Utility to syncronize ACL's and Groups to NAB

I have renamed around 200 users from John Doe/Fake/Main to John Doe/Main. I had made sure all ACL's had the Administration server set to the server that Adminp Process was going to be running on before renaming the selected users. Once I had completed all steps in renaming the users, some of the users ACL's, and Group entries were updated, and some were not. Here are the steps taken to rename the selected users.

1. Set Administration Server for all ACL's to the server the Adminp was going to run on.
2. In the Administrator client, NAB, selected users to rename
3. Selected Actions -> rename selected users
4. Selected the old certifier and entered password
5. Selected OK at all prompts about user name
6. Preformed Tell adminp process new on the server console
7. Opened the ADMIN4.NSF and selected Name Move Request
8. Selected users and preformed "complete move for selected entries"
9. Preformed tell adminp process new at server console.
10. Went back to ADMIN4.NSF to check if there is an entry for "Initiate Rename in Domino Directory" and "Move Person's name in hierarchy"

All users selected to rename were verified in both of these sections with no errors.

Some of the users had entries in "Rename in Access Control List", "Person Documents" , ect.

Some did not.

I need to know if there is a way to re-initiate this process to update the rest of the users ACL and other entries. Maybe some kind of utility that would check all names in Groups to the ACL. Any help would be appreciated.

Who is Participating?
You will probably need to write your own agent in Lotus Script to resolve this if you do not have the option of reding the name change.

Did the Admin request DB show that the name change was successful for everyone ?

Check the LDD sandbox at


for sample code for ACL chages.

I hope this helps !

nicholasrekerAuthor Commented:
I have looked through this list of tools, but none specifically sync the AB to all groups, databases, ect. I am really looking for a tool that has already been developed being that I am in now way familiar with Notes Developement. I have been assigned to administer the Domino environment, but have had to learn by doing. I would be willing to buy a tool that would do this for future needs as well.

brwwigginsIT ManagerCommented:
You might try looking into Power Tools (http://www.helpsoft.com/)

It is a really good tool and I have found it helpful. Here are some of the features it has that may help

 Find Missing ACL Entries: Find Missing ACL Entries will check the ACL of all selected databases for the specified ACL entries and report any databases that do NOT contain those ACL Entries. For example, you might want to find any databases that do not have an Anonymous entry or an Administrators entry.

 Find Unlisted ACL Entries: Scans all ACL entries in all databases on the specified server and checks to see if they exist in the specified address book. Any person, server, or group that is found in the ACL, but not found in the address book is considered UNLISTED. This utility can be used to help clean up ACLs.
  ACL Auditor: Compiles a list of all users who have access to one or more databases via explicit, wildcard or group ACL entries. ACL Auditor will return the access level, assigned roles and ACL flags (Can Create Documents, Can Delete Documents, etc.) for each person listed directly or indirectly in an ACL.
ACL Search & Replace: This utility can be used to make multiple ACL changes on selected databases on a server. It can perform one or more of the following actions: 1) Add a specified name to the ACL of all selected databases 2) Add a specified name to the ACL of all selected databases whenever a specified search name is found in the ACL 3) Change the access level of a specified name in all selected databases 4) Delete a specified name from the ACL of all selected databases 5) Replace a specified name in an ACL with another name in all selected databases.

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi nicholasreker,
 If the applications didn't have an administration server listed in the ACL, then there would not have been an update by Adminp.    Basically, the only thing you can do is as sysExpert suggests and write an agent that will search through and compare ACL names with those in the Address book.

You can try in ALL your databases:
      1. Making sure the Databases all have an administration server assigned,
      2. Enforce a consistent ACL across all replicas
      3. In the Advanced part of the ACL: modify all Readers and Authors fields, or modify all names fields... else you will find any documents having those will lock out the users with the new names.

 In the Administration requests database to open the checked log files that say, "..performed action" and then check off, "Perform the request again?"

Then it should perform the look through the ACL and names fields on each server.  

Hope it works.. (Uh, also, you need to do this before 21 days are up)

As usual
 marilyng is very good at supplying specifics.

I doubt that a tool exists that will do exactly what you want, but if it does, then you cn expect to pay > $1000 for it, and it will probably be part of a suite of tools.

I would suggest writing one or get a consultant to do it.

Else  fix them manually.

Good luck !
grin... it's because I learned the HARD WAY!!!  

Had to merge two domains, and forgot to change ONE server acl's to be administered by the administration server. Of course, that was the one with ALL the reader/author databases, so, yes, I had to write lots of scripts to go through and find all the author and readers fields, compare the entries to those in the Address Book, and replace with the correct entries.

 I basically stepped through each database, then through each form and then through each field on each form to find the names of fields that were readers, authors or names.  Once I had the list of name fields, I could then step through each document check the list of names against the nab, and replace with the new ones.

Took quite awhile, and sysExpert is being kind at the price.. :)   The agent had to be intuitive and shut down before the limit expired on the server, and then pick up where it left off when it started again.

I didn't realise it before the Adminp purged the old requests.... so, I didn't have the option to run again.
Of course, if you want shortcut.. rename them to anoth er ou, and then in another three months, rename them back again. :))
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.