Have you ever heard of the VH1 show Best Week Ever ? Well, that definitely wasn't my last week. Whew! I thought getting DirXML to work and staying on top of participating in a slew of job interviews and Sarbanes Oxley meetings was going to kill me.
I survived and thought I'd share a few of the oddities I hit in my endeavors.
Still being a hybrid Novell NDS/eDirectory and Microsoft AD shop, we were wanting a way to sync the passwords since the pace of our Exchange 2003 migration is preventing our Desktop support to join the PC's to the domain. If Outlook 2003 would behave consistently for us on password changes for non-domain PC's, it would be a non-issue. Microsoft's solution appears to be their PEWA tool from the Exchange 2003 Resource Kit. Neither MIIS, nor Microsoft's tool from their Services for NetWare is an option, as we wanted to password sync to also work from NDS/eDirectory to AD. Leaving the Novell DirXML Starter Pack the only option.
Tricky to setup with all the caveats, but it can work in a 2003 AD environment , but must be installed on a 2000 member server. Also, it doesn't handle UPN's out of the box either, you must add a stylesheet. Another one that caught me off guard was that even though I had the sync set to one-way from NDS to AD, a delete in AD would delete the NDS object. Further points of interest were that NMAS must be disabled on the Novell Client. Contrary to the Novell DirXML documentation, I found that changing the password from ConsoleOne would change the password in AD, with the exception being the initial account creation. Lastly, I manually manipulated placement rules to handle the fact that the NDS/eDirectory environment had two high level Organization (O's) that contained multiple Organizational Units (OU's) that I wanted to sync to AD. Whew!
Oh yeah, I changed the blog name. It's pretty cheesy, but at least more accurately reflects where this thing is headed I think.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment