Resolving eDirectory Issues Notes

Use iMonitor to Resolve eDirectory Issues

iMonitor provides a web-based alternative or replacement for tools such as DSBROWSE, DSDIAG, DSTRACE. iMonitor also allows for many of the diagnostic features available in DSREPAIR.

iMonitor is access through a web-browwser:


It can also be configured to use https for secure connections using port 81 or 8009.

Modes of operation

Direct mode

Your browser pointed directly at the address of the server you are administering.

Server-centric features that are only available for the machine iMonitor is running directly on (because these features use local API sets that cannot be accessed remotely). Server-centric features include:

  • Background process schedule pages


In direct mode all the features of iMonitor are available on that machine. Key features:

  • Full server-centric feature set
  • Reduced network bandwidth (faster access)
  • Access by proxy for all versions of eDirectory


Proxy mode

Your browser pointed at an iMonitor running on 1 machine but gathering information from another.

Because iMonitor uses traditional non server-centric protocols, all previous versions of eDirectory beginning with NDS 6 can be monitored and diagnosed.

While you are in proxy mode you can switch to direct mode for a different server as long as it is a version of eDirectory that includes iMonitor. If iMonitor is running on the server you will see an additional icon button (telescope) near the top of the screen.

Key features of proxy mode:

  • Not every server in the tree must be running iMonitor in order to use most iMonitor features.
  • Only 1 server is required to be upgraded.
  • There is a single point of access for dial-in.
  • You can access iMonitor over a slower speed link while iMonitor accesses eDirectory information over higher speed links.
  • Previous eDirectory version information is accessible.


iMonitor provides the following features:

  1. eDirectory health summary
  2. Error information
  3. Synchronization information
  4. Object/Schema browser
  5. Known servers
  6. DirXML monitor
  7. Agent configuration
  8. Search
  9. eDirectory health checks
  10. Partition list
  11. Hyperlinked DSTRACE
  12. Agent process status
  13. Agent configuration
  14. Background process schedule
  15. Agent activity and verb statistics
  17. Reports
  18. Agent information
  19. Error information

Agent Triggers
Allow you to initiate certain background processes. Most triggers are equivalent to using the SET DSTRACE=*option command.

Background Process Settings
Allow you to modify the interval at which certain background processes run. These settings are equivalent to using the SET DSTRACE=!option command.

Agent Synchronization
This option lets you disable or enable inbound or outbound synchronization. You can specify in hours the amount of time you want synchronization disabled.

In eDirectory 8.6 or later you can control the number of threads used for outbound synchronization and the method.

Database Cache
This option lets you configure the amount of database cache used by the DS database engine. It provides various cache statistics to enable you to determine whether you have enough cache available.

Trace Configuration
The options in DS Trace Options se are a convenient equivalent of the SET DSTRACE=+option command.
Manage user accounts
Organize objects

Use iManager to Resolve eDirectory Issues

Most of the tools in ConsoleOne are now available in iManager, and iManager will soon replace ConsoleOne to take advantage of web-based management.

You must have Internet Explorer 5.5 or later or Netscape 6.2 or later to use iManager.

iManager is installed via the webapp.ncf at the root of the EDIRWEBAPPS cd, so install is launched with:


When iManager is accessed for the first time it runs the configuration wizard to walk you through setting it up, alternatively you can run the iManager configuration wizard at any time by accessing (case sensitive):


Using iManager you can:

  1. Manage user accounts
  2. Organize objects
  3. Create group objects
  4. Browse and find objects
  5. Create user accounts
  6. Set up optional account features
  7. Set up login scripts
  8. Set login time restrictions for remote users
  9. Assign rights
  10. Grant equivalence
  11. Block inheritance
  12. View effective rights

iManager uses Role Base Services (RBS) to allow you to allocate a specified set of tasks and objects to users as determined by their roles.

Use eMBox to Resolve eDirectory Issues

The eDirectory Management Toolbox (eMBox) lets you access all the eDirectory backend utilities remotely as well as on the server. eMBox works with iManager to provide access to utilities such as DSREPAIR and DSMERGE as well as web-based access to the new Backup and Restore and Service Manager functions.

All services can be used locally or remotely through a command line client.

To use EMbox it must be installed and the server must have role based services (RBS) configured.

You can perform tasks for multiple servers from one server/workstation using the eMBox client.

One way to access eMbox is through its Java command line client, which runs in either Interactive or Batch mode. To run this Java client you need to have access to the Java Runtime environment, installed with iManager 1.5. It is also available from Sun Microsystems at http://java.sun.com

You must have access behind the firewall to the servers you want to manage.

To run eMBox client:

Netware/Linux Server

edirutil –i

Windows Server

            c:\novell\nds\edirutil.exe –i

Windows Workstation

Copy the eMBoxClient.jar file to your machine from:

On Netware: sys:\system\embox\eMBoxClient.jar
On Windows: \novell\nds\embox\eMBoxClient.jar
On Unix: /usr/lib/nds-modules/embox/eMBoxClient.jar

Make sure your workstation has the Sun JVM 1.3.1 installed.

