The Tree container, formerly [Root], is created when you first install NDS on a server in your network. As the top-most container, it usually holds Organization objects, Country objects, or Alias objects.The definition of each type of NDS object is called an object class. For instance, User and Organization are object classes. Each class of object has certain properties. A User object, for example, has Login Name, Password, Last Name, and many other properties.
The schema defines the object classes and properties, along with the rules of containment (what containers can contain which objects). NDS ships with a base schema that you, or the applications you use, can extend. For more information about schemas, see Schema.
Container objects contain other objects and are used to divide the tree into branches, while leaf objects represent network resources.
The Table 14 and Table 15 list NDS object classes. Added services can create new object classes in NDS that are not listed below. Also, all classes might not be available on all server operating systems hosting NDS.
Table 14.
| Container Object (Abbreviation) | Description |
|---|---|
Tree |
Represents the beginning of your tree. For more information, see Tree. |
Country (C) |
Designates the countries where your network resides, and organizes other directory objects within the country. For more information, see Country. |
License Container (LC) |
Created automatically when you install a license certificate or create a metering certificate using Novell Licensing Services (NLS) technology. When an NLS-enabled application is installed, it adds a License Container container object to the tree and a License Certificate leaf object to that container. |
Organization (O) |
Helps you organize other objects in the directory. The Organization object is a level below the Country object (if you use the Country object). For more information, see Organization. |
Organizational Unit (OU) |
Helps you to further organize other objects in the directory. The Organizational Unit object is a level below the Organization object. For more information, see Organizational Unit. |
Table 15.
| Leaf Object | Description |
|---|---|
AFP Server |
Represents an AppleTalk* Filing Protocol server that operates as a node on your NDS network. It usually also acts as a NetWare router to, and the AppleTalk server for, several Macintosh* computers. |
Alias |
Points to the actual location of an object in the directory. Any directory object located in one place in the directory can also appear to be in another place in the directory by using an Alias. For more information, see Alias. |
Application |
Represents a network application. Application objects simplify administrative tasks such as assigning rights, customizing login scripts, and launching applications. |
Computer |
Represents a computer on the network. |
Directory Map |
Refers to a directory in the file system. For more information, see Directory Map. |
Group |
Assigns a name to a list of User objects in the directory. You can assign rights to the group instead of to each user, then the rights transfer to each user in the group. For more information, see Group. |
License Certificate |
Use with NLS technology to install product license certificates as objects in the database. License Certificate objects are added to the Licensed Product container when an NLS-aware application is installed. |
Organizational Role |
Defines a position or role within an organization. |
Print Queue |
Represents a network print queue. |
Print Server |
Represents a network print server. |
Printer |
Represents a network printing device. |
Profile |
Represents a login script used by a group of users who need to share common login script commands. The users don't have to be in the same container. For more information, see Profile. |
Server |
Represents a server running any operating system. For more information, see Server. |
Template |
Represents standard User object properties that can be applied to new User objects. |
User |
Represents the people who use your network. For more information, see User. |
Unknown |
Represents an object for which ConsoleOne has no custom icon. |
Volume |
Represents a physical volume on the network. For more information, see Volume. |
The Tree container, formerly [Root], is created when you first install NDS on a server in your network. As the top-most container, it usually holds Organization objects, Country objects, or Alias objects.
Tree represents the top of your tree.
Tree is used to make universal rights assignments. Because of inheritance, any rights assignments you make to Tree as the target apply to all objects in the tree. See NDS Rights. The [Public] trustee has the Browse right and Admin has the Supervisor right to Tree by default.
The Tree object has a Name property, which is the tree name you supplied when installing the first server. The tree name is shown in the hierarchy of ConsoleOne.
An Organization container object is created when you first install NDS on a server in your network. As the top-most container under Tree, it usually holds Organizational Unit objects and leaf objects.
The User object named Admin is created by default in your first Organization container.
Normally the Organization object represents your company, although you can create additional Organization objects under Tree. This is typically done for networks with distinct geographical districts or for companies with separate NDS trees that have merged.
The way you use Organization objects in your tree depends on the size and structure of your network. If the network is small, you should keep all leaf objects under one Organization object.
For larger networks, you can create Organizational Unit objects under the Organization to make resources easier to locate and manage. For example, you can create Organizational Units for each department or division in your company.
For networks with multiple sites, you should create an Organizational Unit for each site under the Organization object. That way, if you have (or plan to have) enough servers to partition the directory, you can do so logically along site boundaries.
For easy sharing of company-wide resources, such as printers, volumes, or applications, create corresponding Printer, Volume, or Application objects under the Organization.
