NWBIND ------ The Bindery Conversion Utility (BINDCONV.EXE) copies user accounts from a NetWare server's bindery to a LAN Manager server's user account database, preserving as much of the original account information as possible. All users and groups from the NetWare bindery are added to the LAN Manager user account database (except duplicates of accounts already in the LAN Manager database). There is no limit on the number of users or groups that can be converted from the NetWare bindery, up to the maximum of 16,000 users in a LAN Manager user account database. The next section of this file describes the syntax of the BINDCONV utility. The following section describes each option available with the BINDCONV utility, and the final sections describe how BINDCONV copies or generates each component of a user account, explain how groups and security equivalences are handled, and give an example of output from BINDCONV. INSTALLING BINDCONV To install BINDCONV, copy BINDCONV.EXE and BINDCONV.MSG to the LANMAN\NETPROG directory of a workstation that runs LAN Manager and NetWare Connectivity. You can run BINDCONV only on a workstation with LAN Manager and NetWare Connectivity. SYNTAX The format for the BINDCONV command is as follows: BINDCONV source destination [options] where: source is the NetWare server from which the user accounts are to be copied. You must first attach to this server with the NetWare ATTACH command before running BINDCONV. destination is the LAN Manager server or domain to which you want to copy the accounts. If you want to copy the accounts to a single server, precede the server name with two backslashes (\\). To copy the accounts to a domain, specify the domain name as the destination, with no backslashes. In this case, the accounts will be copied to that domain's primary domain controller. [options] are the options discussed in the rest of this section. You can use these options in any combination, as shown in the following examples. You are not required to specify any options; for any options you don't specify, the default value will be assumed. SYNTAX EXAMPLES The first example runs BINDCONV to copy accounts from the NetWare server named NETWARE1 to the LAN Manager server named LANMAN1, using the default values for all options: BINDCONV NETWARE1 \\LANMAN1 The next example copies the accounts to the LAN Manager domain DOMAIN1, sets the comments of each account created on the LAN Manager server to "Copied from NetWare1", and specifies that the new accounts have no password: BINDCONV NETWARE1 DOMAIN1 /C "Copied from NetWare1" /P N The next example produces a report of how user accounts would be copied from NETWARE1 to LANMAN1, but does not actually copy any accounts: BINDCONV NETWARE1 \\LANMAN1 /Test OPTIONS The following options are available with BINDCONV. [/Test] When you specify this option, BINDCONV does not actually copy any accounts to the LAN Manager server, but instead generates a detailed report showing what user accounts and groups will be created on the LAN Manager server if you run BINDCONV in non-test mode. [/C N|A|'text'] Determines the account comments for user accounts created on the LAN Manager server. N (the default) sets no comments, A sets every user's comment to be "Transferred account from NetWare server", and 'text' sets the text you type between the single quote marks as the comment of each account. [/CC 0|n] Sets the country code for each user account created on the LAN Manager server. n can be any number. The default is 0. [/CP 0|n] Sets the code page for each user account created on the LAN Manager server. n can be any number. The default is 0. [/D O|U|P] Determines how BINDCONV acts when it finds that a user account or group on the NetWare server has the same name as a user or group already on the LAN Manager server. O (the default) overwrites the LAN Manager account or group, replacing all of its information with the information from the NetWare server. U updates the account, meaning that only certain aspects of the user account or group are changed, as explained in the following paragraphs. P preserves the user or group already on the LAN Manager server, discarding the information from the NetWare account. With the U option, only the following changes are made to a duplicate user account on the LAN Manager server: - If the LAN Manager account has no logon script and the value of the /S option is not N, create a logon script. - If the LAN Manager account has no home directory and the /HD option was specified, create a home directory. - If the account expiration date in the NetWare account is farther in the future than the expiration date in the LAN Manager account, set the expiration date to the NetWare date. - Set the allowed logon hours in the LAN Manager account to all hours that are allowed in either the NetWare account or the LAN Manager account. - If the maximum disk storage amount in the NetWare account is larger than the amount in the LAN Manager account, set the storage amount to the NetWare amount. Also with the U option, if BINDCONV finds that a group on the NetWare server has user(s) that aren't members of the group on the LAN Manager server, it adds those members to the group on the LAN Manager server. [/P P|N|U|R] Determines what password is given to accounts created on the LAN Manager server. The passwords in the NetWare accounts are encrypted and BINDCONV cannot read them or copy them to the LAN Manager account. P (the default) sets the password of every user created to the word "PASSWORD". N specifies that accounts have no password. U sets the password of each account to that account's username. R generates a random password for each account, and also creates a file called RANDPASS.FIL in the current directory on the workstation from which you run BINDCONV. RANDPASS.FIL contains the randomly-generated passwords for each account, and you can use this file to find the password assigned to each user. Be sure to delete RANDPASS.FIL as soon as all users know their passwords; when deleting the file, you may want to use a utility that deletes all the file's data, such as Norton's Wipefile utility. If you specify the U option, and some users have usernames shorter than the minimum password length allowed on the LAN Manager server, their passwords will be padded with zeros until they