Utilities in JRButils for MICRO FOCUS v24

G to J


Getbal lists account balances, account holds or credit limits for multiple users. Features include:

  • Can specify a multiplier to change the units in which values are displayed.
  • Can control which values are displayed and in what order.
  • The values may be sorted by user name, balance, or credit limit.
  • The output can be filtered by value e.g. display all users with a balance of less than $10.00.
  • May be used in a login script to display the account balance for each user as they log in.
  • Totals are given when displaying balances and holds for multiple users.
  • Can list users without credit limits or account balances.
  • Can process all users in a container and in all subcontainers of that container.
  • Can display balances and credit limits for print servers.
  • Can display balances held by individual servers (a bug in replication can result in servers holding different values).
  • Can retrieve values from the PCOUNTER:FreeQuota attribute instead of the “Account Balance” attribute.


Getequiv may be used to check for or display security equivalences for users in eDirectory. It can do the following:

  • List all security equivalences for one or more users.
  • List all users who are security equivalent to another e.g. admin.
  • Check for objects security equivalent to file server objects. This equates to supervisor equivalence in bindery mode.


Getname may be used to display a wide range of attribute values for any class of eDirectory object. The values of single attributes may be displayed, the values for all attributes may be displayed, or a template file may be used allowing the values for multiple attributes to be retrieved and displayed in any format. The template file comprises one or more lines of text with substitution identifiers representing the attributes to be displayed. A non-exhaustive list of substitution identifiers for objects of class user is:

%account_balance %mailbox_id
%allow_unlimited_credit %mailbox_location
%city %message_server (%default_server)
%common_name %minimum_account_balance
%context %modification_date
%creation_date %modifiersname (eDir 8.5 onwards)
%creatorsname (eDir 8.5 onwards) %network_address
%default_server (%message_server) %network_address_restriction (%sr)
%department (%ou) %object_class
%description %object_id
%email_address %oid
%email_alias %other_name
%facsimile_telephone_number (%fax) %ou (%department)
%full_name %password_allow_change (%ucp)
%generational_qualifier %password_expiration_interval (%pei)
%given_name %password_expiration_time (%ped)
%home_directory %password_minimum_length (%mpl)
%initials %password_required (%pr)
%internet_email_address %password_unique_required (%upr)
%language %physical_delivery_office_name (%city)
%last_login_time %postal_address
%last_name (%surname) %postal_code
%locality %postal_office_box
%locked_by_intruder (%al) %profile
%login_disabled (%ad) %province (%state, %s)
%login_expiration_time (%aed) %revision
%login_grace_limit (%gla) %s (%province, %state)
%login_grace_remaining (%glr) %sa (%street_address)
%login_intruder_address (%bla) %street_address (%sa)
%login_intruder_attempts (%blc) %surname (%last_name)
%login_maximum_simultaneous (%mcc) %telephone_number
%objectName %title
%login_time (%lld) %uid

The identifier may be followed by a ‘\’ and a field width e.g. ‘%title\10’. A sample template file (t1.dat) is:


The command getname * /r/x/a=@t1.dat /l=all.log would produce a comma delimited list comprising the user name, full name, department, location and phone number for all users in the tree.

Another template file (t2.dat) is:

Last Name: %last_name
Initials: %init
Given name: %given_name
Full name: %full
Other name: %other
Description: %desc
Title: %title
Department: %depart
Location: %location
Street: %street_addr
Postal code: %postal_code
PO Box: %post_office
City: %City
State:                %State
Mailbox ID: %mailbox_id
Email addr: %email_addr
Email alias: %email_al
Language: %lang
Fax: %fax
Phone: %tel

The command getname jane /a=@t2.dat /yd produces

LastName: Lomax
Initials: I.J.
Given name: Jane
Full name: Jane I.J. Lomax
Othername: Jo
Description: Manager
Title: Dr
Department: Research
Location: K Block
Street: 7777 Long St
Postal code: 54321
PO Box: PO Box 123
City: Auckland
Mailbox ID ABC-123
Email addr: SMTP:Jane@somewhere.co.nz
Email alias: jane@somewhere.else.co.nz
Language: English
Fax: 345-678
Phone: 123-456


Getquota can display disk quotas, disk usage and disk available for multiple users. It supports both volume based and directory based quotas for all versions of OES Linux and NetWare. Features include:

