Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


How build a test enviroment using eDirectory 8.6.2 and above by Provogeek
Posted: 25 Aug 03 (Edited 11 Jan 05)

**Edited on 1/13/2004
**End edit

Before you install any product that extands your schema or alters the directory in anyway, you must test it first.  There are difficult ways and there are easy ways to build this test bed.  The closer the test bed emulates your production enviroment, the better the test will be in finding issues you need to correct before installing a new product into a live system.

I have two ways to build a test enviroment to emulate your production tree.  Both have their pros and cons.

Option 1
The easy way is to use the NWCONFIG utiltiy and go into DS operations and perform a backup before hardware upgrade.  This will create a file on the SYS volume.  Right after you have done the backup, do a restore because the backup will lock the NDS database and disable DS.  Doing the restore will unlock the NDS database and enable DS.  Then copy the file to an alternate location, you will find the backup file in the SYS:SYSTEM directory.  

You must use a server with a master of [root], and this server should have a replica of all partitions on the network to ensure a true testing enviroment.  Depending on your enviroment, you will need to do this afterhours when you can bring the server down.  

Build a new server using the same exact name and the same exact internal ID (aka internal IPX number).  These two items MUST match for this to work.  Do anything you want to the server config, and use the NWCONFIG tool to perform a restore of NDS information after a ahrdware upgrade.

This system must be on it's own network isolated from the production network.  You will need to go through the datase using DSREPAIR and remove all other servers from all replic rings.  Run a full NDS health check.  Verify your Certificate Authority, and reinstall as needed.  

Option 2
There is a new function Novell added to DSREPAIR for DS version 8.6 and above.  You have always been able to create an archive of DS using the -RC switch in DSREPAIR or by using the menu option in Advaced Options Menu.  This created a backup file named 00000000.$DU, by defualt it is stored in SYS:SYSTEM\DSR_DIB, but you can specify an alternat location if you wish.

Since this does not lock NDS or disable DS, you can do this during normal business hours.  Be sure the server you do this from has at least a Read Write replica of ALL partitions.  If the server you want to use to obtain a copy of your NDS database does not, then add them for the porpose of this backup.

Move the file to alternate storage and place it onto a test server.  Configuration of this test server does not matter.  What ever is in DS will get wiped out when you restore the backup.  Do ensure the configuration of the server is close to what you have in production.  

**Edited on 1/13/2004
There is a switch avilable for DSREPAIR to restore this DIB set to your test server, however it is unsupported by Novell Inc.  Since this option would allow a person to destroy their tree, and I recently found out it was an option unpublished and held under NDA.  To obtain further information on the context and usage of this switch, please contact Novell Technical Services or your local Novell Platinum Partner.
**End edit

**Edited on 1/11/2005
After talking to many Novell sales reps, support engineers, consultants and developers, there really is no problem with me giving out this information.  I just need to let you all know, if you break your network using this in production, it is no bodies fault but your own.  Any independent or directly employed Novell consutlant will charge you full rates to fix your network if you use the following information in a production enviroment.
**End edit

On your test server that is now on it own isolated network that has no physical or logical connetion to the production network, load up DSREPAIR using a switch -$DU.  Go to Advanced menu options and choose NDS Archive Options.  You will now see more options than you have seen before in this menu item.  You can either Restore NDS from archive with or without verification.  I normally choose without verification to just get the job done.  The system will then go through the process of replacing the current DS with the one you brought over from your production enviroment.  Once it is done and you have verified DS database is open, reboot your server.  If your DS database won't open, it is easier to just start over and try to import the archive again.

Now you have similar clean up as in Option 1.  One difference is this server will be master of all partitions already.  

You will need to remove all other servers from the replica ring for all partitions.  This can be done through DSREPAIR by going into the Advanced menu options, Replica and partition operations, Choose a replica, View replica ring, Pick a server, and choose to Remove this server from the replica ring.  You will be given the all mighty screen of terror that asks you to type in ôI Agreeö.  When you read it, it basicly says you accept all presponsibility for the affect this has on your tree.  Since we are in a test enviroment, and the server is not in this test network, this is okay to do and is also needed.  Repeat this for all server and all replicas so only your test server is left in all partitions.

Go into console one and delete all server objects except for the test server.  Also delete all PKI (SSL) objects, all of them, including the ones for the test server.  Just do it.  Also delete the CA object.

Run a full NDS health check.  http://www.novell.com/coolsolutions/tip/9017.html

Reinstall Certificate Authority and iManager.

Imanager may be a bit tricky, here is a great TID on how to manually install iManager.  http://support.novell.com/cgi-bin/search/searchtid.cgi?/10093727.htm

Back to O/S Other general discussion FAQ Index
Back to O/S Other general discussion Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close