Using DSMERGE for NetWare

To merge eDirectory trees on NetWare^®, use DSMERGE.NLM. DSMERGE is a loadable module that allows you to merge the root of two separate eDirectory trees. DSMERGE options let you:

Check the status of servers in a tree

Check time synchronization

Merge two trees

Rename a tree

Graft a single server tree under a container of another tree

Merging eDirectory Trees on NetWare

The DSMERGE utility allows you to merge two separate eDirectory trees. Only the Tree objects are merged; container objects and their leaf objects maintain separate identities within the newly merged tree.

The two trees you merge are called the source tree and the target tree. The target tree is the tree that the source tree will be merged into. To merge two trees, load DSMERGE on a server in the source tree.

DSMERGE does not change object names within the containers. Object and property rights for the merged tree are retained.

Source Tree Requirements

Novell eDirectory must be installed on the server containing the master replica of the Tree partition. Other servers in the source tree can run any version of NDS^® or eDirectory supported by this release.

Target Tree Requirements

Novell eDirectory 8.6 must be installed on the server containing the master replica of the Tree partition. If this server is running any other version of NDS or eDirectory, the merge operation will not complete successfully.

Other servers in the target tree can run any version of NDS or eDirectory supported by this release.

You cannot maintain containers with the same name subordinate to Tree in both the source and target trees. Before merging two trees, one of the containers must be renamed.

If both the source and target trees have a security object, one of them must be removed before merging the trees.

Schema Requirements

Before attempting to perform a merge operation, the schema of both trees must match exactly. You should run DSREPAIR on the server containing the master replica of the Tree partition for each tree. Use the Import Remote Schema option to ensure that each tree is aware of all schema in the other tree.

To access the Import Remote Schema option in DSREPAIR, select the Advanced Options menu > Global Schema Operations > Import Remote Schema. You might have to perform this option on both the source and target tree until no schema differences are reported; otherwise, the merge operation will not succeed.

Merging the Source into the Target Tree

When you merge the trees, the servers in the source tree become part of the target tree.

The target Tree object becomes the new Tree object for objects in the source tree, and the tree name of all servers in the source tree is changed to the target tree's name.

After the merge, the tree name for the target tree servers is retained.

The objects that were subordinate to the source Tree object become subordinate to the target Tree object.

Partition Changes

During the merge, DSMERGE splits the objects below the source Tree object into separate partitions.

All replicas of the Tree partition are then removed from servers in the source tree, except for the master replica. The server that contained the master replica of the source tree receives a replica of the target tree's Tree partition.

Figure 28 and Figure 29 illustrate the effect on partitions when you merge two trees.

Figure 28
eDirectory Trees before a Merge

Figure 29
Merged eDirectory Tree

DSMERGE Options

After you load DSMERGE, you can use the following options:

Table 49. DSMERGE Options

Option	Description
Check Servers in This Tree	Contacts all servers (in some cases only a subset of all servers are contacted) in the source tree to verify that each server has the correct version, status, and tree name. The server you are on must have a replica of the Tree partition. It does not require the master replica.
Check Time Synchronization	Displays a list of all servers (in some cases only a subset of all servers are listed) in this tree, along with information about time sources and time synchronization. The server you are on must have a replica of the Tree partition. It does not require the master replica.
Merge Two Trees	Merges the source tree's Tree object to the target tree's Tree object. The server you are on must have the master replica of the source tree's Tree partition.
Graft a Single Server Tree	Grafts the root of the source tree under a specified container in the target tree.
Rename Tree	Renames the source tree. Use this option if you are merging two Tree objects with the same name. You can rename only the source tree with this option. To rename the target tree, you must load DSMERGE on a server in the target tree and rename it. Then load DSMERGE on the source tree to perform the merge. This option requires that the server you are on has the master replica of the partition whose Tree object is the tree name.

Preparing the Source and Target Trees

Before performing a merge operation, ensure that the state of synchronization for all servers affected by the operation is stable. Table 50 provides recommendations for preparing source and target trees for merging.

