E Delegated Administrator Reference

This appendix provides command-line descriptions of individual commadmin commands in Oracle Communications Delegated Administrator.

commadmin admin add

The commadmin admin add command grants the Organization Administrators privileges to a user for a particular domain. Only a Top-Level Administrator or an ISP administrator can execute this command.

Syntax

commadmin admin add -D login -l login -n domain password -d domain [-h] [-i inputfile ] [-p DA server port] [-X DA server host name] [-?] [-s] [-v] [-V]

Options

Table E-1 displays the options that are mandatory:

Table E-1 commadmin admin add Mandatory Options

Option	Description
-D login	The user ID of the Top-Level Administrator.
-l login	The user ID of the user to whom you want to grant organization administrative privileges. The user should be present in the directory and be a part of the domain specified by the -d option.
-n domain	The domain of the Top-Level Administrator. If not specified, the default domain stored in the cli-usrprefs.properties file is used.
-d domain	The domain to which you want to grant administrative privileges. If not specified, the domain specified by the -n option is used.

Table E-2 displays the options that are non-mandatory:

Table E-2 commadmin admin add Non-Mandatory Options

Option	Description
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Use this option to specify an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-X DA server host name	Specify the host on which Delegated Administrator is running. If not specified, the default DA server host name is used
-h, -?	Prints command usage syntax.
-V	Prints information about the command and its version.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.

Examples

The following grants Organization Administrator privileges to the user with the user ID admin1.

commadmin admin add -D chris -n example.com -l admin1 -d example.com

The following grants Organization Administrator privileges to the user with the user ID admin2 for the domain florizel.com.

commadmin admin add -D chris -l admin2 -n example.com -d example.com

commadmin admin remove

The commadmin admin remove command removes the Organization Administrator privileges from an existing Organization Administrator. Only a Top-Level Administrator can execute this command.

To remove Organization Administrator privileges from multiple users, use the -i option.

Syntax

commadmin admin remove -D login -l login -n domain -d domain name [-h] [-?] [-i] inputfile [-p] DA server port [-X] DA server host name [-s] [-v] [-V]

Options

Table E-3 displays the options that are mandatory:

Table E-3 commadmin admin remove Mandatory Options

Option	Description
-D login	The user ID of the Top-Level Administrator.
-l login	The user ID of the user whose administrator privileges need to be revoked.
-n domain	The domain of the Top-Level Administrator.
-d domain name	The domain to which administrator privileges are revoked. If -d is not specified, the domain specified by -n is used.

Table E-4 displays the options that are non-mandatory:

Table E-4 commadmin admin remove Non-Mandatory Options

Option	Description
-h, -?	Displays command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Use this option to specify an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-X DA server host name	Specify the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Displays information about the command and its version.

Example

The following command removes Organization Administrator privileges from the administrator with user ID admin5:

commadmin admin remove -D chris -n example.com -l admin5 -d test.com

commadmin admin search

The commadmin admin search command searches and displays a specific or all Organization Administrators in a domain.

Syntax

commadmin admin search -D login -n -domain [-l login] [-d domain]

Options

Table E-5 displays the options that are mandatory:

Table E-5 commadmin admin search Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-n domain	The domain of the user specified with the -D option.

Table E-6 displays the options that are non-mandatory:

Table E-6 commadmin admin search Non-Mandatory Options

Option	Description
-l login	The user ID of the Organization Administrator searched for. If -l is not specified or -l is specified with the wildcard operator (-l* or -l '*') all Organization Administrators of the domain are displayed.
-d domain	Searches for users who have Organization Administrator privileges for the specified domain. If -d is not specified, the domain specified by -n is used.

Example

To search for all Organization Administrators of the test.com domain:

commadmin admin search -D chris -n example.com -d test.com

commadmin Command Definition

This page provides general information about how to use the commadmin command. It includes the following topics:

• Execution Modes

• Command results

• Command File Format

• Mandatory commadmin Options

Execution Modes

The command line execution has three possible modes:

• Execute with options specified in a file

  commadmin object task -i inputfile
  

  Analyzes inputfile and executes it. The input file should be in the format "Command File Format".

• Immediate or shell execution

  commadmin object task [options]
  

  If all needed information is provided, the command will execute immediately.

• Interactive

  commadmin object task
  

  The command contains some, but not all of the required options for command execution. The administrator is queried for the remainder of the options and attributes.

Command results

When an operation succeeds, the following message appears:

OK

If a failure occurs, the following message appears:

FAIL

message

Where message displays the error text.

Command File Format

The options can be specified within a file, using the -i option.

Within the file discussed in "Execution Modes", option names are separated from option values by white space. The option value begins with the first non-white space character and extends to the end-of-line character. Option sets are separated by blank lines.

The general syntax is:

option name [option value, if any]
option name [option value, if any]
...
option name [option value, if any]
blank line
option name [option value, if any]
option name [option value, if any]
...
option name [option value, if any]

The option value given in the command line becomes the default for each option set. Alternatively, these options can be specified for each option set. The value then overrides any default specified on the command line.

Following is an example of the format and syntax for the file specified by the -i option for the commadmin user create command.

l newuser1
F new
L user1
 
l newuser2
F new
L user2
 
l newuser3
F new
L user3
 
and so forth...

Mandatory commadmin Options

Table E-7 displays the options that are the mandatory options used for authenticating the administrator or the user.

Note:

Beginning with Communications Suite 7 Update 2, the -w password option is no longer used. Instead, the commadmin command has been made more secure by the removal of ability to specify the administrative password on the command line or to use a password file. All commadmin passwords must now be typed using a no-echo prompt.

Table E-7 Mandatory Options for Administrator or User Authentication

Option	Description
-D userid	User ID used to bind to the directory.
-n domain	The domain the administrator belongs to. (For more information, see the Note shown below this table.)

Note:

Configuring Delegated Administrator for Directory Access Through Access Manager (Legacy Mode)

This note applies only if you choose to access the directory using Access Manager in Legacy mode when you first configure Delegated Administrator after installation.

In this case, the Access Manager Host (-X), Access Manager Port (-p), and the default domain (-n) values are specified when you run the configuration program, config-commad, and store them in the cli-usrprefs.properties file.

