A Method for Splitting an NDS Tree
(Last modified: 09Jan2003)
This document (10053915) is provided subject to the disclaimer at the end of this document.
goal
A Method for Splitting an NDS Tree
fix
Bear in mind that NOVELL TECHNICAL SUPPORT DOES NOT ENDORSE METHODOLOGIES OF SPLITTING TREES OTHER THAN CREATING A NEW TREE FROM SCRATCH AND RE-CREATING THE ORIGINAL OBJECTS THEREIN. THE USER ASSSUMES ALL RISK ASSOCIATED WITH FOLLOWING THIS APPROCH, OR ANY OTHER APPROACH OF SPLITTING THE TREE. However, if you follow these steps carefully and with due caution, fully reviewing each step before proceeding, the results should be satisfactory. **Make sure you test this in a test enviornment firs. Understand that this may still cause objects to collide, thus causing renames.
The following is a practical example of how a portion of an NDS tree can be split off from a parent tree to form a new one. This procedure is designed for larger trees where the servers involved are spread across remote sites for which the communications apparatus cannot be disabled or altered while the new tree is being formed. This methodology was derived from a real-world implemenation of a tree split in a production environment.
Be aware that ONCE A TREE IS SPLIT IN THIS FASHION, IT CAN NEVER BE MERGED TOGETHER AGAIN; you would instead have to remove Directory Services from the child tree servers and re-install them back into the parent tree. There's no way around this!!!! ATTEMPTING A MERGE THE TREES TOGETHER AGAIN WILL CAUSE TIME STAMP COLLISIONS (and perhaps other ramifications) WHICH WILL SERIOUSLY DAMAGE THE ORIGINAL TREE!!!!
Preparations:
1. Place a Read/Write replica of ALL partitions in the tree on the server designated to be the primary NDS server in the child tree (no exceptions).
2. Backup trustee rights on the volumes of all servers that will be installed into the new tree. This can be done using an SMS-compliant backup application or the TBACKUP utility that can be downloaded from the Novell Support Connection site.
3. Verify the parent tree is in good health. Ascertain that you have implemented the latest version of NDS and DSRepair on all your servers. Use DSRepair to make sure that all servers are communicating and in sync (Report and Time Synchronization). In advanced options run Check External References to make sure there are no obituaries with the MOVE_INHIBIT flag set. If this is the case, stop here and determine why this obituary isn't clearing. Ideally there should be no obituaries, but it is possible to proceed if some do exist, but none can have that flag set.
4. Also consult the articles "Maintaing a Healthy NDS Tree" parts one and two in the August and October 1997 issues of Appnotes, respectively, for further tests you can run to make sure your tree is healthy.
Under no cirumstances proceed if any servers in the tree aren't in sync or communicating, or if DSRepair is reporting errors of any kind.
Procedure for new NDS server in new child tree
1. Disconnect designated NDS server for child tree from the rest of the network and place it on its own isolated hub/switch with an administrative client attached. This server must not communicate with any server on the network until you are told to put it back on the network in steps below.
2. Make a backup DIB set of the NDS database on the server in advanced options in DSRepair. Continue doing so along this process as desired, naming the file differently each time. If you make a non-reversible mistake (especially in step 5) you have two choices: you will need to open an incident with Novell Technical support for a techician to dialin to the server and restore the NDS DIB set you backed up, or you can remove NDS from this server and re-install it back into the parent tree, and start the process again from the beginning. If contacting Novell tech support is not an option, disregard this step (and be careful!). If you do have to contact support for this, keep in mind that the technician will evaluate your circumstances and will choose whether or not to proceed at his/her discretion.
3. Using NWAdmin verify that all lower containers and objects are accessible.
4. Set all replicas on new server to Master. To do this go to advanced options in DSRepair | Replica and partition operations then on each and every partition designate it as Master.
5. Remove all servers - except this new master DS server - from each replica ring with DSRepair. On the Replica options screen, select "View replica ring" where you will see all the servers that have a replica of that partition. Remove all servers except this new master server for the child tree. If you make a mistake here and remove this master server from any ring, you will have to start all over again. The new DS server should be the only one that appears on all partition/replica ring lists.
6. Change tree name using DSMerge.
7. Remove all server objects - except the new master server - from tree with NDSManager. This may take some time, especially for large trees. The larger the tree the more disk activity will take place on the server while NDS readjusts its database, which may cause bursts of high utilization for short periods of time. Be patient and wait it out. Wait for the server to settle down each time before removing the next server.
8. Rename the server object and the internal IPX number. Follow the steps in document: Renaming a server
9. Remove all unknown objects from tree in NWAdmin, such as volume objects.
10. Change time configuration to Single, remove configured time sources. If you want to have primary and reference servers in the new tree that's fine, but keep it simple for now and make those changes later.
11. Set DSTrace = ON +S +SCHEMA *SS *H. Wait for "All Processed = Yes" on all partitions in the DSTrace screen. This step is optional but recommended.
12. Run an unattended full repair. This will help put the replica rings back into shape. You will see errors here. Re-run this operation until it reports zero errors. If certain errors should persist, troubleshoot each individually and do not proceed until they are all corrected.
13. Login to new tree, verify health of new tree and all DS operations complete.
**If the tree name is not completed successfully this can cause collisions when your reconnect this tree to the network.
14. If tree health is good (using above steps) and ParentTree Cleanup is finished, put server on network.
15. Verify servers can see each other.
These steps may be performed concurrently with the previous set of instructions, or consecutively (recommended). If you make a mistake or abort anywhere while in the split process and have to re-install the DS server back into the original tree, you need to do the following cleanup steps BEFORE putting it back.
ParentTree Cleanup
1. Remove all instances of new DS server in replica rings as in step 5 above. Use DSRepair for this operation on the servers in parent tree with a Master replica of any and all partitions.
2. Remove new DS server from tree using NDSManager.
3. Remove unknown objects in current tree with NWAdmin.
4. Check health of tree as in Preparatory procedure above.
5. Make sure that a server holding a r/w replica is designated as the master for each replica. Make sure you use dsrepair to designate the server as a master. *Do not designate a subordinate reference as a master. This will cause data loss for the entire partition.
At this point you are free to add additional servers to the new child tree. Simply remove directory services from these servers, then install each into the new tree. Afterward you will have to restore the trustee rights. You may also re-fashion the child tree as desired. You will also need to re-create any print queues since the volume IDs of the volumes they originally referenced will have changed (assuming they exist at all).
.
document
Document Title: | A Method for Splitting an NDS Tree |
Document ID: | 10053915 |
Solution ID: | NOVL14305 |
Creation Date: | 06Jun2000 |
Modified Date: | 09Jan2003 |
Novell Product Class: | NetWare Novell eDirectory |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.