16.6 Using DSRepair

This section consists of the following:

Use the DSRepair utility at the server console to do the following:

  • Correct eDirectory problems such as bad records, schema mismatches, bad server addresses, and external references.

  • Make advanced changes to the eDirectory schema.

  • Perform the following operations on the eDirectory database:

    • Check the structure of the database automatically without closing the database and without database intervention.

    • Check the database index.

    • Repair the database without closing the database and locking out users.

    • Reclaim free space by discarding empty records.

16.6.1 Syntax

To run DSRepair, use the following syntax:

ndsrepair {-U| -P| -S| -C| -E| -N| -T| -J entry_id} 
[-A yes|no] [-O yes|no] [-F filename] [-Ad]

or

ndsrepair -R [-l yes|no [-u yes|no] [-m yes|no] [-i yes|no] [-f yes|no] [-d yes|no] [-t yes|no] [-o yes|no] [-r yes|no] [-v yes|no] [-c yes|no] [-A yes|no] [-O yes|no] [-F filename]

IMPORTANT:The -Ad option should not be used without prior direction from NetIQ Support personnel.

DSRepair Options

Option

Description

-R

Repairs the local eDirectory database. Use this repair operation to resolve inconsistencies in the local database so that it can be opened and accessed by eDirectory. This option has suboptions that facilitate repair operations on the database. It has function modifiers that are explained in Function Modifiers Used with the -R Option. This option, with no suboptions, is the suggested means of repair unless you are told by NetIQ Support to perform certain operations manually.

-P

Replica and Partition Operations option. Lists the partitions that have replicas stored in the current server’s eDirectory database files. The Replica options menu provides options to repair replicas, cancel a partition operation, schedule synchronization, and designate the local replica as the master replica.

For more information, see Replica and Partition Operations Option.

-S

Global Schema Operations option. This option contains several schema operations that might be necessary to bring the server's schema into compliance with the master of the Tree object. However, these operations should be used only when necessary. The local and unattended repair operations already verify the schema.

-C

Check External Reference Object option. Checks each external reference object to determine if a replica containing the object can be located. If all servers that contain a replica of the partition with the object are inaccessible, the object will not be found. If the object cannot be found, a warning is posted.

-E

Report Replica Synchronization option. Reports replica synchronization status for every partition that has a replica on the current server. This operation reads the synchronization status attribute from the replica's Tree object on each server that holds replicas of the partitions. It displays the time of the last successful synchronization to all servers and any errors that have occurred since the last synchronization. A warning message is displayed if synchronization has not completed within 12 hours.

-N

Servers Known to This Database option. Lists all servers known to the local eDirectory database. If your current server contains a replica of the Tree partition, this server displays a list of all servers in the eDirectory tree. Select one server to cause the server options to be executed.

-J

Repairs a single object on the local server. You will need to provide the Entry ID (in hexadecimal format) of the object you want to repair. You can use this option instead of using the Unattended Repair (-U) option to repair one particular object that is corrupted. The Unattended Repair option can take many hours depending on the size of database. This option will help you save time.

-T

Time Synchronization option. Contacts every server known to the local eDirectory database and requests information about each server’s time synchronization status. If this server contains a replica of the Tree partition, then every server in the eDirectory tree will be polled. The version of eDirectory that is running on each server is also reported.

-A

Append to the existing log file. The information is added to the existing log file. By default, this option is enabled.

-O

Logs the output in a file. By default, this option is enabled.

-F filename

Logs the output in the specified file.

-U

Unattended Full Repair option. Instructs DSRepair to run and exit without further user intervention. This option locks the database and updates server referrals. You can view the log file after the repair has completed to determine what changes DSRepair has made.

Function Modifiers Used with the -R Option

Modifier

Description

-l

Locks the eDirectory database during the repair operation.

-u

Uses a temporary eDirectory database during the repair operation.

-m

Maintains the original unrepaired database.

-i

Checks the eDirectory database structure and the index.

-f

Reclaims the free space in the database.

-d

Rebuilds the entire database.

-t

Performs a tree structure check. Set it to Yes to check all the tree structure links for correct connectivity in the database. Set it to No to skip the check.

Default=Yes

-o

Rebuilds the operational schema.

-r

Repairs all the local replicas.

-v

Validates the stream files.

-c

Checks local references.