  • Can obtain a user’s home directory from eDirectory.
  • Can show a user’s volume quotas on all volumes or a single volume.
  • Can show quotas on all subdirectories of a directory.
  • Can show quotas on any subdirectory of each user’s home directory.
  • Optional sorting into ascending or descending order of quota, space used, space available, or by user name.
  • Optional totals only.
  • Can suppress any of the output (quotas, space used, space available).
  • Can filter by value e.g. list all users whose usage exceeds 100 MB, or whose free space is less than 20% of their quota.
  • Output may be in bytes, 4096 byte blocks, KB, MB, GB or TB.
  • Can process all users in a container and in all subcontainers of that container.
  • Can display all volume quotas on a volume.
  • Can display values for queue directories.
  • Can display values for paths pointed to by directory map objects.
  • Can accept and display paths in the DOS or LONG name space.
  • Can calculate the usage in directories without quotas on NSS volumes.
  • Can suppress calculation of usage for directories without a quota on NSS. This allows the quick retrieval of values for directories with quotas when not all directories have quotas.
  • Supports the 64 bit quota APIs introduced in OES 2015.


Getrest displays account restrictions for multiple users. These include:

Account is activated (eDir 8.7 onwards)
Account activation date (eDir 8.7 onwards)
Account is disabled
Account expired
Account expiration date and time
Account is locked
Account lockout date and time
Creation date/time
Creators name (eDir 8.5 onwards)
Force periodic password changes
Grace logins allowed
Grace logins remaining
GroupWise login disabled (all versions)
GroupWise mailbox expiration date and time (all versions)
GroupWise mailbox last login date and time (all versions)
GroupWise visibility (all versions)
Intruder lockout bad login address
Intruder lockout bad login count
Intruder lockout next reset time
Last login date and time
Login time restrictions
Maximum concurrent connections
Modification date/time
Modifiers name (eDir 8.5 onwards)
Network address restrictions
Network addresses
Novell Messenger last login
Password is expired
Password expiration date and time
Password expiration interval
Password last change date/time
Previous login date and time
Password minimum length
Password is required
Password policy
User can change their own password
Unique passwords are required
Proxy password age limit
Proxy password change allowed
Proxy password expiration date and time
Proxy password grace logins
Proxy password force periodic changes

The features of getrest include:

  • Displays all restrictions, or a single restriction e.g. minimum password length.
  • Can control the order and width of each output field (user name, server/user name, full name, server name, restriction value) when displaying individual restrictions.
  • Can sort into ascending or descending order by user name or by restriction value.
  • Can filter by restriction value e.g. list all users whose account has expired, or all users whose maximum concurrent connections is not equal to 3.
  • Can process users in the specified container and all containers below it.
  • Can set an error level indicating the number of matching users. This allows testing in a batch file for example if a particular user’s account is disabled.
  • Can ignore objects for which the requested attribute does not exist.
  • Supports the jrbsGroupWise auxiliary class for determining whether a user has an associated object in GroupWise 2014 onwards.


Groups is a GUI program combining grpadd, grpdel and grplist. Its features include:

  • Can list the members of one or more groups via wildcards.
  • Can use logical operators ‘and’, ‘or’ and ‘not’ to list users who are or are not members of a combination of groups.
  • Can display the following fields for groups and their members:
    • Group name
    • Group full name
    • Group owner
    • Group description
    • Number of group members
    • Member name
    • Member full name
    • Member description
    • Member object class
    • Date and time at which the member was added to the group
  • Optional listing of members as grpadd or grpdel commands.
  • Optional listing of members as adgrpadd or adgrpdel commands.
  • Can display only group information i.e. the membership is suppressed.
  • Can suppress the display of nested group members.
  • Can add or remove selected users, all members of another group, or a list of users in a file.
  • Can create groups when adding members and delete groups when removing members.
  • Can use wildcards in group names when adding or removing members.
  • Supports nested groups under eDirectory 8.8.2 onwards.
  • Can show the nested group structure without listing the group members.
  • Supports primary and secondary sorting on any pair of displayed fields.


Grpadd adds one or more users to a group. Its features include:

  • Can process a single group or a file containing a list of groups.
  • Can create the group.
  • Can accept one or more users on the command line.
  • Can add all members of another group.
  • Can add a list of users from a file.
  • Can process a file containing one group name and one user name per line.
  • Can search eDirectory for matching users to add.
  • Can provide an exclusion list of members not to be added. This may be useful when adding via wildcards or when adding all members of one group to another.
  • Can check the linkages of a group’s members and either report or fix missing links.
  • Supports nested groups under eDirectory 8.8.2 onwards.
  • Allows group membership to be synchronized with the contents of a file. Objects named in the file are added to the group if not already members, members not named in the file are removed. This may be a better option than removing all members, then adding the contents of the file when a product such as IDM is monitoring changes to group membership.