If the -X, -p, and -n options are not specified at the time when a commadmin command is executed, their values are taken from Delegated Administrator property files.

commadmin debug log

The commadmin debug log command creates a Delegated Administrator server log file that contains error messages generated by the Delegated Administrator servlets installed on the web container. If the log file already exists, the new error messages are appended to the end of the existing file. If the log file does not exist, a new file is created.

This command sets the debug mode on Delegated Administrator. Debug mode is useful for analyzing problems that affect the Delegated Administrator Console and the Delegated Administrator Utility. For analyzing problems with the Delegated Administrator Utility (commadmin) client itself, use the -v option, and capture the command output.

Syntax

commadmin debug log -D login -n domain -t [ on|off ] [ -f debug-log-file ] [-s]

Options

Table E-8 displays the options that are mandatory:

Table E-8 commadmin debug log Mandatory Options

Option	Description
-D login	The user ID of the Top-Level Administrator.
-n domain	The domain of the Top-Level Administrator.
-t [on|off]	Toggles between turning on the debug log and turning it off. The value on causes the server to start writing error messages to the log. The value off causes the server to stop writing error messages to the log.

Table E-9 displays the options that is non-mandatory:

Table E-9 commadmin debug log Non-Mandatory Options

Option	Description
-f debug-log-file	The full path where the log will be created, including the file name of the log. The path must be one of the following two directories: /tmp/ /var/tmp/ The debug-log-file can be any file name. If the -f option is not specified, the default value is /tmp/commcli.log.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.

Example

To create a new debug log, enter:

commadmin debug log -D paul -n example.com -t on -f /tmp/debug.log

To turn off logging, enter:

commadmin debug log -D paul -n example.com -t off

Note:

You do not have to specify the file name when you turn off the log.

commadmin domain create

The commadmin domain create command creates a single domain in the LDAP directory. To create multiple domains, use the -i option.

Syntax

commadmin domain create -D login -d domain name -n domain [-A [+] attributename:value] [-h] [-?] [-i inputfile] [-o organization RDN] [-p DA server port] 

[-s] [-v] [-V] [-X DA server host name] [-S mail -H preferred mail host] [-S cal [-B backend calendar data server] [-C searchable domains] 

[-g access control string] [-P propertyname[:value]] [-R right[:value]] [-T calendar time zone string] ] [-S im]

Options

Table E-10 displays the options that are mandatory:

Table E-10 commadmin domain create Mandatory Options

Option	Description
-D login	The user ID of the Top-Level Administrator.
-d domain name	DNS domain name of the domain that is being created.
-n domain	The domain of the Top-Level Administrator.

Table E-11 displays the options that options are non-mandatory:

Table E-11 commadmin domain create Non-Mandatory Options

Option	Description
-A [+] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and the value specified replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes. If the action value (+) is not specified, the default action is to add the existing value.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-o organization RDN	Specifies the organization RDN for the domain. For example, o=example.example.com. If this option is not specified, the organization is created under the osisuffix, with o= the name of the domain, o=osiSuffix.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.
-S service	Specifies the service or services to be added to the domain. service can have the value of a single service or multiple services. The valid service values are mail, cal, and im. These values are case-insensitive. If the -S mail option is specified, then the -H option must be specified. Can be listed as a comma-separated list. For Example: -S mail,cal,im Delegated Administrator 7: -S im AM provisioning mode: A domain is created with the services mentioned, depending on the value of the particular service definition present in the configuration file of Access Manager.

Table E-12 displays the options that, if the -S mail option is specified, are non-mandatory options that are allowed:

Table E-12 commadmin domain create Options Allowed if -S mail Specified

Option	Description
-H preferred mail host	The preferred mail host for the domain. The host must be a fully qualified host name, for example, mailhost.example.com. This option is mandatory if the -S mail option is specified.

Table E-13 displays the options that, if the -S cal option is specified, are the non-mandatory options that are allowed:

Table E-13 commadmin domain create Options Allowed if -S cal Specified

Option	Description
-B back-end calendar data server	Specifies the default back-end host assigned to a user or resource in a domain.
-C searchable domains	Specifies the domains to be searched when looking for calendars or users.
-g access control string	Specifies the Access Control List (ACL) for a newly created user calendar.
-P propertyname[:value]	Sets values for multi-valued and bit oriented attributes. See "Attribute Values" for attributes, their descriptions and values.
-R right[:value]	Sets calendar domain attribute icsAllowRights. The attribute holds a bitmap value. See "Attribute Values" for a list of attributes, their value(s), and description(s).
-T calendar time zone string	Specifies the time zone ID used when importing files. See Calendar Time Zone Strings for a list of the valid time zone strings.

Example

To create a new domain with mail, calendar, and instant messaging services, enter:

commadmin domain create -D chris -d example.com -n example.com -S mail,cal,im -H mailhost.example.com

Note:

Product Version Information

Current Features: Features documented on this page were introduced in the following product release versions of Delegated Administrator 7:

• Direct LDAP domain creation (no dependence on AM)

• Support for IM service

commadmin domain delete

The commadmin domain delete command marks a single hosted domain as deleted from the server. To mark multiple hosted domains as deleted, use the -i option.

When you mark a domain as deleted, all user and group entries in the domain are marked as deleted.

The "commadmin domain purge" command will permanently remove the domain.

To disable Organization Administrators usage of a service like calendar service or mail service, use the -S option. Here S is in uppercase.

Syntax

commadmin domain delete -D login -d domain name -n domain [-h] [-?] [-i inputfile] [-p DA server port] [-s] [-S service] [-v] [-V] [-X DA server host name]

Options

Table E-14 displays the options that are mandatory:

Table E-14 commadmin domain delete Mandatory Options

Option	Description
-D login	The user ID of the Top-Level Administrator.
-d domain name	The DNS domain name that is being deleted. If -d is not specified, the domain specified by -n is used.
-n domain	The domain of the Top-Level Administrator.

Table E-15 displays the options that are non-mandatory:

Table E-15 commadmin domain delete Non-Mandatory Options

Option	Description
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured during installation.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-S service	Modifies the value of the specified service status attribute value to delete. Multiple services are separated by a comma. The valid service values are mail, and cal, and im. These values are case-insensitive.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

To delete an existing domain:

commadmin domain delete -D chris -d example.com -n example.com

To delete just the mail service from the florizel.com domain:

commadmin domain delete -D chris -d example.com -n example.com -S mail

commadmin domain modify

The commadmin domain modify command modifies attributes of a single domain directory entry. To modify multiple domains, use the -i option.

