3.1 New Additions or Modifications to the Existing NSS Utilities

This section lists the modification or additions done to the existing NSS utilities to support AD users.

NOTE:iManager cannot be used to manage AD users.

NSS Utility

Description

nsscon

  • New commands have been added to upgrade the existing NSS32 media to support AD users or to enable all future NSS32 pool creation to automatically be created with the AD user support. All NSS32 pools must be AD media upgraded in order to support AD users. For more information, see Section A.14.1, NSS Media Upgrade Commands.

  • New commands have been added to AD-enable the volumes. Only after AD-enabling, the AD users will be able to access the NSS resources based on the access rights assignment. For more information, see Volume AD-enabling.

  • A new PoolMediaVersion option has been added to displays the latest media version of all the active pools. For more information, see Section A.36, Status Commands.

  • /PurgesObjectLimit=: Limits the number concurrent purges. The values can be anywhere from 1 to 100000. The default value is 2000.

  • /OverrideType=: Media upgrading a shared NSS32-bit pool in a mixed cluster node environment is not recommended. You can still force the upgrade using the /ForceADMedia switch.

    After the forceful media upgrade, the pool will not load in nodes older than OES 2015. As a workaround, you could create Preferred Nodes in a cluster to load the media upgraded shared NSS32-bit pools.

  • /(No)FastWriteOfMessyBeasts: Enables or disables the fast update of messy files. By default, it is set to off.

  • Hard Link Media Upgrade Commands: All volumes created or migrated to OES 2015 or later are automatically hard link media upgraded. Therefore, beginning with OES 2015, the hard link media upgrade commands have been removed.

  • New commands are added to update the SEV interval for AD users. Also, provided options to force update the SEV interval for AD users and for a single AD user. For more information, see Section A.34, Security Equivalence Vector Update Commands.

rights

  • -a or --activedirectory option has been added to manage the right of Active Directory users and groups.

For more information on these options, see Section B.18, rights.

nsschown

The following options have been added to nsschown:

  • -S <oldSID>: To list or replace all files and folders with a specified owner's SID.

  • -U <oldADUserName>: To list or replace all files and folders with specified active directory owner. It can be DN or root.

  • -N <newADUserName>: To change the ownership of all the files and folders with the new active directory user. It can be DN or root.

  • -e: To list or replace the owner of all extended attributes and data streams.

  • -v: To display the program version information.

For more information, see Section B.14, nsschown.

nssmu

The following options have been added to nssmu:

  • Pools Page

    • -j: The join option has been added to join cluster pools to an AD domain.

    • -g: This option upgrades the file system media format of the selected NSS32 pool to support AD users.

      AD Media upgrading an NSS32-bit pool in a mixed cluster node environment is not recommended as they will not be accessible from nodes older than OES 2015. You can still go ahead and force the media upgrade by acknowledging the warning message by pressing 'y' (yes).

  • Volumes Page

    • -g: This option AD-enables the selected volume.

  • New shortcut options: To enhance the user experience of NSSMU in popular SSH clients, like PuTTY, new shortcut options have been added to invoke various NSSMU functionalities.

    For more information, see Section 10.3, NSS Management Utility (NSSMU) Quick Reference.

nssquota

-a or --activedirectory option has been added to the nssquota utility for managing the AD users quota. For more information, see Section B.11, nssquota.