Different groups within the Nursery division, including accounting, sales, and administrators, require access to the CANW312DPT01 NetWare server. Administrators need access to perform administrative tasks on the server itself. Accounting and sales need access to the Nursery business applications housed on the DEC UNIX machine. Additionally, all three groups need access to the Windows NT servers, such as CANTS40ENT03, which houses Enterprise services of DHCP, DNS and WINS.
CANW312DPT02 is a NetWare server that stores the customized sales business applications. The sales and administrators groups will, therefore, need access to CANW312DPT02 to perform sales and administrative tasks. The accounting group will not need access to CANW312DPT02.
After the servers are added to the domain, the administrators will select which of the NetWare server user and group accounts the domain will manage. All user and group accounts can be moved to the Windows NT directory database, or only some of them. The selected accounts will be copied to the directory database of the Windows NT PDC.
Figure 10.1 When a NetWare server is added to a domain for management, NetWare user and group accounts are moved to the domain.
If some of the users and groups are moved to the directory database, the Terra Flora administrators will choose whether to delete or retain the remaining users and groups on the NetWare server. If they are retained, the accounts will be administered by using the NetWare administrative tools.
Note
Do not use NetWare administrative tools on accounts managed by Directory Service Manager for NetWare. If you do, the accounts on that NetWare server become unsynchronized with the accounts in the domain.
After selecting which accounts will be retained and added to the Windows NT directory database, the administrators will specify how the Windows NT Server domain is to propagate user and group accounts back to the CANW312DPT01 and CANW312DPT02 NetWare servers. All accounts, or a subset of the accounts, can be copied to the NetWare servers. When the Terra Flora administrators select which Windows NT Server groups to copy, user accounts that are members of any of the groups selected will also be copied.
The list of users and groups being copied will differ for each of the two NetWare servers in the domain. If a NetWare user needs access only to specific NetWare servers, the user's account will be copied to only those servers, which minimizes network traffic and makes DSMN run more efficiently.
For example, the sales and administrators groups at Terra Flora need access to both of the NetWare servers, CANW312DPT01 and CANW312DPT02, while members of the accounting group need access to only CANW312DPT01. When specifying which groups to copy to CANW312DPT02, Terra Flora administrators select both administrators and sales; but when specifying the users to propagate to CANW312DPT01, they select all three groups.
Figure 10.2 The NetWare user accounts, along with Windows NT Server accounts, are copied back to the NetWare server.
Note
The list of groups that the Windows NT Server domain copies to the NetWare server can be modified any time after adding the NetWare server to the domain.
Terra Flora is adding multiple NetWare servers to be managed by the same California domain. Because each server has a user or group account with identical names, the accounts will be merged in the California domain.
For example, AshleyM has an administrator's account on both of Terra Flora's NetWare servers. When CANW312DPT01 is added for management to the domain, the AshleyM account is created in the Windows NT Server domain. That Windows NT Server account is also given the same rights and permissions that the AshleyM NetWare account had.
When CANW312DPT02 is added to the domain, DSMN recognizes that AshleyM already has an account in the domain. DSMN gives the account the rights and permissions of the CANW312DPT02 AshleyM account. The domain's AshleyM account then has the same rights and permissions that were previously assigned to both the NetWare server's AshleyM accounts.
DSMN can also merge accounts with different user names on multiple NetWare servers. For example, if AshleyM had an account on the CANW312DPT02 server with a user name of AshleyMe, this account can be merged into the domain's AshleyM account. This account would then have the same rights previously held by both AshleyM and AshleyMe.
For more information about renaming accounts, see the section "Using a Mapping File to Rename User Accounts" in Chapter 7, "Administering Directory Service Manager for NetWare," in the Services for NetWare Administrator's Guide.
Figure 10. 3 User accounts on separate NetWare servers can be merged into a single account in the domain, with all of the rights previously held by both accounts.
Note
If there is an account on a NetWare server that has the same name as an account on the Windows NT Server domain, the rights and permissions of the NetWare account are given to the existing Windows NT Server account. If the existing Windows NT Server account is NetWare-enabled, then the account's existing password is used. If the account is not NetWare-enabled, the account is given a new password to enable it to be copied to NetWare servers.