Configure all client systems (both Windows and non-Windows), to join the Windows domain.
    
    

Be sure that the users know how to handle their password the first time they log in (for possible password options, see "MSDSS Password Management" in "MSDSS Deployment: Understanding Synchronization and Migration)" at www.microsoft.com.

Medium-Sized or Large Environment

An organization large enough to have WAN links probably selects to synchronize its networks temporarily while performing a gradual migration over time (up to 3 months for a large network), or it prefers to use synchronization to establish a mixed Novell/Windows network on a long-term basis. If you plan a staged migration, one-way synchronization is often the appropriate method.

After preparing as described above, perform the following steps (adjusted, if necessary, to your situation):

1. Back up your NetWare user and system data.
   
   
2. Install and configure a Windows domain controller (see the documentation that came with your operating system software).
   
   
3. Install the Novell Client for Windows from the Novell website at www.novell.com/download.
   
   
4. Install MSDSS from the NAS system DomainUtils share.
   
   

NOTE: To access MSDSS software, map a network drive to \\Dellxxxxxxx\DomainUtils, where xxxxxxx is the system's service tag number. For example, if your service tag number is 1234567, type http://DELL1234567.

5. Log in to the NDS tree or Bindery server with administrative credentials.
   
   
6. Log in to the appropriate Windows domain as a member of the Domain Admins group.
   
   
7. On the MSDSS server, open the help files, and then print out the topics "To perform a one- way synchronization" or "To perform a two-way synchronization."
   
   
8. Click the Start button, point to Programs→ Administrative Tools→ Directory Synchronization to start MSDSS, and then allow the prompts to guide you through the following tasks:
   
   
   1. Start the New Session Wizard (right-click MSDSS in the console tree).
      
      
   2. Select Novell Bindery or Novell Directory Services (NDS) for one-way synchronization, or select Novell Directory Services (NDS) for two-way synchronization.
      
      
   3. Select One-way synchronization (from Active Directory to NDS or Bindery) or select Two-way synchronization (from Active Directory to NDS and back).
      
      
   4. Specify the path to the Active Directory container into which you want to copy items.
      
      
   5. Accept the default domain controller in which to store the session database.
      
      
   6. Specify the NDS Container or Bindery Container from which to copy items.
      
      
   7. Provide the name and password of the Novell administrative account.
      
      
   8. On the Initial Reverse Synchronization page, select Perform an initial reverse synchronization and specify the password options (such as Set passwords to the user name).
      
      
   9. On the Object Mapping Scheme page, click Default (to accept the default mapping for each source and target directory pair) or Custom (for NDS only), and then click Object Mapping Table (to specify objects for which you want to establish a one-to-one relationship, regardless of the object location in either directory tree).
      
      

MSDSS does not support custom object mapping for Bindery.

10. Also on the Object Mapping Scheme page, click Filters if you want to configure a filter for this synchronization session.
    
    
11. On the Session Name page, accept the default session name or specify a new name.
    
    
12. Click Finish.
    
    

9. If you selected one-way synchronization, perform all user, group, and NDS organizational unit container (OU) object management from Active Directory. If you established two-way synchronization, you can manage user, group, and OU objects from either Active Directory or NDS.
   
   
10. If you plan long-term coexistence between Active Directory and NetWare, you are now finished, unless you want to migrate a subset of users, systems, and/or files. If you plan to continue by migrating in stages from NetWare to Active Directory, perform the following tasks when convenient:
    
    
    • Install and configure File and Print Services for NetWare (to allow NetWare clients access to files and printers on Windows servers) and Gateway Services for NetWare (to allow Windows clients access files and printers on NetWare servers).
      
      
    • Replace services or applications that require NDS with commensurate software compatible with Active Directory. Perform large conversions (such as GroupWise to Exchange) as separate projects.
      
      
    • Migrate the pilot group of users and their files (Adapt the instructions from the migration steps provided in "Small Environment."). Get the pilot group's feedback, and then set a schedule to migrate additional groups of users, according to the priorities you have established.
      
      
    • Migrate the rest of the users as appropriate (For example, if you migrate the set of applications they use, migrate the users as well).
      
      

For more information, see the Novell website at support.novell.com/servlet/Knowledgebase and the Microsoft website at www.microsoft.com.

Back to Contents Page