12.9 DSRepair Options

In addition to the Repair features available in NetIQ iManager, the DSRepair utilities for each eDirectory platform contain some advanced features that are hidden from normal use. These advanced features are enabled through switches when loading the DSRepair utility on various platforms.

12.9.1 Running DSRepair on the eDirectory Server

Windows

  1. Click Start > Settings > Control Panel > NetIQ eDirectory Services.

  2. Click dsrepair.dlm, then click Start.

    To open DSRepair with advanced options, enter -a in the Startup Parameters field in the NetIQ eDirectory Services Console before you start dsrepair.dlm.

Linux

To run DSRepair, enter ndsrepair at the server console, using the following syntax:

ndsrepair {-U |-E |-C |-P [-Ad] |-S [-Ad]|-N |-T |-J <entry_id> [-Ad -AM <attribute name>]} [-A <yes/no>] [-O <yes/no>][-F filename] [-h <local_interface:port>] [--config-file <configuration_file_path>]

or

ndsrepair -R [-l yes|no] [-u yes|no] [-m yes|no] [-i yes|no] [-f yes|no][-d yes|no] [-t yes|no] [-o yes|no][-r yes|no] [-v yes|no] [-c yes|no] [-F filename] [-A yes|no] [-O yes|no]

IMPORTANT:The advanced switch [-Ad] should be given as last argument. We recommend that the -Ad advanced switch option be enabled only when instructed by a NetIQ Support technician. If the config-file is provided as the argument, then it should be given before the advanced switch [-Ad].

Examples

To perform an unattended repair and log events in the /root/ndsrepair.log file, or to append events to the log file if it already exists, enter the following command:

ndsrepair -U -A no -F /root/ndsrepair.log

To display a list of all global schema operations along with the advanced options, enter the following command:

ndsrepair -S -Ad

To repair the local database by forcing a database lock, enter the following command:

ndsrepair -R -l yes

To repair a single object when the entry id of the object is known, enter the following command:

ndsrepair -J <entry ID in hex>

To repair a particular partition or a replica, enter the following command:

ndsrepair -P

This command returns a list of all the partitions present on the server. You can choose any of the partitions to get the list of operations that can be performed.

To display information about the free space in the database that can be released for your use, enter the following command:

ndsrepair -I

To repair network addresses, enter the following command:

ndsrepair -N

NOTE:The input for the ndsrepair command can be redirected from an option file. The option file is a text file that can contain replica and partition operation-related options and suboptions that do not require authentication to the server. Each option or suboption is separated by a new line. Make sure that the contents of the file are in the proper sequence. If the contents are not in the proper sequence, the results will be unpredictable.

12.9.2 DSRepair Command Line Options

Option

Description

-U

Unattended Full Repair option. Instructs DSRepair to run and exit without further user assistance. You can view the log file after the repair has completed to determine what actions DSRepair has taken.

This option is not a recommended default normal repair. Troubleshooting specific issues and resolving them is far superior to running an unattended repair.

-P

Replica and Partition Operations option. Lists the partitions that have replicas stored in the current server’s eDirectory database files. The Replica options menu provides options to repair replicas, cancel a partition operation, schedule synchronization, and designate the local replica as the master replica.

-S

Global Schema Operations option. Contains several schema operations that might be necessary to bring the server's schema into compliance with the master of the Tree object. However, these operations should be used only when necessary. The local and unattended repair operations already verify the schema.

-C

Check External Reference Object option. Checks each external reference object to determine if a replica containing the object can be located. If all servers that contain a replica of the partition with the object are inaccessible, the object is not found. If the object cannot be found, a warning is posted.

-E

Report Replica Synchronization option. Reports replica synchronization status for every partition that has a replica on the current server. This operation reads the synchronization status attribute from the replica's Tree object on each server that holds replicas of the partitions. It displays the time of the last successful synchronization to all servers and any errors that have occurred since the last synchronization. A warning message is displayed if synchronization has not completed within twelve hours.

