GroupWise Import Utility 1.62
=============================
Last Update: 11/20/2008

1. Introduction

GroupWise Import Utility (GWIU) is a utility that provides for the 
automated creation of user accounts in Novell's GroupWise and 
(optionally) eDirectory. It reads in a comma-separated variable (CSV) 
file and imports the accounts into the system.  It can create both the 
GroupWise account and regular user account, the GroupWise account and 
an external entity object in eDirectory, or just the GroupWise account.  

This version is mostly a complete rewrite of the original GWIU released 
in 1998. The original was written in Visual Basic 5.0.  This version has 
been written in Visual Basic .Net.  However, the GroupWise administrative 
APIs are still COM objects, so the core functionality and how it gets the 
job done is pretty much the same.  Because of this, GWIU should work with
any GroupWise versions from 5.5 through 8.0.  

2. Whats New

The following are new features since version 1.50:

- Added support for LDAP Authentcation field (GroupWise 7.0.1+ only)
- Added support for Mail Box Expiration Date
- Updated import routine to support quotes around data fields
- Tested with GroupWise 8.0

The following are new features since version 1.30:

-	Import file must now contain a header line indicating the fields and
	field order in the file.  This allows for some flexibility in the 
	format and type of data imported.
-	Additional fields can now be imported including Title, Fax Number,
	FID, and Preferred EMail ID (GroupWise 7.0.1+ only).
-	Main program window is now re-sizable to allow seeing wider 
	data lines.
-	Improved error handling.
 
3. Requirements

Since this tool is written in Visual Basic .NET, the .Net Framework 
version 2.0 is REQUIRED. This can be obtained from Microsoft 
(www.microsoft.com). In addition, the following are also required:

     - Novell Client for Windows
     - GroupWise Client for Windows
       
GWIU should work with any GroupWise system back to at least version 5.5 
EP and just about any eDirectory version back to the original eDirectory 85.
The latest version of GWIU has been primarily tested in a GroupWise 8.0
environment with eDirectory 8.8.  Feedback on how it performs with
older versions of GroupWise and eDirectory is welcome (see contact 
information below).

In addition to the above software requirements, the user running the tool must 
have FULL file rights to the domain directory (changes are written to WPDOMAIN.DB
and administrative messages are written into WCPSIN\2) and proper administrative 
rights in eDirectory to create accounts.

4. Installation

Simply unzip the archive into a directory.  The Interop DLL must be in the same 
directory as the executable.

5. Import File

The import file must be in a CSV format and must have the field order on the 
FIRST line of the file.  Valid fields are:

Surname*
GivenName
NetID*
Domain*
PO*
AccountID*
Department
Visibility
Password
PhoneNumber
FaxNumber
FID
PrefEmailID
LDAPAuthentication
MailboxExpDate

The fields must be spelled as listed above, however, case does not matter.  
They may be listed in any order and must be separated by commas. The fields 
with an * next to them are REQUIRED fields (do not include the * in the
field name.
   
Individual fields may be left blank if there is no data for that particular 
attribute. Each line must end with a CR/LF.

Visibility must be one of the following:  System, Domain, PostOffice, or None.

NetID is the user's distinguished name (DN) in eDirectory (full context, 
dotted notation).

FID should be used with CAUTION.  Typically, the GroupWise system assigns
the File ID (FID).  However, there can be disaster recovery scenarios 
where importing the FID is useful.  Use it with caution.  The import will
fail if there is a duplicate FID in the Post Office in which the import
is taking place (FIDs are unique PO-wide, not system-wide).

PrefEmailID allows overriding of the user's system generated Internet Email 
Address.  This is a newer feature in the API and is only available in GroupWise 
7.0.1 and later.

LDAPAuthentication allows for setting of the LDAP credentials used for
each user upon login.  This is particualrily useful when GroupWise Post Offices
are set to do LDAP authentication against a different directory from the one
in which the GroupWise system resides (such as doing authentication against 
Microsoft Active Directory). This is a newer feature in the API and is only 
available in GroupWise 7.0.1 and later.

