OES2 and Domain Services for Windows

By Donna Moyer

Yes, you read that correctly: OES2 SP 1 now includes Domain Services for Windows (DSFW). This innovative idea was announced two years ago at BrainShare and is finally here. In a nutshell, this technology allows eDirectory servers running OES2 (Linux kernel) to appear as Active Directory Domain controllers. This is not about synchronization as we have done with Identity Manager. It is about enabling your users access to AD authentication and services using their eDirectory user name and password. For instance, OES2 SP 1 will help when:

By Donna Moyer

Yes, you read that correctly: OES2 SP 1 now includes Domain Services for Windows (DSFW). This innovative idea was announced two years ago at BrainShare and is finally here. In a nutshell, this technology allows eDirectory servers running OES2 (Linux kernel) to appear as Active Directory Domain controllers. This is not about synchronization as we have done with Identity Manager. It is about enabling your users access to AD authentication and services using their eDirectory user name and password. For instance, OES2 SP 1 will help when:

  • Your eDirectory users need to access an Active Directory domain. OES2 SP 1 allows you to create a one-way interdomain trust between the DSFW and AD domains.
  • You want to streamline your workstation deployments by removing the Novell Client. If you maintain multiple images for workstations depending on the services your users need, you may have users who have to access services such as file and print from the Novell side of the house. Instead of relying on the Novell client, with DSFW your users can authenticate using native Windows.
  • You need Active Directory for authentication to a new application. DSFW supports Kerberos authentication, so, depending on the application involved, it may not be necessary to implement an AD domain on Windows just to provide these services. Simply create a new Active Directory domain in your existing eDirectory tree. (We can't guarantee it will work for all applications but a look at this prior to implementing an AD infrastructure might be worth the time.)
  • Administrators want to continue using the management tool of their choice. Administrators can manage basic user functions with the tool they are most familiar with—iManager or the MMC. OES2 and Domain Services for Windows
    So what are the limitations of OES2 SP 1? You should take into consideration that:
  • Management user objects by either management tool is limited to basic user operations. You will be able to do basic management tasks such as creating users or deleting users. However, you will not be able to use iManager or MMC to modify more granular user settings or attributes.
  • OES2 SP 1 is limited to the Linux kernel. Keep in mind that as OES moves forward, the new goodies will be on Linux and will not be supported on NetWare.

Additionally, if you remove the Novell Client, you should be aware of the following impacts:

  • No login script import mechanisms. Some organizations use very complex and powerful login scripts. While the functionality can be recreated using the Microsoft Group Policy Editor, there are no import mechanisms.
  • No access to salvage and purge commands or ability to set the delete-inhibit and rename-inhibit attributes. You can always do this for your users, but if they are used to doing these tasks for themselves, you may need to keep the Novell client around.
  • No access to NetWare servers or previous versions of OES Linux servers unless CIFS is implemented. If you need this functionality and don't want to implement CIFS, you may need to keep the Novell client.

The bottom line? OES2 SP 1 is great news for Novell customers who need to implement Active Directory for specific tasks but who do not want to incur the cost and management of supporting two directories.

© Copyright 2008, Uptime NetManagement, Inc.

Article Source: http://www.uptimenmi.com/

You have my permission to reprint and distribute this article as long as it is distributed in its entirety, including all links and copyright information. This article is not to be sold or included with anything that is sold.

About the Author:
Donna Moyer is Principal/Senior Network Consultant of Uptime NetManagement, Inc. (http://www.uptimenmi.com/). Uptime is a Novell Gold Solutions partner providing technology solutions, customized training, and consulting services. If you are interested in finding out exactly what Novell can do for your business, or are seeking to maximize the benefits from your current Novell systems, call us today at 610-621-1244!

Leave a Reply

Close Menu