Authorizations are transferred from Novell to Microsoft on the basis of the Trustee Information of the appropriate Novell Volume.
Under Novell it is possible not only to assign rights to users and groups but moreover to other projects from the active directory, like organization units. The use of OUs for assigning authorizations is a simple method, as new objects need not be created anymore. Furthermore it is common practice in Novell to create rights directly on the user level.
The Novell Connector of migRaven is in the position to transfer all these rights sensibly in the Microsoft world. Prerequisite: The user accounts have been replicated to Microsoft and have been assigned via the SAM.
Process flow: (All Trustee Information processed in order)
- migRaven takes a Trustee information for a directory and tries to disintegrate the object via the Connector in the Novell on the basis of the CN.
- If migRaven found the object, one checks its type: User, Group, Role, OU etc.
- If the object is a user, this user is assigned directly with an AD-authorization group under Microsoft (Account-Group-ACE); if there is another user with the same right in the next Trustee information, and it is again disintegrated and then integrated in the already available group of the previous user.
- If it is an object, that has other objects as “Member”, then all included objects are disintegrated and integrated in an AD-authorization group. If there is another user or another group, then these are also packed again in the available AD-group. (Account-Group-ACE)
- Role mining: if a “Group” object is discovered in the Trustee-information, then a new group is formed for this object in the AD, which includes all members from the Novell object. That could be for example all users ((Travers) from an organization unit with the name “Purchase”. (Account-Group-Group-ACL). The disintegration of the “Groups” objects corresponds with the mode of action under Novell. Power of the objects has an effect across all included objects in the Traverse – while others do not.
- The required list authorizations are formed for the authorizations that are located deeper as in the second level.
After this procedure, hundreds of Trustee information can be edited in a task and re-created in accordance with the Microsoft-Best-Practice. It has the advantage that no groups are generated randomly in the AD, but only the ones, which one actually needs. It does not matter which object types were used under Novell and no previous correction is necessary. migRaven treats each object individually without bothersome rework or superfluous groups, which are not required.
Individual requirements can be implemented in migRaven through simple options for the group names and for the type, how list authorizations are generated.
One should implicitly answer the question before the migration, how one wants to then edit the authorizations under Microsoft. The Microsoft standard tools are not suited for the purpose that leads to the fact that the TARGET-authorizations deviate again from the ACTUAL-authorizations within a very short time.
If one does not want to waive the usual Novell-comfort, one should once view 8MAN Enterprise With 8MAN, one can administer authorizations in a simpler and even more comfortable manner than under Novell. The mode of action is thereby identical.
More information of this topic