Issue Moving users to new Organisational Certifier.

Posted on 2005-03-16
Medium Priority
Last Modified: 2013-12-18

One of our clients with about 400 users wants to change their Domain and Organisation. We set up a test environment, and most problems and bugs were ironed out or worked around. However there is one issue I just can't figure and it's a show stopper.

Some users (about 1 in 4) are not being moved to the new Organisation.

The Old and New Organisations are cross certified and Adminp is running on bother servers (with one being the Admin Server of the NAB and apps, and the other being the Admin Server for mail). I select the names to be moved, choose rename, then move to new Certifier. I then go into Admin Requests and verify the move and it says No Errors (yeah right). I tell adminp process all then replicate the NAB and Admin Requests to the other servers and tell adminp again.
Then the user logs in to accept the changes, however no one has ever been asked to accept it, not even the users who succeed.
I then tell adminp process all again, replicate, tell adminp on the other servers, replicate etc (to speed up the process during the test).

All users have pending in their person documents as they should. There are no errors anywhere. In Admin Requests all users get up to Rename in Address Book, but about 1 in 4 get no further. They're not renamed in ACL's, Groups, Names fields etc, but there are still no errors and they are still pending.

We tried moving a pilot group in the live environment, and the same thing happened.

One thing may be an issue. They put off upgrading their Servers to R6 untill after this change (the CEO wants to see the new corporate identity ASAP), but their clients are R6. However if this was the problem it should affect everyone? Also I don't see how the client type would affect AdminP moving users to a new Organisation as it all happens on the server). I'm planning on upgrading the test Servers today to see if that helps, but if not I'm in the s**t  :-)

Can anyone help? I'm at a loss due to the lack of errors or leads to follow up.



PS: If someone hits the nail on the head in the next 5 hours I'll double the points to 1000.
Question by:Samurai073199
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2

Author Comment

ID: 13560039
Oh yes, and this may be a red herring, but it does appear to stop where it would stop if the user refused the name change, but as I said, no one has ever been asked, not even the successful ones.

Expert Comment

ID: 13560060
I had this exact same issue when we moved from our own Domino Domain to being integraded with our Parent Co.'s Domain.

Unfortunatly I never found the exact answer, I had to re-create the users that didn't work on the new Domain and move the mail files over (changing the ACL's etc.).


Accepted Solution

royalcanin earned 1500 total points
ID: 13560076
Forgot to mention that in 6 there is a setting for accepting name changes without prompt.

Go to File -> Security ->User Security

enter user's password

Click "Your Identity" and the click the Name Changes button

Therer are two Radio buttons for "Ask Approval" or "Automatically Accept"

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 13561126
hmmmm...  Were you also in a mixed environment? It's possible the Automatically Accept is not handled properly by the R5 Server?  Though I think I recall that was also an option with R5... I'll go look. Hey it's a straw but it's one more than I had :-)

Expert Comment

ID: 13565159
Actually we were able to upgrade to 6.x from R5 in time to do the migration...  So when we were moving users it was R6 to R6, and I still had a similar issue to yours where for me 1 in about 10 users would not move over.

Eventually we did come up with a theroy but it's a long shot, and like I said, we ended up having to re-create the users anyway...

We noticed that all the failed users had been recertified once before (moved from ANOTHER Domain in the past).  For whatever reason (that we still haven't tracked down to this day) anyone that had been moved from "Really old domain" to "old domain" would not move to "new domain".

Sorry I can't be of more help.

Author Comment

ID: 13570092
No Problem, thanks anyway. I had thought you had got it when you mentioned Auto Accept in R6 clients, as I then switched 10 test users to Always Ask, and all 10 worked.... then I added 4 users to the pilot group, and moved them, and the first three worked... and the last one didn't :(  ARGH!!!

Your letting me know you still had the problem after upgrading was helpful though, as we were planning in doing that to see if it solves the problem... I guess it won't.
LVL 31

Expert Comment

ID: 13578166
As I recall, "move to new certfier" requires that the move take place WITHIN the existing rot certifier for the user.

Qwaletee/EE -> Qwaletee/Samurai/EE = OK
Qwaletee/Royal/Canin -> Qwlatee/Canin = OK
Qwaletee/Royal/Canin -> Qwaletee/Anything/Canin = OK
Qwaletee/EE -> Qwlatee/Canin = Can't rename
Qwaletee/EE -> Qwlatee/Anything/Canin = Can't rename

What you need to do instead, I think, is to use the CERTIFY option on teh last tab of administrator, which requires that you have access to a save copy o teh ID file, or to the ID file itself.  You would then send back the recertified ID.

I mioght be totally off-base on this, because this sort of thing happens rarely, and I don't recall exactly what I did.  In fact, I would appreciate it if you tried it, and posted back to confirmed/deny it.

Author Comment

ID: 13580762
I'm 95% certain you can move users to a new Organisational Certifier this way. I remember doing R4 CLP study that I thought if my company changed Organisation names, I'll quit :) as you had to change everything manually. Where as with R5 you could move users (though still not Servers) to a new Organisation.

I'd read a couple of IBM tech notes about it. And they say to create the new Organisation Certifier, cross certify it with the old one, then rename users and choose to move to a new certifier. Had they been talking about moving within the same Organisation, then the cross certificate would not have been neccessary.

Also, Recertifying means Adminp would not go through the process of changing ACL, Groups and Names fields etc, and doing that manually would be a nightmare.

I does work for about 7 out of 10 users.

Author Comment

ID: 13580765
oops my first paragraph should read "Where as with R5 you could move users (though still not Servers) to a new Organisation USING ADMINP.
LVL 31

Expert Comment

ID: 13586570
Check the person docs to see if they have been updated.  In particular, if you have beore-and-after images of names.nsf, see if the docs have different modified dates, and see if the cert field has changed.

Author Comment

ID: 13620381
Yeah the Person docs are updated and the users show as being User Name/NewOrganisation. Even for the ones that fail. It's just it never gets past that... This is as far as it gets untill the user accepts the change as well.. so it's almost as if the users never accept the change. Of course they can't though as the 1 in 4 that fail are never asked to accept it.

Author Comment

ID: 14773838
royalcanin... We upgraded to R6 Servers, and 397 out of 400 users moved to the new Organisation correctly, so I think it was an issue with R5 Servers not understanding the auto accept of the R6 Clients. It's a shame it didn't help in your case, but you pretty much put me on the right track. Cheers.

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

  In today’s Arena we can’t imagine our lives without Internet as we are highly used to of it. If we consider our life style just for only 2 min we found that face to face communication is swapped by e-communication.  Every Where from Works place to…
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month8 days, 3 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question