-N

Servers Known to This Database option. Lists all servers known to the local eDirectory database. If your current server contains a replica of the Tree partition, this server displays a list of all serves in the eDirectory tree. Select one server to cause the server options to be executed.

-J

Repairs a single object on the local server. You need to provide the Entry ID (in hexadecimal format) of the object you want to repair. You can use this option instead of using the Unattended Repair (-U) option to repair one particular object that is corrupted. The Unattended Repair option can take many hours depending on the size of database. This option helps you save time.

-T

Time Synchronization option. Contacts every server known to the local eDirectory database and requests information about each server’s time synchronization status. If this server contains a replica of the Tree partition, then every server in the eDirectory tree will be polled. The version of eDirectory that is running on each server is also reported.

-A

Append to the existing log file. The information is added to the existing log file. By default, this option is enabled.

-O

Logs the output in a file. By default, this option is enabled.

-F filename

Logs the output in the specified file.

-R

Repair the Local Database option. Repairs the local eDirectory database. Use the repair operation to resolve inconsistencies in the local database so that it can be opened and accessed by eDirectory. This option has suboptions that facilitate repair operations on the database. This option has function modifiers which are explained in the table below.

-I

Displays information about the free space in the database that can be released for your use. eDirectory allows you to retrieve the empty records and reuse the free space by using the Reclaim option of the ndsrepair command.

The function modifiers used with the -R option are described below:

Option

Description

-l

Locks the eDirectory database during the repair operation.

-u

Uses a temporary eDirectory database during the repair operation. It prompts the user to save or discard changes and view the log file.

-m

Maintains the original unrepaired database.

-i

Checks the eDirectory database structure and the index.

-f

Reclaims the free space in the database.

-d

Rebuilds the entire database.

-t

Performs a tree structure check. Set it to Yes to check all the tree structure links for correct connectivity in the database. Set it to No to skip the check. Default =Yes.

-o

Rebuilds the operational schema.

-r

Repairs all the local replicas.

-v

Validates the stream files.

-c

Checks local references.

12.9.3 Using Advanced DSRepair Switches

WARNING:The features described in this section can cause irreversible damage to your eDirectory tree if they are used improperly. Use these features only if instructed to do so by NetIQ Support personnel.

You should make a full backup of eDirectory on the server before using any of these features in a production environment. See Section 15.0, Backing Up and Restoring NetIQ eDirectory for more information.

On Linux, enter ndsrepair -R -Ad -XK2.

On Windows, enter these options in the Startup Parameters field in NDSConsole before you start dsrepair.dlm. See Running DSRepair on the eDirectory Server for more information.

Switch

Description

-P

Marks all eDirectory objects of type Unknown as referenced. Referenced objects do not participate in the eDirectory replica synchronization process.

-WM

In many cases, the WM: Registered Workstations attribute will become very high when using ZENworks® 2.0. Running DSRepair with -WM will clear these high values.

-XK2

Kills all eDirectory objects in this server's eDirectory database. This operation is used to destroy a corrupt replica that cannot be removed in any other way.

-XK3

Kills all external references in this server's eDirectory database. This operation is used to destroy all external references in a nonfunctioning replica. If the references are the source of the problem, eDirectory can then re-create the references in order to get the replica functioning again.

-RC

Backs up the DIB. This option is available only on Windows.

-OT

Timestamps obituaries while performing a local database repair. All obituaries are timestamped except INHIBIT MOVE.

-NLD

Removes IRF from NLS:License Certificate and NLS:Product Container objects.

-AM

Moves the attributes that meet the specific criteria to a different container in the FLAIM database. For more information about which eDirectory attributes qualify moving to a different container, see FLAIM Attribute Containerization in the NetIQ eDirectory Tuning Guide.

-AH

Does not create the NDO files when the DIB size is lesser than 1 GB and the older NDO files are more than 72 hours old.