www.novell.com Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc. [email protected]Richard Moore Consultant Novell, Inc. [email protected]Scott McCallum Consultant Novell, Inc. [email protected]
30
Embed
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
www.novell.com
Integrating Active Directory with eDirectory™ Using Novell Account Manager
Introduction• Novell vision• Introduction to NAM for Active Directory (AD)• NAM components• Designing a NAM infrastructure• Managing AD domains using NAM • NAM DirXML™ components• Customer case studies• Question and answer
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Introduction to NAM for AD• Point technology which synchronizes Active
Directory to eDirectory™ using DirXML • Includes pre-configured DirXML stylesheets
for simple installation• Adds functionality to synchronize passwords
bi-directionally• Provides synchronization of user accounts• Provides Management of both AD and
Designing a NAM Infrastructure DirXML Driver Requirements
• Driver must be installed on W2K Member Server (or DC) with eDirectory installed
• eDirectory must contain a replica of all partitions with users you wish to synchronize
May be a filtered replica Must be a master to support user moves
Designing a NAM Infrastructure Password Synchronization Placement
• Driver must be installed on W2K Member Server (or DC) with eDirectory installed
• eDirectory must contain a replica of all partitions with users you wish to synchronize
May be a filtered replica Must be a master to support user moves
• Upgrade to latest version
Designing a NAM InfrastructurePassword Filter Considerations
• Must be installed on ALL domain controllers• Upgrade to latest version
Designing a NAM Infrastructure Minimum Patch Requirements
• Check the product support pages for NAM 2.1• Windows 2000—Service Pack 2• eDirectory 85.23 Patch—edir8523.exe• eDirectory on Win32 Patch—eDirW32.exe• NAM for AD/W2k Patch—AMW2ksp1.exe
• If running NAM for AD on Win32 with eDir 8.6.1DirXML 1.0 Engine patch—dxntp1.exe
Managing AD Domains Using NAM• User Object• AD Forest Object• AD OU Object
Configure eDirectory OU to synchronize also• Keep in mind
New AD users—Automatically created in eDirectory New eDirectory Users—Manually assigned to AD
• eDirectory treats AD domains like a group object • You may assign same eDirectory user to multiple AD
domains
NAM DirXML Components
• DirXML Filtered Replica Filtered replicas contain a filtered set of objects
or object classes along with a filtered set of attributes and values for those objects
A filtered replica can construct a view of eDirectory data onto a single server
The descriptions of the server’s scope and data filters are stored in eDirectory and can be managed through the Server object in ConsoleOne
NAM DirXML Components
• DirXML Filtered Replica Reduce synchronization traffic to the server by
reducing the amount of data that must be replicated from other servers
Reduce the number of events that must be filtered by DirXML
Reduce the size of the directory database
NAM DirXML Components• DirXML Driver
Represents an application being integrated with eDirectory—these are the components and configuration information found on the driver object
• DirXML Stylesheets Used to control workflow—changes to attributes can
be used to trigger other events Can use existing attributes Can extend the schema to add a new “trigger”
attribute
NAM DirXML Components
• NAM Default Stylesheet
ADPublisherPlacementStylesheet• Creates eDirectory user account using
sAMAccountName
• Places new object in eDirectory hierarchy based on the nadDefaultCreateContainer attribute
Improving Performance with Indexes
• Indexing speeds response times on attribute lookups
• Added through ConsoleOne• Three types
Value Substring Presence
NAM for AD Case StudyCustomer #1 Environment• Approximately 1500 users
• Globally deployed Windows platform
• Native Windows 2000 AD and Exchange 2000
• Solaris 2.7 and 8 deployed for applications
NAM for AD Case Study
Customer #1 Business Requirements• Password synchronization (one password to
log in for Active Directory and Solaris)• Easy to administer• Reduce costs
Utilize existing hardware and software Utilize existing personnel for administration
NAM for AD Case StudyProject #1 Overview• Engaged Novell Consulting to deploy NAM for AD• Integrated Solaris Platform using NAM for Solaris• Single password authentication for AD and
Solaris• Further plans to integrate total user provisioning• Success
NAM for AD Case Study
Customer #2 Environment• Approximately 800 users
• Mixture of NetWare, Windows NT, and Solaris
• Moving to Windows 2000 and Active Directory
NAM for AD Case Study
Customer #2 Business Requirements• Password synchronization (one password to
log in for Active Directory and eDirectory)• Easy to administer• Expand usage of eDirectory• Reduce costs
Utilize existing hardware and software Utilize existing personnel for administration
NAM for AD Case Study
Project #2 Overview• Partner engaged to upgrade NT 4 servers to
Windows 2000 and install Active Directory• eDirectory installation on Windows 2000