Friday, March 18, 2005

Admodify.NET rocks!!

Here's a tool that neither one of my AD classes or anything I had read mentioned: Admodify.

Excellent for bulk changes, I used it to add the appropriate UPN suffix to several hundred accounts that were missing it. I've also used it to modify the display name.

MSExchange.org has a nice write-up on it.

You can download it from Microsoft here. The .NET version is the latest.

Monday, March 14, 2005

Passed 70-294!

Woo Hoo! I passed the 70-294 exam for "Planning, Implementing and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure" this Saturday.

Here's a rip from MCSE World on my thoughts:

OUTSIDE READING IMHO is a must for this exam.

I took the Microsoft 2269 class, used the ExamCram2 book and used the Self Test practice software and still failed the first time.

You absolutely must read up on:
COM+ Partitions
COM+ Partition sets
Certificates
Terminal Servers and GPO Software installs

Don't focus on these 100%, that's what the main objectives are for, but do except a question to two.

I even had a good ol' fashioned disk quota question.

I also found Mike Meyers' Passport book on the 70-294 helpful, and in some ways a better overview than the ExamCram2 book

Sunday, March 13, 2005

Another DirXML tweak

Turns out I still needed to tweak DirXML further for my environment. The templates used by administrators to create new users in eDirectory were creating a "Other User" name that would become the "user name" in AD.

Check out the Novell TID here.

Wednesday, March 09, 2005

Worst week ever or "So you want to use DirXML?"

Have you ever heard of the VH1 show Best Week Ever ? Well, that definitely wasn't my last week. Whew! I thought getting DirXML to work and staying on top of participating in a slew of job interviews and Sarbanes Oxley meetings was going to kill me.

I survived and thought I'd share a few of the oddities I hit in my endeavors.

Still being a hybrid Novell NDS/eDirectory and Microsoft AD shop, we were wanting a way to sync the passwords since the pace of our Exchange 2003 migration is preventing our Desktop support to join the PC's to the domain. If Outlook 2003 would behave consistently for us on password changes for non-domain PC's, it would be a non-issue. Microsoft's solution appears to be their PEWA tool from the Exchange 2003 Resource Kit. Neither MIIS, nor Microsoft's tool from their Services for NetWare is an option, as we wanted to password sync to also work from NDS/eDirectory to AD. Leaving the Novell DirXML Starter Pack the only option.

Tricky to setup with all the caveats, but it can work in a 2003 AD environment , but must be installed on a 2000 member server. Also, it doesn't handle UPN's out of the box either, you must add a stylesheet. Another one that caught me off guard was that even though I had the sync set to one-way from NDS to AD, a delete in AD would delete the NDS object. Further points of interest were that NMAS must be disabled on the Novell Client. Contrary to the Novell DirXML documentation, I found that changing the password from ConsoleOne would change the password in AD, with the exception being the initial account creation. Lastly, I manually manipulated placement rules to handle the fact that the NDS/eDirectory environment had two high level Organization (O's) that contained multiple Organizational Units (OU's) that I wanted to sync to AD. Whew!

Oh yeah, I changed the blog name. It's pretty cheesy, but at least more accurately reflects where this thing is headed I think.