Syntax

commadmin domain modify -D login -d domain -n domain
   [-A [+|-]attributename:value] [-h] [?] [-i inputfile] [-p DA server port] [-s] [-v] [-V]
   [-X DA server host name]
   [-S mail -H preferred mailhost]
   [-S cal [-g access string] [-C cross domain search domains] [-B backend calendar data server]
   [-P [action] propertyname[:value]] [-R propertyname[:value]] [-T calendar time zone string]]
   [-S im]

Options

Table E-16 displays the options that are mandatory:

Table E-16 commadmin domain modify Mandatory Options

Option	Description
-D login	The user ID of the Top-Level Administrator.
-d domain	The DNS domain name to be modified. If -d is not specified, the domain specified by -n is used.
-n domain	The domain of the Top-Level Administrator.

Table E-17 displays the options that are non-mandatory:

Table E-17 commadmin domain modify Non-Mandatory Options

Option	Description
-A [+ or -] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes. A - indicates removing the value. If the - is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the - sign. If the action value (+ or -) is not specified, the default action is to replace the existing value.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.
-S service	Adds the specified service or services to the domain during modification. The valid service values are mail, and cal, and im. These values are case-insensitive. The services listed with the -S option are separated by a comma. If -S mail is specified, then the -H option must be specified.

Table E-18 displays the options that, if the -S mail option is specified, are the non-mandatory options that are allowed:

Table E-18 commadmin domain modify Options Allowed if -S mail Specified

Option	Description
-H preferred mail host	The preferred mail host for the domain. This option is mandatory if the -S mail option is specified.

Table E-19 displays the options that, if the -S cal option is specified, are the non-mandatory options that are allowed:

Table E-19 commadmin domain modify Options Allowed if -S cal Specified

Option	Description
-B back-end calendar data server	The default back-end host assigned to a user or resource in a domain.
-C cross domain search domains	Specifies the domains to be searched when looking for calendars or users.
-g access string	Specifies the Access Control List (ACL) for newly created user calendar.
-P [action]propertyname[:value]	Sets the values for multi-valued and bit oriented attributes. See the Attribute Values tables in Delegated Administrator System Administrator's Guide for the descriptions and values of propertyname.
-T calendar time zone string	Time zone ID used when importing files. See Calendar Time Zone Strings for a list of the valid time zone strings.
-R propertyname[:value]	Sets calendar domain attribute icsAllowRights. The attribute holds a bitmap value. See the Attribute Values tables in Delegated Administrator System Administrator's Guide for a list of property names, their value, and description.

Example

To modify an existing domain:

commadmin domain modify -D chris -n example.com -d example.com -A preferredmailhost:test.example.com

commadmin domain purge

The commadmin domain purge command permanently removes all entries or service of entries that have been marked for removal. This can include domains, users, groups, and resources.

As part of periodic maintenance operations, use the commadmin domain purge command to remove all entries that have been deleted for a time period that is longer than the specified delay period (grace period).

You can perform a purge at any time by invoking the command in commadmin. There is no equivalent in Delegated Administrator Console.

If the -d* option is specified, all domains are searched for users and domains that are marked as deleted. Users that are marked as deleted will be purged from their domain, but the domain will not be purged unless it is also marked as deleted. If a domain is marked as deleted, it will be purged along with all users within that domain.

When you invoke the command, the directory is searched and a list of domains are created whose entries include domains that have been marked for deletion longer than the specified grace period. The default value for the grace period is set to 5 days.

After a service has been marked as deleted, a command that removes resources such as mailboxes or calendars must be run before the service can be purged from the directory:

• For mail services, run the msuserpurge command.

• For information about the command see Messaging Server Reference.

• For calendar services, run the davadmin command for Calendar Server 7. Run the csclean command for Calendar Server 6.

• For information about the davadmin command see Calendar Server System Administrator's Guide. For information about the csclean command see Calendar Server 6.3 Administration Reference.

Note:

The commadmin domain purge command must be run by the Top-Level Administrator.

For more information about how to remove users and services from a domain, see Removing Users, Groups, and Services from a Domain.

Syntax

commadmin domain purge -D login -n domain -d domain [-g grace] [-h] [-?] [-i inputfile] [-p DA server port] [-s] [-S service] [-v] [-V] [-X DA server host name]

Options

Table E-20 displays the options that are mandatory:

Table E-20 commadmin domain purge Mandatory Options

Option	Description
-D login	The user ID of the Top-Level Administrator.
-n domain	Domain of the Top-Level Administrator.
-d domain	Purge specified domain. The * operator (-d*) may be used to search for a pattern.

Table E-21 displays the options that are non-mandatory:

Table E-21 commadmin domain purge Non-Mandatory Options

Option	Description
-g grace	Delay period (grace period) in days before the domain is purged. Domains marked for deletion for fewer than grace days will not be purged. For example, if you use -g 7, all entries that have been marked for deletion for 7 days and more are purged, but entries marked for deletion for 6 days and fewer are not purged. A 0 indicates purge immediately. The default value is 5 days. The default value cannot be changed permanently. You can change the grace period only by using the -g grace option in the commadmin domain purge command.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-S service	Removes service related object classes and attributes from the domain. If the domain contains users and resources it removes the service specific data from the directory for these users and resources. The list of services is separated by the comma (,) delimiter. The valid service values are mail, cal, and im. These values are case-insensitive.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

In the following example, the example.org domain is purged and all entries within the domain are also removed:

commadmin domain purge -D chris -d example.org -n example.com

commadmin domain search

The commadmin domain search command obtains all the directory properties associated with domains.

• If no domain is specified with -d, all domains will be displayed.

• To obtain all the directory properties for multiple domains, use the -i option.

• When -S is specified in this command, only the domains having active specified services are displayed.

Syntax

commadmin domain search -D login -n domain [-d domain] [-h] [-?] [-i inputfile] [-p DA server port] [-s] [-S service] [-t Search Template] [-v] [-V] [-X DA server host name]

Options

Table E-22 displays the options that are mandatory:

Table E-22 commadmin domain search Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-n domain	The domain of the user specified with the -D option.

