Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


New domain

Posted on 2004-04-12
Medium Priority
Last Modified: 2013-12-18
Regarding my move to the new domain (for those who been answering my questions lately) ...

Let's suppose this :

I have this server with my users "server/DOMAIN" and want to move them to new server with new domain "server/NEWDOMAIN".

How do I do this? After cross certifying the 2 domains, when i make "user > rename > request move to new certifier" the admin client states it cannot find the certificate in the directory.

Can this be done?

Thanks all for the usual support and interest,

Question by:sync957p
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
  • +1

Author Comment

ID: 10806901
sorry, what i cross certified was both cert.id's
LVL 24

Expert Comment

ID: 10807059
I am not sure what your previous posts have guided you on this subject.

There is a technote which describe detailed step-by-step procedure on how to move users to new domain, this is not as trivial as you might think.. Take a deep breath and follow the procedure listed in this note



Author Comment

ID: 10814297
Nice link hemanth,

but it doesen't mention moving mail files to new server or even if the person documents will be in the new nab when the process is over.


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 10814338
note : after some reading i think that technote really refers to ORGs not domains... what do you think?
LVL 24

Expert Comment

ID: 10814758
Yes.. It is the move to new domain.. If you are not doing that but decomissioning the server then use " Decommission Server Analysis Tool " which is available from R5, this will give you a nice summary of what will effect and what should be done kind of things

Also take a look at this technote..http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21087009

Author Comment

ID: 10815101
Ok perhaps i putted this wrong, let me check it for you :

I plan to move about 400 users from server/OLDDOMAIN, wich are in various OU's (like Jonh Doe/MARKETING/SUB/OLDDOMAIN) to a new server/NEWDOMAIN, so they will be in a new server with a name Jonh Doe/MARKETING/NEWDOMAIN.

Also the servers/OLDDOMAIN are R5 and the servers/NEWDOMAIN are R6.5.

So I need to have all my users in NEWDOMAIN / NEWORG NAB, and their mailfiles in the new server.

The top domains are already cross certified. The directories are already working with Directory Assistance and Directory Catalog, altough there are no users (yet) in the NEWDOMAIN.

I'll leave the client part to further enquiries :-)
LVL 31

Expert Comment

ID: 10825560
I think I answered you last time.

The trick is to not just cross-certify, but to actually have the new server in the old Directory first, even though it uses a different certifier.  This allows the move to take place within the "old domain."  Once everyone has been moved, you then split the domain.

Author Comment

ID: 10826178
so tell if this is it please ....

1 - Create a new Org (NEW) and cross certify OLD and NEW (orgs)

2 - Create a new server id and document for this org in the (OLD) registration server

3 - Setup a new server ( newserver/NEW ) using the id created above (will a new NAB be automaticly created here? please advise)

4 - Configure Directory Assistance and Directory Catalog for both directories in all servers, and add all of OLD server's documents in the new nab (copy / paste will do ?)

5 - Check that adminp is running in oldserver/OLD and in newserver/NEW

6 - Rename (recert) all users in my company by using "Rename" > "request move to new certifier" (what about all the OU's? please advise)

7 - Wait (and pray) that all of our users accept the name change

8 - Move mail files of all our company users to the newserver/NEW (using the administrator "move" command)

9 - Configure all of our 400 workstations to use the new server (this could by done in a early stage with a button? please advise)

10 - Delete the old entries for our users and groups in OLD's nab

I'm getting an headache ... what am I missing?

btw : regarding mail only R5 clients should work fine with R6.5 server, right?

LVL 31

Accepted Solution

qwaletee earned 2000 total points
ID: 10827926
Step 3 -- no, you will be using the same old NAB

4 -- DA, yes, DC, should not be necessary.  There is usually only one DC server in a Doamin (defining Domain by a single Directory)

6 -- the OU's are up to you, OU's are "sub certifiers" of a root certifier (org certifier).  If you use OU's, just create them from your new root /NEW

7 -- don't forget to send some money to a good cause, can't hurt.  Like me, maybe?

8 -- using the MOVE MAIL FILE button in any of the people views of the directory (including the People & Groups tab in the admin client)

9 -- should not be necessary, you should just have another wait and pray step that the user's workstations all accept the server move automatically

10 -- no!!! you first need to split the nab, making a new non-replica copy for your /new server(s).  Only then shoudl you delete stuff from EACH.

And, 11 -- set up DA across the two NABs

Expert Comment

ID: 10830013

I think there is some confusion in regards to terminology and that is what is making this slightly difficult.

When you say "Domain", you are incorrectly referring it to the last qualifier in a user's name.

ie. joe smith/makerting/acme

"ACME" is NOT the domain. "ACME" is the organization name.

