locked
ILM not updating lotus notes user name

    Question

  •  

    Hi All,

     

    I have provisioned a new user to lotus notes from AD using ILM, but when i change the first and last name of the user or when i rename the user in AD, the user name of the user in domino is not updating,though first and last name are updating.Is there any way to change the user name in domino,

    Plz help

     

    regards dhruv

    Thursday, December 06, 2007 9:57 AM

Answers

  • In the Domino directory, changing the user name requires a re-certification, and the code shown in the link above doesn't handle the case when the connector already existed.  Removing the declared mapping will allow you to write an attribute flow rules extension for it, but it won't change the fact that on the Domino side, the operation requires a recertification.

    Tuesday, February 26, 2008 1:43 AM

All replies

  • dhruv,

     

    You could use the preview function in MIIS to see what's happening or why the data is not changing.

    Change the first name/ lastname of a user in AD, run an import and then use the preview function on that user to see the impact of the change.

     

    If that doesn't help you out, could you provide some details about your configuration and data flows?

     

    Just to be sure, what do you mean by "rename the user in AD": changing first name, lastname, displayName or changing userid (sAMAccountName)...

     

    - in Domino, do you use an export data flow for first name, last name, displayname and/or Domino username?

    - About the MV attribute import flow precedence, is AD precedent on these attributes ?

     

     

    HTH,

    Peter

    Thursday, December 06, 2007 10:50 AM
  • hi peter

    thanx for the reply

     

    In domino ,i am using an export flow for first name ,middle name and last name .

    The user name flow in internally handled by the system,i am not mapping username to anything.

    Username in domino forms the DN,which is automatically created from the firstname ,last name and middle name.

    But when i am changing the firstname,last name or middle name in AD,the changes are reflecting in the firstname.middlename and lastname of domino,but the username is not getting updated.

     

    regards

    Dhruv

     

     

    Thursday, December 06, 2007 11:34 AM
  •  

    Dhruv,

     

    in this case, the firstname, middlename, lastname attributes are normal attributes in Domino, meaning: no anchor attributes.

    You can update them by synchronizing the them.

    But as you said, username is an anchor attribute.

    Which means you need provisioning code to change it...

     

    For example :

    Check if (or how many) Domino connectors to the MV object exist.

    If no connectors : provision user to Domino

    If 1 connector already exists: if applicable, change dn (Domino username)

    If multiple connectors: throw error

     

    Pretty similar to the provisioning code samples you can find on this forum or on the MIIS 2003 Developer reference.

     

    HTH,

    Peter

    Thursday, December 06, 2007 11:52 AM
  •     Hi peter ,

      As told by you i have tried to do it using this code :

     

     

        Public Sub Provision(ByVal mventry As MVEntry) Implements IMVSynchronization.Provision
            ' TODO: Remove this throw statement if you implement this method
            Dim ManagementAgent As ConnectedMA
            Dim Connectors As Integer
            Dim csentry As CSEntry
            Dim mycon As CSEntry
            Dim DNName As String
            Dim DNCertifier As String = "O=binwal"
            

                    ManagementAgent = mventry.ConnectedMAs("lotus")
            Connectors = ManagementAgent.Connectors.Count

            If 0 = Connectors Then
                csentry = ManagementAgent.Connectors.StartNewConnector("person")
                DNName = mventry("givenName").Value 
                If mventry("middleName").IsPresent Then
                    DNName = mventry("middleName").Value + " " + DNName
                End If
                If mventry("lastName").IsPresent Then
                    DNName = mventry("lastName").Value + " " + DNName
                End If
                DNName = DNName + "/" + DNCertifier
                ' Set the property values to provision the object.
                csentry.DN = ManagementAgent.EscapeDNComponent("CN=" + DNName).Concat("NAB=names.nsf")
                csentry("LastName").Value = mventry("lastName").Value
                csentry("_MMS_Certifier").Value = DNCertifier
                csentry("_MMS_IDRegType").IntegerValue = 2  ' International User
                csentry("_MMS_IDStoreType").IntegerValue = 0  ' ID File as a file
                csentry("_MMS_Password").Value = ""
                csentry("HTTPPassword").Value = ""
                csentry("PasswordDigest").Value = ""

                'Finish creating the new connector.
                csentry.CommitNewConnector()

              
      ElseIf 1 = Connectors Then
                mycon = ManagementAgent.Connectors.ByIndex(0)

                DNName = mventry("givenName").Value
                If mventry("middleName").IsPresent Then
                    DNName = mventry("middleName").Value + " " + DNName
                End If
                If mventry("lastName").IsPresent Then
                    DNName = mventry("lastname").Value + " " + DNName
                End If
                mycon.DN = ManagementAgent.EscapeDNComponent("CN=" + DNName).Concat("NAB=names.nsf")
                        End If
                End Sub

     

    But when I am trying to do a delta sync after changing the attributes of AD ,it gives the following error :

     

    System.InvalidOperationException: Unable to rename objects in MA lotus.
       at Microsoft.MetadirectoryServices.Impl.CSEntryImpl.set_DN(ReferenceValue value)
       at Mms_Metaverse.MVExtensionObject.Provision(MVEntry mventry)

    Regards

    Dhruv

    Friday, December 07, 2007 10:20 AM
  • Dhruv,

     

    did you verify that the reassembled DN is correctly composed?

    If you add some logging to your code, you could easily see the final value of the DN (mycon.DN).

     

    Have you compared against the value of a manual change?

     

    In addition to that, maybe this post might shed a light :

    ILM 2007 Lotus Notes MA Provisioning

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2424128&SiteID=17

     

    HTH,

    Peter

    Thursday, December 13, 2007 9:39 PM
  • In the Domino directory, changing the user name requires a re-certification, and the code shown in the link above doesn't handle the case when the connector already existed.  Removing the declared mapping will allow you to write an attribute flow rules extension for it, but it won't change the fact that on the Domino side, the operation requires a recertification.

    Tuesday, February 26, 2008 1:43 AM
  •  

    Ahmad,

     

    I am also getting error "Unable to rename objects in MA LotusNotes MA." for Lotus Notes MA user provisioning. What do you mean by "recertification" in your post. Could you please give me sample code to fix the issue here.

     

    Thanks,

    Dathurajp

    Monday, August 18, 2008 7:13 AM

  • The root of the problem is that the MIIS/ILM Notes MA is not able to rename existing objects (any object, even a group, which is not certified at all).  It just is not a supported operation.

    In my experience, the best thing you can do is export the FullName value as it should be to some other field on the Person document, and then write a scheduled Notes agent to submit the rename operation through AdminP.  This does require moderate development experience with Notes.
    Monday, August 18, 2008 2:50 PM