Table E-23 displays the options that are non-mandatory:

Table E-23 commadmin domain search Non-Mandatory Options

Option	Description
-d domain	Search for this domain. If -d is not specified or -d* is specified, all domains are displayed.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-S service	Specifies the services to be searched in the active domains. service can have the value of a single service or multiple services. The valid service values are mail, cal, and im. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal,im
-t Search template	Specifies the name of the search templates to be used instead of the default search templates. Only active domains are displayed after the search.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

commadmin group create

The commadmin group create command adds a single group in the LDAP directory. To create multiple groups, use the -i option.

If a group is created without any members, by default, it is a static group.

Note:

Groups cannot contain both static and dynamic members.

An email distribution list is one type of group. When a message is sent to the group address, Messaging Server sends the message to all members in the group.

Syntax

commadmin group create -D login -G groupname -n domain [-A [+]attributename:value] [-d domain] [-f ldap-filter] [-h] [-?] [-i inputfile]

[-m internal-member] [-p DA server port] [-s] [-v] [-V] [-X DA server host name] [-S service [-H mailhost] [-E email] [-M external-member] [-o owner] [-r moderator]]

[-a true|false ] [-b true|false ] [-c group id] [-j DWPHost] [-q secondary owner] [-t time zone]

Options

Table E-24 displays the options that are mandatory:

Table E-24 commadmin group create Mandatory Options

Option	Description
-D login	The user ID of the user who has permission to execute this command.
-n domain	The domain of the user specified by the -D option.
-G groupname	The name of the group (for example, mktg-list).

Table E-25 displays the options that are non-mandatory:

Table E-25 commadmin group create Non-Mandatory Options

Option	Description
-A[+] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes.
-d domain	The fully qualified domain name of the group (for example, example.com). The default is the local domain. If -d is not specified, the domain specified by -n is used.
-f ldap-filter	Creates dynamic groups. Setup the LDAP filter by specifying an attribute or a combination of attributes. Multiple -f commands can be specified to define many LDAP filters for members of a group. The LDAP filter should define members within the group's organization. Even if the LDAP filter specifies another organization, this value defaults to the group's organization. This constraint prevents members who belong to an outside organization from being added to the group.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-m internal-member	User ID or mail: address of the internal members added to this group. To add more than one member, use multiple -m options. This option should be used to create static groups.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Prints information about the commands and its version.
-S service	Specifies the services to be added to the Group. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal

Table E-26 displays the options that are allowed:

Table E-26 commadmin group create Options Allowed if -S mail Specified

Option	Description
-o owner	The group owner's email address. An owner is the individual responsible for the distribution list. (This option is also allowed, and is mandatory, when the -S cal option is specified.)
-E email	The email address of the group. (This option is also allowed when the -S cal option is specified.)
-H mail host	The mail host to which this group responds (for example, mailhost.example.com). The default is the local mail host.
-M external-member	Adds an external member to this group. The value of external-member is the user email address. To add more than one member, use multiple -M options.
-r moderator	The moderator's email address.

Table E-27 displays the options that, if the -S cal option is specified, are mandatory:

Table E-27 commadmind group create Option Mandatory if -S cal specified

Option	Description
-o owner	The group owner's email address. An owner is the individual responsible for the Calendar group's distribution list. The group owner must have Calendar service. (This option is also allowed when the -S mail option is specified.)

Table E-28 displays the options that, if the -S cal option is specified, are the non-mandatory options that are allowed:

Table E-28 commadmin group create Options Allowed if -S cal specified

Option	Description
-a true|false	Allows or disallows calendar appointments to be accepted automatically. true enables automatic acceptance of appointments. false disables automatic acceptance of appointments.
-b true|false	Allows or disallows calendar appointments to be double-booked, permitting more than one appointment at the same time. true enables double-booking of appointments. false disables double-booking of appointments.
-c group id	Specifies a group ID for the Calendar group. If this option is not specified, Delegated Administrator automatically supplies a group ID.
-E email	The email address of the group. This address is used to notify group members of Calendar events. (This option is also allowed when the -S cal option is specified.)
-j DWPHost	The DNS name of the back-end calendar server which hosts this Calendar group's calendar. This host is the Database Wire Protocol (DWP) server that stores the calendar and its data. If the DNS name of the back-end calendar server is not specified, the value stored in the {{ics.conf}} file of the server is used as the default value.
-q secondary owner	The secondary owner's email address. A secondary owner can manage the Calendar group's distribution list. To add more than one secondary owner, use multiple -q secondary owner options. All secondary owners must have Calendar service.
-t time zone	The time zone used to display the Calendar group's calendar in the calendar's user interface. See Calendar Time Zone Strings for a list of the valid time zone strings.

Example

To create a group testgroup in the domain example.com:

commadmin group create -D chris -n example.com -G testgrou -d example.com -m lorca@example.com -S mail,cal -M achiko@example.com -o achiko@example.com -c calgroup1

commadmin group delete

The commadmin group delete command marks a single group as deleted. To mark multiple groups as deleted, use the -i option.

To disable a group's usage of services such as Calendar Server or Messaging Server, use the -S option. Here S is in uppercase.

Note:

In order to permanently remove a group, you must run the following command: commadmin domain purge. See "commadmin domain purge" for details.

Syntax

commadmin group delete -D login -G groupname -n domain [-d domain] [-h] [-?] [-i inputfile] [-p DA server port] [-s] [-S service] [-v] [-V] [-X DA server host name]

Options

Table E-29 displays the options that are mandatory:

Table E-29 commadmin group delete Mandatory Options

Option	Description
-D login	The user ID of the user who has permission to execute this command.
-G groupname	The name of the group to be marked as deleted. For example, mktg-list.
-n domain	The domain of the user specified by the -D option.

Table E-30 displays the options that are non-mandatory:

Table E-30 commadmin group delete Non-Mandatory Option

Option	Description
-d domain	The domain of the group. If -d is not specified, the domain specified by the -n option is used.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-S service	Modifies the value of the specified service status attribute value to deleted. The services listed with the -S option are separated by a comma. The valid service values are mail and cal. These values are case-insensitive.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Examples

The following example marks the group testgroup@example.com as deleted:

commadmin group delete -D chris -n example.com -G testgroup -d example.com

The following example marks the mail service for testgroup@example.com as deleted:

commadmin group delete -D chris -n example.com -G testgroup -d example.com -S mail

commadmin group modify

The commadmin group modify command changes the attributes of a single group that already exists in the LDAP directory. To change the attributes of multiple groups, use the -i option.

