A Personal Blog
E-Directory Cleanup: ICE Isn't Enough
I’ve now been at HSC for nearly 6 months (time flies!). I’ve hit my stride, so to speak. I’m generally comfortable in the environment, with the apps, the core infrastructure and I’m even starting to get out to more important events a bit more. Still not recognized as anything but a server guy (actually that’s not true … I’m also the local web expert or something); but that’s okay. Give it time.
As a result of ‘hitting my stride’, we are able to do some more cool and important things here in the server team. One of these is cleaning up our NT User Database / E-Directory User Database. We have roughly 12,000 ID’s for only 5,000 users. Something is wrong here.
So, we’re running a cleanup. Because our NT UD and our E-Directory UD are completely tied together via some nice XML Business Rules, we really only have to clean out the E-Directory info.
My colleague in crime is used to using “ICE”, which is essentially a Novell Import / Export tool. He’s used this before to create thousands of ID’s on the fly, so he’s really quite comfortable. When push came to shove though…. Novell doesn’t have any tools for modifying data, only for creating or deleting.
Stupid.
So, we went on a hunt, and what did we find to do the job?
A tool from Microsoft, which is included in Windows 2000 Server (and up).
Yup. Because E-Directory is a standard X.500, LDAP-enabled directory server, the tools for ActiveDirectory are going to work beautifully. It’s a create, delete, update tool and it works perfectly.
[ pause ]
While writing this we realised that because we are running our NT side of authentication in NT Authentication mode instead of ActiveDirectory, some users will not have ever logged into E-Directory. As such we can’t use this tool quite the way we’d hoped. We’re going to need to grab the user databases from each of the Domain Controllers in each of our 20+ domains in order to build an accurate “last logged in” view. We will then use the new Microsoft tool we just found to update E-Directory, which will automagically update all of the PDC’s in NT. Still slick, just not as slick as we’d hoped.
Edit: I should have clarified that we were wanting to do this via CSV, so that we can work with the data nicely in Excel. As such, ICE isn’t very strong. The MS tool is.
About the author
| Print article | This entry was posted by Jeremy Wright on June 14, 2004 at 1:27 pm, and is filed under Work. Follow any responses to this post through RSS 2.0. Responses are currently closed, but you can trackback from your own site. |
No trackbacks yet.
Comments are closed.
about 7 years ago
You can certainly modify a field with ICE. It is a little clunky with the syntax, but you can do it.
http://www.novell.com/documentation/edir873/index.html?page=/documentation/edir873/edir873/data/a5hgmnu.html
Here’s a snippet of code:
version: 1
dn: cn=BillTSmith,ou=ds,ou=dev,o=novell
changetype: modify
delete: givenname
-
add: givenname
givenname: test1