Sun Java System Delegated Administrator 6.4 Administration Guide

Chapter 5 Command Line Utilities

The Delegated Administrator command-line utilities enable the administrators to manage different communication services for users, groups, domains, and organizations. The command line tool set used to perform bulk operations such as create, modify, delete, and search on users, groups, domains, and organizations are discussed in this chapter.

Commands

The commands are listed in the table shown below. The table consists of three columns; the first column lists the command, the second the description of the command, and the third lists the type of administrators permitted to execute the command.

The commadmin utility is located in the /opt/SUNWcomm/bin directory.

Table 5–1 Delegated Administrator Command Line Interfaces


Command	Description	Permission to Execute*
commadmin admin add	Grants Organization Administrator privileges to a user	Top-Level Administrator
commadmin admin remove	Revokes Organization Administrator privileges from a user	Top-Level Administrator
commadmin admin search	Searches and displays users who have Organization Administrator privileges	Top-Level Administrator, Organization Administrator
commadmin debug log	Creates a debug log	Top-Level Administrator
commadmin domain create	Creates a domain	Top-Level Administrator
commadmin domain delete	Deletes a domain	Top-Level Administrator
commadmin domain modify	Modifies a domain	Top-Level Administrator
commadmin domain purge	Purges a domain	Top-Level Administrator
commadmin domain search	Searches for a domain	Top-Level Administrator
commadmin group create	Creates a group	Top-Level Administrator, Organization Administrator
commadmin group delete	Deletes a group	Top-Level Administrator, Organization Administrator
commadmin group modify	Modifies a group	Top-Level Administrator, Organization Administrator
commadmin group search	Searches for a group	Anyone
commadmin resource create	Creates a resource	Top-Level Administrator, Organization Administrator
commadmin resource modify	Modifies a resource	Top-Level Administrator, Organization Administrator
commadmin resource delete	Deletes a resource	Top-Level Administrator, Organization Administrator
commadmin resource search	Searches for a resource	Anyone
commadmin user create	Creates a user	Top-Level Administrator, Organization Administrator
commadmin user delete	Deletes a user	Top-Level Administrator, Organization Administrator
commadmin user search	Searches for a user	Anyone
commadmin user modify	Modifies a user	Top-Level Administrator, Organization Administrator
*This release of Delegated Administrator does not support the Service Provider Administrator’s use of the `commadmin` utility.

Execution Modes

The command line execution has three possible modes:

Execute with options specified in a file
commadmin object task -i inputfile
Analyzes inputfile and executes it.
Interactive
commadmin object task
The administrator is queried for the remainder of the options and attributes.
Immediate or shell execution
commadmin object task [options]

When a commadmin operation succeeds, an OK message is displayed on the command line.

If a failure occurs, the following message appears:

FAIL

<message>

Where <message> displays the error text.

Command File Format

The options can be specified within a file, using the -i option.

Within the file, option names are separated from option values by white space. The option value begins with the first non-white space character and extends to the end-of-line character. Option sets are separated by blank lines.

The general syntax is:

<option name><white space>[option value, if any]
<option name><white space>[option value, if any]
...
<option name><white space>[option value, if any]
<blank line>
<option name><white space>[option value, if any]
<option name><white space>[option value, if any]
...
<option name><white space>[option value, if any]

The option value given in the command line becomes the default for each option set. Alternatively, these options can be specified for each option set. The value then overrides any default specified on the command line.

Following is an example of the format and syntax for the file specified by the -i option for the commadmin user create command.

l newuser1
F new
L user1
W secret

l newuser2
F new
L user2
W secret

l newuser3
F new
L user3
W secret

<and so forth...>

Command Descriptions

This section provides descriptions, syntax, and examples of the command line tools.

Mandatory commadmin Options

The following are the mandatory options used for authenticating the administrator or the user.

Options	Description
`-D` `userid`	User ID used to bind to the directory.
`-w` `password`	Password used to authenticate the user ID to the directory. You may also specify `password` via a text file, `password.txt`. For example, if you specify `-w` `mypassword.txt`, and the content of the `mypassword.txt` file is `secret`, the `commadmin` utility takes the string `secret` as the password. Note that if you specify `-w` `mypassword.txt`, and the `mypassword.txt` file does not exist, the `commadmin` utility takes the string `mypassword.txt` itself as the password.
`-n` `domain`	The domain the administrator belongs to. (For more information, see the Note shown below this table.)