When setting the LDAPAuthentication field, two different formats for the data
can be used for Active Directory based authentication, either:

  user@myaddomain.domain.com

or

  cn=user,ou=myou,dc=myaddomain,dc=domain,dc=com

Either of those formats should work.  When using the later format, be sure to 
enclose the value in quotes in the import file.

The password field is the GroupWise password.  GWIU currently does NOT set the 
NDS/eDirectory password (see section below on passwords).

Mailbox expiraiton date must be in the format YYYYMMDDhhmm and is set in local
time.  The valid range for the expiration date is midnight, January 1, 1970 through
11:59, December 31st, 2037.

An example data file:

Surname,GivenName,NetID,Domain,PO,AccountID,Department,Visibility,LDAPAuthentication,MailboxExpDate
Doe,John,JDOE.OU.O,MyDomain,MyPO,JDOE,Accounting,System,"cn=jdoe,ou=o,o=o",200901201315
Doe,Jane,JDOE1.OU.O,MyDomain,MyPO,JDOE1,Accounting,System,"cn=jdoe1,ou=o,o=o",200903150800

     
6. The User Interface

Most of the interface is self-explanatory, however, a few options are worth
noting:  

  - Unique ID
    
    Selecting this check box will cause GWIU to do a check across the ENTIRE 
    system to ensure that the user being imported has a unique ID.  If it is 
    not, it will NOT be imported.  This is helpful for systems that use the 
    GroupWise object ID for Internet mail.
    
  - Unique First & Last Name
    
    Selecting this check box will cause GWIU to do a check across the ENTIRE 
    system to ensure that the user being imported has a unique First Name and 
    Last Name combination. This is useful if the system is utilizing one of the 
    First/Last name combinations for Internet email addresses.  If a duplicate 
    is found, the account will NOT be created.
    
  - Ignore Errors
   
    Selecting this check box will tell GWIU not to stop if an error is 
    encountered. Instead, GWIU will continue on with the next record in the 
    file. 
    
  - Log Errors
  
    Selecting this check box will cause GWIU to log all errors into a text 
    file, specified in the "Error Log File" box.
    
All settings are stored in the Windows registry so that they will be remembered 
the next time GWIU is run.

7. Operation

Prior to launching GWIU, the workstation should be logged into eDirectory with 
a drive mapped to a GroupWise domain directory.  GWIU must have access to 
WPDOMAIN.DB and WPCSIN/2 in order to function.

Once an import file has been successfully loaded, the "Import" button can be 
selected to begin the import.  A status dialog will appear showing the current 
operation and any errors that have been encountered.

8. A Word About Passwords

For many versions now, GroupWise has had the ability to utilize passwords in 
eDirectory for account authentication.  This is the preferred configuration, as 
the eDirectory password supports many features which the GroupWise native 
password does not, such as forced expiration, password history, and complex 
password rules.  GroupWise post offices accomplish this by communicating with 
eDirectory over LDAP.  

GWIU will import GroupWise passwords should you choose to continue to use them. 
However, it will not set eDirectory passwords.  This feature may be added in a 
future version of GWIU.

One way to preset passwords for accounts in eDirectory is via LDIF (LDAP Data 
Interchange Format). A full discussion of LDIF is beyond the scope of this 
document.  Novell includes a tool with eDirectory called ICE 
(Import/Convert/Export) that can read LDIF files.  A sample LDIF entry to set 
passwords would look something like this:

  dn: cn=user1,ou=users,o=organization
  changetype: modify
  replace: userPassword
  userPassword: passwordGoesHere

The ICE tool would then be used to import the file (ICE can be accessed at the 
command line or via a GUI through ConsoleOne).

8. Contact Information

Should you have any questions/comments/feedback about GWIU, please direct them 
to me via email:  matt@weisberg.net



Weisberg Consulting, Inc.
www.weisberg.net
248-685-1970