Table 50. Recommendations for Preparing Source and Target Trees for Merging

Prerequisite	Required Action
WANMAN should be turned off on all servers that hold a replica of the source tree's Tree partition or the target tree's Tree partition.	Review your WANMAN policy so that WAN communication restrictions do not interfere with the merge operation. If required, turn WANMAN off before initiating the merge operation.
No aliases or leaf objects can exist at the source tree's Tree object.	Delete any aliases or leaf objects at the source tree's Tree object.
No similar names can exist between the source and target trees.	Rename objects on the source and target trees if similar names exist.Move objects from one of the containers to a different container in its tree if you don't want to rename the container objects, then delete the empty container before running DSMERGE. For more information, see Managing Objects.You can have identical container objects in both trees if they are not immediately subordinate to the Tree object.
No login connections should exist on the source tree.	Close all connections on the source tree.
The eDirectory version must be the same on both the source and target trees.	Upgrade all non-NetWare 5.1 or later servers that have a replica of the root partition.
Any server that contains a replica of the root partition on both the source and target trees must be up and running.	Ensure that all servers containing a replica of the root partition on both source and target trees are up and running. Ensure that any WAN links affected are stable.
The schema on both the source and target trees must be the same.	Run DSMERGE. If reports indicate schema problems, use DSREPAIR to match the schemas. (Select Advanced Options Menu > Global Schema Operation > Import Remote Schema to select the tree from which you want to import the schema.) Run DSMERGE again.
Only one tree can have a security container subordinate to the tree root.	If both the source and target tree have the security container, remove one container as explained in NMAS Considerations.

Because the merge operation is one single transaction, it is not subject to catastrophic failure caused by power outages or hardware failure. However, you should perform a regular backup of the eDirectory database before using DSMERGE. For more information, see Backing Up and Restoring Novell eDirectory .

Synchronizing Time before the Merge

IMPORTANT: Proper configuration of time synchronization is a very involved process. Make sure you allow enough time to synchronize both trees before you merge the trees.

eDirectory will not work properly if different time sources are used that have different times or if all servers in a tree are not time synchronized.

Before you do the merge, make sure that all servers in both trees are time synchronized and that they use only one time server as a time source. However, the target tree time can be ahead of the source tree time by as much as five minutes.

Generally, there should be only one Reference or one Single time server in a tree. Likewise, after the merge, the tree should contain only one Reference or one Single time server. For more information on time server types, refer to Network Time Management Administration Guide in the NetWare 6 documentation set on the Novell Documentation Web site.

If each of the trees you are merging has either a Reference or a Single time server, reassign one of them to refer to the Reference or Single time server in the other tree so that the final tree contains only one Reference or Single time server.

To view time synchronization information, see Checking Time Synchronization .

Checking Servers in the Tree

Before you rename or merge trees, use the Check Servers in This Tree option to contact all servers in the tree and verify that all servers have the same tree name.

After you rename or merge trees, use this option to verify that all servers have the new tree name.

From the server console:

On the server where a replica of the root partition of the source tree is stored, type dsmerge.

Select Check Servers in This Tree.

Each server in the tree is listed in the Status of Servers in the Tree screen, with its corresponding status information. Any servers that have existing problems are flagged and then listed at the top of the server list.

You should confirm that each server's status is marked as Verified before completing a merge.

Table 51 describes the information provided in the Status of Servers in the Tree screen.

Table 51. Status of Servers in the Tree Fields

Field	Operation
Server Name	Lists the names of all servers DSMERGE contacted, and shows their context within the tree.
Version	Indicates the version of NetWare running on the server.
Status	Up Indicates that the server is in the right tree. Error number All eDirectory errors are numbered between -600 and -799 in decimal notation. For information about a specific error code, search the Error Codes. Unknown Indicates that the server is not responding. This usually indicates a downed server or communication problems. Wrong Tree Indicates that this server does not belong to this eDirectory tree. This status might occur if the tree was recently merged or renamed because the server might take a few minutes to recognize the change. This status can also occur if the server was reinstalled in another tree, but not properly removed from this tree. If so, delete this server's object from this tree.

Field

Operation

Server Name

Lists the names of all servers DSMERGE contacted, and shows their context within the tree.

Version

Indicates the version of NetWare running on the server.

Status

Indicates that the server is in the right tree.

Error number
All eDirectory errors are numbered between -600 and -799 in decimal notation.
For information about a specific error code, search the Error Codes.

Unknown
Indicates that the server is not responding. This usually indicates a downed server or communication problems.

Wrong Tree
Indicates that this server does not belong to this eDirectory tree.
This status might occur if the tree was recently merged or renamed because the server might take a few minutes to recognize the change.
This status can also occur if the server was reinstalled in another tree, but not properly removed from this tree. If so, delete this server's object from this tree.

Checking Time Synchronization

Use this procedure on both trees before merging them.

From the server console of the server that contains a master replica of the Tree partition of the source tree, type DSMERGE.

If you don't know where the master replica is, load DSMERGE on any server in the source tree. You will be prompted with the name of the server that contains the master replica when it is required.