Grpdel removes one or more users from a group. Its features include:

  • Can process a single group or a file containing a list of groups.
  • Can accept one or more users on the command line.
  • Can remove all members of another group.
  • Can remove a list of users from a file.
  • Can process a file containing one group name and one user name per line.
  • Can delete the group if it has no remaining members.
  • Supports nested groups under eDirectory 8.8.2 onwards.


Grplist lists the members of one or more groups in eDirectory. Features include:

  • Displays the full name of each member.
  • Optional sorting by member name, full name, context or member count.
  • Optional display of only the membership count for each group.
  • Optional listing of all users on the server or in a specific container.
  • Can use logical operators ‘and’, ‘or’ and ‘not’ to list users who are or are not members of a combination of groups.
  • Optional listing of members as grpadd or grpdel commands.
  • Optional listing of members as adgrpadd or adgrpdel commands.
  • Can list all aliases for each member of a group.
  • Can include or exclude members of nested groups.
  • Can show the nested group structure without listing the group members.
  • Allows selected members to be excluded from the output.


Grpmemb is intended for use in a batch file to determine if a specific user is a member of a particular group. It sets an error level indicating the result, and can execute a given command when the user is a member.


This program manages groups under GroupWise 2014 onward and distribution lists for GroupWise 2012 and earlier. It is provided in both fully GUI and command line forms, the latter providing access to distribution lists via scripts and batch files. It can do the following:

  • Create and delete groups.
  • Rename a group (2014 onwards).
  • Add members to groups and remove members from groups.
  • Create and remove associations (2014 onwards).
  • Search the entire GroupWise system for a user to add.
  • Display the members of groups.
  • Display just the group names allowing, for example, creation of a list of all groups in a domain.
  • Supports nested groups, and can display these members under separate headings, or as part of the overall list.
  • Can display a wide range of GroupWise attributes when listing members. The complete list of attributes is the same as for gwusers described below.
  • Can display the following attributes for groups themselves:

    Address format
    Admins (2014 onwards)
    Allowed address formats
    Creation date
    Creator from eDirectory (2012 and earlier)
    Directory ID (2014 onwards)
    Email address (2014 onwards)
    Group is linked or associated with an eDirectory group
    Group memberships i.e. where the group is nested (2014 onwards)
    Group type (stand-alone or associated with a directory object) (2014 onwards)
    Internet domain name (2014 onwards)
    Last modify operation (2014 onwards)
    LDAP LDAP object (2014 onwards)
    LDAP GUID (2014 onwards)
    Modification date
    Modifier (most recent)
    Replication override (2014 onwards)

  • Can sort the results by any of the fields available for display, including the group membership count.
  • Can produce output in columns or delimited by any character.
  • Can modify the following group attributes:

    Address format (2014 onwards)
    Allowed address formats (2014 onwards)
    Replication override (2014 onwards)

  • Can synchronize groups with their corresponding directory object (2014 onwards).
  • Can publish email addresses for groups linked to a directory object (2014 onwards).
  • Can run without the presence of the client for OES Enterprise Server (Novell client) when working with GroupWise 2014 onwards.

This program checks that users in GroupWise 2012 and earlier are correctly linked with their corresponding eDirectory object. It can:

  • Identify objects which are not correctly linked.
  • Relink objects based on name or file ID, or if relinking a single user, the user to link with can be named on the command line.
  • Unlink objects by deleting the GroupWise attributes from the eDirectory object. The “NGW: GroupWise ID” attribute is retained by default as it is necessary for relinking, but it may also be removed.


Move objects en masse from one GroupWise post office to another, Under GroupWise 2014 onwards, users and groups may be moved. Under GroupWise 2012 and earlier, users and external entities may be moved. The presence of the OES Enterpise Server (Novell) and GroupWise clients is not required for GroupWise 2014 onwards.


Registers or deregisters a trusted application for gwusers and gwgroups on any version of GroupWise. The key and application name are written to an AES encrypted file with a .tak extension. Under 2014 onwards, gwregta can also list the trusted applications defined in the GroupWise system.


Manages resources under all versions of GroupWise. It can do the following:

  • List the resources by post office, domain, or in the entire GroupWise system.
  • Display a wide range of resource attributes for 2014 onwards and a small range (limited by the API) for 2012 and earlier.
  • Modify values for selected attributes.
  • Create, delete, and rename (2014 onwards) resources.


