Microsoft Windows Server 2003 Unleashed (R2 Edition)

Microsoft has always been very good about offering utilities and services that migrate users off NetWare and onto the Windows network operating system (NOS). Interoperability with NetWare systems was not a high priority. Co-existence has become more streamlined since those days, however, with the development of the Gateway Services for NetWare (GSNW) and Services for NetWare (SFNW) utilities that make interoperability, as well as migration, more straightforward to accomplish.

Gateway Services for NetWare

Integration of a Windows environment with Novell network operating systems is simplified through the use of Gateway Services for NetWare, a robust integration product that allows Windows Server 2003 to integrate and share resources with Novell NetWare. GSNW provides for the following functional elements:

  • Windows Client access to file and print services on NetWare servers

  • NetWare Client service access to Windows file and print servers

Specific scenarios for GSNW include the following:

  • A Windows Server 2003 or Exchange server requires direct access to NetWare file or print services.

    One circumstance in which this service would be required is the extraction of NetWare accounts from a server or the source extraction of accounts from a NetWare-hosted messaging system such as GroupWise.

  • A company is migrating desktop clients from a Novell-based network to a Microsoft Windows Server 2003 network.

    The Microsoft-based clients that have been migrated over and no longer belong to the Novell network but require access to NetWare resources can access the NetWare resources through GSNW.

Note

A Windows server running GSNW can provide only a single gateway to one NetWare server at a time. Multiple simultaneous connections are not supported.

Using Services for NetWare

Services for NetWare (SFNW) 5.02 Service Pack 2 (SP2) provides companies with the tools to integrate or migrate Novell users and resources to Windows environments. SFNW provides the following tools:

  • File and print services for NetWare (FPNW)

  • Microsoft Directory Synchronization Services (MSDSS)

  • File Migration Utility (FMU)

Note

Older versions of Services for NetWare did not support Windows Server 2003. Service Pack 2 for SFNW 5.02 now supports installation on a Windows Server 2003 system.

Installing Services for NetWare 5.03

The installation of SFNW is not without its caveats. First and foremost, MSDSS needs to be installed on a domain controller and the forest schema of Active Directory needs to be extended. Because forest schema changes are not to be taken lightly, this factor alone warrants consideration before the installation procedure. After the schema has been upgraded, the base program can be installed and the latest service pack applied. To install SFNW, perform the following steps:

1.

Download or order SFNW 5.03 and run the MSSDS.MSI package from the media.

2.

If the schema hasn't been updated, a dialog box will appear indicating that the Schema Update Wizard will now start. Click OK to continue.

3.

Click Next at the Welcome screen.

Note

A schema extension is a very delicate task that affects all domain controllers in a forest and can cause a spike in replication traffic. Make sure you fully understand the implications of an extension on an environment before proceeding.

4.

Setup will inform you that the AD schema will be extended, as illustrated in Figure 8.7. Click OK to extend the schema for MSDSS.

5.

After the schema has been extended, click Finish.

6.

At this point, make sure the schema extension gets replicated across the forest, either naturally or forcibly with the repadmin tool. After the schema extension has propagated, double-click on the msdss.msi package again.

7.

Click Next at the Welcome screen.

8.

Read the license, accept the terms, and click Next to continue.

9.

Select Microsoft Directory Synchronization Services, as illustrated in Figure 8.8, and click Next to continue.

10.

Enter the name and the organization and click Next.

11.

Select Custom Install and click Next.

12.

Select the desired options as illustrated in Figure 8.9 and click Next to continue.

13.

Click Next to begin the installation.

14.

After the installation completes, click Finish and then click Yes when prompted to reboot.

Figure 8.7. Choosing to extend the AD schema for MSDSS.

Figure 8.8. Choosing to install MSDSS.

Figure 8.9. Reviewing installation options for SFNW.

Services for NetWare is now installed and ready for configuration. The applications will be listed under the Administrative Tools menu, as illustrated in Figure 8.10.

Figure 8.10. Finding the Services for NetWare Admin tools.