The most useful properties for Organization are listed below. Only the Name property is required. For a complete list of properties, select an Organization object in ConsoleOne. To display a description for each page of properties, click Help.
Typically, the Name property is the same as your company's name. Of course, you can shorten it for simplicity. For instance, if the name of your company is Your Shoe Company, you might use YourCo.
The Organization name becomes part of the context for all objects created under it.
The Login Script property contains commands that are executed by any User objects directly under the Organization. These commands are run when a user logs in.
Organizational Units can contain other Organizational Units and leaf objects such as User and Application objects. Normally the Organizational Unit object represents a department, which holds a set of objects that commonly need access to each other. A typical example is a set of Users, along with the Printers, Volumes, and Applications that those Users need. At the highest level of Organizational Unit objects, each Organizational Unit can represent each site (separated by WAN links) in the network. The way you use Organizational Unit objects in your tree depends on the size and structure of your network. If the network is small, you probably don't need any Organizational Units. For larger networks, you can create Organizational Unit objects under the Organization to make resources easier to locate and manage. For example, you can create Organizational Units for each department or division in your company. Remember that administration is easiest when you keep User objects together in the Organizational Unit with the resources they use most frequently. For networks with multiple sites, you can create an Organizational Unit for each site under the Organization object. That way, if you have (or plan to have) enough servers to partition the directory, you can do so logically along site boundaries. The most useful properties for the Organizational Unit are listed below. Only the Name property is required. For a complete list of properties, select an Organizational Unit object in ConsoleOne. To display a description for each page of properties, click Help. Typically, the Name property is the same as the department name. Of course, you can shorten it for simplicity. For instance, if the name of your department is Accounts Payable, you can shorten it to AP. The Organizational Unit name becomes part of the context for all objects created under it.
The Login Script property contains commands that are executed by any User objects directly under the Organizational Unit. These commands are run when a user logs in.
The Country object represents the political identity of its branch of the tree. Most administrators do not create a Country object, even if the network spans countries, since the Country object only adds an unnecessary level to the tree. You can create one or many Country objects under the Tree object, depending on the multinational nature of your network. Country objects can only contain Organization objects. If you do not create a Country object and find that you need one later, you can always modify the tree to add one. The Country object has a two-letter Name property. Country objects are named with a standard two-letter code such as US, UK, or DE. You can also create a Server object to represent a NetWare 2 or NetWare 3 bindery server. The Server object represents a server running NDS, or a bindery-based (NetWare 2 or NetWare 3) server. The Server object serves as a reference point for replication operations. A Server object that represents a bindery-based server allows you to manage the server's volumes with ConsoleOne. The Server object has a Network Address property, among others. For a complete list of properties, select a Server object in ConsoleOne. To display a description for each page of properties, click Help. The network address property displays the protocol and address number for the server. This is useful for troubleshooting at the packet level.
Volume objects are supported only on NetWare. UNIX file system partitions cannot be managed using Volume objects. A Volume object represents a physical volume on a server, whether it is a writable disk, a CD, or other storage medium. The Volume object in NDS does not contain information about the files and directories on that volume, though you can access that information through ConsoleOne. File and directory information is retained in the file system itself. In ConsoleOne, click the Volume icon to manage files and directories on that volume. ConsoleOne provides information about the volume's free disk space, directory entry space, and compression statistics. You can also create Volume objects in the tree for NetWare 2 and NetWare 3 volumes. In addition to the required Name and Host Volume properties, there are other important Volume properties. This is the name of the Volume object in the tree. By default, this name is derived from the name of the physical volume, though you can change the object name.
This is the server on which the volume resides.
The Version property gives the NetWare or NDS version of the server hosting the volume.
This is the physical volume name. Since the actual Volume object name does not need to reflect the physical volume name, this property is necessary to associate the Volume object with the physical volume.
You can use the following methods to create or import User objects: For more information on ConsoleOne, refer to ConsoleOne User Guide.
For more information on the Replica Advisor, refer to Account Management Administration Guide.
For more information on using batch files, refer to Designing the NDS Tree.
For more information on upgrade utilities, including importing users from existing bindery servers, refer to Designing the NDS Tree.
A User object represents a person who uses the network. You should create User objects for all users who need to use the network. Although you can manage User objects individually, you can save time by:
User objects have over 80 properties. For a complete list of properties, select a User object in ConsoleOne. To display a description for each page of properties, click Help. The Login Name and Last Name properties are required. These and some of the most useful properties are listed below.
The directory referred to in this property can be created automatically when you create the User object.
NDS does not require that login names be unique throughout the network, only in each container. However, you might want to keep login names unique across the company to simplify administration. Typically, login names are a combination of first and last names, such as STEVET or STHOMAS for Steve Thomas.