This program manages users within all versions of GroupWise. It is provided in both fully GUI and command line forms, the latter providing access to GroupWise via scripts and batch files. Its can do the following:

  • Add existing eDirectory users into a GroupWise post office. The GroupWise name may differ from the eDirectory name.
  • Remove users from GroupWise.
  • List members of post offices or domains or the entire GroupWise system.
  • Rename users in GroupWise 2014 onwards.
  • Display a wide range of GroupWise attributes when listing users. These include the following. When a minimum GroupWise version is required, it is given in parenthesis.

    Account ID
    Address format
    Administered groups (2014 onwards)
    Allowed address formats
    Archive path
    Archive path (Linux) (2014 onwards)
    City (2014 onwards)
    Company (2014 onwards)
    Creation date (2014 onwards)
    Directory ID when an association exists (2014 onwards)
    Distribution lists (groups) belonged to
    eDirectory name (2012 and earlier)
    Email address
    Everything forwarded (derived from the rules)
    External synch override (2014 onwards)
    Fax number
    Force inactive status (2014 onwards)
    Full name (2012 and earlier)
    Gateway access
    Given name
    GroupWise name
    GroupWise name in the format name.po.domain
    Guid (2014 onwards)
    Home phone (2014 onwards)
    Internet domain name
    Internet domain name exclusive
    Internet free/busy search URL (2012)
    Last backup date
    Last client language
    Last client type
    Last client version
    Last modified by
    Last modify operation (2014 onwards)
    Last retention date
    LDAP authentication directory (2014 onwards)
    LDAP authentication ID
    LDAP object’s DN when an association exists (2014 onwards)
    LDAP object’s GUID when an association exists (2014 onwards)
    Legacy DN (2014 onwards)
    Location (2014 onwards)
    Login disabled
    Mailbox current size in MB
    Mailbox expiration date and time
    Mailbox ID (File ID)
    Mailbox last login date and time
    Mailbox license type (2014 onwards)
    Mailbox limit in MB (2014 onwards)
    Mailbox warning threshold (percentage full) (2014 onwards)
    Maximum outgoing message size in KB (2014 onwards)
    Middle initial (2014 onwards)
    Mobile phone (2014 onwards)
    Modification date (2014 onwards)
    Net ID
    Number of rules
    Object class
    Other phone (2014 onwards)
    Pager number (2014 onwards)
    Post office
    Post office box (2014 onwards)
    Preferred email ID
    Prefix (2014 onwards)
    Proxied to
    Publish calendar (2014 onwards)
    Publish free/busy search (2014 onwards)
    Qualifier (2014 onwards)
    Resources owned
    Restore area (2014 onwards)
    Shared folder names
    State (2014 onwards)
    Street (2014 onwards)
    Telephone number
    Zip code (2014 onwards)

  • Can produce output in columns or delimited by any character.
  • Can sort the results by any of the fields available for display.
  • Set passwords for new and existing GroupWise users and for existing external entities.
  • Allows setting various GroupWise specific attributes (e.g. visibility, mailbox expiration date, logins disabled, allowed address formats) under all GroupWise versions.
  • Allows setting numerous attributes under GroupWise 2014 onwards.
  • Can add nicknames for new and existing GroupWise users and for existing external entities.
  • The fully GUI version allows various fields to be modified by right clicking in the appropriate column.
  • Can create and remove associations under GroupWise 2014 onwards.
  • Can synchronize users with their corresponding directory object under GroupWise 2014 onwards.
  • Can publish email addresses for users linked to a directory object under GroupWise 2014 onwards.
  • Supports the jrbsGroupWise auxiliary class. If defined in the schema, the relevant attributes are added to an eDirectory user when an association is created, updated when a user is renamed, and removed when an association is removed or the GroupWise user is deleted.
  • Can run without the presence of the client for OES Enterprise Server (Novell client) when working with GroupWise 2014 onwards.


Gwusgrps primary function is to display the GroupWise groups or distribution lists (2012 and earlier), to which users belong. But it can also add users to, and remove users from groups and distribution lists. Features of gwusgrps include:

  • Can process objects by eDirectory name or GroupWise name.
  • Can expand the list of groups to include nested groups under 2014 onwards.
  • Optional sorting of results by user name and/or group.
  • Can specify the participation type when adding members.
  • Provides a convenient means of removing a user from all groups without knowing in advance what groups the user belongs to.
  • Can modify user’s memberships using an input file containing both user names and group name, one pair per line.
  • Flexible output formatting options similar to those of usergrps.
  • Can display group memberships for group objects under 2014 onwards.
  • Can be run without the presence of the OES Enterprise Server (Novell) client when working with GroupWise 2014 onwards.


