Novell Audit Utility - DSReport In order to accurately assess all Novell products installed in a customer environment there are a number of tools which can be used to conduct this audit. Some tools are better suited to gathering information than other tools. DSReport can extract any information from NDS, given that the operator has sufficient rights in NDS to query the objects. NDIR is required to determine the date that a directory on a volume was last accessed. NWAdmin is used to determine Licenses installed in the NDS Organisational Units. NetWare Novell licenses are based on a combination of active users and active printers or print servers. Most sites run with one print queue per printer. It is difficult to determine which printers are active since there is no property which reflects the last date a printer was used. Since printers use queues for storing files before they are actually printed, the queue directory will indicate the last time the directory was accessed – a file was printed. By analysing the Print Queue object and identifying the queue directory, active printers can be determined. ZENworks If the customer has installed ZENworks then it will be necessary to count the number of active users in the network. Active users does not include printers as is the case for NetWare licenses. NDS for NT and Corporate Edition NDS for NT and Corporate Edition are typically licensed on a Managed User basis – that is the user hasn an entry in the NT Domain or has a Unix (Solaris) or a Linux Profile. These are properties are defined in the User Object as IWS:Domain Membership for NT Domain users, UNIX:UID is used for Unix and Linux. If one of these properties has a value, then this indicates the user is consuming a license of NDS Corporate Edition. BorderManager If the customer has BorderManager, it may involve a Server License and Client licenses or it may be on a Node License Basis. If a License has been installed, it will appear as an object in the NDS and NW Admin has a Novell License Reporting option under the Tools Menu selection. (License objects are typically stored in the same Organisation Unit as the Server they are installed on.) If Nodal licensing is used, then the Active User count (without printers) is the measure of licenses. (BorderManager VPN does not update the date last logged in property of the user object, so users who only use VPN will have to be identified and counted as active users.) ManageWise and ZENworks If customers have ManageWise and ZENworks, ManageWise is measured on the number of NetWare and NT servers running ManageWise agents and the total number of installed ManageWise consoles. View|All|NetWare Servers and |NT Servers, will indicate how many servers have agents running. If ManageWise is used, by not ZENworks, then the total number of workstation objects and printer objects is the measure of licenses. GroupWise GroupWise is based on the number of Mailboxes in use. This can often be much higher than the active users on a network due to alternate mailboxes, eg sales@xyz.com, corporate governances requiring that email must be retained for a certain number of years after a user has left. Use NWAdmin, with GroupWise administration snap-ins installed. Go to Tools| GroupWise View|. Select GroupWise System, <Right Mouseclick> and choose Information. This will display the User Count – the total number of users of the GroupWise System. Running the DSReport Utility The DSReport Utility can be used to extract NDS information to a CSV file, which may then be manipulated with MS Excel. These reports will need to be run for each NDS tree in a customer network. DSReport requires Admin access to the tree in order to get access to all attributes of the User Objects, Printer objects, Print Queue objects. Setting Context in DSReport Searches Run DS Report and select the Context to start the query from. It may be that in a very large tree, you want to break the information gathering up into a number of geographical areas. Searching can take some time depending on replica placement in the network. The search will run fastest if the user has access to all replicas, locally. Selecting Object Type in DSReport DSReport highlights all the base and extended object classes in the middle window – Having selected an object type in the left side list, the properties of that object will be displayed in the right side list. Highlight which properties you wish to report on. In order to make multiple property selections, hold the <CTRL> key while clicking one each property. Selecting Report Output format The report output may be in a CSV (Comma-Separated-Variable), TSV (Tab-Separated Variable), Excel Spreadsheet Format or Text Format. Select which option you prefer. Press the <RUN> button in order to start your query. Output Results It is possible to check that there were results from a query by looking at the Output Screen. Once you are happy with the results the data can be saved from the Multi-Object Report window. Saving Data After the extract has completed, control will be returned to DSReport and you may save the data to file. Data is saved based on the Object type you queried. User Object Data A query of user objects will return all users in the selected contexts and sub-contexts. Select the following properties of the user object CN – Common Name Last Login Time– Date the user last logged in Full Name – optional and may not always have data OU – optional and helpful to identify users After extracting the data, it is preferable to sort the data based on the Date Last Logged In field. There are 4 totals required for Novell Audit purposes: 1. Total number of Users Total Users This is the total number of rows in the extracted data 2. Users who