Domain = a group of servers that share the same Domino Directory.

With that said, I think what you want to do is the following:
1. rename users from an old organization to a new organization.
    ie. FROM: joe smith/OldOrg       TO: joe smith/NewOrg

2. You also want to move the user's mail files from the old server to a new server.

Hopefully, I did not misunderstand what you want. If I did, please let me know.

Here are the steps that you should follow in order to accomplish what I listed above.
1. Register a new Org (NewOrg = NewOrg_cert.id)
2. Cross certify NewOrg_cert.id with OldOrg_cert.id (OldOrg)
    (cross certify both ways: New w/ Old and then Old w/ New) - just to be safe.
3. Register a new server id and document in the existing NAB but with the NewOrg_cert.id
    ie. you should have registered: MailServer/NewOrg
4. Install and Configure new server (MailServer/NewOrg) with the id created above.
    You will continue to use the old NAB (You are NOT creating a new domain)
5. I'm not sure why you wanted to create Directory Assitance. It seems as though you want to change all users' and all servers' to the NewOrg.

At this point...
1. You have 2 servers running: OldMailServer/OldOrg and NewMailServer/NewOrg
2. Both top-level cert id's are cross-certified.
3. I suggest renaming users first and then moving mail files.

In Order to rename a user,
1. make sure adminp is indeed running on both servers
2. make sure both servers are setup to replicate often (names.nsf, admin4.nsf)
3. Rename all users in my company by using "Rename" > "request move to new certifier"
what about all the OU's? It depends if you want to move them to simlar OU's.

i.e. If you want to move:
FROM Joe Smith/Marketing/OldOrg
TO Joe Smith/Marketing/NewOrg

You will need to create a 'Marketing' OU using the /NewOrg certifier.

That way you can move Joe to a Marketing OU under the NewOrg.

REMEMBER: You can only do mass renames with users that share the same certifier.

i.e. You have 10 users.
5 with /Marketing/OldOrg => /Marketing/NewOrg
5 with /Sales/OldOrg         => /Sales/NewOrg

You can only choose the 5 users with the similar certifer when doing the rename.

You can't select 1 Marketing user and 1 Sales user and attempt to do the rename in the same request.

So, select all 5 Marketing users, click Rename to new certifier, select the /Marketing/OldOrg certifier, and then choose the /Marketing/NewOrg certifier.

7 - You could Wait (and pray) that all of our users accept the name change.
     Or you could do it for them, if you had access to their id's.

8. Monitor the name changes.. and make sure they complete.

Now it's time to move mail files.

9 - Move mail files of all our company users to the NewMailServer/NewOrg (using the administrator "move" command)

The adminp process will take care of updating user's location documents to use the new mail server.

10. Approve the mail file deletions on the old server in the admin4 database.

This will accomplish what you want if I understood you correctly.

In regards to your question about mail:
will only R5 clients work fine with R6.5 server?

Well, you should keep the r5 template for all of the mail files until you upgrade the clients to 6. But you can feel free to upgrade the ODS (file format) from 41 to 43 for the mail files using compact.

Hope that helps.
LVL 31

Expert Comment

ID: 10833477
Sync97p is trying to split a Notes environment in two, necessitating a new org, new directory, and new domain.  technically,  a domain is simply a group of users and servers that share the same "@xyz" in the Notes address.  It is sort of self defining: a domain consists of all server and person documents that share the same domain name and have native Notes mail routing available among them.

The purpose of Directory Assistance was to allow addressing between the two parts of the split, once the split is complete.\

I did leave out one step: After the split, and after setting up Directory Assistance, you also need to set up at least one connection document on each side indicating which server in domain old can reach which server in domain new at what network address, and vice versa.  The connection documents, one per Directory (or more) would go in the SOURCE server directory (the one from abc/old to xyz/new would go in the Directory servicing the /old organization).

Expert Comment

ID: 10847586
Actually, it really doesn't look like sync957p needs to create a new domain (aka new directory) for what he is trying to accomplish. It looks like he just wants to create a new organization, and get rid of the old one... according to his mention of step 10 (10 - Delete the old entries for our users and groups in OLD's nab)

But, again, I may have misunderstood exactly what sync957p is trying to accomplish. sync957p can clarify that.

Author Comment

ID: 10860059
qwaletee is right tuttiwala,

sorry if i didnt clarify that, we are a subsidiary company so the guys that own us still need to be in the old NAB, elsewhere i'd be fired ! :-)

Author Comment

ID: 11715662
sorry about leaving this open so much time... my job function differed from the usual for a while.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question