After Launching

After opening the eMBox client in interactive mode, enter

Login –s network_address –p port_number –u admin_user_with_context –w password –n

e.g. login –s –p 8008 –u admin.slc.digitalair –w novell –n

The following tools are available:

  1. eDirectory Backup eMTool
  2. eDirectory Merge eMTool
  3. eDirectory Repair eMTool
  4. eDirectory Schema Operations eMTool
  5. eDirectory Service Manager eMTool

Use eMTool to Repair a Database

At the eMBox client prompt to see a list of options for dsrepair, enter:

            list –tdsrepair

To run disrepair itself without any command-line parameters, enter:


Follow the prompts thereafter or press enter for defaults.

Graphical Interface

You can run eMBox client in graphical mode at the server by entering:

            edirutil –g

Logout of the eMBox client, enter:


Exit the eMBox client, enter:


Use DSTRACE to Resolve eDirectory Issues





Enables or disables a core option


Turns on tracing to a file


Turns of tracing to a file


Enables the following DSTRACE filters:

  • MIN
  • ON



Enables the following DSTRACE filters:

  • ON
  • MIN
  • INT
  • MISC
  • PART
  • EMU
  • MOVE



Disables all but the On setting


Enables the DSTRACE screen


Disables the DSTRACE screen


Enables a DSTRACE flag


Disables A DSTRACE flag


Starts a process


Unloads and reloads DS


Clears all filters


Enables/disables backlink messages


Forces the Backlink process


Enables/disables inbound messages


Enables/disables Janitor, Replica Synchronization, and Flat Cleaner messages


Forces the Flat Cleaner and Janitor processes


Enables/disables Limber messages


Forces the Limber process


Enables/disables miscellaneous messages


Enables/disables Partition Operation messages


Forces the Partition Purge process


Enables/disables Schema Synchronization messages


Enables/disables Replica Synchronization messages


Forces Replica Synchronization (Heartbeat)


Gives up on a server with too many requests


Displays NDS tunable parameters


Resets TTF (DSTRACE.DBG) file


Schema synchronization (unsuccessful 24 hours)


Display the status of background processes


Changes the status of all servers to UP (optional –Server Entry ID to change one server’s status)


Sets a value to a parameter


Sets the inbound and outbound replica synchronization interval to the specified number of minutes

Default=24 minutes
Range=2 to 10080 (168 hours)


Sets the outbound and outbound replica synchronization interval to the specified number of minutes

Default=24 minutes
Range=2 to 10080 (168 hours)


Enables the inbound and outbound replica synchronization process


Enables the inbound replica synchronization process


Enables the outbound replica synchronization process


Sets the Heartbeat Interval (replace the # with the number of minutes)

There are many more ! settings, but use should use iMonitor to set these.


DSTRACE.NLM is totally separate utility to the DSTRACE SET commands. Using the DSTRACE.NLM utility you can monitor some eDirectory processes not available using SET commands. In particular, it allows you to view:

  1. LDAP messages
  2. WAN Traffic Manager messages
  3. DirXML information

Launch DSTRACE by:

Entering the following at the server console prompt :


In the eDirectory Console by running DSTRACE.DLM. To set triggers select ds.dlm and select configure.

Entering the following at the shell prompt:

            ndstrace command_option

For a list of available options, enter man ndstrace at the command prompt.

Filter Status Colors


Filter disabled


The information associated with this filter appears on the console screen only


The information associated with this filter is recorded to the log file only


The information associated with this filter appears on the console screen and is also recorded in the log file

Enable a filter with:

            DSTRACE +filter_name

Disable a filter with:

            DSTRACE –filter_name

To display the trace on the server screen, enter:


DSTRACE.NLM doesn’t use the * or the SET DSTRACE = commands

Use DSREPAIR to Resolve eDirectory Issues

One of the most commonly used eDirectory diagnostics utilities, used with NetWare, Windows and Unix to check for and correct problems in the eDirectory database on a server-centric basis.

By default, eDirectory 8.5 and later DSREPAIR does not close the database when completing operations, and it saves the database without prompting.

Default log file is SYS:SYSTEM\DSREPAIR.LOG

DSREPAIR Advanced Options Menu



Log File and Login Configuration

Configures options for the DSREPAIR log file and allows login to eDirectory tree (required for some operations).

Repair Local Database

Repairs the eDirectory database files stored on the server, allowing you to manually control all repair options.

Servers Known to the Database

Lists servers known to the local eDirectory database. Allows you to obtain server information and perform time synchronization and network address operation on these servers.

Replica and Partition Operations

Displays a list of all partitions that have a replica in the server’s eDirectory database, allowing you to perform repairs to all replicas and replica rings such as sending all objects from a healthy server to every replica in the ring.