File and Print Services for NetWare

File and Print Services for NetWare is a back-end service that allows a Windows server to emulate a NetWare File and Print Server. NetWare clients can connect to the file and printer shares as if they were connecting to a Novell server. Novell clients use the same user interface to access file and printer resources running on an FPNW server. Essentially, FPNW allows an FPNW server to spoof an existing NetWare server after it has been retired, allowing administrators the time to gradually migrate desktops over to the Windows environment.

Specific scenarios for FPNW include the following:

  • A company needs to retire an aging Novell 3.12 server without having to make any network configuration changes to the NetWare desktop clients. The Windows Server 2003 running FPNW would be configured with the same file and print services as the Novell 3.12 server.

  • A company is migrating from a Novell-based network to a Microsoft Windows Server 2003 network. During the migration, Novell-based clients that have not yet been migrated to the Windows Server 2003 network can access the file and print services that have already been migrated over to Windows Server 2003 through FPNW.

Microsoft Directory Synchronization Services

Microsoft Directory Synchronization Services (MSDSS) is a tool used for synchronization of directory information stored in the Active Directory and Novell Directory Services (NDS). MSDSS synchronizes directory information stored in Active Directory with all versions of NetWare; MSDSS supports a two-way synchronization with NDS and a one-way synchronization with Novell 3.x bindery services.

Because Active Directory does not support a container comparable to an NDS root organization and because Active Directory security differs from Novell, MSDSS, in migration mode only, creates a corresponding domain local security group in Active Directory for each NDS organizational unit (OU) and organization. MSDSS then maps each Novell OU or organization to the corresponding Active Directory domain local security group.

MSDSS provides a single point of administration. With a one-way synchronization, changes made to Active Directory will be propagated over to NDS during synchronization. Synchronization from Active Directory to NDS allows changes to object attributes, such as a user's middle name or address, to be propagated. In two-way synchronization mode, changes from NDS to Active Directory require a full synchronization of the object (all attributes of the user object).

One of the key benefits to MSDSS is password synchronization. Passwords can be administered in Active Directory and the changes propagated over to NDS during synchronization. Password synchronization allows users access to Windows Server 2003 and NDS resources with the same logon credentials.

The MSDSS architecture is made up of the following three components. These components manage, map, read, and write changes that occur in Active Directory, NDS, and NetWare bindery services.

  • Session Manager The configuration of the synchronization parameters is handled by this component. For example, you could create separate sessions for different NDS containers that required different synchronization parameters.

  • Object Mapper Relates objects to each other (class, attributes, namespace, rights, and permissions) between the source and target directories.

  • DirSync Provider Changes to each directory are handled by a DirSync (read/write) provider. Light-weight Directory Access Protocol (LDAP) is used for Active Directory calls and NetWare NCP calls for NDS and NetWare binderies.

In addition to the core components of MSDSS, the session configuration settings (session database) are securely stored in Active Directory.

Specific scenarios for MSDSS would include the following:

  • A company is migrating directly from Novell to a Windows Server 2003 network. All network services such as DNS, DHCP, and IIS services are running on a single server. MSDSS can be used to migrate all users and files over to Windows Server 2003 after all services have been migrated.

  • A company is gradually migrating from Novell to a Windows Server 2003 network. The network services such as DNS, DHCP, and IIS are installed on multiple servers and sites. MSDSS can be used to migrate and synchronize AD and NDS directories during the migration.

Migrating Using the File Migration Utility

The File Migration Utility is used to automatically manage the migration of files from NetWare file and print servers to Windows Server 2003 systems.

Integrated with MSDSS, FMU copies files while preserving the permissions and access control lists (ACLs) associated with each file. FMU copies the file permissions using a user-mapping file that matches an NDS user account with an Active Directory account. Through this mapping file created with MSDSS, files and the rights inherited or assigned in NetWare are calculated and maintained in the Windows network, preserving security and minimizing the time-consuming process of reassigning file rights and permissions. Without the mapping file, FMU will assign file permissions on all migrated files to the administrator.

Note

The File Migration Utility will directly map the effective rights of NetWare file folders and files to Windows based on the closest Windows security equivalent. Because NTFS Security does not exactly match with Novell Security, there are some approximations done in this process that should be understood.

Related

Категории