Select Check Time Synchronization.

The Time Synchronization Information for the Tree tree_name screen appears.

This option lists all servers in the tree, along with information about their time sources and the server time.

Verify that all servers in the tree are synchronized and that they are using the same time source.

Table 52 describes the information provided in the Time Synchronization Information for the Tree tree_name screen.

Table 52. Time Synchronization Information for the Tree Options

Field	Operation
Server Name	Lists the name of each server.
Type	Indicates one of the following time server types: Reference, Single, Primary, and Secondary. If the server could not be contacted, it is listed as Unknown. In general, there should be only one Reference or Single reference (not both) in a tree.
In Sync	Yes Indicates that the server is in sync with a time server. You need to manually check that all servers are using the same time source. No Indicates that the server is not in sync with a time server. This option does not determine if the source server is in sync with the server you have selected. It only reports whether it is currently in a synchronized state. If the server has temporarily lost synchronization with its time source, it might still have the correct time. Check the type of time server each server is using as a time source to determine if they are using different time servers.
Time Delta	Displays the difference in time between the source server and the selected server in the list. If the difference in time is more than a few seconds, it might indicate that the servers are using different time sources.

Merging Two Trees

For complete functionality of all menu options, run DSMERGE on a server that contains the master replica of the Tree partition.

If you don't know where the master replica is stored, you will be prompted with the correct server name when you attempt an operation that requires the master replica.

To perform a merge operation, you must load DSMERGE on the source tree.

When merging large trees, it's significantly faster to designate the source tree as the tree with fewer objects immediately subordinate to the Tree object. By doing this, you create fewer partition splits during the merge, since all objects subordinate to the Tree object result in new partitions.

Because the source tree name no longer exists after the merge, you might need to change your client workstation configurations. For Novell Client for DOS/Windows, check the Preferred Tree and Preferred Server statements in the NET.CFG files. For Novell Client for Windows NT/2000 and Windows 95/98, check the Preferred Tree and Preferred Server statements on the client Property Page.

If Preferred Server is used, the client is unaffected by a tree merge or rename operation because the client still logs in to the server by name. If Preferred Tree is used and the tree is renamed or merged, then that tree name no longer exists. Only the target tree name is retained after the merge. Change the preferred tree name to the new tree name.

To minimize the number of client workstations you need to update, designate the tree with the most client workstations as the target tree, because the final tree retains the name of the target tree.

Or rename the tree after the merge operation so that the final tree name corresponds to the tree with the greater number of client workstations attaching to it. For more information, see Renaming the Tree. Plan on a period of down time to allow for the tree merge and then a tree rename.

Use the following list of prerequisites to determine readiness for the merge operation:

Access to the server console on the source tree or an established RCONSOLE session with that server.

The name and password of the Administrator objects that have Supervisor object rights to the Tree object of both trees you want to merge.

A backup of the eDirectory database for the two trees.

All servers in both trees are synchronized and using the same time source.

(Optional) All servers in the tree are operational. (Servers that are down will update automatically when they are operational.)

The merge process itself only takes a few minutes but there are other variables that increase the length of time for the merge operation to complete. These factors are as follows:

If there are a lot of objects subordinate to the Tree object that must be split into partitions.

If there are a lot of servers in the source tree that require a tree name change.

To merge two trees:

On the server that stores the master replica on the source tree, type DSMERGE.

If you don't know where the master replica is stored, you will be prompted with the correct server name when you attempt to merge the trees.

Select Merge Two Trees.

Enter the administrator name and password to log in to the source tree.

Log in as a user who has the Supervisor object right to the Tree object on the source tree. Enter the typeless or typeful distinguished name, such as admin.novell or cn=admin.o=novell. Entering only admin is invalid because it is not the complete name of the User object.

Select Target Tree > select a target tree from the list of servers in the Available Trees window.

If the tree you want is not in the list, press Insert > enter the target tree's network address.

Enter the administrator name and password to log in to the target tree.

Press F10 to perform the merge.

A message stating that the trees have been merged successfully is displayed.

Renaming the Tree

You must rename a tree if the two trees you want to merge have the same name.

You can rename only the source tree. To rename the target tree, run DSMERGE from a server on the target tree.

If you change the tree name, the bindery context does not automatically change also, including the one set in the AUTOEXEC.NCF file. Because the bindery context set in the AUTOEXEC.NCF file also contains the tree name (for example, SET Bindery Context = O=n.<test_tree_name>), the server with the recently changed tree name does not use the context that it used before the tree name change.