A mailing list is one type of group. When a message is sent to the group address, Messaging Server sends the message to all members in the group.

Syntax

commadmin group modify -D login -G groupname -n domain [-A [+|-]attributename:value] [-d domain] [-f [action]ldap-filter] [-h] [-?] [-i inputfile]

[-m [+|-]internal-member] [-p DA server port] [-s] [-v] [-V] [-X DA server host name] [-S mail [-o owner] [-E email] [-H mailhost] [-M external-member] [-r moderator]

[-a true|false ] [-b true|false ] [-c group id] [-j DWPHost] [-q secondary owner] [-t time zone]

Options

Table E-31 displays the options that are mandatory:

Table E-31 commadmin group modify Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-G groupname	The name of the group to be modified. For example, mktg-list.
-n domain	The domain of the user specified by the -D option.

Table E-32 displays the following non-mandatory options:

Table E-32 commadmin group modify Non-Mandatory Options

Option	Description
-A [+|-] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes. A - indicates removing the value. If the - is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the - sign.
-d domain	The domain of the group. If -d is not specified, the domain specified by the -n option is used.
-f [action] ldap-filter	Indicates whether a ldap filter is added to or removed from the group A + before the ldap-filter indicates that it is to be added to the existing filters. A - indicates removing the existing filter. Type -f- to remove all the filters. If the - is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. If action is not specified, by default the filter is added provided it is not already present. Otherwise an error message is displayed. The LDAP filter should define members within the group's organization. Even if the LDAP filter specifies another organization, this value defaults to the group's organization. This constraint prevents members who belong to an outside organization from being added to the group.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-m [action] internal-member	Indicates whether to add or remove an internal member. An action value of: + adds the member to an existing list of internal members. - removes the member from an existing list of internal members. If the - is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. The value of internal--member is either a mail address or user ID. -m* removes all the internal members.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the local host if no default was configured at install time.
-S service	Specifies the services to be added to the group during modification. Before a service is added, Delegated Administrator validates whether the service already exists. If the service exists, an error message is displayed. service can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal

Table E-33 displays the options that, if the -S mail option is specified, are allowed:

Table E-33 commadmin group modify Options Allowed if -S mail Specified

Option	Description
-o owner	The group owner's email address. An owner is the individual responsible for the distribution list. (This option is also allowed, and is mandatory, when the -S cal option is specified.)
-E email	The email address of the group. (This option is also allowed when the -S cal option is specified.)
-H mail host	The mail host to which this group responds (for example, mailhost.example.com). The default is the local mail host.
-M external-member	Adds an external member to this group. The value of external-member is the user's email address. To add more than one member, use multiple -M options.
-r moderator	The moderator's email address.

Table E-34 displays the options that, if the -S cal option is specified, are the options that are mandatory:

Table E-34 commadmin group modify Options Mandatory if -S cal Specified

Option	Description
-o owner	The group owner's email address. An owner is the individual responsible for the Calendar group's distribution list. The group owner must have Calendar service. (This option is also allowed when the -S mail option is specified.)

Table E-35 displays the options that, if the -S cal option is specified, are the non-mandatory options that are allowed:

Table E-35 commadmin group modify Options Allowed if -S cal Specified

Option	Description
-a true|false	Allows or disallows calendar appointments to be accepted automatically. true enables automatic acceptance of appointments. false disables automatic acceptance of appointments.
-b true|false	Allows or disallows calendar appointments to be double-booked, permitting more than one appointment at the same time. true enables double-booking of appointments. false disables double-booking of appointments.
-c group id	Specifies a group ID for the Calendar group. If this option is not specified, Delegated Administrator automatically supplies a group ID.
-E email	The email address of the group. This address is used to notify group members of Calendar events. (This option is also allowed when the -S cal option is specified.)
-j DWPHost	The DNS name of the back-end calendar server which hosts this Calendar group's calendar. This host is the Database Wire Protocol (DWP) server that stores the calendar and its data. If the DNS name of the back-end calendar server is not specified, the value stored in the {{ics.conf}} file of the server is used as the default value.
-q secondary owner	The secondary owner's email address. A secondary owner can manage the Calendar group's distribution list. To add more than one secondary owner, use multiple -q secondary owner options. All secondary owners must have Calendar service.
-t time zone	The time zone used to display the Calendar group's calendar in the calendar's user interface. See Calendar Time Zone Strings for a list of the valid time zone strings.

Examples

To remove an internal member (jsmith) from the group testgroup within the domain example.com:

commadmin group modify -D chris -d example.com -G testgroup -n example.com -m jsmith

To add Calendar service to the group testgroup within the domain example.com:

commadmin group modify -D chris -d example.com -G testgroup -n example.com -S cal -o achiko@example.com -c calgroup1

commadmin group search

The commadmin group search command obtains all the directory properties associated with a single group. To obtain all the directory properties for multiple groups, use the -i option.

Syntax

commadmin group search -D login -n domain [-d domain] [-E string] [-G string] [-h] [-?] [-i inputfile] [-p DA server port] [-s] [-S service]

[-t search template] [-v] [-V] [-X DA server host name]

Options

Table E-36 displays the options that are mandatory:

Table E-36 commadmin group search Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-n domain	The domain of the user specified by the -D option.

Table E-37 displays the options that are non-mandatory:

Table E-37 commadmin group search Non-Mandatory Options

Option	Description
-d, domain	The domain of the group to be searched. If -d is not specified, all domains are searched.
-E string	Email address of the group. The wildcard operator (*) may be used within any part of string.
-G string	The name of the group to be searched. For example, mktg-list. If -G is not specified, all groups in the domain specified by -d are displayed. The wildcard operator (*) may be used within any part of string.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where the IS server is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-S service	Specifies the service to be searched. The only valid value for service is mail. This value is case-insensitive. For Example: {{-S mail}}. Only groups with active services are displayed.
-t Search Template	Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active groups are searched for.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

To search for a group named developers under the example.com domain:

commadmin group search -D chris -n example.com -G developers -d example.com

commadmin resource create

The commadmin resource create command creates a directory entry for a resource.

See "Creating a Resource" for instructions on creating a resource.

