Although Microsoft might not want to admit it, there are other network operating systems besides Windows 2000 and Windows NT. Once upon a time, Novell ruled the networking world with NetWare. Even if NetWare isn’t as dominant as it once was, many Windows administrators will eventually find themselves facing unfamiliar territory—an old reliable NetWare server and Novell Directory Services (NDS).
What do you do if you’re such a Windows administrator? Migrating from NetWare to Windows isn’t always an option. In that case, you’ll have to learn to deal with NetWare and NDS. In this Daily Feature, I’ll cover some of the basics of NDS that you’ll need to know.
What is NDS?
In short, NDS is the glue that holds a NetWare network together. From a Windows administrator’s perspective, NDS is the NetWare version of Active Directory. However, unlike Active Directory, which is tied to Windows 2000, NDS can exist on a NetWare server, Windows 2000, UNIX, and even Linux. Also, where Active Directory is basically a 1.0 release, NDS has been around since 1994, undergoing several revisions, updates, and bug fixes, making it more robust and stable than Active Directory.
In versions of NetWare prior to NetWare 4.x, you had to create a user on each server that the user would be accessing via what was known as the bindery. With the release of NDS, a network administrator can create the user once on the network and then assign rights to the resources on the network that the user needs, no matter how many servers are on the network. Also with NDS, each server on the network has the ability to have its own copy of the NDS database.
When using NDS and NetWare, you’ll encounter new terms for everyday things. For example, “records” in the directory are known as “objects.” These objects represent network resources that can do different things on the network. All objects have properties that define them. Properties can be such things as login scripts, access rights, general information, group membership, and so on.
NDS contains two basic kinds of objects: container objects and leaf objects. Container objects hold specific information about the organization of the database. Leaf objects contain information specific to a purpose. A good way to distinguish between container and leaf objects is that the container can hold other objects, either leaf or other container objects. Leaf objects can’t hold other objects.
Container objects help you organize your NDS tree as it grows. There are four container objects that form the basis of an NDS tree:
- Organizational unit
The root object is the one that all NDS trees begin with. Think of the root as the starting point for your NDS tree. The root object is created for you automatically when NDS is installed on the server during installation. The root is a required part of the NDS tree, and you will only have one root object per tree. You can create three different types of objects at the root of the tree: the organization object, the country object, and the alias object.
The organization object is usually the first NDS object you will have in the tree after the root object. This is your branching off point for the rest of your NDS tree. This object normally represents your company’s name. Although it’s possible to have multiple organization objects at the root of your NDS tree, normally you only have one.
As you create other objects such as user or group objects, you’ll place them inside of your organization object. By assigning either file or directory rights to the container they are in, objects that are members of the organization object automatically inherit the rights granted to the higher level object that contains them. The act of assigning rights to a file or directory is also known as giving a “value” to a “property” of the container object. Rights and permissions are one of the “properties” that you can assign a container object or a leaf object.
The country object is not an object that you will use in an NDS tree unless you have a network that will be crossing continents. Unlike other objects, you are limited to two characters maximum for the name of a country object. The only properties that a country object can have are Identification, Rights to Files and Directories, and Security Equal To Me. All the Identification property will do is give you a note field to put in further information about who this country object will be used by, etc. The Security Equal To Me property allows you to make other objects' security equal to this one.
The alias object is one you won’t use very often in NDS. This object allows you to move objects around in the NDS tree without having to run to all the workstations on your network or make changes to multiple login scripts. You will only use it when making major changes to a tree. As you can probably guess by the name, the alias object is a placeholder. Other objects refer to the alias object, but all the alias does is point to the object that the alias represents.
As you need to further subdivide your NDS tree to keep things manageable, you can use an organizational unit (OU). OUs allow you to further subdivide organization objects. OUs can contain Leaf objects or other OUs. Like the rights for organization objects, rights granted to OUs flow down to objects contained within the OU.
When you select the option of creating an object at the OU level using NetWare Administrator, you will see a slightly different menu of objects. The country and organization objects you previously saw from the root will not be in the Available Objects list. Instead, you’ll see a whole slew of new ones. These are the leaf objects that reside within the container and describe each resource that has rights in the network.
NDS contains too many leaf objects to go into each one in detail in this Daily Feature. The number of leaf objects you see will also depend on the version of NetWare that you are running, the service pack currently installed on the server, and what server-based applications are installed on the network. Every time you add a program, such as GroupWise or BorderManager, that extends the NDS schema, you’ll see new available leaf objects. Some of the more useful and common leaf objects in your NDS tree are:
- Computer: This object represents a networked computer. It’s really only for informational purposes and has no rights on the network.
- Directory Map: This object represents a directory on the server. Directory Map objects are useful in login scripts to point to directories containing applications or data files.
- Group: Group objects are used to manage a group of users with similar needs.
- IPrint: The iPrint object works with iPrint enabled printers.
- NDPS Broker: The NDPS Broker oversees the NDPS system.
- NDPS Manager: The NDPS Manager handles the communication between the workstations and the printers.
- NDPS Printer: The NDPS Printer object handles the printers.
- Print Queue: This object represents a non-NDPS print queue.
- Print Server: This object represents a non-NDPS print server.
- Printer: This object represents a non-NDPS printer.
- Server: The Server object is automatically created when you install NDS on the server. This identifies the server in NDS so that clients can find it.
- Template: Template objects can save you some time in creating users.
- Volume: The Volume object is created for each drive or volume that is on the server when NDS is installed on it, or when the volume is installed at a later time.
As you can see, NDS is a very flexible and versatile network directory service. You aren’t limited to using NDS on just NetWare; there are versions of it that can be installed on NT, Win2K, and several flavors of UNIX/Linux. One suggestion that will serve you well: Don’t worry about trying to use all the objects at once when setting up an NDS network. Go with the basics and, when you are comfortable, you can see what other objects will make your life easier.