regischapman Respected Contributor.
Respected Contributor.
209 views

Migrating User & Server & Other Objects Between Directories

Hi. I'm trying to stand up some new infrastructure in my enterprise; and I'm basing my decisions on some advice I got here:

https://community.microfocus.com/t5/GroupWise-User-Discussions/Planning-Groupwise-Upgrades/td-p/2693141

In this case, I'm talking about setting up a parallel set of new:

1. OES File Servers to replace our outdated NW6.5SP8 boxes, which are running into impending out of disk space issues. I will be copying files over from the old Netware boxes (and in one case from a physical server left over at a remote site) to the new servers. I have to be sure to change the underlying MBR disks into GPT to get rid of the 2TB limitation.

2. Creating a new eDirectory tree since our old one is 20 years old and making some refinements to our needs around this; adding and migrating some users and groups from what they were to our new layout.

3. Signing up for Zenworks 2020 Beta and connecting that to the new directory.

4. Setting up the New Groupwise servers I was asking about in the other thread and connecting those to the new directory.

5. Setting up iPrint 4 using the old /vastorage, but pointing it to the new eDirectory.

6. Migrating our Cisco phones to use the new directory also. (Don't need help for that)

All of this to prevent downtime and since 8.8 and 9.1 eDirectory (and associated OES versions) do not play well together, it seemed the wisest strategy.

In this, it seems that the main issue is how to best copy over my policies from Zenworks, contexts (which I'm guessing I would re-create), users, and data (since they will be on new servers); along with all of the synergies that these things use.

For example, Groupwise must point the users to a certain Home directory, the user rights will be unreferenced if I copy over the files, etc.

Since I'd like to do a /vastorageupgrade from iPrint 3 to iPrint 4, will this work? Can I upgrade that in this manner and THEN re-point the new iPrint 4 to use the new directory? Or do I need to do it all manually?

I'm trying to work out if there is some way to either automate or shorten these processes or if Best Practices exist for them? Even if these exist already somewhere on the Community site, I'd appreciate a heads-up about it.

Labels (2)
0 Likes
6 Replies
Knowledge Partner
Knowledge Partner

Re: Migrating User & Server & Other Objects Between Directories

This is all predicated on the eDir 88 and 9.1 not coexisting issue.  Is this really true?  With FIPS or the higher security model sure. But without turning that on, I was not aware of issues.

As for migrating users, getting passwords out (usually the most important part) would be hard.  Do you have Universal Password turned on in the current tree? 

IDM would be one way to sync tree to tree and keep them in sync while you do this. 

0 Likes
regischapman Respected Contributor.
Respected Contributor.

Re: Migrating User & Server & Other Objects Between Directories

We do have universal password turned on. FIPS is an option, but on eDirectory 8.8 iManager, where is this located?
I'll have a look at Identity Manager and see if we have to license for this.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating User & Server & Other Objects Between Directories

By FIPS I meant that if you enable it or Enhanced Background Auth, on eDir 9.x you will have issues with an eDir 8.8 replica server.  So AVOID EBCA and FIPS in 9.x if you need to keep older eDir in the tree.

 

As for IDM it would be a fair bit of work to get it to sync.

If you have UP turned on and everyone has one, then it is possible to export them all.  So you could use LDAP to export the objects and then import them back, and get the passwords seperate. (IDM Toolbox by Skypro is pretty good at doing the tree to tree copy...  Much simpler than IDM).

 

0 Likes
regischapman Respected Contributor.
Respected Contributor.

Re: Migrating User & Server & Other Objects Between Directories

Thanks for the IDM Toolbox hint. That tool in particular would seem to make things a lot easier to deal with. I'm going to investigate IDM in depth, as it seems a crucial connector and a way to help future-proof our directory and likely enable us to bridge our split AD/eDir setup here and help enable us to move to AD when we need to as well.

0 Likes
regischapman Respected Contributor.
Respected Contributor.

Re: Migrating User & Server & Other Objects Between Directories

It appears that we do have a license for IDM, but I wonder if I need to install this on the old set of systems or the new set I'm spooling up?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Migrating User & Server & Other Objects Between Directories

Ya, IDM is awesome (I wrote a book on it) but not lightweight of the faint of heart.

The eDir to eDir driver, actually needed IDM installed on both trees.

I would consider using the 90 day free license and the BiDir eDir driver in the new tree. You do not really need the event driven changes coming out of the old dir, so shouold be able to get away withouot the changelog module there.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.