Challenges of a Novell Migration
The switch form eDirectory to Active Directory
is often thought of as the most difficult task. Indeed, the overall
migration is depending on the directories change - however,
the greatest challenge is the conversion of each
With the change of the Directory Service, also the
"security infrastructure" is replaced. Thist means
that each object in the network does not only get a new Directory
entry, but also a new security ID.
At a certain size of the environment a "big bang" conversion is
no longer possible or reasonable. Each service which is dependent
on eDirectory must be ported and converted separately to the Active
Services that should be considered in a Novell conversion:
- Novell eDirectory
- Novell File Services
- Novell Client Integration / login scripts
- Novell Print Services
- Novell Mail Services (GroupWise)
- Novell Desktop Management Services (ZEN and ZCM)
- Novell / NetIQ IDM
- LDAP applications
The project planning is maybe
the most important part of a Novell migration. A change has an
impact on nearly all clients (replacing the SID),
applications and services.
From a certain size a gradual migration is
necessary. Years of experience in this fiels are essential to
identify the pitfalls of such a change at an early stage. The
project management needs a sufficient project management, technical
know-how and communication skills to keep the effects and
limitations during migration for the users and the company as small
Novell Client Migration
In many companies, DLU (Dynamic Local User) is used for users on
Windows. The user gets dynamically a local user account and a local
profile on the device.
In a Novell to AD migration, it is necessary that the workplace in
the new Active Directory domain must be included.
During the including process to AD, it is necessary that all
SIDs have to be rewritten to the domain SID. We
call this process "ReACLing". This process will
take, depending on the contents of the workstation and used
migration tool from a few minutes up to half an hour. In
exceptional cases, longer.
Since many users are unaware of the possibility of "ReACLings",
users are often supplied by a "join " with a new profile. In larger
environments, this is critical because a lot of support is
necessary for each user.
Basically, there are a number of migration tools that offer
workarounds for this shortcoming.
Among these tools QMM for Novell (Quest) should be mentioned,
which has the most functional features - regarding to our
experience. Nevertheless, even with the QMM a switch is needs
careful preparation in advance.
In environments, where the NetIQ IDM is in use for the
transformation from eDirectory to AD - the Microsoft migration tool
ADMT is a good choice. However the staff in charge should know the
technical process of using this tool in a migration environment in
ADMT has been developed for a domain-to-domain migration. With
some tricks and settings the tool can also be used for workstation
migrations from Novell eDirectory to Microsoft Active Directory.
You should compare ADMT and QMM before the
If the client are already in the AD before the migration,
usually only adjustments are necessary.
Novell File System Migration
The conversion of a Novell file system to a Microsoft file
system with Active Directory provides another special
challenge next to the migration of the devices. The Novell
file system has some features and capabilities that can not be
mplemented 1:1 on a Microsoft file system, such as a NetApp
In this article shows you, what to take care of in an Novell File
System Migration project.
Since we had similar challenges in different migration projects, we
also developed services and tools in order to solve known
One of the features of the Novell File System
is that you can assign an access permission to a certain directory
level for an user. So only the directories that can be accessed are
In a Microsoft based file system I need to have a permission to
the parent directory . For this to function well in all its beauty
, as with Novell , further even ABE (Access Based Enumeration ) is
To organize this , the administrators of an almost impossible task.
It needs to be organized before the migration somehow that the user
has the necessary permissions on the parent directory levels
We developed an intelligent service ( Travers Folder Service ) ,
which ensures that the user is the " full-travel and sight right "
gets to the right place . Thus commercial migration tools can be
used. The service is also very good in normal Microsoft
environments , as it greatly facilitates the logic of permissions
in the file systems. In principle, then everything works similar to
a Novell system. I just take the user to the AD group permissions
on and the rest is governed by "self" . Even with the failure of
the service everything works on.
The second " nice option " Novell is that permissions in the file
system can also be assigned to organizational units . This is even
with the newer file systems from Microsoft ( DAC Dynamic Access
Control ) is also possible , however, the demands on the
infrastructure and the client environment are still very
To circumvent the high requirements of DAC and to give the user a
possible solution , we often use our Dynamic Group service. This is
a service which can form permission groups based on special filters
and rules dynamically.
Both addressed challenges of Novell functions in the implementation
would be a pure Microsoft environment are also good.
The trigger for a Novell migration is application compatibility
essentially. Many systems, such as file systems, print systems,
software distribution systems have limited functionality in the
Novell environment. In the CITRIX and Terminal Server support with
current software versions is often not met. These limitations cause
many companies to dispose of their existing Novell OES landscape
The expense and complexity of such a project should not be
underestimated. In general, it is a project that more than 1,000
users quickly has one year to maturity.