GroupWise Import Utility 1.62 ============================= Last Update: 11/20/2008 1. Introduction GroupWise Import Utility (GWIU) is a utility that provides for the automated creation of user accounts in Novell's GroupWise and (optionally) eDirectory. It reads in a comma-separated variable (CSV) file and imports the accounts into the system. It can create both the GroupWise account and regular user account, the GroupWise account and an external entity object in eDirectory, or just the GroupWise account. This version is mostly a complete rewrite of the original GWIU released in 1998. The original was written in Visual Basic 5.0. This version has been written in Visual Basic .Net. However, the GroupWise administrative APIs are still COM objects, so the core functionality and how it gets the job done is pretty much the same. Because of this, GWIU should work with any GroupWise versions from 5.5 through 8.0. 2. Whats New The following are new features since version 1.50: - Added support for LDAP Authentcation field (GroupWise 7.0.1+ only) - Added support for Mail Box Expiration Date - Updated import routine to support quotes around data fields - Tested with GroupWise 8.0 The following are new features since version 1.30: - Import file must now contain a header line indicating the fields and field order in the file. This allows for some flexibility in the format and type of data imported. - Additional fields can now be imported including Title, Fax Number, FID, and Preferred EMail ID (GroupWise 7.0.1+ only). - Main program window is now re-sizable to allow seeing wider data lines. - Improved error handling. 3. Requirements Since this tool is written in Visual Basic .NET, the .Net Framework version 2.0 is REQUIRED. This can be obtained from Microsoft (www.microsoft.com). In addition, the following are also required: - Novell Client for Windows - GroupWise Client for Windows GWIU should work with any GroupWise system back to at least version 5.5 EP and just about any eDirectory version back to the original eDirectory 85. The latest version of GWIU has been primarily tested in a GroupWise 8.0 environment with eDirectory 8.8. Feedback on how it performs with older versions of GroupWise and eDirectory is welcome (see contact information below). In addition to the above software requirements, the user running the tool must have FULL file rights to the domain directory (changes are written to WPDOMAIN.DB and administrative messages are written into WCPSIN\2) and proper administrative rights in eDirectory to create accounts. 4. Installation Simply unzip the archive into a directory. The Interop DLL must be in the same directory as the executable. 5. Import File The import file must be in a CSV format and must have the field order on the FIRST line of the file. Valid fields are: Surname* GivenName NetID* Domain* PO* AccountID* Department Visibility Password PhoneNumber FaxNumber FID PrefEmailID LDAPAuthentication MailboxExpDate The fields must be spelled as listed above, however, case does not matter. They may be listed in any order and must be separated by commas. The fields with an * next to them are REQUIRED fields (do not include the * in the field name. Individual fields may be left blank if there is no data for that particular attribute. Each line must end with a CR/LF. Visibility must be one of the following: System, Domain, PostOffice, or None. NetID is the user's distinguished name (DN) in eDirectory (full context, dotted notation). FID should be used with CAUTION. Typically, the GroupWise system assigns the File ID (FID). However, there can be disaster recovery scenarios where importing the FID is useful. Use it with caution. The import will fail if there is a duplicate FID in the Post Office in which the import is taking place (FIDs are unique PO-wide, not system-wide). PrefEmailID allows overriding of the user's system generated Internet Email Address. This is a newer feature in the API and is only available in GroupWise 7.0.1 and later. LDAPAuthentication allows for setting of the LDAP credentials used for each user upon login. This is particualrily useful when GroupWise Post Offices are set to do LDAP authentication against a different directory from the one in which the GroupWise system resides (such as doing authentication against Microsoft Active Directory). This is a newer feature in the API and is only available in GroupWise 7.0.1 and later. When setting the LDAPAuthentication field, two different formats for the data can be used for Active Directory based authentication, either: user@myaddomain.domain.com or cn=user,ou=myou,dc=myaddomain,dc=domain,dc=com Either of those formats should work. When using the later format, be sure to enclose the value in quotes in the import file. The password field is the GroupWise password. GWIU currently does NOT set the NDS/eDirectory password (see section below on passwords). Mailbox expiraiton date must be in the format YYYYMMDDhhmm and is set in local time. The valid range for the expiration date is midnight, January 1, 1970 through 11:59, December 31st, 2037. An example data file: Surname,GivenName,NetID,Domain,PO,AccountID,Department,Visibility,LDAPAuthentication,MailboxExpDate Doe,John,JDOE.OU.O,MyDomain,MyPO,JDOE,Accounting,System,"cn=jdoe,ou=o,o=o",200901201315 Doe,Jane,JDOE1.OU.O,MyDomain,MyPO,JDOE1,Accounting,System,"cn=jdoe1,ou=o,o=o",200903150800 6. The User Interface Most of the interface is self-explanatory, however, a few options are worth noting: - Unique ID Selecting this check box will cause GWIU to do a check across the ENTIRE system to ensure that the user being imported has a unique ID. If it is not, it will NOT be imported. This is helpful for systems that use the GroupWise object ID for Internet mail. - Unique First & Last Name Selecting this check box will cause GWIU to do a check across the ENTIRE system to ensure that the user being imported has a unique First Name and Last Name combination. This is useful if the system is utilizing one of the First/Last name combinations for Internet email addresses. If a duplicate is found, the account will NOT be created. - Ignore Errors Selecting this check box will tell GWIU not to stop if an error is encountered. Instead, GWIU will continue on with the next record in the file. - Log Errors Selecting this check box will cause GWIU to log all errors into a text file, specified in the "Error Log File" box. All settings are stored in the Windows registry so that they will be remembered the next time GWIU is run. 7. Operation Prior to launching GWIU, the workstation should be logged into eDirectory with a drive mapped to a GroupWise domain directory. GWIU must have access to WPDOMAIN.DB and WPCSIN/2 in order to function. Once an import file has been successfully loaded, the "Import" button can be selected to begin the import. A status dialog will appear showing the current operation and any errors that have been encountered. 8. A Word About Passwords For many versions now, GroupWise has had the ability to utilize passwords in eDirectory for account authentication. This is the preferred configuration, as the eDirectory password supports many features which the GroupWise native password does not, such as forced expiration, password history, and complex password rules. GroupWise post offices accomplish this by communicating with eDirectory over LDAP. GWIU will import GroupWise passwords should you choose to continue to use them. However, it will not set eDirectory passwords. This feature may be added in a future version of GWIU. One way to preset passwords for accounts in eDirectory is via LDIF (LDAP Data Interchange Format). A full discussion of LDIF is beyond the scope of this document. Novell includes a tool with eDirectory called ICE (Import/Convert/Export) that can read LDIF files. A sample LDIF entry to set passwords would look something like this: dn: cn=user1,ou=users,o=organization changetype: modify replace: userPassword userPassword: passwordGoesHere The ICE tool would then be used to import the file (ICE can be accessed at the command line or via a GUI through ConsoleOne). 8. Contact Information Should you have any questions/comments/feedback about GWIU, please direct them to me via email: matt@weisberg.net Weisberg Consulting, Inc. www.weisberg.net 248-685-1970