I ran into an interesting situation with
a partner in Europe. They have a significant customer who had, at
the suggestion of Lotus, created several thousand users with a unique OU
at the time of registration. In looking to do a mass rename with
an automated tool, they discovered that something must be done first to
update the user ID files to allow mass changes with third party tools.
Of all the tools on the market to perform this rename, nothing would work
properly for the rename to happen. As a result, we needed to find
a work around. So here is what I discovered.
Organization XYZ creates a certifier for the O called XYZ. The
registrar an OU called 123. When the users are created
they are associated with the unique OU of abc. So Joe
Smith becomes:
CN=Joe Smith/OU=abc/OU=123/O=XYZ
Well the OU certifier for abc never was created. So doing a rename
you must use the 123 certifier and keep the Unique OU.
If the administrator registrars a new OU called abc in the
Domino directory. All of the users who have this Unique OU of abc
are then recertified (just as when certificates are about to expire) with
the newly created OU. This does not change the certificates in the
ID files but does then change the expiration date. As a result, the
users are now properly associated with a REAL OU certifier and the
rename can move forward as an automated process.
What is really cool about this is that the Local ID File is not affected
so the user receives no prompts or updates. While this step must
be done outside of the third party tool, it can be done on selected documents
in the Domino directory by selecting the affected users and then:
Click on Actions, Recertify Selected People, Choosing the new abc certifier
and entering it's password. This updates the person records with
new expiration dates and allows the administrator to use the third party
tool to do the mass name change.
Perry Hiltz July 12 2005 09:35:34 AM