If your organization is currently in transition from Windows NT Server 4.0 or Novell Directory Services (NDS) to Windows Server 2003 or Windows 2000 Server, you know headaches are ahead. Besides the actual migration duties, you must contend with multiple sets of proprietary tools to manage your disparate network directories. In addition to NT 4.0 and NDS, you might have a third-party directory service. How can you get a good picture of all your directory structures and objects?
Sunbelt Software's Sunbelt Directory Inspector 1.5 is a new tool that lets you analyze your organization's disparate directories and create comprehensive reports about their structure, security, integrity, and policy compliance. Sunbelt has been around for a long time, and historically, the company has repurposed and resold software, serving as a clearinghouse for cool tools. However, Directory Inspector is one of the first tools the company has developed in-house, so I was curious to give it a try.
Inspecting Directories
Directory Inspector provides a unified console for querying network directories in both pure Windows environments and mixed environments. You use the Directory Inspector console--instead of a variety of network directory tools, such as the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in or Novell's ConsoleOne--for one-stop viewing of all your directories. The Directory Inspector console uses the permissions already present on the directories to restrict undesired poking around and access.
Installing Directory Inspector was a straightforward, wizard-driven process that proceeded without a hitch. I downloaded the software from the company's Web site, navigated through three wizard screens, and was finished.
The next step is to tell Directory Inspector about your directory sources. Directory Inspector can tie together a full or partial view of multiple directories, including NT 4.0's directory service, Active Directory (AD), NDS, IBM SecureWay and Sun Microsystems' iPlanet. Directory Inspector can also use any other Lightweight Directory Access Protocol (LDAP)-enabled directory sources (such as Sun Microsystems' iPlanet) but provides no enhanced reporting abilities for these sources.
Next, you tell Directory Inspector which containers within the directories you want to view. Although directory service administrators have access to view the entire hierarchy, in many cases, you'll want to use Directory Inspector to limit this view by creating a collection of directory sources called a Directory Profile. For example, if you're in charge of the Nurses accounts in a hospital and the Nurses accounts are in both AD and NDS, you might want to create a Directory Profile that combines the view of just the Nurses organizational unit (OU) in AD and the Nurses OU in NDS. Figure 1 shows an example of how to select the containers from which you want to pull data for a profile.
When you run queries against a Directory Profile, Directory Inspector doesn't directly query the directories. Rather, the program imports the required data into Directory Inspector and maintains the data in encrypted files. When you first create a Directory Profile, the Sunbelt Directory Inspector Wizard asks you whether you want to add this Directory Profile to a list of profiles whose data is imported regularly or whether you want to import this profile's data immediately, as Figure 2, page 29, shows. A separate scheduling applet called the Directory Importer lets you specify the frequency for importing profile data.
Pulling data from the source directories might take a while. Importing the data from my test directory, which contains less than 1000 users, took about 5 minutes. After you import the data from your directory sources, you're ready to start using Directory Inspector to create reports.
Prev. page
[1]
2
next page 