Global Schema Operations

You can use the ndsrepair -S ([-Ad] advanced switch) option to display a list showing all the schema operations that you can perform. The following table shows the available options.

Option

Description

Request Schema From Master Server

Requests the master replica of the root of the tree to synchronize its schema to this server. Any changes to the schema will be propagated to this server from the master replica of the Tree object for the next 24 hours. If all servers request the schema from the master replica, network traffic can increase.

Reset Local Schema

Invokes a schema reset that clears the time stamps on the local schema and requests an inbound schema synchronization. This option is unavailable if executed from the master replica of the Tree partition. This is to ensure that all servers in the tree are not reset at the same time.

Optional Schema Enhancements

Extends and modifies the schema for containment and other schema enhancements. This option requires this server to contain a replica of the Tree partition, and the replica state must be On.

Import Remote Schema (Advanced Switch Option)

Select an eDirectory tree that contains the schema you want to add to the schema of the current tree. After you select a tree, the server that holds the master replica of the Tree partition is contacted. The schema from that server will be used to extend the schema on the current tree.

Declare a New Epoch (Advanced Switch Option)

When you declare a new schema epoch, the master replica of the Tree partition is contacted and illegal time stamps are repaired on the schema declared on that server. All other servers receive a new copy of the schema including the repaired time stamps. If the receiving server contains a schema that was not in the new epoch, objects and attributes that use the old schema are changed to the Unknown object class or attribute.

Replica and Partition Operations Option

Enter the following command to display information about each replica stored on the server:

ndsrepair -P

Select the required replica. The following options are displayed:

  • Repair All Replicas

    Repairs all replicas displayed in the replica table.

  • Repair Selected Replica

    Repairs only the selected replica listed in the replica table.

    IMPORTANT:Repairing a replica consists of checking each object in the replica for consistency with the schema and data according to the syntax of the attribute. Other internal data structures associated with the replica are also checked. If you have not repaired the local eDirectory database in the last 30 minutes, you should do so before repairing any replicas.

  • Schedule Immediate Synchronization

    Schedules the immediate synchronization of all the replicas. This is useful if you are viewing the DSTrace screen and want to view eDirectory information for the synchronization process without having to wait for it to run as normally scheduled.

  • Cancel Partition Operation

    Cancels a partition operation on the selected partition. This option might be necessary if an operation appears to be incomplete or is not completing due to problems in the eDirectory tree, such as a missing server or bad communication links. Some operations might not be cancelled if they have progressed too far.

  • Designate This Server as the New Master Replica

    Designates the local replica of the selected partition as the new master replica. Use this option to designate a new master replica if the original master replica is lost.

  • Report Synchronization Status of All Servers

    Reports replica synchronization status of all partitions on the current server. It displays the time of the last successful synchronization to all servers and any errors that have occurred since the last synchronization.

  • Synchronize the Replica on All Servers

    Determines the complete synchronization status on every server that has a replica of the selected partition. This helps you determine the health of a partition. If all of the servers with a replica of the partition are synchronizing properly, then the partition is considered healthy. Each server performs an immediate synchronization to every other server in the replica ring. Servers do not synchronize to themselves. Therefore, the status for the current server’s own replicas is displayed as Host.

  • Repair Ring, All Replicas

    Repairs the replica ring of all the replicas displayed in the replica table.

  • Repair Ring, Selected Replica

    Repairs the replica ring of selected replica listed in the replica table.

    IMPORTANT:Repairing a replica ring consists of checking the replica ring information on each server that contains a replica of a given partition and validating remote ID information. If you have not repaired the local eDirectory database in the last 30 minutes, you should do so before repairing all or selected rings. You can repair the local database using the -R option. For more information, see -R.

  • View Replica Ring

    Displays a list of all servers that contain a replica of the selected partition. This set of servers is called the replica ring. The replica ring list shows information about the type of replica and current status for each server in the ring. Select a server after viewing the replica ring to view server options.

    Server Options

    • Report Synchronization Status on the Selected Server

      Reports replica synchronization status for a selected partition that has a replica on a selected server. This operation reads the synchronization status attribute from the replica root object on each server that holds replicas of the partitions. It displays the time of the last successful synchronization to all servers and any errors that have occurred since the last synchronization. This option displays a warning message if synchronization has not completed within 12 hours.

