This Lotus Admin was trying to set up a cascading address book but ended up deleting the LocalDomainServers from
his NAB, ACLs and more. Read on to find out if our hero was able to recover, or if his boss threw the book at him.
I work in an international company with decentralized administration (i.e., a lot of local administrators). My job entails overall responsibility for the Lotus Notes and Domino environment within our company.
At one point, I had been supporting a local administrator in the process of setting up a new Domino server. All system databases where replicated, and the server was up and running and prepared to migrate users from cc:Mail.
Now this company requested a "local" address book to be used on their server only (to have customers, external contacts, mailing lists etc.). This address book was supposed to be cascaded with the corporate address book on the server so that people in the company could find those users using type-ahead and the address button when creating a new memo.
I created a new address book for the company and cascaded it on the server. We restarted Domino, and after that, we could see the address book when pressing the address button in a new memo. The address book was created using the pubnames.ntf template.
We noticed that within this newly created address book there where two default groups: LocalDomainServers and OtherDomainServers. As this address book should use groups for mailing lists, we thought that we should remove the default groups from this cascaded address book to prevent users from wondering what these groups were and to prevent the server from being confused with groups that had the same name in different address books. The groups where marked, and without any further considerations, the button Delete Group was pressed.
What we did not realize at that time was that the admin process started (initiated by the Action button) and there was a request created in the admin process saying "Delete LocalDomainServers from NAB, ACLs, etc."
Of course, this request was processed -- removing the groups from the corporate NAB as well as from the ACLs on all databases where an administration server was set.
The problem was first noticed the next day. The admin request was successfully run on all servers.
This "blooper" caused almost all replications between all our servers to stop in one single click on the delete group button.
To fix the problem, special agents where developed to automatically add LocalDomainServers into the ACLs on all databases on all servers. To reproduce the groups in the address book was pretty easy, but the recreation of the ACL entries in ALL databases took several days.
So to avoid doing the same I did, I suggest the following:
Create local address books using the personal address book template instead. That design will not trigger the admin process if you delete the Local and OtherDomainServers groups. If you by some reason have to use the Domino Directory template, then delete the groups using the delete button on your keyboard and then press F9.
- Never press the "Delete Group" button.
Note: In a distributed Lotus Notes/Domino environment with distributed administration, there is always a risk that this might happen again.
Do you have your own blooper? Send it in and claim your fame.
Every story in our bloopers series comes to us directly from a SearchDomino.com administrator, developer or consultant. For obvious reasons, some contributors -- including this tale's author -- choose to remain anonymous.