Options

Description

-D userid

User ID used to bind to the directory.

-w password

Password used to authenticate the user ID to the directory.

You may also specify password via a text file, password.txt.

For example, if you specify -w mypassword.txt, and the content of the mypassword.txt file is secret, the commadmin utility takes the string secret as the password.

Note that if you specify -w mypassword.txt, and the mypassword.txt file does not exist, the commadmin utility takes the string mypassword.txt itself as the password.

-n domain

The domain the administrator belongs to. (For more information, see the Note shown below this table.)

The Access Manager Host (-X), Access Manager Port (-p), and the default domain (-n) values are specified during installation and stored in the cli-userprefs.properties file.

Note –

If the -X, -p, and -n options are not specified at the time when a commadmin command is executed, their values are taken from the cli-userprefs.properties file.

commadmin admin add

The commadmin admin add command grants the Organization Administrators privileges to a user for a particular domain. Only a Top-Level Administrator or an ISP administrator can execute this command.

Syntax

commadmin admin add -D login -l login -n domain -w password -d domain
    [-h] [-i inputfile] [-p AM port] [-X AM host] [-?] [-s] [-v] [-V]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the Top-Level Administrator.
`-l` `login`	The user ID of the user to whom you want to grant organization administrative privileges. The user should be present in the directory and be a part of the domain specified by the `-d` option.
`-n` `domain`	The domain of the Top-Level Administrator. If not specified, default domain stored in the `cli-userprefs.properties` file is used.
`-w` `password`	The password of the Top-Level Administrator.
`-d` `domain`	The domain to which you want to grant administrative privileges. If not specified, the domain specified by the `-n` option is used.

The following options are non-mandatory:

Options	Description
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Use this option to specify an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-X` `AM host`	Specify the host on which the Access Manager is running. If not specified, the default `AM host` is used
`-h`, `-?`	Prints command usage syntax.
`-V`	Prints information about the utility and its version.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.

Examples

The following grants Organization Administrator privileges to the user with the user ID admin1.

commadmin admin add -D chris -n sesta.com -w bolton -l admin1 \
-d florizel.com

The following grants Organization Administrator privileges to the user with the user ID admin2 for the domain florizel.com.

commadmin add admin -D chris -w bolton -l admin2 -n varrius.com \
-d florizel.com

commadmin admin remove

The commadmin admin remove command removes the Organization Administrator privileges from an existing Organization Administrator. Only a Top-Level Administrator can execute this command.

To remove Organization Administrator privileges from multiple users, use the -i option.

Syntax

commadmin admin remove -D login -l login -n domain -w password
   -d domain name [-h] [-?] [-i inputfile] [-p AM port] [-X AM host]
   [-s] [-v] [-V]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the Top-Level Administrator.
`-l` `login`	The user ID of the user whose administrator privileges need to be revoked.
`-n` `domain`	The domain of the Top-Level Administrator.
`-w` `password`	The password of the Top-Level Administrator.
-d `domain name`	The domain to which administrator privileges are revoked. If `-d` is not specified, the domain specified by `-n` is used.

The following options are non-mandatory:

Option	Description
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Use this option to specify an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-X` `AM host`	Specify the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.

Example

The following command removes Organization Administrator privileges from the administrator with user ID admin5:

commadmin admin remove -D chris -n sesta.com -w bolton -l admin5 -d test.com

commadmin admin search

The commadmin admin search command searches and displays a specific or all Organization Administrators of a domain.

Syntax

commadmin admin search -D login -n domain -w password [-l login] [-d domain]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	The domain of the user specified with the `-D` option.
`-w` `password`	The password of the user specified with the `-D` option.

The following options are non-mandatory:

Option	Description
`-l` `login`	The user ID of the Organization Administrator searched for. If `-l` is not specified or `-l` is specified with the wildcard operator (`-l\\` or `-l ’’`) all Organization Administrators of the domain are displayed.
`-d` `domain`	Searches for users who have Organization Administrator privileges for the specified domain. If `-d` is not specified, the domain specified by `-n` is used.

