DSfW 2008 R2 Schema Update

DSfW is in the process of being updated to 2008 R2 schema and needs your help.  If you are interested in beta testing the next version of DSfW please send an e-mail to and with a subject line ‘Interested in Domain Services for Windows Beta Program’

The final version will support 2012 schema, aes encryption, and fine grained password policies.  This is exciting and would be a great project to be part of.  This is your chance see and be a major contributor for the coming versions of DSfW.

For more information on this project please go to the coolsolution page below.

Updating DSfW Environment to AD2008 R2 Level – Beta Planned

DSfW and eDirectory Health Check

It is a good idea to periodically check the health of DSfW and eDirectory servers.

This video concentrates on a script I wrote that can be ran on both eDirectory and DSfW servers.

The script demonstrated in this video is called  To get the latest version of the script click on the DSfW Health Check link in the download section on

A great TID to start off with for a eDirectory health check is TID 3564075.
On a DSfW server start off with an eDirectory health check as well as TID 7001884 which has DSfW specific commands to check the health and overall operation of a DSfW server.

The script does most of the suggestions in both TIDs mentioned above plus a few more checks.

For eDirectory there are 8 checks the script does and… Continue reading

Windows 8 and DSfW

I am still in the process of using Windows 8 with Domain Services for Windows.  From what I have seen so far it behaves similar to Windows 7 as a workstation joined to the domain.  Logging in, mapping drives, running GPOs, executing login script from a GPO, all seem to work as in Windows 7.  The biggest challenge for me is getting used to the Start menu in Windows 8 and that  isn’t DSfW related.

Windows 8 with VMWare View 5.1.1 and DSfW OES11SP1 all appear to play well with each other.  Making templates and linked clones do not seem to have any gotchyas to look out for.  Let me know or the Novell Forums know if you discover a bug with DSfW and Windows 8.

Script to check if ports are listening

If you are concerned about a DSfW service going down and or the port is not accessible, this script will help keep the services up or notify you of a service going down.  The script will check if each DSfW service is listening, then telnet to each port.  If it can not telnet, the script will log which port is not accessable in the /var/opt/novell/xad/log/dsfw_portchk.log.

The script can be ran on PDC or ADC, running Novell DNS or not running Novell DNS.

The script can also e-mail and restart the services if desired.

It will detect if the server has IPv6 enabled so to properly detect the correct port Samba and NetBios is listening on.

The script detects if Novell DNS is configured to start.  Some times on ADC servers DNS is not configured or is not set to run.  The original script… Continue reading

How to find all DNS Locator objects

When installing DSfW into an environment were Novell DNS is already in use, be sure to use the existing DNS Locator object.  It will simplify management for the all the zones and DNS servers.  The locator object is used by the DNS/DHCP Console to return all zones and DNS servers the locator object knows about.  If there are multiple locator objects then the first locator object discovered by the DNS/DHCP Console will be used.  What will happen is only zones and DNS servers the DNS Loctor object knows about will be displayed and managed in the DNS/DHCP Console.  This makes managing DNS difficult.  Before installing doe a quick search for existing locator objects.

Do the following search to discover existing locator objects

ldapsearch -x -b “” -s sub objectClass=dNIPlocator

How to create a cross forest trust

This video will guide you through the creation of a cross forest trust between DSfW and AD.

For more information on creating a cross forest trust please read through the documentation

The trust password will change every 30 days by default. Consider disabling the automatic machine password changes or increasing the time before the password is changed. Some times when a workstation or in this case trust changes its password the change does not get set in the directory and the trust relationship is broken. In that case the trust needs to be re-established.

If a trust is removed and then re-established, before creating the trust again be sure that the trust object in cn=users, is removed as well.  The object will look like a user object with the name of the AD Domain with a $ at the end.

Good MS documents to help troubleshoot errors:

Known… Continue reading

How to create DNS forwarders

In order to create a cross forest trust both the DSfW server and the AD server need to resolve each others domains.  The video will show you how to create a forward and reverse forwarder for only the AD zone (domain) to the AD server and how to put a forwarder on the AD server to the DSfW DNS server.


How to Create a Forest and DC on Windows 2008R2

Creating an AD forest and domain is easy with dcpromo.  Before you start, put the DSfW server as the DNS server on the Windows 2008 server.  When the server is promoted to a domain controller, the server listed as the DNS server will be a listed as a forwarder.