This program may be used to add or remove from the schema, an auxiliary class definition for use with GroupWise 2014 onwards. The class name is jrbsGroupWise and it has five optional attributes i.e. jrbsGWAddress, jrbsGWPostOffice, jrbsGWName, jrbsGWDirectory and jrbsGWOther. The auxiliary class has two uses:

  • When added to a template, applications creating a new user in eDirectory can also create the user in GroupWise 2014 onwards, then add an association.
  • The attributes when applied to a user, indicate that the user has a corresponding GroupWise object under 2014 onwards, and provide the relevant information to locate the GroupWise system and the user within the system. Only the admin account and password are needed from an external source.


This is an eDirectory version of David Harris’ original home utility for mapping the current drive or a designated drive to a user’s home directory. Features include:

  • Can map root.
  • Can map to a queue’s directory.
  • Can map to a print server’s directory.
  • Can map to an NDPS printer’s spool directory.
  • Can map to an NDPS manager’s directory.
  • Can search eDirectory for the specified object.


This is a GUI program combining the features of chkhome and sethome2 for checking and setting home directories and default servers. It incorporates more functionality for displaying and modifying related settings. The following fields may be displayed. Those marked with ‘*’ can be set or modified by right clicking on the corresponding column in the results list view, as well as being set under the “set” options. The 64 bit quota APIs introduced in OES 2015 are fully supported.

Object name
Object’s full name
Home server
Home volume object *
Home path *
Name space of the home path
Default server *
Creation date/time of the home directory
Trustee rights to the home directory *
Quota on the home directory *
Volume quota on the home volume *
Home directory attributes *
Home directory owner *
Home directory inherited rights filter *
A messages column for feedback such as “Home directory does not exist”

Fields marked with * can be be modified by right clicking in that column in the results list view.

When creating and modifying home directories, the following may be set:

The “Home Directory” attribute
The home directory may be created
Rights to the home directory
Home directory quota
Home volume quota
Home directory attributes
Default server


Accepts a Micro Focus error code in decimal or hexadecimal, looks it up in jrberr.msg (the file of error code translations used by all of JRButils) and displays the description if found. Jrberr.msg includes all bindery, eDirectory, file system, NICI, NMAS and NPKI errors but does not include NDPS.


For locating users or group objects in eDirectory and displaying selected attributes specified in a file or chosen from a list. This is essentially a simplified version of getname, but with the ability to search a particular attribute for a given value or partial value e.g. the “Telephone Number” attribute for “7885”. It is intended for performing quick look up’s of information in eDirectory. It has the following features:

  • Can search attributes holding text values e.g. “Full Name”.
  • Can search attributes holding object names e.g. Manager.
  • Can search attributes holding 32 bit integer, counter and interval values e.g. “Password Expiration Interval”.
  • Can search attributes holding boolean values e.g. “Login Disabled”.
  • Can search attributes holding path values e.g. “Home Directory”.
  • Can search the “Object Class” attribute e.g. for users with a particular auxiliary class added.
  • The “Facsimile Telephone Number” attribute which is a compound attribute. Only the number field may be searched.
  • The “EMail Address” attribute which unlike “Internet Email Address”, has a type field. Searching can be done on either the type field or address.
  • Supports logical operators equals, not equals, less than or equal to, greater than or equal to, includes, or does not include. The last two apply to string values only.
  • Supports a value of ‘*’ for all attribute types. This may be use with the equals operator to identify users where the filter attribute has one or more values. Conversely, when used with “not equals”, it can be used to identify users where the filter attribute does not have a value.
  • Attempts to do as much of the filtering as possible at the server when matching attribute values. This will give a significant speed improvement for example, when searching a large tree for a user with a specific value in an attribute such as workforceID. Note that wildcard searching on object classes and attributes containing object names cannot be done on the server. All searching of attributes using the path syntax is done at the workstation.
  • For users satisfying the search criteria, selected attributes may be displayed, or all attributes of the object.
  • Output may be one line per field, or in delimited format with values enclosed in double quotes.
  • A file of labels may be used to replace actual attribute names with user provided text e.g. “State” for attribute “L”.
  • Is available in command line and fully GUI versions.
  • The GUI version can be activated from the system tray.


Jrbcx is an alternative to the old cx program without the options to browse the tree. Its primary purpose is to provide a 32 or 64 bit program for changing the current context at a command prompt, where execution of a 16 bit program is slow or not possible. However, it also provides better support than cx for multi-tree environments allowing setting of a context in any tree, displaying of contexts for any or all trees and setting a selected tree as the default. It will also establish a connection to another tree if required.


