Announcement

Collapse
No announcement yet.

Migrate from Datatel to Microsoft Active Directory

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Migrate from Datatel to Microsoft Active Directory

    Greets to all,

    Well I've gotten involved in a project that basically nobody wants to touch however, I see an opportunity to do things the right, the first time (How often does that happen?)

    We're an educational facility that uses OpenLDAP for authentication through an app called Datatel which is designed for the sole use of educational institutions.

    We also use Windows XP workstations but, have no Microsoft domain, hence they would like to setup and configure a Windows domain with Active Directory and enable "[email protected]" (http://get.liveatedu.com/Education/Connect/) for the student body, also Exchange for faculty members, they would also like to maintain their single logon to the network, DC's will be placed at remote campus locations to facilitate authentication, as well.

    As I understand it OpenLDAP does not understand any structures associated with active directory, more specifically multiple OU's with groups and user accounts. What I've been told is all the users and groups would have to be kept in the default User's container created when you install Sever 2003 as a server / DC. That just doesn't even seem possible (est. 40,000 in the default User's folder) and even if it is possible, then whats the point?

    What I am looking for is some information, collaboration or whitepaper that outlines what other EDU facilities have done (we can't be the only people to do this) so that I can draft an outline of what needs to be done to accomplish this task.

    I will do my best to provide more information and answer questions as directly as possible.

    Let me take the opportunity to thank you all in advance, also if I have not been clear in my explanations, just bear with me..I am trying.
    Regards,
    Randerso




    "Education is not the filling of a pail, but the lighting of a fire." W. B. Yeats

  • #2
    Re: Migrate from Datatel to Microsoft Active Directory

    Good morning !

    I'm not sure I understand exactly what you're trying to find out... but OpenLDAP does support multiple OUs and groups for sure..
    Group nesting might be handled differently than in AD however..
    VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

    Comment


    • #3
      Re: Migrate from Datatel to Microsoft Active Directory

      Hi Gepeto,

      Thanks for responding,

      I am looking for more information about Datatel so that I can understand how to do a migration with AD and keep using Datatel (they have too much invested to get rid of Datatel)

      As I have no access to the Datatel site or user groups I am relying on other people to point me in the right direction.

      Also I stated, most of what I posted is information I've been told, I would like to verify my facts and gain a clearer picture through understanding...

      Hopefully you can help,...any suggestions?
      Regards,
      Randerso




      "Education is not the filling of a pail, but the lighting of a fire." W. B. Yeats

      Comment


      • #4
        Re: Migrate from Datatel to Microsoft Active Directory

        I have no experience with Datatel. However, usually, if the app works with OpenLDAP, you should be able to get it to work with AD.

        Some schema extensions might be required etc but I'm sure it's doable.

        Get a good lab though
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: Migrate from Datatel to Microsoft Active Directory

          I think one of their primary goals is to replace the OpenLDAP/Datatel Registry with Active Directory....

          A lab sounds like a good idea
          Regards,
          Randerso




          "Education is not the filling of a pail, but the lighting of a fire." W. B. Yeats

          Comment


          • #6
            Re: Migrate from Datatel to Microsoft Active Directory

            I'd look here:
            http://www.google.ie/search?q=migrat...tive+directory
            ________
            Herbal Health
            Last edited by DYasny; 6th March 2011, 18:57.
            Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

            BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

            Comment


            • #7
              Re: Migrate from Datatel to Microsoft Active Directory

              I Don;t have experience with openLDAP but i do know that keeping all user accounts in one place is possible (but not really handy as you have mentioned youreself allready)

              But even more important, i have worked for an company that has around 30.000 accounts in an single domain (and most user's in 1 single OU) but microsoft did not recommend that, 40.000 user's in an single domain is very very hard to manage (even if they where divided in seperate OU's), the company i worked for used 3 wopping massive datacenters with each an wopping DC Cluster in it and multiple 10 gigabit connections per center (don't know the details, but i do know that solution cost around the 1.3 million euro's per DC cluster (around the 25 million euro per center), and even then it was not very quick when managing user account's etc (very very sluggish reaction from AD)

              40k users in 1 domain, i wouldn't go there if i where you.

              Comment


              • #8
                Re: Migrate from Datatel to Microsoft Active Directory

                Hi DYasny, Ronald,

                Thanks for the advice and I will follow up and report my findings.

                I would like to have more input as to the implementation of this project. I think their primary goal is to keep Datatel (drop LDAP for authentication) and use authentication service from AD (and a place to park the user accounts) to provide access to resources that are hosted in the Datatel ERP.

                I'm just not sure if Datatel can see different OU's and Groups stored in AD.

                I'm thinking a proof of concept lab (as suggested) will be the only way to illustrate the scope of the problem.

                Side note: I worked with a technician in Tuam, Ireland recently named Justin Collins...sharp guy.

                Thanks for the input I will let you know what develops.
                Regards,
                Randerso




                "Education is not the filling of a pail, but the lighting of a fire." W. B. Yeats

                Comment


                • #9
                  Re: Migrate from Datatel to Microsoft Active Directory

                  Active Directory also uses LDAP, don't forget that

                  basically what you need to do is transfer the user database from OpenLDAP to AD
                  ________
                  Babimac
                  Last edited by DYasny; 6th March 2011, 18:58.
                  Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

                  BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

                  Comment


                  • #10
                    Re: Migrate from Datatel to Microsoft Active Directory

                    That's true, LDAP is the frontend of Microsofts implementation of LDAP/Active Directory running the ESE engine.

                    I'm wondering if there is a way to mimmick Datatel's registry structure, bypassing it's own registry (a repository) for users and passwords (as it really doesn't provide authentication) and just point Datatel to look to AD for authenticated users, user accounts.

                    That would make this project work....

                    Any ideas?
                    Regards,
                    Randerso




                    "Education is not the filling of a pail, but the lighting of a fire." W. B. Yeats

                    Comment


                    • #11
                      Re: Migrate from Datatel to Microsoft Active Directory

                      Well the schema is extensible in AD so if you need to create additional classes and populate additional attributes, that is doable..

                      What does that Datatel software actually do?
                      VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                      Comment


                      • #12
                        Re: Migrate from Datatel to Microsoft Active Directory

                        don't know about datatel, but I have connected several different software to AD by either using an LDAP lookup script (loads of those, especially written in perl available online) or by authenticating to the Radius which in turn connects to the AD (checkpoint NG on SPLAT, with no AD auth module)
                        ________
                        Medical Cannabis Seeds
                        Last edited by DYasny; 6th March 2011, 18:58.
                        Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

                        BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

                        Comment

                        Working...
                        X