Solved

Utility to syncronize ACL's and Groups to NAB

Posted on 2006-07-05
9
573 Views
Last Modified: 2013-12-18
I have renamed around 200 users from John Doe/Fake/Main to John Doe/Main. I had made sure all ACL's had the Administration server set to the server that Adminp Process was going to be running on before renaming the selected users. Once I had completed all steps in renaming the users, some of the users ACL's, and Group entries were updated, and some were not. Here are the steps taken to rename the selected users.

1. Set Administration Server for all ACL's to the server the Adminp was going to run on.
2. In the Administrator client, NAB, selected users to rename
3. Selected Actions -> rename selected users
4. Selected the old certifier and entered password
5. Selected OK at all prompts about user name
6. Preformed Tell adminp process new on the server console
7. Opened the ADMIN4.NSF and selected Name Move Request
8. Selected users and preformed "complete move for selected entries"
9. Preformed tell adminp process new at server console.
10. Went back to ADMIN4.NSF to check if there is an entry for "Initiate Rename in Domino Directory" and "Move Person's name in hierarchy"

All users selected to rename were verified in both of these sections with no errors.

Some of the users had entries in "Rename in Access Control List", "Person Documents" , ect.

Some did not.

I need to know if there is a way to re-initiate this process to update the rest of the users ACL and other entries. Maybe some kind of utility that would check all names in Groups to the ACL. Any help would be appreciated.

0
Comment
Question by:nicholasreker
9 Comments
 
LVL 63

Accepted Solution

by:
SysExpert earned 168 total points
ID: 17045609
You will probably need to write your own agent in Lotus Script to resolve this if you do not have the option of reding the name change.

Did the Admin request DB show that the name change was successful for everyone ?

Check the LDD sandbox at

http://www-10.lotus.com/ldd/sandbox.nsf/DownloadPage?OpenForm

for sample code for ACL chages.

I hope this helps !

0
 

Author Comment

by:nicholasreker
ID: 17045896
I have looked through this list of tools, but none specifically sync the AB to all groups, databases, ect. I am really looking for a tool that has already been developed being that I am in now way familiar with Notes Developement. I have been assigned to administer the Domino environment, but have had to learn by doing. I would be willing to buy a tool that would do this for future needs as well.

Thanks,
Nick
0
 
LVL 20

Assisted Solution

by:brwwiggins
brwwiggins earned 166 total points
ID: 17046077
You might try looking into Power Tools (http://www.helpsoft.com/)

It is a really good tool and I have found it helpful. Here are some of the features it has that may help

 Find Missing ACL Entries: Find Missing ACL Entries will check the ACL of all selected databases for the specified ACL entries and report any databases that do NOT contain those ACL Entries. For example, you might want to find any databases that do not have an Anonymous entry or an Administrators entry.

 Find Unlisted ACL Entries: Scans all ACL entries in all databases on the specified server and checks to see if they exist in the specified address book. Any person, server, or group that is found in the ACL, but not found in the address book is considered UNLISTED. This utility can be used to help clean up ACLs.
 
  ACL Auditor: Compiles a list of all users who have access to one or more databases via explicit, wildcard or group ACL entries. ACL Auditor will return the access level, assigned roles and ACL flags (Can Create Documents, Can Delete Documents, etc.) for each person listed directly or indirectly in an ACL.
 
ACL Search & Replace: This utility can be used to make multiple ACL changes on selected databases on a server. It can perform one or more of the following actions: 1) Add a specified name to the ACL of all selected databases 2) Add a specified name to the ACL of all selected databases whenever a specified search name is found in the ACL 3) Change the access level of a specified name in all selected databases 4) Delete a specified name from the ACL of all selected databases 5) Replace a specified name in an ACL with another name in all selected databases.

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 18

Assisted Solution

by:marilyng
marilyng earned 166 total points
ID: 17047454
Hi nicholasreker,
 If the applications didn't have an administration server listed in the ACL, then there would not have been an update by Adminp.    Basically, the only thing you can do is as sysExpert suggests and write an agent that will search through and compare ACL names with those in the Address book.

You can try in ALL your databases:
      1. Making sure the Databases all have an administration server assigned,
      2. Enforce a consistent ACL across all replicas
      3. In the Advanced part of the ACL: modify all Readers and Authors fields, or modify all names fields... else you will find any documents having those will lock out the users with the new names.

 In the Administration requests database to open the checked log files that say, "..performed action" and then check off, "Perform the request again?"

Then it should perform the look through the ACL and names fields on each server.  

Hope it works.. (Uh, also, you need to do this before 21 days are up)




Regards!
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 17047528
As usual
 marilyng is very good at supplying specifics.

I doubt that a tool exists that will do exactly what you want, but if it does, then you cn expect to pay > $1000 for it, and it will probably be part of a suite of tools.

I would suggest writing one or get a consultant to do it.

Else  fix them manually.

Good luck !
0
 
LVL 18

Expert Comment

by:marilyng
ID: 17047833
grin... it's because I learned the HARD WAY!!!  

Had to merge two domains, and forgot to change ONE server acl's to be administered by the administration server. Of course, that was the one with ALL the reader/author databases, so, yes, I had to write lots of scripts to go through and find all the author and readers fields, compare the entries to those in the Address Book, and replace with the correct entries.

 I basically stepped through each database, then through each form and then through each field on each form to find the names of fields that were readers, authors or names.  Once I had the list of name fields, I could then step through each document check the list of names against the nab, and replace with the new ones.

Took quite awhile, and sysExpert is being kind at the price.. :)   The agent had to be intuitive and shut down before the limit expired on the server, and then pick up where it left off when it started again.

---------------
I didn't realise it before the Adminp purged the old requests.... so, I didn't have the option to run again.
0
 
LVL 18

Expert Comment

by:marilyng
ID: 17047835
Of course, if you want shortcut.. rename them to anoth er ou, and then in another three months, rename them back again. :))
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now