This is a small supporting program to AES encrypt a password and save it to a file for use when authenticating by programs such as mattach, jrbimprt, and those supporting GroupWise 2014 onwards.


A replacement for the old uimport for mass creation of users. Jrbimprt supports all of uimport’s modes of operation i.e. ‘c’ (create), ‘u’ (update), ‘b’ (both create and update) and ‘r’ (remove) modes. Its features include:

  • Supports a wide range of attributes e.g. “Internet Email  Address”. Jrbimprt supports all text attributes and those of type ‘integer’, ‘counter’, ‘interval’ and ‘boolean’ including those added as custom schema extensions.
  • Supports creation of home directories in the LONG name space allowing directories longer than 8 characters to be created. The “Home Directory” attribute will also be set in the LONG name space.
  • Supports a “Template” control statement specifying the name of a template object to use e.g. “template=.t_1.sales.abc”. The template may be a user or template object.
  • Supports attributes specific to template objects such as “New Object’s DS Rights” and “Volume Space Restrictions”.
  • Supports a “Home directory rights” control statement specifying the rights to be granted to the home directory e.g. “home directory rights=RWCEMF”.
  • Supports a “Home directory restriction” control statement allowing a restriction to be set on each user’s home directory. The restriction is specified in any units e.g. “home directory restriction=5000KB”.
  • Supports a “Home volume restriction” control statement allowing a restriction to be set on the volume on which each user’s home directory resides. The restriction is specified in any units e.g. “home volume restriction=250MB”.
  • Supports the 64 bit quota APIs introduced in OES 2015.
  • Supports a “Home directory attributes” control statement allowing attributes such as ‘Di’ and ‘Ri’ to be set on the home directory.
  • Can check the syntax of the input files and the validity of eDirectory objects referenced in the data file. This also checks the existence of the users to be created, updated or deleted and can optionally search the tree for other objects of the same name.
  • Can wait for a specified number of seconds after object creation or deletion to allow replication to occur.
  • Can initiate a replica synchronization after object creation to speed replication.
  • Can standardize the case in new user names. The first character is made uppercase, the remainder lowercase.
  • Allows object names to be used as attribute values in the data file to be specified relative to the current context rather than the context in which the new users are to be created. This can be achieved by placing the import control statement “Use current context=y” before the “Name context” statement in the control file.
  • Can do two passes through the data file for import modes ‘b’ and ‘c’. Users are created on the first pass, attribute values are set on the second. This potentially avoids replication issues and the need to introduce delays after creating each user. Use the import control statement “Use two passes=y” to enable this option.
  • Can create an alias for each new user. This can be done in one of two ways. The first is to specify “alias” as a field name and to give the alias object name in the data file. The name may be a distinguished name with a leading ‘.’, or it may be relative to the context in which the new user is created. The second method is controlled by two import control statements and creates aliases with the same name as the new object
    create aliases=[y/n]
    alias context=<context>
  • Can create subdirectories of each user’s home directory via the “Create subdirectories” import control statement e.g. “create subdirectories=pmail,browsers\ini,photographs”. Multiple levels may be created e.g. browsers\ini results in both the browsers and ini directories being created.
  • Can set network address restrictions.
  • Does not require a “last name” field. When omitted, the last name is set to the user name.
  • It is available in 32 and 64 bit versions for both Windows and Linux.
  • Supports auxiliary classes via the “Auxiliary classes” control statement.
  • Can create groups as required via the “Create groups” control statement.
  • Supports a “Target server” control statement. All eDirectory requests are sent to the designated server to try to overcome replication issues.
  • Can set simple passwords used by Novell Modular Authentication Services and Native File Access, via the “Set simple passwords” control statement.
  • Can control whether or not NDS passwords are set via the “Set NDS passwords” control statement. This may be useful if, for example, you want to set only simple or GroupWise passwords.
  • Supports a “Set passwords only on create” control statement to prevent setting passwords if the user is updated rather than created.
  • Can search eDirectory for users when it is not known what context they are in via the “Search eDir” control statement. This may be useful when the data file is derived from a database which does not hold context information.