Example

To search for all Organization Administrators of the test.com domain:

commadmin admin search -D chris -n sesta.com -w bolton -d test.com

commadmin debug log

The commadmin debug log command creates a Delegated Administrator server log that contains debug statements generated by the Delegated Administrator servlets installed on the Web container.

Syntax

commadmin debug log -D login -n domain -w password -t [ on|off ] -f path and file name

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the Top-Level Administrator.
`-n` `domain`	The domain of the Top-Level Administrator.
`-t [ on\|off ]`	Toggles between turning on the debug log and turning it off. The value `on` causes the server to start writing debug statements to the log. The value `off` causes the server to stop writing debug statements to the log. If you specify `-t on` to turn on debug logging to an existing log file, the new debug statements are appended to the end of the existing file.
`-w` `password`	The password of the Top-Level Administrator.

The following option is non-mandatory:

Option	Description
-f `path and file name`	The full path where the log will be created, including the file name of the log. The path must be one of the following two directories: `/tmp/` `/var/tmp/` The file name can be any file name. If the `-f` option is not specified, the default value is `/tmp/commcli.log`.

Option

Description

-f path and file name

The full path where the log will be created, including the file name of the log.

The path must be one of the following two directories:

/tmp/

/var/tmp/

The file name can be any file name.

If the -f option is not specified, the default value is /tmp/commcli.log.

Example

To create a new debug log, enter:

commadmin debug log -D paul -n sesta.com -w bolton \
-t on -f /tmp/debug.log

To turn off logging to an existing log file, enter:

commadmin debug log -D paul -n sesta.com -w bolton \
-t off

You do not have to specify the file name when you turn off the log.

commadmin domain create

The commadmin domain create command creates a single domain on the Access Manager. To create multiple domains, use the -i option.

Syntax

commadmin domain create -D login -d domain name -n domain -w password
   [-A [+] attributename:value] [-h] [-?] [-i inputfile] [-o organization RDN]
   [-p AM port] [-s] [-v] [-V] [-X AM host]
   [-S mail -H preferred mailhost]
   [-S cal [-B backend calendar data server] [-C searchable domains] [-g access control string]
   [-P propertyname[:value]] [-R right[:value]] [-T calendar time zone string]]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the Top-Level Administrator.
`-d` `domain name`	DNS domain name of the domain that is being created.
`-n` `domain`	The domain of the Top-Level Administrator.
`-w` `password`	The password of the Top-Level Administrator.

The following options are non-mandatory:

Option	Description
`-A` [+ ]`attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and the `value` specified replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes. If the action value (+), is not specified, the default action is to add the existing value.
`-h, -?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-o` `organization RDN`	Specifies the organization RDN for the domain. For example, `o=varrius.florizel.com.` If this option is not specified then the organization is created under the `osi` `suffix,` with `o=`the name of the domain, `o=osiSuffix.`
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.
`-S` `service`	Specifies the service or services to be added to the domain. `service` can have the value of a single service or multiple services. The valid `service` values are `mail` and `cal.` These values are case-insensitive. If the `-S mail` option is specified, then the `-H` option must be specified. Can be listed as a comma-separated list`.` For Example: `-S mail,cal` A domain is created with the services mentioned depending on the value of the particular service definition present in the configuration file of Access Manager.
The following option is only allowed if the `-S` `mail` option is specified:
`-H` `preferred` `mailhost`	The preferred mail host for the domain. The host must be a fully qualified host name, for example, `mailhost.sesta.com`. This option is mandatory if the `-S mail` option is specified.
The following options are only allowed if the `-S` `cal` option is specified:
`-B` `backend calendar data server`	Specifies the default backend host assigned to a user or resource in a domain.
`-C` `searchable domains`	Specifies the domains to be searched when looking for calendars or users.
`-g` `access control string`	Specifies the Access Control List (ACL) for newly created user calendar.
`-P` `propertyname`[:`value`]	Sets values for multi-valued and bit oriented attributes. Refer to table Attribute Values for attributes, their descriptions and values.
`-R` `right`[:`value`]	Sets calendar domain attribute `icsAllowRights`. The attribute holds a bitmap value. See Attribute Values for a list of attributes, their value, and description.
`-T` `calendar time zone string`	Specifies the time zone ID used when importing files. See Calendar Time Zone Strings for a list of the valid time zone strings.

