Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.

Published byKevin Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc."— Presentation transcript:

1 www.novell.com Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc. roakes@novell.com Richard Moore Consultant Novell, Inc. RiMoore@novell.com Scott McCallum Consultant Novell, Inc. rmccallum@novell.com

2 Introduction Novell vision Introduction to NAM for Active Directory (AD) NAM components Designing a NAM infrastructure Managing AD domains using NAM NAM DirXML ™ components Customer case studies Question and answer

3 Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

4

5 Introduction to NAM for AD Point technology which synchronizes Active Directory to eDirectory™ using DirXML Includes pre-configured DirXML stylesheets for simple installation Adds functionality to synchronize passwords bi-directionally Provides synchronization of user accounts Provides Management of both AD and eDirectory groups (not synchronization)

6 NAM for AD Components DirXML Active Directory DirXML Driver Account Management Setup Wizard ConsoleOne ® Snap-in Password Synchronization Service Password Filter

7 NAM for AD Components DirXML Meta-directory solution for eDirectory Based on DirXML 1.0 Provides the User Account Synchronization Automatically creates eDirectory accounts for newly created AD accounts Bi-directionally synchronizes associated user objects

8 NAM for AD Components AD DirXML Driver Win32 services which uses ADSI and LDAP to synchronize changes to and from AD Runs on Windows 2000 Member Server or Domain Controller

9 NAM for AD Components Setup Wizard Installs preconfigured DirXML components to sync AD to/from eDirectory Allows initial import of AD users to eDirectory  Currently can’t be run a subsequent time Allows initial import of AD Domain structure into eDirectory  Domains  OUs

10 NAM for AD Components ConsoleOne Snap-in Allows management of both eDirectory and AD users and groups Allows configuration of synchronization rules for each AD container Allows for password management Allows for configuration of DirXML components

11 NAM for AD Components Password Synchronization Service Responsible for keeping AD and eDirectory passwords synchronized Runs on Windows 2000 Member Servers or DCs Must have at least one per Active Directory domain Recommend multiple for fault tolerance

12 NAM for AD Components Password Synchronization Filter Intercepts AD password changes, and synchronizes them to eDirectory by connecting to a password synchronization service NWPwdFilt.DLL Must be installed on ALL domain controllers Control Panel Applet allows configuration and installation of additional filters Information on Microsoft Password filters— http://msdn.microsoft.com/library/default.asp?url=/library/ en-us/security/security/password_filters_start_page.asp

13 Designing a NAM Infrastructure DirXML driver requirements Password Synchronization Service placement Minimum patch requirements Password filter considerations

14 Designing a NAM Infrastructure DirXML Driver Requirements Driver must be installed on W2K Member Server (or DC) with eDirectory installed eDirectory must contain a replica of all partitions with users you wish to synchronize  May be a filtered replica  Must be a master to support user moves

15 Designing a NAM Infrastructure Password Synchronization Placement Driver must be installed on W2K Member Server (or DC) with eDirectory installed eDirectory must contain a replica of all partitions with users you wish to synchronize  May be a filtered replica  Must be a master to support user moves Upgrade to latest version

16 Designing a NAM Infrastructure Password Filter Considerations Must be installed on ALL domain controllers Upgrade to latest version

17 Designing a NAM Infrastructure Minimum Patch Requirements Check the product support pages for NAM 2.1 Windows 2000—Service Pack 2 eDirectory 85.23 Patch—edir8523.exe eDirectory on Win32 Patch—eDirW32.exe NAM for AD/W2k Patch—AMW2ksp1.exe If running NAM for AD on Win32 with eDir 8.6.1 DirXML 1.0 Engine patch—dxntp1.exe

18 Managing AD Domains Using NAM User Object AD Forest Object AD OU Object  Configure eDirectory OU to synchronize also Keep in mind  New AD users—Automatically created in eDirectory  New eDirectory Users—Manually assigned to AD eDirectory treats AD domains like a group object You may assign same eDirectory user to multiple AD domains

19 NAM DirXML Components DirXML Filtered Replica  Filtered replicas contain a filtered set of objects or object classes along with a filtered set of attributes and values for those objects  A filtered replica can construct a view of eDirectory data onto a single server  The descriptions of the server’s scope and data filters are stored in eDirectory and can be managed through the Server object in ConsoleOne

20 NAM DirXML Components DirXML Filtered Replica  Reduce synchronization traffic to the server by reducing the amount of data that must be replicated from other servers  Reduce the number of events that must be filtered by DirXML  Reduce the size of the directory database

21 NAM DirXML Components DirXML Driver  Represents an application being integrated with eDirectory—these are the components and configuration information found on the driver object DirXML Stylesheets  Used to control workflow—changes to attributes can be used to trigger other events  Can use existing attributes  Can extend the schema to add a new “trigger” attribute

22 NAM DirXML Components NAM Default Stylesheet  ADPublisherPlacementStylesheet Creates eDirectory user account using sAMAccountName Places new object in eDirectory hierarchy based on the nadDefaultCreateContainer attribute

23 Improving Performance with Indexes Indexing speeds response times on attribute lookups Added through ConsoleOne Three types  Value  Substring  Presence

24 NAM for AD Case Study Customer #1 Environment Approximately 1500 users Globally deployed Windows platform Native Windows 2000 AD and Exchange 2000 Solaris 2.7 and 8 deployed for applications

25 NAM for AD Case Study Customer #1 Business Requirements Password synchronization (one password to log in for Active Directory and Solaris) Easy to administer Reduce costs  Utilize existing hardware and software  Utilize existing personnel for administration

26 NAM for AD Case Study Project #1 Overview Engaged Novell Consulting to deploy NAM for AD Integrated Solaris Platform using NAM for Solaris Single password authentication for AD and Solaris Further plans to integrate total user provisioning Success

27 NAM for AD Case Study Customer #2 Environment Approximately 800 users Mixture of NetWare, Windows NT, and Solaris Moving to Windows 2000 and Active Directory

28 NAM for AD Case Study Customer #2 Business Requirements Password synchronization (one password to log in for Active Directory and eDirectory) Easy to administer Expand usage of eDirectory Reduce costs  Utilize existing hardware and software  Utilize existing personnel for administration

29 NAM for AD Case Study Project #2 Overview Partner engaged to upgrade NT 4 servers to Windows 2000 and install Active Directory eDirectory installation on Windows 2000 Server Novell Clients updated Novell Account Management 2.1 installation Success

30

Download ppt "Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc."

Similar presentations

Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.

Omni eControl. New Features in Version 2.x - Manage Mixed Networks: eDirectory, Active Directory, GroupWise, Exchange eControl Version 2.0 New Features.
Novell eDirectory™ Deployment at Hydro Quebec Richard Cabana Enterprise Technology Account Manager Novell Canada Ltd.

Novell eDirectory™ Deployment at Hydro Quebec Richard Cabana Enterprise Technology Account Manager Novell Canada Ltd.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.

Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
Nassau Community College

Nassau Community College
Directory services Unit objectives

Directory services Unit objectives
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting.

Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting.

Similar presentations

Ads by Google