Check Volume Objects and Trustees

Checks all mounted volumes for valid volume objects and valid trustees on the volumes.

Check External References

Validates external references on the server and attempts to locate their corresponding Backlink attribute. Also displays information for all obituaries in the server’s eDirectory database.

Global Schema Operations

Allows you to update the schema on all servers or on only the [Root] server and allows importing a remote schema from a server in another tree.

View Repair Log File

Allows you to view the DSREPAIR log file (same option as Main menu).

NDS Archive Options

Allows you to copy the eDirectory database files to disk in a compressed format for offline diagnostics and repairs.

DSREPAIR Startup Switches
Switches can be activated using /,\ or –





Advanced Mode

Enables the advanced mode for DSREPAIR. Use this switch fo:

  • Set a subordinate reference to be a master replica. Warning! You will lose all objects in the partition.
  • Remove a server from the replica ring. This does not remove the replica from the server.
  • Declare a new epoch.Do not do this unless absolutely necessary.
  • View all MOVE_INHIBIT and OLD_RDN obituaries in Check External References.


By-pass Reference Check

Bypasses reference checking when launched from the command line with the automatic repair [-RD] startup switch.


Archive Check Mode

Contacts remote replica holders when archiving a database.


Check Transitive Vectors

Checks transitive vector and value time stamps while performing a repair.


Skip Disk Space Check

Skips the disk space process before performing a repair.

-AZ or –A0

-613 Schema Fix

Resolves -613 errors with modifiersname or creatorsname attributes. In eDirectory 8.6 and later, the [-AZ] and [-A0] switches perform the same functions.

-DDIB Extension

Repair Alternate DIB

Repairs the DIB set that is specified by the extension. This option defaults to NDS if no other name is specified. The NDS DIB is always closed and locked regardless of the DIB being repaired.


INS Mode

Automatically performs a post-NetWare 5 schema update.


Killer Mode 2

Forces all replicas off a server. This process has serious implications.


Killer Mode 3

Performs the following during a repair:

  • Marks all external reference objects as not being backlinked (clear EF_BACKLINED, creation time stamp set to 0, and object class set to -1).
  • Sets time stamps on all attributes of external reference objects to 0.


After performing an –XK3 repair, the backlinker must be started to re-backlink the external reference objects.



Killer Mode 6

Prompts the user to select a volume to perform the repair on. Once the volume has been selected, all IDS on the selected volume are cleared, including the volume object.

-LLog File

Log File Name

Allows you to specify an alternative location and name for the DSREPAIR log file.

-NNumber of Days

Number of Days

Allows you to specify the days you want to purge the Network Address property on a user class object.

You must specify a day from 1-7, 1 being today and 7 being a week ago. When you set the day, any network address property older than the number of days chosen will be purged.

This resolves the issue where the network address is never purged after a connection has been terminated. The default time a network address is kept is 60 days.


Timestamp Obituaries

Time stamps obituaries while performing a local repair. This option time stamps all obituaries except INHIBIT_MOVE obituaries.

This is useful when the time stamp of the obituary is older than the purge and obituary vectors.

Only run this type of repair from the server that holds the master replica of the partition in question.


Mutate Unknown Objects

Marks all unknown class objects as referenced (a referenced object is not synchronized). This will allow another server with real copies of these objects to overwrite the reference objects.

This option can be dangerous if valid objects are unknown in the database.

-RCDump Directory

Create Database Dump File

Automatically creates a database dump file named 00000000.$DU.


Repair Database

Automatically repairs the local database. This switch is often used with another switch specifying the type of repair to perform.


Repair Locked Database

Automatically repairs the local database with the database locked. This switch is often used with another switch specifying the type of repair to perform.


Repair Remote Server IDs

Automatically repairs remote server IDs.

RLLog Filename

Remove Log File

Allows you to specify an alternate log file. Unlike the L option, the existing file is deleted instead of being appended.

-RMPartition Root EID

Designate Master

This option causes DSREPAIR to set the local server to be the master replica of the partition that has been specified. You must use the full EID including all the leading zeros.


Repair Network Address

Automatically repairs all servers’ network addresses.

-RRPartition Root EID

Repair Replica Ring

Automatically repairs the ring for the selected partition. This process also verifies the remote IDs for servers in the replica ring. You must use the full EID including all the leading zeros.

-SOObject ID

Single Object Repair

Performs a single object repair on the specified object. You must use the full EID including all the leading zeros.


Unattended Repair

Automatically runs an unattended repair. It runs the main menu option Unattended Full Repair without user intervention and then unloads when the repair is completed.


Zen Mode

Purges all WM:RegisteredWorkstation attributes from all objects in the tree.


Command Help

Presents basic command line usage information.




JamesGosling.Com © 2006 | Privacy Policy | Terms Of UseXHTML1.0 | CSS | MT