After you change a tree's name, you might need to change your client workstation configurations. For Novell Client for DOS/Windows, check the Preferred Tree and Preferred Server statements in the NET.CFG files. For Novell Client for Windows NT/2000 and Windows 95/98, check the Preferred Tree and Preferred Server statements on the client Property Page.

When you merge two trees, to minimize the number of client workstations that need to be updated, designate the tree with the most client workstations as the target tree because the final tree retains the name of the target tree.

Or rename the tree after the merge so that the final tree name corresponds to the tree name with the majority of client workstations.

Another option is to rename the merged tree to the name of the original source tree. If you choose this option, then you must update the NET.CFG files on the target tree client workstations.

Use the following list of prerequisites to determine readiness for the renaming operation:

Access to a server console on the source tree or an established RCONSOLE session with the server.

The Supervisor object right to the Tree object of the source tree.

(Optional) All servers in the tree are operational. (Servers that are down will update automatically when they are operational.)

To rename the tree:

On the server that stores a master replica of the partition whose Tree object is the tree name, type DSMERGE.

If you don't know where the master replica is, load DSMERGE on any server in the source tree. Then you will be prompted with the correct server name when you attempt to rename a tree.

Select Rename This Tree.

Enter the administrator name and password to log in to the source tree.

Log in as a user who has the Supervisor object right to the Tree object on the source tree. Enter your complete name, such as admin.novell or cn=admin.o=novell. Entering only admin is invalid since it is not a complete name.

Enter the new tree name.

Press F10 to perform the rename.

Completing the Tree Merge

Following the merging of two trees, it might be necessary to complete the following tasks:

(Optional) Select Checking Servers in the Tree in the DSMERGE main menu to confirm that all tree names were changed correctly.

For more information, see Checking Servers in the Tree.

Check the new partitions that the merge operation created.

If you have many small partitions in the new tree, or if you have partitions that contain related information, you might want to merge them. For more information, see Merging a Partition.

Copy a new replica to any non-NetWare 5 servers after the merge is complete, if you did not upgrade before running DSMERGE.

Re-create any leaf objects or aliases in the tree that were deleted before you ran DSMERGE.

Evaluate partitioning of the eDirectory tree.

Merging trees might change replica placement requirements on the new tree. You should carefully evaluate and change the partitioning as needed.

Update your client workstation configuration.

For Novell Client for DOS/Windows, check the Preferred Tree and Preferred Server statements in the NET.CFG files. For Novell Client for Windows NT/2000 and Windows 95/98, check the Preferred Tree and Preferred Server statements on the client Property Page, or rename the target tree.

HINT: To minimize the number of NET.CFG files you need to update, designate the tree with the most client workstations as the target tree because the final tree retains the name of the target tree. Or rename the tree after the merge operation so that the final tree name corresponds to the majority of the client workstations' NET.CFG files. For more information, see Renaming the Tree.

The Access Control List (ACL) for the Tree object of the source tree is preserved. Therefore, the rights of the source tree's user Admin to the Tree object are still valid.

After the merge is complete, both admin users still exist and are uniquely identified by different container objects.

For security reasons, you might want to delete one of the two Admin User objects or restrict the rights of the two objects.

Grafting a Single Server Tree

Understanding Grafting

The Graft Tree option lets you graft a single-server source tree's Tree object under a container specified in the target tree. After the graft is completed, the source tree receives the target tree's name.

During the graft, DSMERGE changes the object class of the source tree's Tree object to Domain and makes a new partition. The new Domain object is the partition root for the new partition. All the objects under the source tree's Tree object are located under the Domain object.

The target tree's administrator has rights to the resulting tree's root container and therefore has rights to the source tree's grafted root.

NOTE: It may take up to several hours for the inherited rights to be recalculated and become effective. This time will vary based on the tree's complexity, size, and number of partitions.

The source tree's administrator has rights only in the newly created domain object.

Figure 30 and Figure 31 illustrate the effect when you graft a tree into a specific container.

Figure 30
eDirectory Trees before a Graft

Figure 31
eDirectory Tree after a Graft

Context Name Changes

After the graft of the source tree into the target tree container, the distinguished names for objects in the source tree will be appended with the source tree's name followed by the distinguished name of the target tree's container name where the source tree was merged. The relative distinguished name will remain the same.

For example, if you are using dot delimiters, the typeful name for Admin in the Preconfigured_tree (source tree) is:

CN=Admin.OU=IS.T=Preconfigured_tree

After the Preconfigured_tree is merged into the New Devices container in the Oak_tree, the typeful name for Admin is:

CN=Admin.OU=IS.DC=Preconfigured_tree.OU=Newdevices. 
OU=Engineering.O=Sanjose.T=Oak_tree.

