We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


New domain

sync957p asked
Medium Priority
Last Modified: 2013-12-18
Regarding my move to the new domain (for those who been answering my questions lately) ...

Let's suppose this :

I have this server with my users "server/DOMAIN" and want to move them to new server with new domain "server/NEWDOMAIN".

How do I do this? After cross certifying the 2 domains, when i make "user > rename > request move to new certifier" the admin client states it cannot find the certificate in the directory.

Can this be done?

Thanks all for the usual support and interest,

Watch Question


sorry, what i cross certified was both cert.id's
I am not sure what your previous posts have guided you on this subject.

There is a technote which describe detailed step-by-step procedure on how to move users to new domain, this is not as trivial as you might think.. Take a deep breath and follow the procedure listed in this note




Nice link hemanth,

but it doesen't mention moving mail files to new server or even if the person documents will be in the new nab when the process is over.


note : after some reading i think that technote really refers to ORGs not domains... what do you think?
Yes.. It is the move to new domain.. If you are not doing that but decomissioning the server then use " Decommission Server Analysis Tool " which is available from R5, this will give you a nice summary of what will effect and what should be done kind of things

Also take a look at this technote..http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21087009


Ok perhaps i putted this wrong, let me check it for you :

I plan to move about 400 users from server/OLDDOMAIN, wich are in various OU's (like Jonh Doe/MARKETING/SUB/OLDDOMAIN) to a new server/NEWDOMAIN, so they will be in a new server with a name Jonh Doe/MARKETING/NEWDOMAIN.

Also the servers/OLDDOMAIN are R5 and the servers/NEWDOMAIN are R6.5.

So I need to have all my users in NEWDOMAIN / NEWORG NAB, and their mailfiles in the new server.

The top domains are already cross certified. The directories are already working with Directory Assistance and Directory Catalog, altough there are no users (yet) in the NEWDOMAIN.

I'll leave the client part to further enquiries :-)

I think I answered you last time.

The trick is to not just cross-certify, but to actually have the new server in the old Directory first, even though it uses a different certifier.  This allows the move to take place within the "old domain."  Once everyone has been moved, you then split the domain.


so tell if this is it please ....

1 - Create a new Org (NEW) and cross certify OLD and NEW (orgs)

2 - Create a new server id and document for this org in the (OLD) registration server

3 - Setup a new server ( newserver/NEW ) using the id created above (will a new NAB be automaticly created here? please advise)

4 - Configure Directory Assistance and Directory Catalog for both directories in all servers, and add all of OLD server's documents in the new nab (copy / paste will do ?)

5 - Check that adminp is running in oldserver/OLD and in newserver/NEW

6 - Rename (recert) all users in my company by using "Rename" > "request move to new certifier" (what about all the OU's? please advise)

7 - Wait (and pray) that all of our users accept the name change

8 - Move mail files of all our company users to the newserver/NEW (using the administrator "move" command)

9 - Configure all of our 400 workstations to use the new server (this could by done in a early stage with a button? please advise)

10 - Delete the old entries for our users and groups in OLD's nab

I'm getting an headache ... what am I missing?

btw : regarding mail only R5 clients should work fine with R6.5 server, right?

Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

I think there is some confusion in regards to terminology and that is what is making this slightly difficult.

When you say "Domain", you are incorrectly referring it to the last qualifier in a user's name.

ie. joe smith/makerting/acme

"ACME" is NOT the domain. "ACME" is the organization name.

Domain = a group of servers that share the same Domino Directory.

With that said, I think what you want to do is the following:
1. rename users from an old organization to a new organization.
    ie. FROM: joe smith/OldOrg       TO: joe smith/NewOrg

2. You also want to move the user's mail files from the old server to a new server.

Hopefully, I did not misunderstand what you want. If I did, please let me know.

