Novell Administrator for Windows NT: One-Stop Management for Your Network
Articles and Tips:
01 Jun 1997
Novell has supported"freedom of choice"since the early '80s,enabling you to choose the best network components for your company. Continuingthis commitment to heterogeneous networks, Novell has released Novell Administratorfor Windows NT, which allows you to integrate Windows NT servers with yourIntranetWare/NetWare 4 network. Working with Novell Directory Services (NDS),Novell Administrator for Windows NT simplifies the management of users andgroups in a mixed IntranetWare/NetWare and Windows NT environment.
SO WHAT'S THE PROBLEM?
When Novell was developing Novell Administrator for Windows NT, the engineerscode-named the product Tabasco--an appropriate name because this productis hot! If you have faced the challenge of managing multiple Windows NTdomains, Novell Administrator for Windows NT will seem like a gift fromheaven. To help you appreciate Novell Administrator for Windows NT, let'sreview the problems you encounter in managing Windows NT Server 3.51 or4.0 in an IntranetWare/NetWare environment.
The first problem in managing a mixed environment is what I call"technologytime warp."If you manage Windows NT domains, you may feel like youare being sucked into a time warp that takes you back to the days of managingthe NetWare 3 bindery and NetWare Name Services. Because these technologiesare server centric, they have limitations (which Novell eliminated withNDS).
Unfortunately, Windows NT domains are similar to the NetWare 3 binderyand, as a result, have many of the same limitations. Like the NetWare 3bindery, the Windows NT domain is a flat-file database. To provide userswith transparent access to network resources across domains, you must establishcomplex trust relationships between domains. As the number of Windows NTservers and domains increases, the management burden increases exponentially.
In contrast, NDS is a global, hierarchical database that you can distributeand replicate across the network. As a result, NDS can scale to meet theneeds of any company, and you can manage your entire network through NDS.In addition to simplifying network management, NDS makes it easy for usersto locate and access the network resources they need.
The second problem in managing a mixed environment is the complexityof managing two network databases. Not only must you ensure the accuracyand reliability of both databases, but you must also perform many managementtasks twice--once for each database. This redundancy consumes time thatyou could use to complete other tasks. (In addition, since each WindowsNT domain has a distinct database that is separate from all other domainson the network, you must maintain each domain individually. NDS, on theother hand, has a single database for the entire network.)
The third problem in managing a mixed environment is education training.If you are managing a mixed IntranetWare/ NetWare and Windows NT environment,you must learn how to use multiple management tools, and you must accessthese tools from different locations.
NOVELL'S SOLUTION IS HOT!
Novell Administrator for Windows NT solves these problems by integratingWindows NT servers with NDS, providing a single management infrastructurefor IntranetWare/NetWare and Windows NT. With Novell Administrator for WindowsNT, you can use the NetWare Administrator (NWADMIN) utility to manage allof your Windows NT users and groups.
As a result, you do not have to use the Windows NT User Manager utilityto manage each individual Windows NT domain or workgroup. Instead, you canuse the NWADMIN utility to make changes in NDS, and Novell Administratorfor Windows NT automatically synchronizes these changes with each domainor workgroup that is affected by the changes. And if you make a change inthe Windows NT User Manager utility, you can synchronize that change withNDS. For example, you could use the NWADMIN utility to create a WindowsNT user in the NDS database. Novell Administrator for Windows NT would thencreate this user in the appropriate Windows NT domain or workgroup.
If you design your network with this integration in mind, you can almosteliminate the need for trust relationships between domains. To avoid settingup trust relationships, you can use the NWADMIN utility to associate individualNDS users with multiple Windows NT domains. In addition, you can synchronizeexisting domains or workgroups with NDS, simplifying the management of existingWindows NT users and groups.
If you want to allow an existing NDS user to access Windows NT serverresources, you can associate this user with the appropriate Windows NT domain.Novell Administrator for Windows NT will dynamically create the user inthis domain. If you make an NDS user a member of an existing Windows NTgroup, the user automatically receives all of the rights granted to theWindows NT group.
HOW DOES NOVELL ADMINISTRATOR FOR WINDOWS NT WORK?
Novell Administrator for Windows NT consists of four components:
NDS schema extensions and snap-in modules for the NWADMIN utility
NDS Event Monitor NetWare Loadable Module (NLM)
NDS Object Replication Service
NDS Schema Extensions and Snap-in Modules for the NWADMIN Utility
The NDS database is governed by rules, which are collectively calledthe NDS schema. Because NDS is extensible, you can modify the schema toinclude new types of objects or new properties for existing objects. Whenyou install the Novell Administrator for Windows NT, the installation programextends the NDS schema, creating the following objects to represent WindowsNT resources:
Hybrid User Objects. These objects represent users who have an IntranetWare account and at least one Windows NT account.