have never logged in Never Logged In This is the total number of rows with no entry in the Date Last Logged in field 3. Users who have not logged in in 60 Days Inactive Users This is the total number of rows where the Date Last logged in is greater than 60 days from the date the report was extracted 4. Users who have logged in in the last 60 Days Active Users This is the total number of rows where the Date Last logged in is less than or equal to 60 days from the date the report was extracted All these fields need to be recorded on the Audit Finding Sheets. The most important group of users are the Active Users. Scan the data in the Active Users list specifically looking for Administrative User-Ids, Duplicates, Test User-Ids and shiftworkers. Please refer to the Audit Documentation for information relating to these different User-Ids and where to record the information. Printer and Print Server Object Data The Audit Worksheets ask that Printers and Print Server numbers be recorded. The higher of Printers or Print Servers is used to determine the Total MLA Connections. Because printers and Printservers are not always removed from the tree when they are decommissioned, there will often be many more printers defined than there are printed in operation. The following procedures will help identify these inactive devices. Printer Objects Select the following properties: CN=Common Name OU=the Context the printer is defined in Printer name as defined in NDS Helps to identify the location of the printer This information should be recorded on the Audit Worksheet for each tree. Print Server Objects Select the following properties: CN=Common Name OU=the Context the printerserver is defined in Printerserver name as defined in NDS Helps identify the location of the printserver This number must be recorded on the Audit Worksheet for each NDS Tree. Excessive numbers of Printers – What to do… If there are excessive numbers of Printers or PrintServers, the following information may be gathered to help assess how many printers are active – that is those printers which have been used in the last 60 days. PrintQueue Objects Most printers connected to NetWare networks use Print Queues for spooling of jobs prior to printing. Instead of printing directly to a printer, as is the case with a printer connected to a workstation’s serial or parallel ports, the workstation stores the print job in a queue on the server. When the printer is ready, it will print the printjob from the file stored on the server. By examining the dates in the Queue directory, it is possible to determine the last time a print queue was used. Note: This is a fairly imprecise science since there can be more than one printer using a print queue and there can be more than one print queue used by a printer. If you divide the number of Print Queues by the number of printers One can make an assumption that this is the average number of print queue per printer. By using the following procedure, you will be able to determine how many printers to reduce the count by in order to come up with the Total MLA Connections. Extract the following properties of the Print Queue object OU Identifies printer location in NDS CN Print Queue Name Device Multi-valued field listing all printer on this queue Queue Directory Directory on a NetWare Volume for this queue Volume Server and Volume name to query Having identified this information, it is best to sort the data by Volume and Queue Directory. It is now necessary to map a drive to the server and volume in order to query the dates. Queues are typically stored in the Queues directory off the root of the volume. Change Directories to the directory the queues are stored in. CD QUEUES as an example NDIR *.QDR /UP BEF 04/20/2000 /c /s > C:INACT-PQ.TXT will output all queue directories which have not been updated (used) since 5th April 2000, and will store the results in a file called INACTPQ.TXT on the C Drive. NDIR *.QDR /UP AFT 03/20/2000 /c /s > C:ACTIVE-PQ.TXT will output all queue directories which have been updated (used) since 5th April 2000, and will store the results in a file called ACTIVE-PQ.TXT on the C Drive. This process needs to be repeated for each server listed in the Volume column of the Print Queue data extract. It is then necessary to check the entries in the INACT-PQ.TXT file against those listed in the Print Queue list to determine how many print queues are inactive. This figure should then be divided by the average number of print queues per printer, to determine how many printers to reduce the count by. License Objects Various Novell packages use the Novell Licensing Services to record the licenses in use. Licenses are usually recorded in the same Organisation Unit as the server they are installed on. NWAdmin has a utility under Tools|Novell Licensing Services|Novell License Report, which allows you to extract the license objects in an NDS tree and save them to file or print the list out. Note: you will have to do this from an administrator’s workstation which has the necessary snap-ins to NWAdmin for Novell Licensing Services. Novell BorderManager is one such product which uses Licensing Services to define the Servers which have BorderManager components loaded. This is not an area which is covered in the Novell MLA Audit process – it is here to help customers determine what Novell Products they have installed in their environment and hence what they should be licensed to use. Disclaimer This document has been prepared by Novell Australia, Enterprise Business Unit to assist MLA customers to determine what is the correct number of licenses they should have installed. Comments on these procedures, may be made to Ross Ford, Rford@novell.com or mobile +61-417-450585