• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 663
  • Last Modified:

Issue Moving users to new Organisational Certifier.

Hi,


One of our clients with about 400 users wants to change their Domain and Organisation. We set up a test environment, and most problems and bugs were ironed out or worked around. However there is one issue I just can't figure and it's a show stopper.

Some users (about 1 in 4) are not being moved to the new Organisation.

The Old and New Organisations are cross certified and Adminp is running on bother servers (with one being the Admin Server of the NAB and apps, and the other being the Admin Server for mail). I select the names to be moved, choose rename, then move to new Certifier. I then go into Admin Requests and verify the move and it says No Errors (yeah right). I tell adminp process all then replicate the NAB and Admin Requests to the other servers and tell adminp again.
Then the user logs in to accept the changes, however no one has ever been asked to accept it, not even the users who succeed.
I then tell adminp process all again, replicate, tell adminp on the other servers, replicate etc (to speed up the process during the test).

All users have pending in their person documents as they should. There are no errors anywhere. In Admin Requests all users get up to Rename in Address Book, but about 1 in 4 get no further. They're not renamed in ACL's, Groups, Names fields etc, but there are still no errors and they are still pending.

We tried moving a pilot group in the live environment, and the same thing happened.

One thing may be an issue. They put off upgrading their Servers to R6 untill after this change (the CEO wants to see the new corporate identity ASAP), but their clients are R6. However if this was the problem it should affect everyone? Also I don't see how the client type would affect AdminP moving users to a new Organisation as it all happens on the server). I'm planning on upgrading the test Servers today to see if that helps, but if not I'm in the s**t  :-)

Can anyone help? I'm at a loss due to the lack of errors or leads to follow up.

Cheers,

Samurai.

PS: If someone hits the nail on the head in the next 5 hours I'll double the points to 1000.
0
Samurai073199
Asked:
Samurai073199
  • 7
  • 3
  • 2
1 Solution
 
Samurai073199Author Commented:
Oh yes, and this may be a red herring, but it does appear to stop where it would stop if the user refused the name change, but as I said, no one has ever been asked, not even the successful ones.
0
 
royalcaninCommented:
I had this exact same issue when we moved from our own Domino Domain to being integraded with our Parent Co.'s Domain.

Unfortunatly I never found the exact answer, I had to re-create the users that didn't work on the new Domain and move the mail files over (changing the ACL's etc.).

Sorry
0
 
royalcaninCommented:
Forgot to mention that in 6 there is a setting for accepting name changes without prompt.

Go to File -> Security ->User Security

enter user's password

Click "Your Identity" and the click the Name Changes button

Therer are two Radio buttons for "Ask Approval" or "Automatically Accept"

HTH
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Samurai073199Author Commented:
hmmmm...  Were you also in a mixed environment? It's possible the Automatically Accept is not handled properly by the R5 Server?  Though I think I recall that was also an option with R5... I'll go look. Hey it's a straw but it's one more than I had :-)
0
 
royalcaninCommented:
Actually we were able to upgrade to 6.x from R5 in time to do the migration...  So when we were moving users it was R6 to R6, and I still had a similar issue to yours where for me 1 in about 10 users would not move over.

Eventually we did come up with a theroy but it's a long shot, and like I said, we ended up having to re-create the users anyway...

We noticed that all the failed users had been recertified once before (moved from ANOTHER Domain in the past).  For whatever reason (that we still haven't tracked down to this day) anyone that had been moved from "Really old domain" to "old domain" would not move to "new domain".

Sorry I can't be of more help.
0
 
Samurai073199Author Commented:
No Problem, thanks anyway. I had thought you had got it when you mentioned Auto Accept in R6 clients, as I then switched 10 test users to Always Ask, and all 10 worked.... then I added 4 users to the pilot group, and moved them, and the first three worked... and the last one didn't :(  ARGH!!!

Your letting me know you still had the problem after upgrading was helpful though, as we were planning in doing that to see if it solves the problem... I guess it won't.
0
 
qwaleteeCommented:
As I recall, "move to new certfier" requires that the move take place WITHIN the existing rot certifier for the user.

Qwaletee/EE -> Qwaletee/Samurai/EE = OK
Qwaletee/Royal/Canin -> Qwlatee/Canin = OK
Qwaletee/Royal/Canin -> Qwaletee/Anything/Canin = OK
Qwaletee/EE -> Qwlatee/Canin = Can't rename
Qwaletee/EE -> Qwlatee/Anything/Canin = Can't rename

What you need to do instead, I think, is to use the CERTIFY option on teh last tab of administrator, which requires that you have access to a save copy o teh ID file, or to the ID file itself.  You would then send back the recertified ID.

I mioght be totally off-base on this, because this sort of thing happens rarely, and I don't recall exactly what I did.  In fact, I would appreciate it if you tried it, and posted back to confirmed/deny it.
0
 
Samurai073199Author Commented:
I'm 95% certain you can move users to a new Organisational Certifier this way. I remember doing R4 CLP study that I thought if my company changed Organisation names, I'll quit :) as you had to change everything manually. Where as with R5 you could move users (though still not Servers) to a new Organisation.

I'd read a couple of IBM tech notes about it. And they say to create the new Organisation Certifier, cross certify it with the old one, then rename users and choose to move to a new certifier. Had they been talking about moving within the same Organisation, then the cross certificate would not have been neccessary.

Also, Recertifying means Adminp would not go through the process of changing ACL, Groups and Names fields etc, and doing that manually would be a nightmare.

I does work for about 7 out of 10 users.
0
 
Samurai073199Author Commented:
oops my first paragraph should read "Where as with R5 you could move users (though still not Servers) to a new Organisation USING ADMINP.
0
 
qwaleteeCommented:
Check the person docs to see if they have been updated.  In particular, if you have beore-and-after images of names.nsf, see if the docs have different modified dates, and see if the cert field has changed.
0
 
Samurai073199Author Commented:
Yeah the Person docs are updated and the users show as being User Name/NewOrganisation. Even for the ones that fail. It's just it never gets past that... This is as far as it gets untill the user accepts the change as well.. so it's almost as if the users never accept the change. Of course they can't though as the 1 in 4 that fail are never asked to accept it.
0
 
Samurai073199Author Commented:
royalcanin... We upgraded to R6 Servers, and 397 out of 400 users moved to the new Organisation correctly, so I think it was an issue with R5 Servers not understanding the auto accept of the R6 Clients. It's a shame it didn't help in your case, but you pretty much put me on the right track. Cheers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now