Posted by arlene

This utility improves on Directory Service Manager for NetWare (DSMN) but is for use with the Active Directory instead of the Windows NT 4.0 SAM database. MSDSS provides for a one-way synchronization with NetWare 3.x binderies and the Active Directory (AD). MSDSS also gives you the capability for either one- or two-way support for synchronization between NDS and AD. Finally, MSDSS allows you to create a file that can be used by the File Migration Utility (FMU), so that NetWare trustee rights and ACLs are propagated to Windows servers when you decide to move files from NetWare servers to complete the migration to Windows.

However, to use MSDSS there are a few prerequisites:

• MSDSS can be installed only on a Windows server acting in the role of a domain controller. Remember that domain controllers contain the Active Directory database, and it is this database that stores user account/password information that is to be kept synchronized.
• You will need to obtain a copy of Novell’s Client for Windows. If you’ve just upgraded a Windows NT 4.0 server that had the previous version of Novell’s client installed, you won’t need a new copy. The old copy will be upgraded during the Windows Server upgrade process.

Novell has released several versions of its client for each version of Windows. Because differences exist from one version to another, read the release notes supplied with the file you download from Novell and follow the instructions for installing the client. For the most part, you simply need to extract the files to a temporary directory and run a setup program that takes only a few minutes, after which you’ll need to reboot the server.

Note

If you have already installed Microsoft’s Client Service for NetWare, you’ll get a prompt when you try to install Novell’s client. When asked whether you want to remove Microsoft’s version, answer Yes to continue the installation of Novell’s version of the client. The two are not compatible.

When the server reboots, you are presented with the Novell logon box instead of the familiar Windows logon box.

When using MSDSS to perform synchronization between NDS and AD, you create sessions that specify the NDS and corresponding AD objects that will be kept in sync. You can create a one-way session in which changes made to the Active Directory object will be propagated to the NDS object. However, one-way synchronization does not work in reverse. That is, with a one-way synchronization, changes made to an NDS object do not get copied back to AD. In this type of setup, you should use the Active Directory administrative tools and utilities to perform directory management. From a migrationstandpoint, this allows you to keep NDS on the network while you gradually educate your network administrators on using the AD tools. After your staff is comfortable using AD, you can use MSDSS to migrate all the required NDS information to AD, and then decommission the NDS servers.

Installing MSDSS

To install MSDSS after you’ve installed the NetWare client from Novell, follow these steps:

1. Insert the SFU CD into your local CD-ROM drive.
2. Click Start, Programs, Accessories, Windows Explorer.
3. In the left pane of the Explorer, double-click My Computer. The SFU CD shows up in the left pane of the Explorer display.
4. Double-click the SFU icon. You see two folders, one named FPNW and one named MSDSS. Double-click MSDSS.
5. Inside the MSDSS folder, you now see an MSDSS icon that is used to start the Windows Installer. Double-click the icon.
6. The Windows Installer copies files to your system directory, and you then are prompted to reboot the computer.

After you’ve installed MSDSS, you’ll find that the Active Directory server now has a new program in the Administrative Tools folder called Directory Synchronization.

Creating One-Way Synchronization Sessions

You create sessions that define the synchronization between NDS and AD objects. The objects must be container objects, such as organizational units (OUs), and not individual leaf objects, such as a single user in the AD. Before you start the New Session Wizard, you should decide which NDS and AD container objects you want to synchronize. This does not create these objects for you. For example, suppose you have an existing NDS object that contains user accounts for the manufacturing department of your business that you want to eventually migrate to AD. You should create a new OU and give it a meaningful name before you start the New Session Wizard. Or you can simply choose to use a container object that already exists in your AD database.

To create a one-way synchronization session, follow these steps:

1. Click Start, Programs, Administrative Tools, and then Directory Synchronization. The Microsoft Management Console (MMC) snap-in called MSDSS pops up on your screen.
2. In the left pane of the MMC, you can right-click on MSDSS and select New Session from the menu that appears. Alternatively, you can click once on MSDSS in the left pane, select the Action menu, and then select All Tasks, New Session.
3. The New Session Wizard pops up and displays information about the task that you are about to start. That is, you will migrate objects from NDS to AD and, if you want, establish a synchronization schedule. Click the Next button.
4. The New Session Wizard prompts you to select either NDS or a Bindery as the source for the initial migration using a drop-down menu. Under this menu, you can elect to perform a one-way or two-way synchronization, or to simply do a one-time migration from the NDS or bindery source to AD.
5. Select the radio button for One-Way Synchronization (from Active Directory to NDS or Bindery), and then click Next to continue.
6. The next dialog box lets you select the AD container and the domain controller that stores information about this session, and is responsible for performing the synchronization tasks. Click Next to continue.

7. Next, a similar dialog box prompts you to enter the name of the NDS container object that youwant to synchronize with the AD object you selected in step 6. Again, the NDS container must already exist, and any child objects of the container also are synchronized with the AD container object. The Browse button can be used, or you can use the NDS or bindery syntax to specify the NDS container object—for example, NDS: / / Tr ee1 /0=ono/OU=mf g for an NDS object or NWCOMPAT: / /servername for a bindery server. Enter an NDS username and password that can be used to access the NDS object or bindery, and click Next.

Possibly related posts: (automatically generated)
Microsoft Directory Synchronization Services (MSDSS)

• Microsoft Directory Synchronization Services (MSDSS) continue...
• Replication Between Domain Controllers
• Password Synchronization
• Early Directory Technologies part 3
• Early Directory Technologies part 1
• Directory Replication
• Installing and Configuring a DHCP Server on part 2
• The Active Directory Service and Windows Server 2003
• The Active Directory Schema
• Early Directory Technologies part 4