Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
230 views

User deployment from IDM to multiple non AD windows server


Hi,

From single scripting driver I can create/manage local user of single
windows servers. That is not a member of any active directory.

I have to deploy and manage users from IDM to 100+ windows server those
are not a member of any AD. Is there any solution like linux/unix fanout
driver to create/manage users in 100+ windows server using single IDM
driver?

or I have to create individual driver for individual windows server?

or may I configure scripting driver to do the same?

Please advice.

Thanks and Regards

Deb


--
deb_sarkar
------------------------------------------------------------------------
deb_sarkar's Profile: https://forums.netiq.com/member.php?userid=7951
View this thread: https://forums.netiq.com/showthread.php?t=51658

Labels (1)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: User deployment from IDM to multiple non AD windows server

deb sarkar wrote:

>
> From single scripting driver I can create/manage local user of single
> windows servers. That is not a member of any active directory.


The more important question is, can this single windows server access all the other servers (network, firewalls, WMI, credentials etc)?

> I have to deploy and manage users from IDM to 100+ windows server those
> are not a member of any AD. Is there any solution like linux/unix fanout
> driver to create/manage users in 100+ windows server using single IDM
> driver?


There is not an "out of the box" fanout solution for this, maybe a feature request?

> or I have to create individual driver for individual windows server?


That seems like overkill.

> or may I configure scripting driver to do the same?


You could definitely try.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User deployment from IDM to multiple non AD windows server

On Tue, 02 Sep 2014 17:55:22 +0000, deb sarkar wrote:

> I have to deploy and manage users from IDM to 100+ windows server those
> are not a member of any AD. Is there any solution like linux/unix fanout
> driver to create/manage users in 100+ windows server using single IDM
> driver?
>
> or I have to create individual driver for individual windows server?


Build it once. Package it (or use Library policies) so that all 100
drivers are the same, just with some GCVs to differentiate. Done.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: User deployment from IDM to multiple non AD windows server

On 9/2/2014 3:00 PM, David Gersic wrote:
> On Tue, 02 Sep 2014 17:55:22 +0000, deb sarkar wrote:
>
>> I have to deploy and manage users from IDM to 100+ windows server those
>> are not a member of any AD. Is there any solution like linux/unix fanout
>> driver to create/manage users in 100+ windows server using single IDM
>> driver?
>>
>> or I have to create individual driver for individual windows server?

>
> Build it once. Package it (or use Library policies) so that all 100
> drivers are the same, just with some GCVs to differentiate. Done.


We did that for a customer with 11 AD's via Libaries, and the new driver
import was almost all linkage. Packages would make it even easier.
Heck Packages could do it via Libraries too if you wanted.

We have a customer with over 100 such instances done via multiple copies
of the drivers.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User deployment from IDM to multiple non AD windows server

On Wed, 03 Sep 2014 14:14:11 +0000, Geoffrey Carman wrote:

> On 9/2/2014 3:00 PM, David Gersic wrote:
>> On Tue, 02 Sep 2014 17:55:22 +0000, deb sarkar wrote:
>>
>>> I have to deploy and manage users from IDM to 100+ windows server
>>> those are not a member of any AD. Is there any solution like
>>> linux/unix fanout driver to create/manage users in 100+ windows server
>>> using single IDM driver?
>>>
>>> or I have to create individual driver for individual windows server?

>>
>> Build it once. Package it (or use Library policies) so that all 100
>> drivers are the same, just with some GCVs to differentiate. Done.

>
> We did that for a customer with 11 AD's via Libaries, and the new driver
> import was almost all linkage. Packages would make it even easier. Heck
> Packages could do it via Libraries too if you wanted.
>
> We have a customer with over 100 such instances done via multiple copies
> of the drivers.


I haven't tried it, but I'd be tempted to build it with Packages, using
linked policies from a single Library. That way future upgrades shouldn't
be quite as painful.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User deployment from IDM to multiple non AD windows server


Is it possible to create a cool solution document with clear steps or
provide me the link if already exist? I want to test it for NON AD based
windows servers before deployment.


--
deb_sarkar
------------------------------------------------------------------------
deb_sarkar's Profile: https://forums.netiq.com/member.php?userid=7951
View this thread: https://forums.netiq.com/showthread.php?t=51658

0 Likes
Knowledge Partner
Knowledge Partner

Re: User deployment from IDM to multiple non AD windows server

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User deployment from IDM to multiple non AD windows server


Yes, I have learned lots from your article. It will be help full, if you
can write a article for "*Single scripting driver for multiple local
windows servers*" and send me the link.

Thanks

Deb


--
deb_sarkar
------------------------------------------------------------------------
deb_sarkar's Profile: https://forums.netiq.com/member.php?userid=7951
View this thread: https://forums.netiq.com/showthread.php?t=51658

0 Likes
Knowledge Partner
Knowledge Partner

Re: User deployment from IDM to multiple non AD windows server

On 9/4/2014 2:55 PM, deb sarkar wrote:
>
> Yes, I have learned lots from your article. It will be help full, if you
> can write a article for "*Single scripting driver for multiple local
> windows servers*" and send me the link.


Hahaha! These things do not just happen. 🙂 It takes me time to write
them... Also, to be honest, I have never tried that particular
implementation.

I think I can imagine how to do it, but no test lab.

I think the short answer is you have 2 approaches:

1) Figure out some kind of fanout system. Examine how the SAP UM -CUA
mode does it. Look at how the Unix/Linux fanout team does it. Use
those as case studies. Watch my IDM UG session where Rajiv from the
India Dev Center at NetIQ demoed a fanout JDBC approach using JMS queus.
(See in a year or two... It is a non-trivial problem, with many possible
solutions, not sure which is best, but when you solve it, might be
sellable).

2) Develop this driver for one system. I assume using Scripting driver.
Get it working on one.
Then use David and my combined approach. Build a package that delivers
all the policies in the right containers. (ITP/OTP rules under the
driver, Sub channel stuff under the Subscriber container, Pub under
Publiusher) but does not link it in at all. Then make a second package
that delivers the base config and maybe a third with just linkage, that
is dependant on the first package.

Then deploy this 100 times, one per server you need to manage.

3) As Alex says, try and do it all via WMI from one 'bridgehead' server
to a list of servers. (Which is closer to how the Unix/Linux fanout
works, but not quite)

I have not tried to decide which is the better approach yet. Have fun
and let us know how it goes. 🙂

Now, if you are really stuck, I happen to work at a consulting company
and we would be glad to help you do this is you retained us.



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.