The functioning of the migRaven Novell / Microfocus connectors

The Novell file system authorizations according to Microsoft ACL are based on the trustee information of the corresponding Novell volume.

With Novell Filesystem it is possible not only to assign rights to users and groups, but also to other objects from the Active Directory, such as OUs. The use of OUs to assign authorizations is a simple method, since it means that no new objects have to be created. Under Novell, it is also common to create rights directly at the user level.

The Novell Connector from migRaven is able to meaningfully transfer all these objects into the Microsoft world. Prerequisite: The user accounts themselves must have already been replicated to Microsoft and be assignable via the SAM.

Procedure: (All trustee information processed sequentially)

  1. migRaven takes a trustee information for a directory and tries to resolve the object via the Novell connector on the basis of the CN.
  2. When migRaven the object is found, it is checked what type it is: user, group, role, OU etc.
  3. If the object is a user, this user is directly entitled to an AD permission group under Microsoft (Account Group ACE); If there is another user with the same right in the next trustee information, it will be dissolved again and integrated into the already existing group of the previous user.
  4. If it is an object that has objects other than "member", all contained objects are resolved and integrated into an AD permission group. If there is another user or group, they will be packed into the existing AD group. (Account group-ACE)
  5. Rollmining: If a "group" object is discovered several times in the trustee information, a new group is formed for this object in the AD, which receives all members from the Novell object. This could be, for example, all users (traverses) from an OU with the name "Purchasing". (Account group group-ACL). The resolution of the "group" objects corresponds to the operation under Novell. Mach the objects act on all contained objects in the Traverse - others not.
  6. For the permissions that are lower than in the second level are through migRaven set up the required list permissions.

Following this procedure, hundreds of trustee information can be edited in one task and rebuilt according to Microsoft Best Practice. It has the advantage that no groups are generated indiscriminately in the AD, but exactly those that you actually need. It does not matter which object types have been used under Novell and no pruning is necessary! migRaven treats every object individually without annoying rework or unnecessary groups that are not needed.

Simple options for the group names and the way list permissions are generated can be used in migRaven individual requirements are implemented.

One should absolutely answer the question before migration how one would like to edit the permissions under Microsoft. The Microsoft on-board resources are not suitable for this, which means that within a very short time the DESIRED authorizations again deviate from the ACTUAL authorizations.

If you do not want to give up the usual Novell comfort, you should have a look 8MAN Enterprise look at. With 8MAN you can manage permissions even easier and more comfortable than under Novell. The mode of action is identical.

More on this topic:

Permanent link to this post: https://help.migraven.com/migraven-novell-connector-edir-migration-trustees-to-microsoft/

Leave a Comment

Your email address will not be published.