Windows NT User Objects. These objects represent users who have only Windows NT accounts.
Windows NT Domain and Workgroup Objects. These objects represent the various domains or workgroups that are synchronized with NDS.
The NWADMIN snap-in modules included with Novell Administrator for WindowsNT allow you to view and manage the new Windows NT objects and their propertieswithin the NWADMIN utility. (See Figure 1.) The Novell Organization object in Figure 1 contains a Windows NT Domain object called EXCEL_ DOMAIN, which represents a domainthat is synchronized with NDS.
Figure 1: Novell Administrator for Windows NT extends the NDS schema, creating objects that allow you to manage Windows NT servers with the NWADMIN utility.
The first objects under the EXCEL_ DOMAIN object in Figure1 are the Windows NT local and global groups that have been synchronizedwith NDS. Then the regular Windows NT User objects appear, followed by fourHybrid User objects.
The properties of these Windows NT objects are limited to the propertiessupported by Windows NT. For example, in the NWADMIN utility, the Detailspage for the Windows NT User objects and the Hybrid User objects displaysthe following information:
Policy and profile information
You can run the Integration utility included with Novell Administratorfor Windows NT as a snap-in module to the NWADMIN utility or as a standaloneutility. (See Figure 2.) Using the Integrationutility, you can import existing Windows NT users and groups into NDS, andyou can export existing NDS users and groups to Windows NT domains or workgroups.You can integrate users one-by-one or in mass.
Figure 2: With the Integration utility, you can import existing Windows NT users into NDS.
The Integration utility is intuitive: For example, the Integrate to NDSoption allows you to import existing Windows NT users and groups into NDS,and the Integrate to NT option allows you to export existing NDS users andgroups into Windows NT domains. (See Figure 2.)
To synchronize information between Windows NT domains and NDS, you simplyselect the appropriate objects to perform each operation. For example, tomove existing Windows NT users to NDS, you select one or more Windows NTusers on the right-hand side of the screen and then select the NDS contexton the left-hand side.
The Integration utility is also context-sensitive. When you highlighta particular object, the available options are enabled, and the unavailableoptions are disabled, or grayed. (See Figure 2.)
NDS Event Monitor NLM
The NDS Event Monitor NLM monitors NDS events and filters the eventsthat affect Windows NT domains. For example, the NDS Event Monitor NLM filtersevents such as creating, moving, changing, or deleting Windows NT objects.This NLM then notifies the NDS Object Replication Service running on theWindows NT servers that information has been changed. If a participatingWindows NT server becomes unavailable, the NDS Event Monitor NLM keeps trackof the events and updates the Windows NT server when it comes back online.
You should load the NDS Event Monitor NLM on the IntranetWare or NetWare4 server that holds the master replica of the partition from which you wantto manage Windows NT users and groups. For fault tolerance, you should alsoload this NLM on at least one other server that holds a read-write replicaof the same partition.
NDS Object Replication Service
The NDS Object Replication Ser-vice is a service for Windows NT, whichruns on the following Windows NT servers:
The primary domain controller and the backup domain controllers in every domain that is integrated with and managed through NDS
Every Windows NT workgroup that is integrated with and managed through NDS
The NDS Event Monitor NLM sends appropriate NDS events to the NDS ObjectReplication Service, which makes the corresponding changes in the WindowsNT Security Access Manager (SAM) database. When you integrate Windows NTusers and groups with NDS, the NDS Object Replication Service also sendsthe appropriate information from the SAM database to the Integration utility.
Because the NDS Object Replication Service is based on a modular architecture,Novell can modify future releases of this service to accommodate other back-endmodules such as Microsoft SQL Server or Microsoft Exchange.
INSTALLING NOVELL ADMINISTRATOR FOR WINDOWS NT
If you think Novell Administrator for Windows NT sounds too good to betrue, wait until you hear the next part: For a limited time, you can downloadNovell Administrator for Windows NT free from Novell's World-Wide Web (WWW)site (http://www.novell.com/intranetware/ntint). After you complete the software request form on Novell's site, you willreceive an e-mail message with a uniform resource locator (URL) and otherinformation required to download the software.
When you install Novell Administrator for Windows NT, the installationprogram performs four main tasks:
Extends the NDS Schema. The installation program extends the NDS schema, adding objects and properties that allow you to manage Windows NT resources. You must run the installation program to extend the NDS schema on each NDS tree from which you want to manage Windows NT resources.
Installs the NDS Event Monitor NLM on IntranetWare Servers. The installation program installs the NDS Event Monitor NLM (NDSDM.NLM) on one or more IntranetWare or NetWare 4 servers. You should load this NLM on the server that holds the master replica of the NDS partition that will contain Windows NT users and groups. You should also load the NDS Event Monitor NLM on at least one read-write replica of this partition.