You should put most of the login commands in container login scripts to save administrative time. The user login script can be edited to manage unique exceptions to common needs.
A Group object represents a set of User objects. While container objects let you manage all User objects in that container, Group objects are for subsets within a container or in multiple containers. Group objects have two main purposes:
The most useful properties of the Group object are Members and Rights to Files and Directories. For a complete list of properties, select a Group object in ConsoleOne. To display a description for each page of properties, click Help. This property lists all User objects in the group. Rights assignments made to the Group object apply to all members of that group.
This property lists all trustee assignments made for this Group to the NetWare file system.
When you rename a container, you have the option of creating an Alias in the former container's place that points to the new name. Workstations and login script commands that reference objects in the container can still access the objects without having the container name updated. An Alias object represents another object, which can be a container, User object, or any other object in the tree. An Alias object does not carry trustee rights of its own. Any trustee authority you grant to the Alias object applies to the object it represents. The Alias can be a target of a trustee assignment, however. Create an Alias object to make name resolution easier. Since object naming is simplest for objects in the current context, you should create Alias objects there that point to any resources outside the current context. For example, suppose users log in and establish a current context in the South container as shown in Figure 7, but need access to the Print Queue object named ColorQ in the North container. Figure 7
You can create an Alias object in the South container. See Figure 8. Figure 8
The Alias object points to the original ColorQ object, so setting up printing for the users involves a local object. Alias objects have an Aliased Object property, which associates the Alias object with the original object. If your network has no NetWare volumes, you cannot create Directory Map objects. A Directory Map object represents a directory on a NetWare volume. (An Alias object, on the other hand, represents an object.) Create a Directory Map object to make drive mapping simpler, particularly in login scripts. Using a Directory Map object allows you to reduce complex file system paths to a single name. Also, when you change the location of a file, you don't need to change login scripts and batch files to reference the new location. You only need to edit the Directory Map object. For example, suppose you were editing the login script for the container South, shown in Figure 9. Figure 9
A command mapping drives to the Shared directory on volume SYS: would look like the following: MAP N:=SYS.North.:Shared If you created the Shared Directory Map object, the map command would be much simpler: MAP N:=Shared The Directory Map object has Name, Volume, and Path properties. The Name property identifies the object in the directory (for example, Shared) and is used in MAP commands.
The Volume property contains the name of the Volume object that the Directory Map object references, such as Sys.North.YourCo.
The Path property specifies the directory as a path from the root of the volume, such as PUBLIC\WINNT\NLS\ENGLISH.
A Profile object represents a login script that runs after the container login script and before the user login script. Create a Profile object if you want login script commands to run for only selected users. The User objects can exist in the same container or be in different containers. Once you have created the Profile object, you add the commands to its Login Script property. Then make the User objects trustees of the Profile object and add the Profile object to their Profile Membership property. The Profile object has two important properties: Login Script and Rights to Files and Directories. The Login Script property contains the commands you want to run for users of the Profile.
If you have INCLUDE statements in the login script, you need to give the Profile object rights to the files included with the Rights to Files and Directories property. Organizational Unit
You can create Organizational Unit (OU) container objects to subdivide the tree. Organizational Units are created with ConsoleOne under an Organization, Country, or another Organizational Unit.What an Organizational Unit Object Represents
Usage
Important Properties
Country
You can create Country objects directly under the Tree object using ConsoleOne. Country objects are optional and only required for connection to certain X.500 global directories. What a Country Object Represents
Usage
Important Properties
Leaf Object Classes
Server
A Server object is created in the tree automatically whenever you install NDS on a server. The object class can be any server running NDS.What a Server Object Represents
Usage
Important Properties
Volume
When you create a physical volume on a server, a Volume object is automatically created in the tree. By default, the name of the Volume object is the server's name with an underscore and the physical volume's name appended (for example, YOSERVER_SYS).What a Volume Object Represents
Usage
Important Properties
User
A User object is required for logging in. When you install the first server into a tree, a User object named Admin is created. Log in as Admin the first time.
What a User Object Represents
Usage
Important Properties
Group
You can create Group objects to help you manage sets of User objects.What a Group Object Represents
Usage
Important Properties
Alias
You can create an Alias object that points to another object in the tree. Alias objects give users a local name for an object that lies outside their container.What an Alias Object Represents
Usage
Important Properties
Directory Map
The Directory Map object is a pointer to a path in the server file system. It allows you to make simpler references to directories. What a Directory Map Object Represents
Usage
Important Properties
Profile
Profile objects help you manage login scripts.What a Profile Object Represents
Usage
Important Properties