    • Synchronize the Replica on the Selected Server

      Determines the complete synchronization status on the selected server that has a replica of the selected partition. This helps you determine the health of a partition. If the server with a replica on the partition is synchronizing properly, the partition is considered healthy. The server is immediately synchronized to every other server in the replica ring. The server does not synchronize with itself. Therefore, the status for the current server’s own replica is displayed as Host.

    • Send All Objects to Every Replica in the Ring

      Sends all objects from the selected server in the replica ring to all other servers that contain a replica of the partition. This operation can generate a lot of network traffic. Use this option to ensure that the selected partition’s replica on the selected server in the replica ring is synchronized with all other servers in the replica ring. This operation cannot be performed on a server that contains only a subordinate reference replica of the partition.

    • Receive All Objects from the Master to This Replica

      Receives all objects from the master replica to the replica on the selected servers. This operation can generate a lot of network traffic. Use this option to ensure that the selected partition’s replica on the selected server in the replica ring is synchronized with the master replica. This operation cannot be performed on a server that contains only a master replica.

    • View Entire Server's Name

      Used to view the complete server name when the width of the server name is too long to view from within the server table.

    • Remove This Server from Replica Ring

      (Advanced switch option.) Removes a selected server from the selected replica stored on the current server. If a server appears in the replica ring but it is no longer part of the eDirectory tree or no longer contains a replica of the partition, delete the Server object using iManager. When the Server object has been deleted, the object should eventually be excluded from the replica ring.

      WARNING:Misuse of this operation can cause irrevocable damage to the eDirectory database. You should not use this option unless directed by NetIQ Support personnel.

  • View Entire Partition Name

    Determines the complete distinguished partition name when the width of the partition is too great to view from within the replica table.

  • Repair Time Stamps and Declare a New Epoch

    (Advanced switch option.) Provides a new point of reference to the master replica so that all updates to replicas of the selected partition are current. This operation is always performed on the master replica of a partition. The master replica does not need to be in the local replica on this server. Time stamps are placed on objects when they are created or modified and they must be unique. All time stamps in a master replica are examined. If any time stamps are post-dated to the current network time, they are replaced with a new time stamp.

  • Destroy the Selected Replica on This Server

    (Advanced switch option.) Removes the selected replica on this server. Using this option is not recommended. Use this option only when all other utilities are unable to delete the replica.

  • Delete Unknown Leaf Objects

    (Advanced switch option.) Deletes all objects in the local eDirectory database that have the unknown object class and maintain no subordinate objects. This option marks Unknown objects for deletion. The deletion will later be synchronized to other replicas in the eDirectory tree.

    WARNING:Use this option only when the objects cannot be modified or deleted using iManager.

Options on Servers Known to This Database

The following repair options are available for servers:

  • Repair All Network Address

    Checks the network address for every server in the local eDirectory database. This option searches the SLP directory agent, depending on the transport protocol available, for each server’s name. Each address is then compared to the Server object’s network address property and the address record of each replica property of every partition Tree object. If the addresses are different, they are updated to be the same.

  • Repair Selected Server’s Network Address

    Checks the network address for a specific server in the local eDirectory database files. This option searches the SLP directory agent, depending on the transport protocols currently bound for the server’s name.

  • View Entire Server’s Name

    Displays the complete name of the server when the width of the server name is too great to view from within the server's table. This option is the same as the -P option. For more information, see -P.

Examples

To perform an unattended repair and log events in the /root/ndsrepair.log file, or to append events to the log file if it already exists, enter the following command:

ndsrepair -U  -A no -F /root/ndsrepair.log

To display a list of all global schema operations along with the advanced options, enter the following command:

ndsrepair -S -Ad

To repair the local database by forcing a database lock, enter the following command:

ndsrepair -R -l yes

NOTE:The input for the ndsrepair command can be redirected from an option file. The option file is a text file that can contain replica and partition operation-related options and suboptions that do not require authentication to the server. Each option or suboption is separated by a new line. Make sure that the contents of the file are in the proper sequence. If the contents are not in the proper sequence, the results will be unpredictable.

16.6.2 Troubleshooting DSRepair

Error -786 While Running DSRepair

When using DSRepair, you need to have three times the size of DIB free in the specific partition of your machine in which DSRepair is running.