Syntax

commadmin resource create -D login -E email -n domain -u identifier -N name [-c calendar identifier] [-A [+]attributename:value] 

[-C DWPHost] [-d domainname ] [-h] [-?] [-i inputfile] [-o owner] [-p DA server port] [-s] [-T time zone] [-u uid] [-v] [-V] [-X DA server host name]

Options

Table E-38 displays the options that are mandatory:

Table E-38 commadmin resource create Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-E email	Specifies the resource's email address.
-n domain	Domain of the user specified with the -D option.
-u identifier	Resource's unique identifier. This identifier value should be unique within the domain name space or within all the users and resources the calendar manages in the calendar mode.
-N name	Friendly name used to display the resource in the calendar GUI.
-c calendar identifier	Identifier for this resource's calendar. The identifier value should be unique throughout all the calendars managed by the Calendar Server.

Table E-39 displays the options that are non-mandatory:

Table E-39 commadmin resource create Non-Mandatory Options

Option	Description
-A [+] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes.
-C DWPHost(Applies to Calendar Server 6)	The DNS name of the back end calendar server which hosts this user's calendars. If the DNS name of the back-end calendar server is not specified, the value stored in the ics.conf file of the server is used as the default value.
-d domain name	Domain of the resource. If -d is not specified, the domain specified by -n is used.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-o owner	Specifies the owner of the resource's calendar (user ID). The resource owner must be a user ID that resides in the domain of the resource.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-T time zone	The time zone used to display the resource's calendar in the calendar's user interface. See Calendar Time Zone Strings for a list of the valid time zone strings.
-u uid	Specifies the resource's unique ID.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

To create a resource with name peter in the calendar cal.siroe.com under the domain example.com:

commadmin resource create -D chris -n example.com -w bolton -d example.com -u id -c calid -N peter -C cal.example.com

Creating a Resource

A resource consists of two data descriptions: a directory entry and a calendar in the Calendar Server database. The directory entry has an attribute, icsCalendar, whose value is the name of the calendar associated with the resource.

You can create a resource with the two data descriptions, using either of the following methods:

• Use commadmin resource create to create a directory entry.

  The calendar for the resource is created automatically when the resource is first invited to an event. The ics.conf parameter, resource.invite.autoprovision, determines whether a resource's calendar is created automatically when the resource is invited to an event. By default, the value of this parameter is set to Yes. To create the resource's calendar before any invitations are sent to the resource, use the cscal command.

  Example:

  Use commadmin resource create to create a directory entry:

  commadmin resource create -D amadmin -n blink.example.com -X blink -p 5555 -d example.com -u resourceOne -N firstResource -c resourceOneCalendar
  

  The directory entry is as follows:

  dn: uid=resourceONE,ou=People,o=example,o=domainroot 
  uid: resourceONE 
  objectClass: icsCalendarResource 
  objectClass: top 
  cn: firstResource 
  icsStatus: active 
  icsCalendar: resourceOne 
  

• Use the csresource command by itself. The csresource command creates a directory entry and a calendar.

  However, using csresource to create both the directory entry and the calendar is only recommended if the directory is in a Schema 1 environment and you are not using Access Manager.

You can now log in as any user and invite the resource to an event.

commadmin resource delete

The commadmin resource delete command marks the resource as deleted.

Note:

To permanently remove the resource, run the "commadmin domain purge" command.

Syntax

commadmin resource delete -D login -u identifier -n domain [-d domainname] [-h] [-?] [-i inputfile] [-p DA server port] [-s] [-v] [-V] [-X DA server host name]

Options

Table E-40 displays the options that are mandatory:

Table E-40 commadmin resource delete Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-n domain	Domain of the user specified with the -D option.
-u identifier	Resource's unique identifier.

Table E-41 displays the options that are non-mandatory:

Table E-41 commadmin resource delete Non-Mandatory Options

Option	Description
-d domainname	Domain of the resource. If -d is not specified, the domain specified by -n is used.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specify the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

To mark a resource as deleted:

commadmin resource delete -D chris -n example.com -u bill023

commadmin resource modify

The commadmin resource modify command modifies the resource.

Syntax

commadmin resource modify -D login -n domain -u identifier [-A [+|-]attributename:value] [-d domainname ] [-h] [-?] [-i inputfile] [-N name] [-p DA server port] [-s] [-T time zone] [-v] [-V] [-X DA server host name]

Options

Table E-42 displays the options that are mandatory:

Table E-42 commadmin resource modify Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-n domain	Domain of the user specified with the -D option.
-u identifier	Resource's unique identifier.

Table E-43 displays the options that are non-mandatory:

Table E-43 commadmin resource modify Non-Mandatory Options

Option	Description
-A [+ or -] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes. A - indicates removing the value. If a - is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the - sign.
-d domainname	Domain of the resource. If -d is not specified, the domain specified by -n is used.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-N name	Common name used to display the resource in the calendar user interface.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-T time zone	The time zone used to display resource's calendar in the calendar GUI. See Calendar Time Zone Strings for a list of the valid time zone strings.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

To modify a resource with the unique identifier bill023 with a new common name bjones:

commadmin resource modify -D chris -n example.com -d test.com -u bill023 -N bjones

commadmin resource search

The commadmin resource search command searches for a resource.

Syntax

commadmin resource search -D login -n domain [-d domain] [-h] [-?] [-i inputfile] [-N string] [-p DA server port] [-s] [-t Search Template] 

[-u string] [-V] [-v] [-X DA server host name]

Options

Table E-44 displays the options that are mandatory:

Table E-44 commadmin resource search Mandatory Options

Option	Description
-D login	The user ID of the user with the permission to execute this command.
-n domain	Domain of the user specified with the -D option.

Table E-45 displays the options that are non-mandatory:

Table E-45 commadmin resource search Non-Mandatory Options

Option	Description
-d domain	Domain of the resource. Search is performed only in the domain. If -d is not specified or -d* is specified, then all domains are searched.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-N string	Enter the resource's common name. The wildcard operator (*) may be used within any part of string.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-t Search Template	Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active resources are searched for.
-u string	The resource identifier specified must be unique for the domain name space or for all the users and resources the calendar manages. The wildcard operator (*) may be used within any part of string. If the identifier is not specified or -l* is specified all resources are displayed during the search.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specify the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

To search for a resource arabella in the domain example.com:

commadmin resource search -D serviceadmin -n example.com -d example.com -u arabella

commadmin user create

The commadmin user create command creates a single user in the LDAP directory. To create multiple users, use the -i option.

