                            PALINDROME DSARC/DSREST

DISCLAIMER 
==========
DSARC and DSREST are BETA software utilites provided free of charge by 
Palindrome Corporation. Palindrome assumes no liability for any 
complications resulting from the use of these utilities. 
Palindrome will update these files on its bulletin board system.  Please
contact Palindrome Technical Support for details on downloading later 
versions of the programs.

INTRODUCTION
============
DSARC and DSREST are a pair of software utility programs developed by
Palindrome Corporation to protect NetWare Directory Service installations.
They use Novell's Storage Management Services to backup (DSARC) and restore 
(DSREST) the objects in the Directory Services database.  These programs are 
only intended for use in the protection of Directory Services databases,
not for cloning, copying or other purposes.


The utilities provided by Novell to restore a partition from a
replica are the recommended way to restore Directory Services
information.  Please note that DSARC/DSREST cannot save or restore
Directory Services partition information.

DSARC scans the Directory Services database, backing it up to a
file.  DSREST will read a file produced by DSARC and restore the
information to the Directory Services database.  The file that is
produced by DSARC can then be backed up by Palindrome Network
Archivist or Palindrome Backup Director.

These utilities can be run interactively or in batch mode using
command line parameters that are described below.

INSTALLING DSARC/DSREST (DOS VERSION)
=====================================
Installing DSARC/DSREST requires only a few steps.
    
    1.  Copy DSARC.EXE and DSREST.EXE to a local drive.

    2.  Load the SMS server software: SMDR.NLM and TSA_NDS.NLM on a
        NetWare 4.0 server that is part of the Directory Services
        Network you wish to protect.

        Use the following commands at the server console:

                LOAD SMDR
                LOAD TSA_NDS

        These commands can be added to the AUTOEXEC.NCF file using
        the NetWare INSTALL utility.  Both SMDR.NLM and TSA_NDS.NLM
        ship with NetWare 4.0.  They should be version 4.00 or later.

    3.  DSARC and DSREST can now be executed by typing either "DSARC"
        or "DSREST" at the DOS command prompt.  See "USING DSARC" and
        "USING DSREST" for more specific information on how to use
        these utilities.

INSTALLING DSARC/DSREST (NLM VERSION)
=====================================
   
    1.  Choose a NetWare 4.0 server that is part of the Directory
        Services Network you wish to protect as the server to install
        upon.

    2.  Copy DSARC.NLM and DSREST.NLM to the SYS:SYSTEM directory of
        that server.

    3.  Load the SMS server software: SMDR.NLM and TSA_NDS.NLM.
        Use the following commands at the server console:

                LOAD SMDR
                LOAD TSA_NDS

        These commands can be added to the AUTOEXEC.NCF file using
        the NetWare INSTALL utility.  Both SMDR.NLM and TSA_NDS.NLM
        ship with NetWare 4.0.  They should be version 4.00 or later.

    4.  DSARC and DSREST can now be loaded by typing either "LOAD
        DSARC" or "LOAD DSREST" at the server console.  See "USING
        DSARC" and "USING DSREST" for more specific information on
        how to use these utilities.

    5.  DSARC and DSREST also require the use of CLIB.NLM and
        MATHLIB.NLM.  These NLMs will automatically be loaded when
        DSARC.NLM and DSREST.NLM are loaded, if they are not already
        loaded on the server.

USING DSARC
===========
DSARC may be used interactively or in "batch" mode using command
line parameters.  DSARC is used to backup the Directory Services
database to a file. 

Interactive Use
---------------
    1.  Type "DSARC" at the DOS command prompt.
        ("LOAD DSARC" at the server console for the NLM version.)

    2.  DSARC will display version and copyright information followed
        by the message "Scanning for TSAs...".

    3.  If only one Directory Services TSA is found, then that TSA
        will used by DSARC.  If more than one TSA is found, a menu
        will be displayed listing the TSAs available.  For example:

                0.  QUIT
                1.  SERVER1.Netware 4.0 Directory
                2.  SERVER2.Netware 4.0 Directory

                    Your choice:  

        At the prompt enter your choice.  For example, to select
        SERVER2 type "2" and press enter.  Choose a server which is
        part of the Directory Services Network you wish to backup.

    4.  DSARC will display the message "Checking for Target
        Services...", followed by prompts to enter the user name
        and password.

                Checking for Target Services...
                Enter the user name: Admin
                Enter the password:

        This should be a valid Directory Services user object,
        preferably Admin or Admin equivalent.  Note that the TSA will
        use the server's default directory context.  For example if
        the server's default context is ".OU=PD.O=Palindrome", then
        specifying Admin at the user name prompt is equivalent to
        specifying "CN=Admin.OU=PD.O=Palindrome".
        
