Authorizations are transferred from Novell to the Novel Volume.
Under Novell it is not only possible to assign rights to users and groups, but moreover to other projects from the active directory, like organization units. The use of OUs for assigning authorizations is a simple method. Furthermore, it is common practice in Novell to create rights directly on the user level.
The Novell Connector of migRaven is in the position to transfer all these rights sensibly in the Microsoft world. Prerequisite: The user accounts have been replicated to the SAM.
Process Flow: (All Trustee Information processed in order)
- migRaven takes a Trustee information for a directory and tries to disintegrate the object via the Connector in the Novell on the basis of the CN.
- If migRaven found the object, one checks its type: User, Group, Role, OU etc.
- If the object is a user, this user is assigned directly to an AD-authorization group under Microsoft (Account Group ACE); Trustee information, and it is again disintegrated and then integrated into the already existing group of the previous user.
- If it is an object, that has other objects as "member", then all included objects are disintegrated and integrated into an AD-authorization group. If there is another user or another group, then these are packed again in the available AD group. (Account-Group-ACE)
- Role mining: if a "group" object is discovered in the trustee information, then a new group is formed for this object in the AD, which includes all members from the novell object. That could be for example all users ((Travers) from an organization unit with the name "Purchase". (Account Group Group ACL) The disintegration of the "Groups" objects while the other has objects in the Traverse - while others do not.
- The required list authorizations are located in the second level.
After this procedure, hundreds of trustee information can be edited in a task and re-created in accordance with the Microsoft Best Practice. It has the advantage that no groups are generated randomly in the AD, but only the one, which one actually needs. It does not matter which object types were used under Novell and no previous correction is necessary. migRaven treats each object without bothersome rework or superfluous groups, which are not required.
Individual requirements can be implemented in migRaven through simple options for the group names and for the type, how list authorizations are generated.
One should implicitly answer the question before the migration, how one wants to edit the authorizations under Microsoft. The TARGET authorizations deviate again from the ACTUAL authorizations within a very short time.
Novell-comfort, one should once view 8MAN Enterprise With 8MAN, one can administer authorizations in a simpler and even more comfortable manner than under Novell. The mode of action is identical.
More information on this topic