NOTE: The distinguished name maximum character length is 256 characters. This limitation is particularly important when you are grafting the root of one tree into a container near the bottom of the target tree.

The last dot following Oak_tree (Oak_tree.) indicates that the last element in the distinguished name is the tree name. If you leave off the trailing dot, then leave off the tree name.

Preparing the Source and Target Trees

Before initiating the graft operation, ensure that the state of all of the servers affected by the operation is stable. Table 53 provides recommendations for preparing the source and target trees before grafting.

Table 53. Recommendations for Preparing Source and Target Trees before Grafting

Prerequisite	Required Action
WANMAN should be turned off on all servers that hold a replica of the source tree's Tree partition or the target tree's Tree partition.	Review your WANMAN policy so that WAN communication restrictions do not interfere with the merge operation. If required, turn WANMAN off before initiating the merge operation.
The source tree must have only one server.	Remove all but one server from the source tree.
No aliases or leaf objects can exist at the source tree's Tree object.	Delete any aliases or leaf objects at the source tree's Tree object.
No similar names can exist in the graft container.	Rename objects under the target tree graft container or rename the source tree. Move objects from one of the containers to a different container in its tree if you don't want to rename objects, then delete the empty container before running DSMERGE. For more information, see Managing Objects. You can have identical container objects in both trees if they are not immediately subordinate to the same parent object. Objects are uniquely identified by their immediate container object.
The eDirectory version for both the source tree and target tree container must be 8.51 SP2a or later.	DSMERGE will search for the appropriate version of eDirectory. If an acceptable version isn't found, DSMERGE will return an error. You can get the latest version of eDirectory from the product download page.
The container where you will join the target tree is in a partition that has no replicas (a single-server partition).	If the target container has multiple replicas: Make the partition associated with this container the master replica, then delete other replicas, or Split the target tree graft container in to a separate partition and then remove replicas. After the graft is complete, the partition association can be re-established.
The server holding the target container must also hold a replica of the ROOT partition.	If the server doesn't hold a replica of ROOT, the graft will fail, and you will see error `-672 No Access` because the directory will be unable to verify administrator rights for the target tree. Use ConsoleOne to add a replica for ROOT. For more information, see Adding a Replica in the ConsoleOne User Guide.
The schema on both the source and target trees must be the same.	Run the Graft option in DSMERGE. If reports indicate schema problems, run DSREPAIR on the target tree to import the schema from the source tree. The graft operation automatically imports the schema from the target tree to the source tree. Run DSMERGE again.
Only one tree can have a security container subordinate to the tree root.	If both the source and target tree have the security container, remove one container as explained in NMAS Considerations.
The source tree's time reference must be reconfigured.	Generally the source tree should be set as a secondary server configured to get its time source from a server in the target tree. To reconfigure Timesync, see Configuring Timesync on Servers in the Network Time Management Administration Guide.

Containment Requirements for Grafting

To graft a source tree into a target tree container requires that the target tree container be prepared to accept the source tree. The target tree container must be able to contain an object of the class domain. If there is a problem with containment, error -611 Illegal Containment will occur during the graft operation.

Use the information in Table 54 to determine if you need to run DSREPAIR to modify containment lists.

Table 54. Target and Source Tree Container Requirements

Target Tree Container Requirements

The target tree container object must include the domain object in its containment list.

You can check this using iMonitor > Schema. If the containment list does not include Domain, run DSREPAIR to make schema enhancements.

Source Tree Requirements

The graft operation changes the source tree root from the class Tree Root to the class Domain. All of the object classes that are subordinate to the Tree must be able to be contained by the class Domain according to the schema rules.

You can check this using iMonitor > Schema. If the containment list does not include Domain, run DSREPAIR to make schema enhancements.

If containment requirements aren't met, run DSREPAIR to correct the schema.

Load DSPEPAIR, select Advanced Menu > Global Schema Operations.

Select Optional Schema Enhancements.

The schema is updated and results are displayed on screen.

Grafting the Source and Target Tree

After you ensure that prerequisites are met, use DSMERGE to perform the graft as explained in the following procedure:

Load DSMERGE at the console of the source tree server > select Graft a Single Server Tree.

Enter the required data including user name and password for both the source and target tree and the distinguished name of the target tree container, for example, New Devices.Engineering.San Jose.Oak_tree

Press F10 to start the graft.