Moving a user name in the name hierarchy

When you move a user to a different Organizational Unit, the certifier changes, thus the user's name hierarchy changes. Since the name hierarchy in Domino® and Notes® is part of the user's name, when you move a user to a different certifier you have essentially changed the user's name. You can use the Administration Process to move a user name to a different location (Organizational Unit) in the organization's hierarchical name scheme or to move a name to a different Organization altogether.

About this task

For example, if Alice Brown/Marketing/Renovations leaves a job in the Marketing department for a job in Sales, you can certify her user ID with the /Sales/Renovations certifier, which, in effect, moves her to that Organizational Unit. Her full hierarchical name then becomes Alice Brown/Sales/Renovations.

You can also move a user to another Organization, however to do so, your Domino® Directory must contain cross-certificates between the Organizations involved. So, for example, if Alice Brown/Marketing/Renovations leaves a job at Renovations to work for the Renovations subsidiary RenovationsSub that has its own Organization Certifier, you can certify her ID with the /RenovationsSub certifier so that her name becomes Alice Brown/RenovationsSub. Using this example, the Domino® Directory must have cross-certificates between /Renovations and /RenovationsSub.

There are two parts to moving a user name:
  • Request the move using the originating certifier.
  • Complete the move by using the target (new) certifier to approve the request and issue the new certificate.

You can use an agent to notify a user of changes to private design elements during a name change by using the Administration Process to perform the name change.

Changing primary and alternate name information during the move

About this task

If an alternate name has been assigned, the administrator who performs the approval phase of the move automatically has the option to change primary name information. If an alternate name has not been assigned, you can designate whether the administrator who completes the move can modify primary name fields. To use the Domino® alternate name functionality, Domino® must be running on all servers involved with the name change, the user's workstation, and the administrator's workstation.

Synchronizing the name change between Notes® and Active Directory

About this task

While completing the move, you also have the option of synchronizing the name change between Notes® and the Active Directory. To do so, select Rename NT user account in the Rename Person dialog box.

Moving a user name in the name hierarchy

Before you begin

To move a user name in the name hierarchy, you must have:
  • Access to the certifier you are using
  • At least Editor access to the Administration Requests database

Procedure

  1. From the Domino® Administrator, click the People & Groups tab.
  2. Click People and select a user name.
  3. From the tools pane, click People > Rename.
  4. Optional: To upgrade a flat name to a hierarchical name, see the related topics.
  5. Optional: To change the user's common name, see the related topics.
  6. The Honor old names for up to x days field is set to 21 days by default. You can change that value if desired.
  7. Click Request Move to New Certifier.
  8. Use the Choose a Certifier dialog box to specify a method of certification: either a supplied ID and password, or the AdminP Certification Authority (CA) process.
    Note: The certifier ID is created by default as the filecert.id when the Domino® server is installed. If you plan to use the original certifier ID file, make sure you know the password. If you are recertifying a user, choose the certifier ID that certified the user's ID and click Open. For example, to rename Joe Smith/Sales/NYC/ACME, use the certifier ID named SALES.ID.
    1. Use the default server or click Server to specify a server.
      • If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors.
      • If you are using the Domino® server-based CA, select the server that is used to access the Domino® Directory to look up the list of certifiers.
        Note: This is also the server on which CERTLOG.NSF is updated.

      Then select one of these options:

    2. Supply a certifier ID and password.
      • Click Certifier ID if you want to use an ID other that which is displayed.
      • Otherwise, click OK, enter the password for the selected certifier ID, and click OK.
    3. Use the CA Process. If you have configured the Domino® server-based CA, select a CA configured certifier from the list and click OK.
  9. In the Request Move For Selected People dialog box, complete the following:
    Table 1. Certifier move options
    Field Action
    Old Certifier Verify the information (you cannot modify this field). If it is incorrect, cancel the procedure and begin again.
    New Certifier Enter or select the new certifier. This is the name hierarchy that issues a certificate for the user in the new hierarchy.

    For example, to certify Joe Smith from /Sales/NYC/RENOVATIONS into /Service/NYC/RENOVATIONS, enter /Service/NYC/RENOVATIONS or select from the list.

