Phone  +49 89 215 442 400

Novell Migration

Migrate Novell to Active Directory

Novell and eDirectory are still used in many companies. In the field of Network Operating Systems Novell was for many years. With the introduction of Microsoft's Windows NT 3.51 (and later  Windows 2000 with Active Directory) Novell lost more and more importance in the market of network operating systems.

Today, only a few companies are still using the Novell OES services File and Print. Many companies replace their systems with a migration from Novell. But to switch a grown and highly integrated Novell network operating system environment to a Microsoft network is a complex task.

In the article, we talk about:
Challenges of a Novell Migration
Project planning
Novell client migration
Novell file system migration

Challenges of a Novell Migration

The switch form eDirectory to Active Directory is often thought of as the most difficult task. Indeed, the overall migration is depending on the directories change -  however, the greatest challenge is the conversion of each service.

With the change of the Directory Service, also the "security infrastructure" is replaced. Thist means that each object in the network does not only get a new Directory entry, but also a new security ID.

At a certain size of the environment a "big bang" conversion is no longer possible or reasonable. Each service which is dependent on eDirectory must be ported and converted separately to the Active Directory.

Services that should be considered in a Novell conversion:

  • Novell eDirectory
  • Novell File Services
  • Novell Client Integration / login scripts
  • Novell Print Services
  • Novell Mail Services (GroupWise)
  • Novell Desktop Management Services (ZEN and ZCM)
  • Novell / NetIQ IDM
  • LDAP applications

Project planning

The project planning is maybe the most important part of a Novell migration. A change has an impact on nearly all clients (replacing the SID), applications and services.

From a certain size a gradual migration is necessary. Years of experience in this fiels are essential to identify the pitfalls of such a change at an early stage. The project management needs a sufficient project management, technical know-how and communication skills to keep the effects and limitations during migration for the users and the company as small as possible.

Novell Client Migration

In many companies, DLU (Dynamic Local User) is used for users on Windows. The user gets dynamically a local user account and a local profile on the device.

In a Novell to AD migration, it is necessary that the workplace in the new Active Directory domain must be included.

During the including process to AD, it is necessary that all SIDs have to be rewritten to the domain SID. We call this process "ReACLing". This process will take, depending on the contents of the workstation and used migration tool from a few minutes up to half an hour. In exceptional cases, longer.

Since many users are unaware of the possibility of "ReACLings", users are often supplied by a "join " with a new profile. In larger environments, this is critical because a lot of support is necessary for each user.
Basically, there are a number of migration tools that offer workarounds for this shortcoming.

Among these tools QMM for Novell (Quest) should be mentioned, which has the most functional features - regarding to our experience. Nevertheless, even with the QMM a switch is needs careful preparation in advance.

In environments, where the NetIQ IDM is in use for the transformation from eDirectory to AD - the Microsoft migration tool ADMT is a good choice. However the staff in charge should know the technical process of using this tool in a migration environment in detail.
ADMT has been developed for a domain-to-domain migration. With some tricks and settings the tool can also be used for workstation migrations from Novell eDirectory to Microsoft Active Directory. You should compare ADMT and QMM before the migration.

If the client are already in the AD before the migration, usually only adjustments are  necessary.

Novell File System Migration

The conversion of a Novell file system to a Microsoft file system with Active Directory provides another special challenge next to the migration of the devices. The Novell file system has some features and capabilities that can not be mplemented 1:1 on a Microsoft file system, such as a NetApp system.
In this article shows you​, what to take care of in an Novell File System Migration project.
Since we had similar challenges in different migration projects, we also developed services and tools in order to solve known problems.

Permission Assignment

One of the features of the Novell File System is that you can assign an access permission to a certain directory level for an user. So only the directories that can be accessed are visible.


In a Microsoft based file system I need to have a permission to the parent directory . For this to function well in all its beauty , as with Novell , further even ABE (Access Based Enumeration ) is necessary.

To organize this , the administrators of an almost impossible task. It needs to be organized before the migration somehow that the user has the necessary permissions on the parent directory levels .
We developed an intelligent service ( Travers Folder Service ) , which ensures that the user is the " full-travel and sight right " gets to the right place . Thus commercial migration tools can be used. The service is also very good in normal Microsoft environments , as it greatly facilitates the logic of permissions in the file systems. In principle, then everything works similar to a Novell system. I just take the user to the AD group permissions on and the rest is governed by "self" . Even with the failure of the service everything works on.

The second " nice option " Novell is that permissions in the file system can also be assigned to organizational units . This is even with the newer file systems from Microsoft ( DAC Dynamic Access Control ) is also possible , however, the demands on the infrastructure and the client environment are still very extensive.

To circumvent the high requirements of DAC and to give the user a possible solution , we often use our Dynamic Group service. This is a service which can form permission groups based on special filters and rules dynamically.
Both addressed challenges of Novell functions in the implementation would be a pure Microsoft environment are also good.



The trigger for a Novell migration is application compatibility essentially. Many systems, such as file systems, print systems, software distribution systems have limited functionality in the Novell environment. In the CITRIX and Terminal Server support with current software versions is often not met. These limitations cause many companies to dispose of their existing Novell OES landscape with eDirectory.
The expense and complexity of such a project should not be underestimated. In general, it is a project that more than 1,000 users quickly has one year to maturity.


  • AD Consolidation Project

    AD Migration with Dell Migration Manager for Active Directory

  • Migration of 1,000 mailboxes per day

    Mailbox mass migration with QMM for Exchange in Frankfurt

  • AD Consolidation and DFS in Hamburg

    Active Directory Consulting Project in the banking sector

  • Active Directory Migration with ADMT

    AD Migration project with ADMT

  • Active Directory Migration with Quest Migration Manager

    Hospital group in the east of Munich relies on the know-how of FirstAttribute AG for the Active Directory Migration and Exchange Migration.

  • Active Directory Migration with more than 100,000 objects

    Specialists of FirstAttribute AG support one of the largest IT service providers in the chemical industry in the Active Directory Migration.

  • Active Directory and Exchange Migration completed successfully

    FirstAttribute AG has successfully completed the user and e-mail-migration of an internationally known company in the chemical industry.

  • Framework-contract for IT-integration-project

    FirstAttribute AG has entered a framework contract for IT-integration projects with an internationally known auditing company.

  • FirstAttribute wins project "Active Directory Redesign"

    FirstAttribute was contracted for the "Active Directory (AD) Redesign" and "AD Consolidation" by an internationally known company in the chemical industry.


©2018 FirstAttribute AG - All rights reserved.

Realization Site Point GmbH

Legal notice