        You may specify a full directory services path at the user name 
        prompt, such as "CN=Admin.O=Palindrome".  To check the server's
        default context type "SET BINDERY CONTEXT" at the server console
        prompt.  Refer to the NetWare 4.0 documentation for more
        information about Directory Services naming.

    5.  DSARC will now scan the complete Directory Services database,
        displaying each object as it is written to the backup file.
        When DSARC has finished it will display the message
        "Directory Services backup completed.", followed by the
        message "The data was written to SERVER2/SYS:DS_ARC.DAT".
        By default the output file DS_ARC.DAT will be written to the
        current directory (the NLM version will write DS_ARC.DAT to
        the root directory of the SYS: volume).

Command Line Parameters
-----------------------
Command line parameters enable DSARC to be run non-interactively.
Command line parameters allow the specification of the output file,
user, password, TSA server, and the resource to be archived.  All
parameters can be specified as /A, /a, -A or -a.

        /Fpath          Specify the name and path of the output file.

                Examples:  /FSYS:PNASDG\DS_ARC0.DAT
                           -fVOL1:DSARCH\DS_ARC.DAT
                           /ftext.out

        /H              Display the DSARC quick help text.

        /Ppassword      Specify the user password to be used.

                This parameter is not recommended, because
                typing passwords on the command line or in batch
                files is a potential security breach.

                Examples:  /PSECRET

        /Rresource      Specify the resource to be archived.

                By default DSARC archives the resource "Full
                Directory Backup".  Specifying /R without a
                resource will cause DSARC to display a menu
                listing the choices available.  It is recommended
                that "Full Directory Backup" be backed up and
                this parameter not be used.

                Examples:  "/RFull Directory Backup"
                           /R.O=Palindrome
                           /R

                Note:  All arguments containing spaces, such as
                "Full Directory Backup" must be quoted.

        /Sserver        Specify the TSA server to be used.

                The interactive scenario above showed a case where
                more than one TSA was found.  This parameter allows
                one TSA to be specified, by server name, to be used
                to archive directory services.

                Examples:  /SSERVER1
                           -sSERVER2

        /Uuser          Specify the username to be used.

                Using this parameter avoids the interactive prompt
                for the user name required for authentication.

                Examples:  /UAdmin
                           /U.CN=Admin.O=Palindrome
                           /u.admin.palindrome
                           /ujsmith
                           -U.CN=WCoyote.O=Acme

USING DSREST
============
DSREST may be used interactively, or in "batch" mode using command
line parameters.  DSREST is used to restore a Directory Services
database from a file previously created by DSARC.

Interactive Use
---------------
    1.  Type "DSREST" at the DOS command prompt.
        ("LOAD DSREST" at the server console if using the NLM
        version.)

    2.  DSREST will display version and copyright information followed
        by the message "Restoring to SERVER2.Netware 4.0 Directory
        NDSTS Full Directory Backup".  This information is obtained
        from the input file, which by default is a file named
        DS_ARC.DAT in the local directory.  (When running the NLM
        the default file is SYS:\DS_ARC.DAT on the local server.)

    3.  DSREST will now prompt for a user name and password.

                Enter the user name: Admin
                Enter the password:


        This should be a valid Directory Services user object,
        preferably Admin or Admin equivalent.  Note that the TSA will
        use the server's default directory context.  See "USING
        DSARC", or the NetWare 4.0 documentation for more
        information.

    4.  DSREST will now attempt to restore the objects that were
        backed up.  By default, DSREST will not overwrite an object
        that exists.  Each object's name will be displayed.

                Restoring .[Root]
                        Data Set will not be overwritten.
                Restoring .O=Acme.[Root]
                Restoring .CN=WCoyote.O=Acme.[Root]

Restoring Directory Services
----------------------------
If an accident occurs that destroys all of your Directory
Services Database the following procedure should restore
your database.

    1.  Reinstall Directory Services on your server, recreating the
        organization context and ADMIN user.  For more information on
        doing this see the NetWare documentation.

        For Directory Services installations involving multiple
        servers and partitions, all servers should be added to
        the network, and partitions should be recreated.

    2.  Enter the command "DSREST /O".  If your Directory
        Services archive file is not in the local directory and
        called DS_ARC.DAT (SYS:DS_ARC.DAT for the NLM), then
        specify the file using the /F command line switch.

