HendersonD
IS-IT--Management
I am the Director of Computer Technology for a school district outside of Rochester, NY. We have been using Netware on campus for years making the migration from Netware 3 to Netware 5.1 a little over a year ago. About 6 months ago we setup two Win2000 servers on campus with active directory. These servers house our accounting package and software to keep track of our special education population. Only about 20 people on campus currently need access to these two programs, but that number could grow over time. In other words we only have a small number of users in the Active Directory to date. In contrast we have over 2,000 users in NDS.
The technicians who work in my office as well as myself are very comfortable with routine network operating system (NOS) maintenance in Netware:
1. Adding and deleting users
2. Changing file system access privileges
3. Creating drop boxes, shared folders, etc.
4. Salvaging and purging files
5. Pushing applications to the desktop with ZenWorks and NAL
The difficultly comes in the interaction of the two NOS at the desktop and server sides. To date I have talked to a half dozen people who have experience with NDS and Active Directory but I have not been able to sort out the details. Before I pose my questions, some additional background will help.
We have 7 Netware 5.1 servers for file and print services and the two Win2000 servers mentioned earlier. Currently, we have every PC on campus setup to first display the Netware login on boot up. Every adult and student on campus has a home directory on one of the Netware servers where they save their work.
All the PC’s on campus currently run Win98
First question:
1. For the most part, end users do not get hit with another login once they have successfully logged into NDS. Once in a while a windows login will pop up after the Netware login. If we leave the windows login name and password box blank, hit OK, the windows login disappears and does not show up again. Why does this work? I know it has something to do with the profiles on the local machine, but I have never seen an adequate explanation. Why does the windows login only pop once in awhile in the first place?
This summer we are going to rollout WinXP Pro on all new PC’s we purchase.
Second question:
2. Should I setup these machines to be a member of a workgroup or domain? I know that even if I setup all the new XP boxes as a workgroup login, they can still be used to access the two applications on the Win2000 servers. This is evident from the fact that our Win98 boxes can access these applications now. If the user name and password in NDS and active directory are the same, the end user does not even get prompted for a second login to the Win2000 box. If I setup the XP machines to be a member of the domain, whomever needs access to the applications on the Win2000 servers should be all set.
What I do NOT want is end users to be hit with a second login. I want them to login to NDS and not have the Windows login popup. I would like this to be the case whether the same person uses a computer every day (ie. office secretary) or a computer is used by multiple users (library computer).
Final question (for now):
3. If we do decide to setup the new XP Pro boxes to join our domain, does every user need a domain login? Again, the two applications that sit on our Win2000 servers are accessed by very few people. I would hate to have accounts in NDS and duplicate accounts in Active Directory. Is there some type of guest login in Active Directory that would do the trick? In other words, a student walks up to a computer running WinXP Pro. This student has an NDS login but does not have an Active Directory account. At the netware login screen the student logs into NDS fine and DOES NOT get hit with the Windows (active directory) login. One of my technicians who has an active directory login walks up to the same computer. She logs into NDS and then is also logged into Active Directory since her login name and password are the same in both.
If you have any answers to my questions they would much appreciated. If you know of any good resources (online or in print) that speaks to integrating active directory into what is primarily a Netware environment, please pass them along. The only resource that a collegue of mine pointed me towards is Microsoft’s Meta Directory services which I have not had a chance to investigate yet.
Thanks
Dave
The technicians who work in my office as well as myself are very comfortable with routine network operating system (NOS) maintenance in Netware:
1. Adding and deleting users
2. Changing file system access privileges
3. Creating drop boxes, shared folders, etc.
4. Salvaging and purging files
5. Pushing applications to the desktop with ZenWorks and NAL
The difficultly comes in the interaction of the two NOS at the desktop and server sides. To date I have talked to a half dozen people who have experience with NDS and Active Directory but I have not been able to sort out the details. Before I pose my questions, some additional background will help.
We have 7 Netware 5.1 servers for file and print services and the two Win2000 servers mentioned earlier. Currently, we have every PC on campus setup to first display the Netware login on boot up. Every adult and student on campus has a home directory on one of the Netware servers where they save their work.
All the PC’s on campus currently run Win98
First question:
1. For the most part, end users do not get hit with another login once they have successfully logged into NDS. Once in a while a windows login will pop up after the Netware login. If we leave the windows login name and password box blank, hit OK, the windows login disappears and does not show up again. Why does this work? I know it has something to do with the profiles on the local machine, but I have never seen an adequate explanation. Why does the windows login only pop once in awhile in the first place?
This summer we are going to rollout WinXP Pro on all new PC’s we purchase.
Second question:
2. Should I setup these machines to be a member of a workgroup or domain? I know that even if I setup all the new XP boxes as a workgroup login, they can still be used to access the two applications on the Win2000 servers. This is evident from the fact that our Win98 boxes can access these applications now. If the user name and password in NDS and active directory are the same, the end user does not even get prompted for a second login to the Win2000 box. If I setup the XP machines to be a member of the domain, whomever needs access to the applications on the Win2000 servers should be all set.
What I do NOT want is end users to be hit with a second login. I want them to login to NDS and not have the Windows login popup. I would like this to be the case whether the same person uses a computer every day (ie. office secretary) or a computer is used by multiple users (library computer).
Final question (for now):
3. If we do decide to setup the new XP Pro boxes to join our domain, does every user need a domain login? Again, the two applications that sit on our Win2000 servers are accessed by very few people. I would hate to have accounts in NDS and duplicate accounts in Active Directory. Is there some type of guest login in Active Directory that would do the trick? In other words, a student walks up to a computer running WinXP Pro. This student has an NDS login but does not have an Active Directory account. At the netware login screen the student logs into NDS fine and DOES NOT get hit with the Windows (active directory) login. One of my technicians who has an active directory login walks up to the same computer. She logs into NDS and then is also logged into Active Directory since her login name and password are the same in both.
If you have any answers to my questions they would much appreciated. If you know of any good resources (online or in print) that speaks to integrating active directory into what is primarily a Netware environment, please pass them along. The only resource that a collegue of mine pointed me towards is Microsoft’s Meta Directory services which I have not had a chance to investigate yet.
Thanks
Dave