Note:

Starting with Delegated Administrator for Oracle Communications Unified Communications Suite, the -S and -A (inetcos) options should not be used together for service modifications as the two provisioning models compete.

Syntax

commadmin user create -D login -F firstname -n domain -L lastname -l userid [-A [+]attributename:value] [-d domain] [-I initial] 

[-h] [-?] [-i inputfile] [-p DA server port] [-s] [-v] [-V] [-X DA server host name] [-S mail [-E email] [-H mailhost]] [-S cal [-B DWPHost] 

[-E email] [-k calid_type] [-J First Day of Week] [-T time zone]] [-S im]

Options

Table E-46 displays the options that are mandatory:

Table E-46 commadmin user create Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-F first_name	The user's first name; must be a single word without any spaces.
-n domain	The domain of the user specified with the -D option.
-l user_id	The user's login name. Values entered with this option are limited to printable ASCII characters. For mail users, the following additional restrictions apply: These characters are not allowed: % * ? & / : \ You cannot enter a - (dash) as the leading character. The - is reserved to indicate negative rights. That is, the IMAP ACL extension reserves a leading - to deny permissions to the access rights that follow it in the ACL. You cannot enter group= as the leading term. It is reserved for group IDs These words are reserved and are not allowed: anonymous, anybody, anyone, anyone@domain
-L last_name	The user's last name.

Table E-47 displays the options that are non-mandatory:

Table E-47 commadmin user create Non-Mandatory Options

Option	Description
-A[+] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes.
-d domain	Domain of the user. If -d is not specified, the domain specified by -n is used.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-I initial	User's middle initial.
-h, -?	Prints command usage syntax.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the directory.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.
-S service	Adds the specified service to the user during creation. service can have the value of a single service or multiple services. The valid service values are mail, cal, and im. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: -S mail,cal,im

Table E-48 displays the options that, if the -S mail option is specified, are the non-mandatory options that are allowed:

Table E-48 commadmin user create Options Allowed if -S mail Specified

Option	Description
-E email	The email address of the user.
-H mail host	The mail host of the user.

Table E-49 displays the options that, if the -S cal option is specified, are the non-mandatory options that are allowed:

Table E-49 commadmin user create Options Allowed if -S cal Specified

Option	Description
-B DWPHost	DNS name of the back-end calendar that hosts the user's calendar.
-E email	The email address of the calendar user.
-J First Day of Week	First day of the week shown when the calendar is displayed in the calendar server user interface. The valid values are 0-6 (0 is Sunday, 1 is Monday, and so on).
-k calid_type	Specifies the type of calendar id that is created. The accepted values are legacy and hosted. If -k legacy is specified, only the calendar id is used (for example, jsmith). If -k hosted is specified, the calendar id plus domain is used (for example, jsmith@example.com). If the -k option is not specified, the default is to use the calendar id plus domain (hosted). You can set the value of the calendar id type that is created if the -k option is not specified. To do so, add the following parameter to the resource.properties file: switch-caltype=value where value is hosted or legacy. The resource.properties file is located in the following directory: DelegatedAdmin_home/data/WEB-INF/classes/sun/comm/cli/server/servlet/resource.properties
-T time zone	The time zone in which the user's calendar is displayed. See Calendar Time Zone Strings for a list of the valid time zone strings.

Example

To create a new user, smith, enter:

commadmin user create -D chris -n example.com -F smith -l john -L major -S mail -H mailhost.example.com

commadmin user delete

The commadmin user delete command marks a single user as deleted. To mark multiple users as deleted, use the -i option.

This command only marks a user as deleted; it does not remove the user entry from the directory.

No undelete command exists. However, you can use the ldapmodify command to change the status attribute of a user entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.

To remove a user

The following steps summarize how to remove a user from the directory. For more information, see Removing Users, Groups, and Services from a Domain.

1. Mark the user as deleted by running the commadmin user delete command.

2. Remove resources from the user.

   A resource can be a mailbox or a calendar.

   For mail services, the command is called msuserpurge.

   For calendar services, the program is csclean. Refer to Sun Java System Calendar Server System Administrator's Guide for information about the csclean command.

3. Permanently remove the user by invoking the commadmin domain purge command.

   See "commadmin domain purge" for reference details.

Syntax

commadmin user delete -D login -n domain -l login name [-d domain] [-h] [-?] [-i inputfile] [-p DA server port] [-s] [-S service] [-v] [-V] 

[-X DA server host name]

Options

Table E-50 displays the options that are mandatory:

Table E-50 commadmin user delete Mandatory Options

Option	Description
-D login	The user ID of the user with the permission to execute this command.
-n domain	The domain of the user specified with the -D option.
-l userid	The user ID of the user to be deleted.

Table E-51 displays the options that are non-mandatory:

Table E-51 commadmin user delete Non-Mandatory Options

Option	Description
-d domain	Domain of the user. If -d is not specified, the domain specified by -n is used.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the directory.
-S service	Specifies the services to be removed from the user. The user remains active, but only the specified services are deactivated. If -S is not specified, then the user is deleted. service can have the value of a single service or multiple services. The valid service values are mail, cal, and im. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For example: -S mail,cal,im
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

To mark an existing user as deleted:

commadmin user delete -D chris -n example.com -l smith

To delete the mail services only from user smith:

commadmin user delete -D chris -n example.com -l smith -S mail

commadmin user modify

The commadmin user modify command modifies attributes of a single user's directory entry. To modify multiple users, use the -i option.

Syntax

commadmin user modify -D login -n domain -l userid [-A [+|-]attributename:value] [-d domain] [-h] [-?] [-i inputfile] [-p DA server port]

[-s] [-v] [-V] [-X DA server host name] [-S mail -H mailhost [-E email]] [-S cal [-B DWPHost] [-E email] [-k calid_type] [-J First Day of Week] 

[-T time zone]] [-S im]

Options

Table E-52 displays the options that are mandatory:

Table E-52 commadmin user modify Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-n domain	Domain of the user specified with the -D option.
-l userid	User's login ID.