Here are the steps that you should follow in order to accomplish what I listed above.
1. Register a new Org (NewOrg = NewOrg_cert.id)
2. Cross certify NewOrg_cert.id with OldOrg_cert.id (OldOrg)
    (cross certify both ways: New w/ Old and then Old w/ New) - just to be safe.
3. Register a new server id and document in the existing NAB but with the NewOrg_cert.id
    ie. you should have registered: MailServer/NewOrg
4. Install and Configure new server (MailServer/NewOrg) with the id created above.
    You will continue to use the old NAB (You are NOT creating a new domain)
5. I'm not sure why you wanted to create Directory Assitance. It seems as though you want to change all users' and all servers' to the NewOrg.

At this point...
1. You have 2 servers running: OldMailServer/OldOrg and NewMailServer/NewOrg
2. Both top-level cert id's are cross-certified.
3. I suggest renaming users first and then moving mail files.

In Order to rename a user,
1. make sure adminp is indeed running on both servers
2. make sure both servers are setup to replicate often (names.nsf, admin4.nsf)
3. Rename all users in my company by using "Rename" > "request move to new certifier"
what about all the OU's? It depends if you want to move them to simlar OU's.

i.e. If you want to move:
FROM Joe Smith/Marketing/OldOrg
TO Joe Smith/Marketing/NewOrg

You will need to create a 'Marketing' OU using the /NewOrg certifier.

That way you can move Joe to a Marketing OU under the NewOrg.

REMEMBER: You can only do mass renames with users that share the same certifier.

i.e. You have 10 users.
5 with /Marketing/OldOrg => /Marketing/NewOrg
5 with /Sales/OldOrg         => /Sales/NewOrg

You can only choose the 5 users with the similar certifer when doing the rename.

You can't select 1 Marketing user and 1 Sales user and attempt to do the rename in the same request.

So, select all 5 Marketing users, click Rename to new certifier, select the /Marketing/OldOrg certifier, and then choose the /Marketing/NewOrg certifier.

7 - You could Wait (and pray) that all of our users accept the name change.
     Or you could do it for them, if you had access to their id's.

8. Monitor the name changes.. and make sure they complete.

Now it's time to move mail files.

9 - Move mail files of all our company users to the NewMailServer/NewOrg (using the administrator "move" command)

The adminp process will take care of updating user's location documents to use the new mail server.

10. Approve the mail file deletions on the old server in the admin4 database.

This will accomplish what you want if I understood you correctly.

In regards to your question about mail:
will only R5 clients work fine with R6.5 server?

Well, you should keep the r5 template for all of the mail files until you upgrade the clients to 6. But you can feel free to upgrade the ODS (file format) from 41 to 43 for the mail files using compact.

Hope that helps.

Sync97p is trying to split a Notes environment in two, necessitating a new org, new directory, and new domain.  technically,  a domain is simply a group of users and servers that share the same "@xyz" in the Notes address.  It is sort of self defining: a domain consists of all server and person documents that share the same domain name and have native Notes mail routing available among them.

The purpose of Directory Assistance was to allow addressing between the two parts of the split, once the split is complete.\

I did leave out one step: After the split, and after setting up Directory Assistance, you also need to set up at least one connection document on each side indicating which server in domain old can reach which server in domain new at what network address, and vice versa.  The connection documents, one per Directory (or more) would go in the SOURCE server directory (the one from abc/old to xyz/new would go in the Directory servicing the /old organization).
Actually, it really doesn't look like sync957p needs to create a new domain (aka new directory) for what he is trying to accomplish. It looks like he just wants to create a new organization, and get rid of the old one... according to his mention of step 10 (10 - Delete the old entries for our users and groups in OLD's nab)

But, again, I may have misunderstood exactly what sync957p is trying to accomplish. sync957p can clarify that.


qwaletee is right tuttiwala,

sorry if i didnt clarify that, we are a subsidiary company so the guys that own us still need to be in the old NAB, elsewhere i'd be fired ! :-)


sorry about leaving this open so much time... my job function differed from the usual for a while.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.