    Inspect each entry before submitting request Selected by default. Do one:
    • Keep selected. The Rename Person dialog box appears with non-modifiable fields of primary and alternate name information. See the subsequent procedure for details on the fields, and review the information for accuracy. When satisfied, go to Step 9.
    • If you do not want to verify each entry, disable the check box. Review the processing information that displays to verify that all name changes were successful. If any fail, check the Certifier Log to determine the reason for the failure. Go to Step 10, then complete the subsequent procedure.
  10. Optional: Click the Allow the primary name to be changed when the name is moved check box if you want the opportunity to change the user's name when you approve the move.
  11. For each name selected, choose one of the following:
    • OK - to submit the name change.
    • Skip - if you are renaming more than one user name and you want to continue to the next name without submitting a name change for the current name.
    • Cancel Remaining Entries - to cancel this name change and name changes for any other names you selected and have not yet submitted.

To complete the name change

Procedure

  1. From the Domino® Administrator, click Server > Analysis > Administration Requests.
  2. Choose the Name Move Requests view. This view categorizes submissions by certifier. Each name awaiting approval is listed under its new certifier. Select the name(s) to move.
  3. Click Complete move for selected entries.
  4. To complete the move, in the Choose a Certifier dialog box, make the following selections:
    1. Use the default server or click Server to specify a server.
      • If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors.
      • If you are using the Domino® server-based CA, select the server that is used to access the Domino® Directory to look up the list of certifiers.
        Note: This is also the server on which CERTLOG.NSF is updated.

      Then select one of these options:

    2. Supply a certifier ID and password.
      • Click Certifier ID if you want to use an ID other that which is displayed.
      • Otherwise, click OK, enter the password for the selected certifier ID, and click OK.
    3. Use the CA Process. If you have configured the Domino® server-based CA, select a CA configured certifier from the list and click OK.
  5. If you are moving a user name from one hierarchy to another hierarchy, a cross certificate is required. If your local Domino® Directory does not contain a cross certificate for the certifier, click Yes when you are prompted to create one.
  6. In the Certificate Expiration Date dialog box, do the following and then click OK:
    Table 2. Certificate expiration options
    Field Action
    Certifier The name hierarchy of the certifier that will issue the new certificate (non-modifiable).
    New certificate expiration date Specify a certifier ID expiration date other than the default two years from the current date.
    Edit or inspect each entry before submitting request Selected by default. You can remove the check mark if you do not want to verify the entries.
  7. In the Rename Person dialog box, make changes to the primary name as needed.
    Table 3. New primary name information options
    Field Action
    First, Middle, and Last Name This is the name with which the user was registered. Make changes to the user's name as appropriate.
    Qualifying Org. Unit A name to differentiate this user from another user with the same user name, certified by the same certifier. This adds a differentiating component that appears between the common name and the certifier name.
    Short Name Created at registration, the default is first initial, last name. You can change this name optionally. It does not change automatically based on changes to the primary name fields. You must make this change manually.
    Internet Address Created at registration, the default is first initial, last name. You can change this name optionally. It does not change automatically based on changes to the primary name fields. You must make this change manually.
    Rename Windows User Account Available to Microsoft Windows Active Directory users only. Check this box if you want to synchronize the name change in both the Domino® Notes® and Active Directory accounts.
  8. Complete the New Alternate Name Information fields as desired. These modifiable fields display only if the user ID has an alternate name assigned to it.
    Table 4. Alternate Name information
    Field Action
    Common Name The common name in the alternate language, listed in the Original Language field.
    Qualifying Org. Unit A name to differentiate this user from another user with the same user name, certified by the same certifier. This adds a differentiating component that appears between the common name and the certifier name.
    Original Language The alternate language currently assigned to the user (non-modifiable).
    New Language Select from the list to assign a new alternate language. This option is available only if the user is moving into an Organizational Unit or Organization that has an alternate language assigned.
  9. Choose one of the following:
    • OK - to submit the name change approval.
    • Skip - if you are renaming more than one user and you want to continue to the next name without submitting a name change for the current name.
    • Cancel Remaining Entries - to cancel this name change and name changes for any other names you selected and have not yet submitted.
  10. When the Processing Statistics dialog box appears, review the information to verify that all name changes have succeeded. If any fail, check the Certifier Log (CERTLOG.NSF) to determine the reason for the failure. Click OK.

Results

The user name change in hierarchy continues just as a change to a Notes® user's common or alternate name is completed.