    3.  DSREST will now prompt for a user name and password.

                Enter the user name: Admin
                Enter the password:


        ADMIN must be used as the user name as ADMIN is currently the
        only user object.  Depending on how the bindery context is
        currently set by the server is may be necessary to specify
        the full path of ADMIN, e.g ".CN=ADMIN.O=Palindrome"

    4.  DSREST will now restore the objects that were backed up.
        Each object's name will be displayed.

                Restoring .[Root]
                Restoring .O=Acme.[Root]
                Restoring .CN=WCoyote.O=Acme.[Root]

Command Line Parameters
-----------------------    
The command line parameters enable DSREST to be run non-
interactively.  Command line parameters allow specification of the
input file, user, password, and overwrite mode.  All parameters can
be specified as /A, /a, -A or -a.

        /Fpath          Specify the name and path of the input file.

                Examples:  /FSYS:PNASDG\DS_ARC0.DAT
                           -fVOL1:DSARCH\DS_ARC.DAT
                           /ftext.out

        /H              Display the DSARC quick help text.

        /O              Overwrite mode.

                This allows data sets in the Directory Services
                database to be overwritten by DSREST.  This parameter
                may be needed to properly restore a complete 
                Directory Services database.

        /Ppassword      Specify the user password to be used.

                This parameter is not recommended, because
                typing passwords on the command line or in
                batch files is a potential security breach.

                Examples:  /PSECRET

        /Sserver        Specify the TSA server to be used.

                Normally the restore operation will only restore
                Directory Services via the server used when the
                archive file was created.  If the server name
                has changed, or Directory Services must be restored
                using another server, use the /S parameter to
                override the server name stored in the archive file.

                Examples:  /SServer2

        /Uuser          Specify the username to be used.

                Using this parameter avoids the interactive prompt
                for the user name required for authentication.

                Examples:  /UAdmin
                           /U.CN=Admin.O=Palindrome
                           /u.admin.palindrome
                           /ujsmith
                           -U.CN=WCoyote.O=Acme

DSARC/DSREST TROUBLESHOOTING GUIDE
==================================

Symptom:  DSARC/DSREST will not load.  The message "Loader cannot find public
          symbol NWSMTS..." is displayed.

Problem:  SMDR.NLM is not loaded.

Solution:  Load SMDR.NLM.  Add the command "Load SMDR" to your
           AUTOEXEC.NCF file.


Symptom:  DSARC says "No TSAs were found"

Problem:  The TSA specified on the command line using the /S
          parameter is not loaded, or no Directory Services TSA
          has been loaded.

Solution:  Load TSA_NDS.NLM on this server or the server specified by
           the /S parameter.  Add the command "Load TSA_NDS" to the
           AUTOEXEC.NCF file.


Symptom:  DSREST displays the message "Could not connect to TSA
          SERVER2.Netware 4.0 Directory".

Problem:  The TSA used to archive Directory Services is not loaded.

Solution:  Load TSA_NDS.NLM on the specified server (SERVER2).  Add
           the command "Load TSA_NDS" to your AUTOEXEC.NCF file.
           If that server is no longer available, load TSA_NDS on
           another server that is part of the Directory Services
           network, and specify that server on the command line using
           the /S parameter.


Symptom:  DSARC/DSREST display the message "Cannot connect to Target
          Service - Login Denied".

Problem:  An incorrect user name or password has been specified.
          The user name must be a valid Directory Services user
          object; also remember that the TSA will use the server's
          "Bindery Context".  The bindery context can be checked
          by typing "SET BINDERY CONTEXT" at the server console
          where the Directory Services TSA is loaded.

Solution:  Check the user name and password, and correct them.
           Try using a full directory path to specify the user.
           For example, use ".CN=Admin.O=Palindrome", rather than
           "Admin".


Symptom:  DSREST displays the message "File not found: SYS:DS_ARC.DAT".

Problem:  The file specified does not exist.

Solution:  Check the name of the file specified.  If a file was not
           specified using the /F command line switch, use the /F
           parameter to specify a file.


Symptom:  During a restore operation, DSREST displays the message
          "Data Set will not be overwritten.

Problem:  By default, DSREST will not overwrite an object that exists
          in the Directory Services Database.

Solution:  If you wish to overwrite those objects that already exist,
           use the /O command line switch to allow overwriting.


Symptom:  DSREST does not restore all objects in Directory Services.

Problem:  When doing a full restore of the directory services
          database all objects must be overwritten in order
          to ensure all can be restored.

Solution:  Repeat the restore operation using the /O parameter.
