General discussion

Locked

Do I have to deploy Active Directory on Windows Server 2003 ?

By pierre_montigny ·
Q1. We are a Novell shop with NDS. We don't use domains much in our Windows servers. Do I have the option of NOT using Active Directory ?

Q2. From what I've read it seems that deploying Active Directory would be beneficial. I don't want to compete with NDS... but it would be nice to leverage it... Can I use Active Directory to take advantage of our existing Novell NDS ?

Q3. From what I've heard....Active Directory need to make use of a DNS. Does this DNS have to be on the Windows 2003 Server or can I simply reference it ?

Thanks.

Regards,
Pierre

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Yes and No

by jr In reply to Do I have to deploy Activ ...

A1: You don't absolutely have to deploy Active Directory. You can leave your Windows servers in a workgroup; however deploying Active Directory centralizes your security (users, groups, etc) and benefits in numerous other ways. You can deploy Active Directory on Windows 2000 Server or Windows Server 2003.

A2: Novell used to make a tool called NDS for NT, I haven't read much about it for a long time but I heard they would support Active Directory. Microsoft has a couple solutions to co-exist with NDS such as 'Services for NetWare' however I don't think they are meant to be a long term solution. If you truly want to leverage both directories in an integrated fashion I would suggest looking into a 'Identity Management' solution.

A3: You can use a alternative DNS other than Microsoft's. (Note: I would recommend using MS DNS if possible)

The requirements are as follows:

Must support RFCs 2052, 2163, Dynamic DNS and Service Resource Records
Must be compatible with Bind 8.1.2 or later

Hope this helps!

Best Regards,

J.R. Brown
iAdmin Mobile - Mobile Network Systems Administration
http://www.iAdminMobile.com

Collapse -

DIRXML

by pgm554 In reply to Yes and No

Depending on your version of NW and Edir,you can sync users and groups between EDIR and AD using a supplied connector that comes free with NW 6.5.

I think it has been renamed Nsure Identity Manager 2.

http://www.novell.com/products/nsureidentitymanager/

Collapse -

Many thanks

by pierre_montigny In reply to DIRXML

I thank you both for your replies, it is much appreciated.

Cheers,

Pierre

Collapse -

What is your purpose for the WIN2003 Serv?

by rstoebe In reply to Do I have to deploy Activ ...

Being a Novell Shop you are using NDS for your user and group management. If this is working to your satifaction then why is the Windows 2003 server there? Introducing Active Directory into your enviroment gives you two network accounts and passwords per user and the sync issue that goes with it. If there are any features you want to use on the Windows 2003 server then you will need Active Directory. If it is just a larger workgroup PC to store files you don't need AD. You could setup the server with AD skip the users accounts load the NDS for NT and manage it like that. It all comes down why is it there?

Collapse -

SAM.DLL

by pgm554 In reply to What is your purpose for ...

Starting with W2K ,you cannot replace the sam.dll with the NDS for NT sam.dll.

M$ made sure that any future releases of NDS for NT would not work with their new products.

So that is not an option.

Collapse -

Edir 8.73 supports Windows 2003 and more

by rstoebe In reply to SAM.DLL

What's New in eDirectory 8.7.3

* Support for Windows Server 2003.
* UNIX* package-based install for all eDirectory server components for Linux, Solaris, and AIX.
* Default port change from 80 and 443 to 8008 and 8010 (8009 on NetWare).
* Novell iManager 2.0.2, which provides a single Web-based management console for the administration of Novell products on NetWare, Windows, Linux, Solaris, and HP-UX. iManager standardizes all Novell Web-based administration utilities on a single management framework. iManager also provides a best-of-breed architecture for easy development of Web-based administration and management modules through open standard application interfaces.
* NMAS? 2.3, which includes advanced password policy enforcement, NMAS Web Server Agent, challenge/response login method, challenge response API, and Kerberos method.
* Novell Certificate Server 2.7, which includes OCSP over SSL and directory name CRL support.
* Novell eGuide 2.1.2 for NetWare, Windows, Linux, Solaris, and AIX, which provides support for Role-Based Services used in iManager 2.0, backwards compatibility with iManager 1.5.x., enhanced iChain support (including support for all forms of authentication), new search attribute filters functionality, automatic configuration of SSL, an improved quick setup wizard, and improved counters.

Collapse -

DirXML is required for W2K and above

by pgm554 In reply to Edir 8.73 supports Window ...

You suggested NDS for NT .NDS for NT does not support W2K and above.

The mechanism between NDS for NT and EDIR/DIRXML (Nsure) are two very different Novell products.

NDS for NT(or Corporate NDS) replaces the SAM.DLL on the NT 4 box, where as DirXML is a shim between the AD on the W2K/3 boxes and EDIR on the NW box that synchronizes data between the two(publish or subscriber depending upon how things are set up).

I've done a few in my career (all though Novell is not very healthy out here on the west coast).What a shame, great products, but M$ is what sells.

West Mifflin, eh? I am from Brownsville originally, but IT back in SW PA is so bad I had to move back to S.F.

Go Steelers!

Collapse -

Stay away from the Windows 2003 Small Business Server product...

by UncleRob In reply to Do I have to deploy Activ ...

If you absolutely need Windows 2003 go with the Standard server product and stay away from Windows 2003 small business server as it requires Active Directory and to be setup as the only domain controller on the network (single tree in a single forest - not much of a forest with only 1 tree though), if you don't promote it to dc and setup up active directory, it's a violation of the the M$ eula and the server shuts itself down after the first 7 days of operation and everyday afterwards. Windows 2003 server in my opinion is just a Windows 2000 product with few upgrades and a WinXP eye candy face lift, go with Windows 2000 Server if you can, I've used it for years and for all intents & purposes it's bullet proof. Just my 0.02 cents.

Collapse -

No you don't

by eddielad In reply to Do I have to deploy Activ ...

(1) You don't have to have AD to use W2K03 but it is useful for centralising admin & security & all the other reasons people use domain models rather than workgroups. I don't think its an option to not use a domain but if you're happy to use a NT4 Domina Controller (or possibly a Samba DC) you could avoid it. Totally depends on your situation.

(2) No, Microsoft would never allow that BUT Novell do allow NDS AKA E-Directory to be layered on top of Active Directory & Linux & UNIX etc. It would be worth reviewing that as an option.

(3) DNS can be run on any O/S so long as it is compliant with the latest BIND versions. Obviously it never gets covered by MS training courses but if your comfortable with DNS it can be done.

Hope this helps

Collapse -

DNS in 2003 AD

by ameadows In reply to No you don't

Someone posted that you do NOT have to make user of MS DNS when deploying AD.

What is the correct config if I am NOT going to use MS DNS... Do I simply point the DCs to the existing (linux) dns servers? The issues that I am coming accross is that the clicnts are unable to resolve host that are in the DOMAIN, once they join the domain.

Background: going from a total NON centralized environment (no domain, no nothing...just a bunch of clients running DHCP, and getting DNS setting from there) to a full 2003 AD environment.

Any suggestions would help.

Back to Networks Forum
10 total posts (Page 1 of 1)  

Related Forums