Installs the Integration Utility and NWADMIN Snap-in Modules. The installation program installs the Integration utility in the SYS:\PUBLIC\WINNT directory on the servers you select and adds the snap-in modules to the NWADMIN utility. These modules allow you to manage the new Windows NT objects and properties using the NWADMIN utility. The MWANT.REG file is used to register these objects and properties, so that the NWADMIN utility will recognize them.
Installs the NDS Object Replication Service on the Windows NT Servers. The installation program installs the NDS Object Replication Service on all primary and backup domain controllers. This service synchronizes Windows NT domains with NDS.
Before You Begin the Installation
Installing Novell Administrator for Windows NT was quick and easy. However,before you begin the installation process, you should verify that you arerunning the most recent versions of the following network software:
You must make sure that your IntranetWare/NetWare4 servers are running the most current version of the DS NLM (version 5.06or higher). You may also need to install the NetWare 4.1x CLIB Update Kit(LIBUPC.EXE), which is required on IntranetWare/NetWare 4 servers that willrun the NDS Event Monitor NLM. In addition, you must use version 4.11 ofthe NWADMIN utility (which shipped with IntranetWare). You can downloadthis software for free from Novell's WWW site at http://www.novell.com/intranetware/ntint.
Next, you must make sure that the Service Advertising Protocol (SAP)is enabled on the IntranetWare/NetWare servers that will run the NDS EventMonitor NLM. To enable SAP, you must complete the following steps:
At the server console, type the command below:
Select the IPX External Net.
Select Expert Bind Options.
Select SAP Bind Options.
Ensure that SAP State is set to ON.
Finally, you must make sure that the TCP NLM is loaded on the IntranetWare/NetWareservers that will run the NDS Event Monitor NLM. The TCP NLM enables theinstallation program to automatically load the NDS Event Monitor NLM onthe servers you select during the installation process.
Windows NT Servers
You install Novell Administrator for WindowsNT from a Windows NT server or workstation. You must make sure that theserver or workstation is running IntranetWare Client for Windows NT 4.1or higher, and you must log in to this server or workstation as the administrator.
In addition, each Windows NT ser-ver that will run the NDS Object ReplicationService must run IntranetWare Client for Windows NT 4.1 or higher. To downloadthis client from Novell's WWW site, go to http://www.novell.com/intranetware/ntint.
Running the Installation Program
To install Novell Administrator for Windows NT, you must complete thefollowing steps:
Run SETUP.EXE on your Windows NT server or workstation. After you get past all of the licensing information, a list of software components appears. (See Figure 3.)
Figure 3: When you install Novell Administrator for Windows NT, you select the software components that you want to install.
Select the software components that you want to install. A list of NDS trees appears. You must install Novell Administrator for Windows NT on each NDS tree from which you will manage Windows NT users and groups, and you must run the installation program separately for each tree.
Select the NDS tree on which you want to install Novell Administrator for Windows NT.
Select the context in which to search for the IntranetWare/NetWare servers that will participate in the Windows NT synchronization process. If you have a small NDS tree, you can select the [Root] object. If you have a large NDS tree, however, you may want to select the specific context in which the server that will run the NDS Event Monitor NLM resides. In this way, you can minimize the time it takes to search for servers. After you select the appropriate NDS context, a list of IntranetWare/ NetWare servers appears.
Select the servers on which you want to install the NDS Event Monitor NLM. Novell recommends that you first select the server that holds the master replica of the partition in which you want to place Windows NT users and groups. Novell also recommends that you install the NDS Event Monitor NLM on one or more servers that hold a read-write replica of this partition. This setup provides fault tolerance if the server that holds the master replica becomes unavailable. A list of available Windows NT domains and workgroups appears.
Select the domains and workgroups that you want to manage through NDS. When you select a domain, the installation program automatically finds the primary domain controller and the backup domain controllers and installs the NDS Object Replication Service on these servers.
For each Windows NT domain and workgroup you select, you are prompted to select the NDS context in which you want to create the Windows NT Domain object. (See Figure 4.)
Figure 4: You select the NDS context in which the installation program will create an NDS object that represents a Windows NT domain or workgroup.
After you have selected and reviewed all of these options, you must log in to the NDS tree as a user with administrative access to the branch of the tree in which the new objects will be created.
After you are authenticated to the NDS tree, you are prompted to log in to the Windows NT domain as the administrator. After you have successfully logged in to the Windows NT domain, the installation program installs the software components you selected on the appropriate servers.
After the software components have been installed, you are given the option to immediately launch the Integration utility and import existing Windows NT users and groups into NDS. From within the Integration utility, select the NDS context (on the left-hand side of the screen) to which you want to import the Windows NT users and groups. (See Figure 2.)
