NOVELL TECHNICAL INFORMATION DOCUMENT TITLE: SDIDiag 2.1 TID #: 2966746 README FOR: sdidiag21.exe NOVELL PRODUCTS and VERSIONS: NetWare 5.1 Security - NW51S NetWare 6 Security - NW6S NetWare 6.5 Security - NW65S ABSTRACT: SDIDiag is the Security Domain Infrastructure Diagnostic and repair utility. SDIDiag allows an administrator to view the various keys within a tree and to ensure that all servers are synchrnoized with constant keys. By default SDIDiag 2.1 references only servers running eDirectory version 8.7.1 or later. To have SDIDiag 2.1 reference servers prior to eDirectory version 8.7.1 it is necessary to use the -A switch. SDIDiag 2.1 works with eDirectory versions: eDirectory: 8.7.1, 8.7.0, 8.6.2, 85.xx NOTE: It is STRONGLY recommended that all servers be running a minimum of NICI 2.4.2 or later. For further details on determining your NICI version please see TID 10083945 - How do I tell which version of NICI I am running? http://support.novell.com/cgi-bin/search/searchtid.cgi?/10083945.htm For further information on SDIDiag see TID 10081773 - SDIDiag Switches, Options and Information http://support.novell.com/cgi-bin/search/searchtid.cgi?/10081773.htm ----------------------------------------------------------------- DISCLAIMER THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO NOVELL. NOVELL MAKES ALL REASONABLE EFFORTS TO VERIFY THIS INFORMATION. HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT IS FOR YOUR INFORMATION ONLY. NOVELL MAKES NO EXPLICIT OR IMPLIED CLAIMS TO THE VALIDITY OF THIS INFORMATION. ----------------------------------------------------------------- INSTALLATION INSTRUCTIONS: SDIDiag 2.1 is installed by extracting SDIDiag21.exe to the local workstation. Either run SDIDIAG.EXE from a windows command prompt, or copy SDIDIAG.NLM to the SYS:\SYSTEM directory on a NetWare server. From the servers system console: SDIDiag, Security Domain Infrastructure Diagnostic Utility Version 2.1 Jun 26 2003 Copyright 2003 Novell, Inc. All rights reserved. Server : .SERVERA.NOVELL.ACME-TREE. Tree : ACME-TREE User Name (Full DN): admin.novell Password : ******* SDIDIAG> From a workstation command prompt: C:\Program Files\SDIDiag>sdidiag SDIDiag, Security Domain Infrastructure Diagnostic Utility Version 2.1 Jun 26 2003 Copyright 2003 Novell, Inc. All rights reserved. Server IP Addr : 192.168.100.10 User Name (Full DN): admin.novell Password : ******* SDIDIAG> NOTE: The SD Domain Adminstrator should be the [Root] administrator of the tree with Read and Write rights to [All Attributes Rights] and at least Browse, Create and Delete [Entry Rights] to the W0.KAP.Security object. ISSUE: SDIDiag 2.1 Usage Examples USAGE: SDIDIAG> COMMANDS: SDIDIAG>EXIT SDIDIAG>QUIT SDIDIAG>CHECK - verify that that all Security Domain Servers have a consistent key set; otherwise, display any recommendations to correct problems. SDIDIAG>CHECK -n - Check all servers holding a writeable replica of the specified eDirectory partition. SDIDIAG>RESYNC -T -n - Resynchronize all servers holding a writeable replica of the specified eDirectory partition with the Security Domain, see below for an example. SAMPLE SWITCHES: -n Specifies with a fully qualified dot delimited distinguished name of the container that the command will reference. NOTE: the tree name must be included. Example: SDIDIAG>CHECK -A -n .ORG.NOVELL.ACME-TREE. > SYS:\CHECK.TXT -v Output to console. > Redirect output to >> Append output to -A To access servers running versions of eDirectory or NICI other than eDirectory 8.7.1 or NICI 2.6.0 EXAMPLE: Run CHECK to verify that that all Security Domain Servers have a consistent key set; otherwise, display any recommendations to correct problems. NOTE: It is recommended to direct the output to a file otherwise the information will scroll off the screen. SDIDIAG>CHECK -A > SYS:\CHECK.TXT COPY OF OUTPUT FROM SYS:\CHECK.TXT >>>>>SDIDIAG Begin: Fri Aug 15 15:51:07 2003 SDIDIAG>CHECK -A > SYS:\CHECK.TXT *** [Key Consistency Check - BEGIN] *** [Checking SDI Domain] SDI Check Domain Configuration... SDI Domain Key Server .SERVERA.NOVELL.ACME-TREE. - Configuration is good. *** SDI Check Domain Configuration is [GOOD] SDI Check Domain Keys... SDI Domain Key Server .SERVERA.NOVELL.ACME-TREE. - Keys are good. *** SDI Check Domain Keys are [GOOD] [Checking SDI Domain: GOOD] *** No Problems Found *** *** [Key Consistency Check - END] *** NOTE: SDIDIAG.EXE may also be used to administer eDirectory servers running on Windows. Self-Extracting File Name: sdidiag21.exe Files Included Size Date Time ..\ SDIDIAG21.TXT (This file) SDIDIAG.EXE 385024 6-26-2003 4:11:31 pm SDIDIAG.NLM 159134 6-26-2003 4:11:37 pm ----------------------------------------------------------------- Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information. -----------------------------------------------------------------