Table E-53 displays the options that are non-mandatory:

Table E-53 commadmin user modify Non-Mandatory Options

Option	Description
-A [+ or -] attributename:value	An attribute to modify. The attributename is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A + before the attributename indicates adding the value to the current list of attributes. A - indicates removing the value. If the - is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the - sign.
-d domain	Domain of the user or group. If -d is not specified, the domain specified by -n is used.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-p DA server port	Specifies an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the Delegated Administrator Server or to Access Manager.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.
-S service	Adds the specified services to the user after validating whether the user has the service specified with -S option. If the user already has the service an error message is displayed. services can have the value of a single service or multiple services. The valid service values are mail, cal, and im. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For example: -S mail,cal,im

Table E-54 displays the options that, if the -S mail option is specified, are the non-mandatory options that are allowed:

Table E-54 commadmin user modify Options Allowed if -S mail Specified

Option	Description
-E email	Specifies the email address of the user.
-H mail host	The mail host of the user. This option is mandatory if the -S mail option is specified.

Table E-55 displays the options that, if the -S cal option is specified, are the non-mandatory options that are allowed:

Table E-55 commadmin user modify Options Allowed if -S cal Specified

Option	Description
-B DWPHost	Specifies the DNS name of the back-end calendar server that hosts this user's calendars. Note: This attribute can only be added and cannot be modified if it already exists.
-E email	Specifies the email address for the calendar user.
-J First Day of Week	The first day of the week shown when the calendar is displayed in the calendar server user interface. The valid values are 0-6 (0 is Sunday, 1 is Monday, and so on).
-k calid_type	Specifies the type of calendar id that is created (when adding the calendar service). The accepted values are legacy and hosted. If -k legacy is specified, only the calendar id is used (for example, jsmith). If -k hosted is specified, the calendar id plus domain is used (for example, jsmith@example.com). If the -k option is not specified, the default is to use the calendar id plus domain (hosted). You can set the value of the calendar id type that is created if the -k option is not specified. To do so, add the following parameter to the resource.properties file: switch-caltype=value where value is hosted or legacy. The resource.properties file is located in the following directory: DelegatedAdmin_home/data/WEB-INF/classes/sun/comm/cli/server/servlet/resource.properties
-T time zone	The time zone in which the user's calendar is displayed. See Calendar Time Zone Strings for a list of the valid time zone strings.

Examples

The following example adds a mail service for the user smith:

commadmin user modify -D chris -n example.com -l smith -A description:"new description" -S mail -H mail host.siroe.com

In this example, a mail forwarding address is added for user smith:

commadmin user modify -D chris -n example.com -l smith -A +mailforwardingaddress:tsmith@siroe.com

commadmin user search

The commadmin user search command displays all provisioned directory properties associated with a single user. To obtain all the directory properties for multiple users, use the -i option. Only active users are displayed after a search.

Syntax

commadmin user search -D login -n domain [-d domain] [-E string] [-F string] [-h] [-?] [-i inputfile] [-L string] [-l string] 

[-p DA server port] [-s] [-S service] [-t Search Template] [-v] [-V] [-X DA server host name]

Options

Table E-56 displays the options that are mandatory:

Table E-56 commadmin user search Mandatory Options

Option	Description
-D login	The user ID of the user with permission to execute this command.
-n domain	The domain of the user specified with the -D option.

Table E-57 displays the options that are non-mandatory:

Table E-57 commadmin user search Non-Mandatory Options

Option	Description
-d domain	The domain of the user. The user is searched only in the specified domain. If -d is not specified, all domains are considered for the search.
-E string	Searches for user's mail address. The wildcard operator (*) may be used within any part of string.
-F string	Searches for user's first name. The wildcard operator (*) may be used within any part of string.
-h, -?	Prints command usage syntax.
-i inputfile	Reads the command information from a file instead of the command line. An option value specified in the input file overrides any value for the same option set in the command line.
-L string	Searches for user's last name. The wildcard operator (*) may be used within any part of string.
-l string	Searches for user's login name. The wildcard operator (*) may be used within any part of string.
-p DA server port	Use this option to specify an alternate TCP port where Delegated Administrator is listening. If not specified, the default DA server port is used, or Port 80 is used if no default was configured at install time.
-s	Use SSL (Secure Socket Layer) to connect to the directory.
-S service	Specifies the services to match in the user search. services can have the value of a single service or multiple services. The valid service values are mail, cal, im, and contacts. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For example: -S mail,cal,im,contacts
-t Search template	Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active users are searched for.
-v	Enables debugging output.
-V	Prints information about the command and its version.
-X DA server host name	Specifies the host on which Delegated Administrator is running. If not specified, the default DA server host name is used, or the localhost if no default was configured at install time.

Example

The following example searches for users in the example.com domain:

commadmin user search -D chris -d example.com -n example.com

Permission to Run Commands

Table E-58 shows who has permission to run the various commadmin commands.

Table E-58 Permission to Run commadmin Commands

Command	Description	Permission to Run*
commadmin admin add	Grants Organization Administrator privileges to a user	Top-Level Administrator
commadmin admin remove	Revokes Organization Administrator privileges from a user	Top-Level Administrator
commadmin search	Searches and displays users who have Organization Administrator privileges	Top-Level Administrator Organization Administrator
commadmin debug log	Creates a debug log	Top-Level Administrator
commadmin domain create	Creates a domain	Top-Level Administrator
commadmin domain delete	Deletes a domain	Top-Level Administrator
commadmin domain modify	Modifies a domain	Top-Level Administrator
commadmin domain purge	Purges a domain	Top-Level Administrator
commadmin domain search	Searches for a domain	Top-Level Administrator
commadmin group create	Creates a group	Top-Level Administrator Organization Administrator
commadmin group delete	Deletes a group	Top-Level Administrator Organization Administrator
commadmin group modify	Modifies a group	Top-Level Administrator Organization Administrator
commadmin group search	Searches for a group	Anyone
commadmin resource create	Creates a resource	Top-Level Administrator Organization Administrator
commadmin resource modify	Modifies a resource	Top-Level Administrator Organization Administrator
commadmin resource delete	Deletes a resource	Top-Level Administrator Organization Administrator
commadmin resource search	Searches for a resource	Anyone
commadmin user create	Creates a user	Top-Level Administrator Organization Administrator
commadmin user delete	Deletes a user	Top-Level Administrator Organization Administrator
commadmin user search	Searches for a user	Anyone
commadmin user modify	Modifies a user	Top-Level Administrator Organization Administrator

Note:

Delegated Administrator does not support the Service Provide Administrator's use of the commadmin command.