Then select the Windows NT Domain object (on the right-hand side of the screen), and select the Update NT Objects option. All of the Windows NT users and groups in this domain are imported into the NDS context you selected. You must repeat this process for each Windows NT domain from which you want to import users and groups.
Because Windows NT Server has been accepted as an applications platformin many environments, Novell has provided a solution for integrating WindowsNT servers with an IntranetWare or NetWare 4 network. In fact, Novell Administratorfor Windows NT is just one part of Novell's overall strategy to integrateWindows NT servers and workstations with IntranetWare and NetWare 4. (See "Novell's Windows NT Integration Strategy.") Future issues ofNetWare Connectionwill feature articles that describethe various products included in this strategy.
Sandy Stevens is a freelance writer based in Salt Lake City, Utah.She is the co-author ofNovell's Guide to NetWare PrintingandNovell'sGuide to Integrating IntranetWare and Windows NT.(Both books are availablefrom Novell Press.)
NetWare Connection, June 1997, pp.6-14
Novell's Windows NT Integration Strategy
If you have a mixed IntranetWare/NetWare 4 and Windows NT environment, Novell Administrator for Windows NT will save you significant time and money in managing your entire network. However, this utility is only one part of Novell's plan to integrate Windows NT servers and workstations into an IntranetWare/ NetWare network. Novell has already released or will be releasing the following products to ease the burden of managing a mixed network environment. (For more information about these products, visit http://www.novell.com/intranetware/ntint.)
INTRANETWARE CLIENT FOR WINDOWS NT
With IntranetWare Client for Windows NT 4.1, Windows NT Workstation 3.51 and 4.0 can access IntranetWare and NetWare services through Novell Directory Services (NDS), including file, print, security, management, and messaging services. IntranetWare Client for Windows NT is tightly integrated with Windows NT Workstation, providing users with a single login to their Windows NT Workstation, the NDS tree, and any Windows NT resources they are authorized to use.
NOVELL WORKSTATION MANAGER
A component of IntranetWare Client for Windows NT 4.1, Novell Workstation Manager allows you to manage Windows NT Workstation 3.51 and 4.0 user accounts through NDS. With Novell Workstation Manager, you do not have to maintain these user accounts in the Windows NT Workstation Security Access Manager (SAM) database or the Windows NT Server domain database (as required by Windows NT Workstation). You can now create an NT Workstation object in NDS and associate User, Group, or Organization objects with that object. When a user logs in to the network, IntranetWare Client for Windows NT verifies that the user is associated with an NT Workstation object. If the user is associated with an NT Workstation object, the user is dynamically created in the local workstation's SAM database.
NOVELL APPLICATION LAUNCHER
Novell Application Launcher (NAL) has been enhanced for use with Windows NT Workstation 3.51 and 4.0. Using the NetWare Administrator (NWADMIN) utility, you create Application objects in the NDS tree to represent applications that are located on IntranetWare, NetWare 4, or Windows NT servers. These Application objects contain the information required to locate and launch applications at users' workstations. In addition to simplifying the management of network applications in a mixed environment, NAL also provides application fault tolerance and load balancing for IntranetWare, NetWare 4, and Windows NT servers.
MANAGEWISE AGENTS FOR WINDOWS NT
ManageWise agents for Windows NT work with ManageWise 2.1 to integrate Windows NT servers and workstations with your overall network management system. With these agents, you can collect real-time and long-term performance trends and alarm information about your Windows NT servers. You can also centrally manage Windows NT workstations by conducting hardware and software inventories, viewing Simple Network Management Protocol (SNMP) alerts, providing virus protection, and using remote-control and remote-execution capabilities.
GROUPWISE 5 FOR WINDOWS NT
GroupWise 5 has been enhanced to provide integration with Windows NT Server 3.51 and 4.0. In addition to running on the IntranetWare and UNIX platforms, the GroupWise Message Server now runs on Windows NT servers, thereby providing a cross-platform messaging system. No matter which platform you choose to run the GroupWise Message Server, it is fully integrated with NDS, providing a central management point for your entire messaging system.
Because GroupWise 5 also provides integration with Microsoft Exchange clients, you can use the GroupWise Message Server at the back end. In addition, GroupWise WebAccess, which allows you to access the GroupWise 5 services from a World-Wide Web (WWW) browser, can run on both IntranetWare WWW servers and Windows NT WWW servers.
NDS FOR WINDOWS NT
Novell is implementing NDS natively on Windows NT Server and plans to release this product later this year. NDS is also being made available on various UNIX platforms. By providing NDS natively on many different platforms, Novell is enabling developers to leverage NDS as a cross-platform application infrastructure. In addition, Novell is providing a directory infrastructure for users to access and manage all network resources, regardless of the platform on which they reside.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.