are the minimum length. For example, if the server has a minimum password length of 6, the user JOEB would have a password of JOEB00. Passwords are also padded with zeros if you specify P for /P and the minimum password length is greater than 8 (for example), PASSWORD00 if the minimum length is 10. [/S N|B|C|BC] Determines how login scripts are converted. N (the default) causes the NetWare login script to be discarded, and no logon script to be created on the LAN Manager server. B causes the NetWare scripts to be converted to .BAT files, C causes the NetWare scripts to be converted to .CMD files, and BC causes both .BAT and .CMD files to be created for each user. For more information on how Logon scripts are converted, see "How Account Information is Converted," later in this file. [/HD] Creates home directories for each user account created on the LAN Manager server. [/Help or /?] Causes a syntax help message to be displayed. How Account Information is Converted The following list shows each component of a LAN Manager user account and how it is converted or generated when a user account is created on the LAN Manager server to correspond to an account on the NetWare server. Under the "How converted or generated" column, "Converted" means that the value of that component is copied from the NetWare account to the new LAN Manager account. Following this list is a discussion of how NetWare groups and security equivalences are handled. Account component How converted or generated ----------------------------------------------------------------- Username Converted. (However, accounts with NetWare usernames of more than 20 characters are not converted. Password Passwords in NetWare accounts are encrypted and cannot be read. However a new password can be generated for each account. For more information on what the password is, see the /P option under "Options," earlier in this file. Full name Converted Comment See the /C option under "Options," earlier in this file. Country Code See the /CC option under "Options," earlier in this file. Privilege Level If the user's NetWare account has security equivalence to SUPERVISOR, then set the privilege level to ADMIN. Otherwise, set privilege level to USER. Operator Privileges The user is given no operator privileges. Group memberships Converted Expiration date Converted Valid workstations The user is allowed to use all workstations. Logon hours Converted Logon server Set to "Any server" Logon script The NetWare logon script is either discarded or converted, depending on the value of the /S option. If scripts are converted, they are converted to .BAT files, .CMD files, or both, depending on the value of /S. If you choose to convert logon scripts, BINDCONV generates a script for each user. The script contains the commands from the user's NetWare logon script, except that each command is commented out (preceded by REM). This way, you can see the commands from the NetWare script while you edit the LAN Manager script. Converted logon scripts are stored in the LAN Manager server's NETLOGON directory. The filename of each script is the username of the script's user, plus either the .BAT or .CMD extension. Home directory If the /HD option is specified, a home directory (with the same name as the username) is created for the user. If a directory of this name already exists, it is not created and an error message is shown. If /HD is not specified, no home directories are created. Maximum disk storage Converted Account disabled? Converted Password required? If the minimum password length of the user's NetWare account is 0, the user's LAN Manager account is set so that the user is not required to have a password. If the NetWare minimum password length is anything but 0, the user's LAN Manager account is required to have a password. Can user change Converted password? Groups All groups with names of 20 or fewer characters are converted. Their memberships will be the same on the LAN Manager server as on the NetWare server. Security Equivalences All users on the NetWare server who have security equivalence to SUPERVISOR are given ADMIN privilege on the LAN Manager server. Any user who has security equivalence to a group on the NetWare server is made a member of that group on the LAN Manager server. Security equivalences to individual users are handled this way: when BINDCONV determines that one or more users have security equivalence to another user, a group is created, and these users are placed in that group. For example, suppose that users A and B have security equivalence to user C. On the LAN Manager server, a group name USER_C is created, and users A and B are placed into this group. Note that in the messages that BINDCONV displays, when groups in the LAN Manager database created for security equivalence are referred to, the "USER_" portion of the group name is omitted. For example, when the output of BINDCONV mentions the group "USER_C," it is referred to only as "C". EXAMPLE OUTPUT The rest of this document is the actual output from running BINDCONV to convert user accounts from the NetWare server NETWARE1 to the LAN Manager server LANMAN1. Microsoft LAN Manager 2.1 NetWare (TM) Bindery Conversion Utility. Copyright (C) 1991, Microsoft Corp. Account information from the NetWare server NETWARE1 is being transferred to the LAN Manager server \\LANMAN1. Reading user information from NETWARE1. .. Reading group information from NETWARE1. .. Reading security equivalence information from NETWARE1. .. No new groups are created. The following groups are updated: EVERYONE NETSYS_MGRS NETSYS_USERS TESTGRP1 TESTGRP2 Following groups are not transferred since a user with same name exists on the NetWare server NETWARE1: NEWGRP NEWGRP1 No new security equivalence groups are created. The following security equivalence groups are updated: ALEXSM CAROLRA NEWGRP TERRYN The following new users are created: NEWGRP1 The following users are updated: ANNAKN CHRISD EDWARDS GUEST NEWGRP SUPERVISOR TERRYN The following users are not transferred since their names are longer than 20 characters: A01234567890123456789 B0123456768988425843765873757345349548 The following users are not transferred since they already exist as a group on the LAN Manager server \\LANMAN1: A1USER_DEST1 B1USER_DEST1 Bindery conversion was completed successfully.