Novell eDirectory Design and Implementation

Chapter 6: Validate Your eDirectory Design and Merge Two Directory Trees

 

Objectives:

This chapter explains the steps to evaluate the design created in previous chapters and merge two trees.. The objectives important to this chapter are on page 6-1:

  1. Evaluate the eDirectory Design
  2. Merging eDirectory trees
Concepts:

The chapter begins with a recap of what you should have done in the previous five chapters:

  • Designed the eDirectory tree
  • Determined a partition and replication strategy
  • Placed objects in the tree
  • Met the user and administrator environment needs

Regarding the tree design, you should verify that your naming standards are adequate, and that your upper and lower layer designs meet standards from the previous chapters.

Verify that your eDirectory partitions do not span WAN links. Make sure that you have at least the minimum number of replicas of each partition, that they are placed near the users who need them, and that no server has too many replicas. Keep in mind that replicas are meant to synchronize within 30 to 60 minutes.

Regarding object placement, the text offers four general rules. Verify that your design has followed them:

  • Keep your design simple. Fewer containers make it easier to find objects in them.
  • Put server objects in containers, not at the top of the tree. This will avoid giving full rights to the tree to users with full rights to the servers.
  • Some services are represented by objects. Place those objects near the users who use those services.
  • Users also need access to their own objects, group objects, and application objects. Place them close to each other to improve performance.

To evaluate whether you have met user and administrator needs, the text offers a series of questions. First, you must meet the requirements above. Next, ask yourself the following:

  • What administrative and user roles are needed?
  • What eDirectory data do users need access to?
  • Do your login scripts simplify user information access?
  • Does your security work for local users?
  • Does your security work for mobile users?
  • Does security inhibit user efficiency unnecessarily?
  • Which network applications are needed by users?
  • Are the applications used across the WAN? Do users need a specific browser or operating system to use the applications?
  • Does the eDirectory design allow for growth?

If any of the above evaluations show that your design has problems, they should be corrected before attempting the merge that follows in this chapter.

Merging eDirectory Trees

The text begins by listing four major parts to merging two trees:

Prepare for the Merge
  • Plan the strategy - this means you must be familiar the structure of both trees. You will have to plan how you will meet the needs of users in the new tree. You also need a partition and replica strategy, and an object placement strategy for the new tree.
  • Back up both trees before proceeding, just in case.
  • Prepare the trees: seven steps are listed. Be aware that one tree is called the source, the other is called the target. The source tree will become part of the target tree.
    • Remove any alias or leaf objects from the Root of the source tree.
    • If objects exist in both trees that have similar names, rename them. Containers may have similar names, as long as Root is not their parent.
    • Make sure all users are logged off, except the user ID you will use to conduct the merge.
    • Upgrade all versions of eDirectory in both trees so that they are the same.
    • All servers holding a replica of the Root partition of either tree must be running for the merge.
    • The schema of a tree is the set of rules that determine what kinds of objects may exist in the tree. The two trees must have the same schema. If the trees do not have the same schema, synchronize with DSREPAIR, in both directions, until the schemas are the same.
    • Remove the Security container (and all objects in it) from the source tree.
  • Determine if time synchronization schemes need to change, then change them. Synchronize the time in the two trees. If time is not synchronized between the trees, the merge may not work. Synchronize the time schemes with the DSMERGE utility, which must be run on the server that holds the master replica of each tree's Root partition.
Execute the Merge

Execute the merge by running DSMERGE at the source server console. Check time synchronization with DSMERGE before selecting the Merge option. You should have to log in to each tree as a user with full rights to that tree for the merge to work.

Complete the Merge
The new tree will be a combination of the two trees merged. Confirm the new tree name. This is critical if you are planning to move a container, to make partition changes, or to do another merge. vzvxzxvvvvvvzvzvz
  • At the source server, run DSREPAIR.
  • Select Advanced Options, then Replica and partition operations.
  • The state of replicas should be "On". If not, wait about ten minutes. If still not "On", select Schedule immediate sync.
  • Complete merge cleanup tasks, if necessary. You may need to modify containers, assign rights, test and change login scripts, modify bindery contexts on servers, and change login parameters (context, preferred server, preferred tree) on workstations.
    Create, Modify, and Manage Partitions and Replicas
    • Create or modify partitions and replicas. You may want to use eDirectory Manager or WAN Traffic Manager. You may have a performance question on your certification test about these utilities.
      • eDirectory Manager can be used to:
        • View eDirectory information about partitions, replicas and servers (Use the View menu.)
        • Create or move partitions (Use the Object menu.)
        • Move containers - a container must be the partition root of its partition to be moved in eDirectory Manager. Of course, all of its child objects will be moved as well, requiring reconfiguration of workstations. (Use the Object menu.)
        • Create or remove replicas - you must have Supervisor rights to the target server. (Use the Object menu.)
      • WAN Traffic Manager can be used to apply WAN policies. Use NetWare Administrator to apply the policies.
    Modify the Upper and Lower Levels of the eDirectory Tree
    • Create or modify the upper and lower levels of the eDirectory tree. Three suggestions appear on page 6-30:
      • Modify the upper layers of the eDirectory tree. Your new tree may not resemble a pyramid after the merge. Correct this if possible.
      • Modify the lower layers of the tree to optimize them for administration, login scripts, bindery services and container sizes.
      • Apply your naming standards. Rename objects that do not comply with the standard, and take care of the ripple effects.
    Implement a User Environment Plan
    • Implement a user environment plan. The text repeats its two principles for this course one more time:
      • The users’ working environment should be managed centrally.
      • Management of applications and services should be as simple as possible.

      The information from chapter 5 about ZENworks is repeated. Refer to that chapter for details.