  • Supports all versions of GroupWise. Users can be added to and removed from GroupWise, added to or removed from groups and distribution lists, and can have their GroupWise passwords, nicknames and a wide range of attributes set. These may be achieved by a number of control statements and field names. Users in GroupWise may be created from a template for all GroupWise versions. Doing so under GroupWise 2014 onwards requires that the jrbGroupWise auxiliary class be added to the template. A GroupWise password may be given separately from the NDS password allowing the two to be different. GroupWise external entities and external users can also be created, updated and removed. An option exists to check that a name is unique in the domain before adding each user. Associations may be created and removed, synchronizations initiated and email addresses published under GroupWise 2014 onwards.
  • Group membership may be managed via “Group membership add” and “Group membership remove” control statements, rather than using “Group membership” field statements and including the group names in each line of the data file.
  • A “Create subdirectory” control statement complements the “Create subdirectories” control statement allowing a single subdirectory of the home directory (possibly multi-level) to be created, the attributes of the lowest level directory to be set, and one or more trustee assignments created, granting objects rights to the lowest level directory. Multiple “Create subdirectory” control statements may be used.
  • Supports a “Role membership” field for adding users to organizational roles.
  • Supports “Role membership add” and “Role membership remove” control statements allowing adding users to and removing users from organizational roles without having to place the role names in every entry in the data file.
  • Supports creating a second home directory for each user. This may be on a different volume and server to the primary home directory, and it is not stored in the “Home Directory” attribute. Six new control statements are available for creating and customizing the second home directory. They are “Create second home directory”, “Second home directory volume”, “Second home directory path”, second home directory rights”, “Second home directory restriction” and “second home directory attributes”.
  • Supports a “Set directory ownership” statement to force ownership of the home directory, any subdirectories created within it, and the second home directory if created, to be assigned to the user. By default ownership remains with the user running jrbimprt.
  • Supports a third section named “Fixed values” in the control file. This gives values for attributes to be assigned to all users, avoiding the need to use a template or to duplicate those values in each line of the data file. In conjunction with this, a new control statement has been added for controlling the order in which attributes from the different sources (a template, the data file or the “Fixed values” section of the control file) are set.
  • Supports setting universal passwords under NW 6.5 and OES Linux via the “Set universal passwords” control statement.
  • Supports multiple values for a single field in the control file. Both field and value separators may be specified allowing consecutive values for the same field. This eliminates the need to repeat a particular field name once for each value to be set, and simplifies the use of jrbimprt where a different number of values may be set for each user.
  • Can generate and set random passwords, and save these passwords to a file. The passwords may be of any length and maybe alphabetic, numeric or alphanumeric.
  • Supports storing the directory quota set on the home directory, or the volume quota set on the home volume, in eDirectory so that the value can be read via LDAP.
  • Supports a “Target tree” control statement allowing the target tree to be named when connected to multiple trees.
  • Can delete users’ Netmail directories.
  • Supports a user name and password being provided on the command line for authentication to the tree.
  • Supports associating users with ZEN policy packages via a “Zen add policy package” control statement or the “Zen policy package” field name. Users may be removed from policy packages via a “Zen remove policy package” control statement.
  • Supports associating users with ZEN applications via a “Zen add application” control statement or the “Zen application” field name. Users may be removed from applications via a “Zen remove application” control statement.
  • Supports the ability to create and delete user subdirectories in class group directories.
  • Can export data from eDirectory into a file, which can be modified and subsequently re-imported. Wildcards may be used in export mode.
  • Supports the NetWare Core Protocols (NCPs) introduced in NW 6.5 SP2 which use paths encoded in UTF-8 format to avoid issues with extended characters and different code page settings.
  • Supports deleting directories associated with users without deleting the users themselves.
  • Supports deleting the home directory contents but retaining the actual home directory.
  • Supports copying files or a directory structure into the home directory or one of its subdirectories.
  • Can log to the output file, the jrbimprt version, the name of the person running it, the date and time, and the names and paths for the control and data files.
  • Can add or remove ACLs for each user.
  • Can LUM enable users on OES Linux.
  • Can set samba NT and Lan Manager Passwords on OES Linux when the user has been added to the sambaSamAccount auxiliary class.
  • Can move objects to a different container.


A graphical utility to display the contents of a text file using the JRButils graphical display routines. This may be useful to redisplay output logged to a file, or to combine output from several programs (e.g. dquota, lastlgn and pwdexp in a login script) and then display it.


Jrbmap is a replacement for the old map program, primarily for use in batch files where it can map drives ‘silently’ without prompting if the drive is already a search drive. While it does not have all the features of map, it has numerous features which map does not have. Its features include:

  • Can specify alternative paths so that in the event of one being unavailable it will try the next (this can be used for all applications so that in the event of one volume failing, the application will simply be retrieved from the corresponding volume on another server).
  • Can map to NetWare and OES Linux servers, and to Windows hosts.
  • Can save existing mappings to the parent environment and subsequently restore from there.
  • Supports ‘map root’.
  • Supports ‘map next’.
  • Can delete drive mappings.
  • Can map multiple drive letters in a single command.
  • Can save all mappings to a file and subsequently restore them.
  • Can display current mappings including the paths for local drives.
  • Can force truncation of the lowest level directory to eight characters. This could be useful in a login script e.g. #jrbmap p:=vol1:users\%LOGIN_NAME /b
  • Can map drives across trees with the username and password specified as options on the command line when there is no existing authenticated connection to the target tree.
  • Can map to a user’s home directory by specifying the path as ~HOME.
  • Accepts paths in either the DOS or LONG name space.
  • The Linux version supports drive letters in the form /root/A.


Jrbpass is a graphical utility for changing passwords. Unlike setpword which sets them en masse, jrbpass allows a user to change their own password, or Help Desk staff to set passwords for individual users. Features include:

  • Can change the NDS or universal password.
  • Can select the tree in which to change passwords.
  • Can change the password on the local workstation.
  • Can change the user’s AD domain password when logged into a domain.
  • Can set simple passwords for Novell Modular Authentication Services (NMAS) and Native File Access (NFA).
  • Can change GroupWise passwords (all versions).
  • Can search eDirectory for a user.
  • When used by someone with sufficient rights to change the password of another user, the password expiration date can be retained. By default eDirectory will expire the new password.
  • When used by someone with sufficient rights to change the password of another user, the password expiration date can be updated by the password expiration interval.
  • When used by someone with sufficient rights, it can unlock an account that has been locked by eDirectory’s intruder detection.
  • Can modify the interface via command line switches.
  • Can log all details of attempts to change passwords to a file, including the name of the person running jrbpass.
  • Can expire a universal password when changed by a privileged user. Unlike NDS passwords, eDirectory does not expire a universal password but jrbpass can set the expiration date to 1 January 1992 after the password is set. This provides consistent behaviour when NDS and universal passwords are changed by a privileged user.
  • Can automatically close after a specified delay when a password is successfully changed.
  • Can prevent setting any other passwords when changing the NDS or universal password fails.
  • Displays an eDirectory username in red if the account is disabled, expired or locked. A tooltip states that the account is disabled, expired at a given date and time, or was locked at a given date and time.


Jrbpurge allows selective purging of files in a single directory, in an entire directory tree, or for an entire volume. Features include:

  • Supports purging by name.
  • Supports purging by size.
  • Supports purging by owner.
  • Supports purging by deleter.
  • Supports purging by deletion date and time.
  • Can query whether or not to purge each file.
  • Can specify multiple files to purge in a single run e.g. *.obj,*.tmp,*.swp,fred.bak.
  • Can purge all volumes on a server in a single command.


Jrbsend sends broadcast messages. It can send to individual users, users selected via wild cards, all members of a group, selected connection numbers, and can broadcast a console message from servers.


Jrbusers displays information about logged in objects, and not-logged-in connections on OES Linux and NetWare servers. It has the following features:

  • Can list logged in objects across multiple servers. Wildcards may be used in server names, and servers may be excluded by preceding the name with ‘!’.
  • Can display not logged in connections.
  • Can select from 20 possible output fields and control the order of each field and its width. These fields are:

    Combined network and station address
    Connection number
    Connection status (licensed, unlicensed, bindery). This requires console operator rights.
    File locks held
    Full name of the logged in object
    Location of the workstation
    Login date
    Login time
    Network address
    Object class
    Object ID
    Object name
    Period for which the object has been logged in
    Record locks held
    Server name
    Server rights (normal, auditor, console, supervisor)
    Total NCP requests made since login *
    Total bytes read *
    Total bytes written *
    Workstation address

    * These fields are not available on OES Linux prior to 2013 when mid year updates for OES2 SP3 and OES11 SP1 finally resolved the issue with the API returning these fields.

  • Can produce comma delimited output with each field enclosed in double quotes.
  • Can display where a user is logged in. This requires a text database mapping network addresses to locations. This file may also contain wildcard entries which are used when no exact match is found. This feature allows, for example, entries for different networks.
  • Can sort the output on any of the fields.
  • Can filter output on numerous fields.
  • Can display the total users logged in on each server.
  • Can show members of selected groups who are logged in.
  • Can set an error level equal to the number of matching logged in objects.
  • Can display connections for Z.E.N. workstation objects.
  • Can display connections based on the connection status (bindery, licensed, unlicensed).
  • Can display connections based on whether they are using the IPX or TCP/IP protocols, or AFP via native file access.
  • The GUI version can display the open files for each connection and can clear the connection.