Example

To create a new domain with mail and calendar services, enter:

commadmin domain create -D chris -d florizel.com -n sesta.com -w bolton \
-S mail,cal -H mailhost.sesta.com

commadmin domain delete

The commadmin domain delete command marks a single hosted domain as deleted from the server. To mark multiple hosted domains as deleted, use the -i option.

When you mark a domain as deleted, all user and group entries in the domain are marked as deleted.

The commadmin domain purge command will permanently remove the domain.

To disable Organization Administrators usage of a service like calendar service or mail service, use the -S option. Here S is in uppercase.

Syntax

commadmin domain delete -D login -d domain name -n domain -w password [-h] [-?]
   [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the Top-Level Administrator.
`-d` `domain name`	The DNS domain name that is being deleted. If `-d` is not specified, the domain specified by `-n` is used.
`-n` `domain`	The domain of the Top-Level Administrator.
`-w` `password`	The password of the Top-Level Administrator.

The following options are non-mandatory:

Option	Description
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured during installation.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-S` `service`	Modifies the value of the specified service status attribute value to ”deleted’. Multiple services are separated by a comma. The valid `service` values are `mail` and `cal.` These values are case-insensitive.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

To delete an existing domain:

commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com

To delete just the mail service from the florizel.com domain:

commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com \
-S mail

commadmin domain modify

The commadmin domain modify command modifies attributes of a single domain’s directory entry. To modify multiple domains, use the -i option.

Syntax

commadmin domain modify -D login -d domain -n domain -w password
   [-A [+|-]attributename:value] [-h] [?] [-i inputfile] [-p AM port] [-s] [-v] [-V]
   [-X AM host]
   [-S mail -H preferred mailhost]
   [-S cal [-g access string] [-C cross domain search domains] [-B backend calendar data server]
   [-P [action]propertyname[:value]] [-R propertyname[:value]] [-T calendar time zone string]]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the Top-Level Administrator.
`-d` `domain`	The DNS domain name to be modified. If `-d` is not specified, the domain specified by `-n` is used.
`-n` `domain`	The domain of the Top-Level Administrator.
`-w` `password`	The password of the Top-Level Administrator.

The following options are non-mandatory:

Option	Description
`-A` [+ \| -]`attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign. If the action value (`+` or `-`), is not specified, the default action is to replace the existing value.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.
`-S` `service`	Adds the specified service or services to the domain during modification. The valid `service` values are `mail` and `cal.` These values are case-insensitive. The services listed with the `-S` option are separated by a comma. If `-S mail` is specified, then the `-H` option must be specified.
When adding a service, the following option is only allowed if the `-S` `mail` option is specified:
`-H` `preferred mailhost`	The preferred mailhost for the domain. This option is mandatory if the `-S mai`l option is specified.
When adding a service, the following options are only allowed if the `-S` `cal` option is specified:
`-B` `backend calendar data server`	The default backend host assigned to a user or resource in a domain.
`-C` `cross domain search domains`	Specifies the domains to be searched when looking for calendars or users.
`-g` `access string`	Specifies the Access Control List (ACL) for newly created user calendar.
`-P` [`action`]`propertyname`[:`value`]	Sets the values for multi-valued and bit oriented attributes. Refer to table Attribute Values for the descriptions and values of `propertyname`.
`-T` `calendar time zone string`	Time zone ID used when importing files. See Calendar Time Zone Strings for a list of the valid time zone strings.
`-R` `propertyname`[:`value`]	Sets calendar domain attribute `icsAllowRights`. The attribute holds a bitmap value. See Attribute Values for a list property names, their value, and description.

Example

To modify an existing domain:

commadmin domain modify -D chris -w bolton -n sesta.com -d varrius.com \
-A preferredmailhost:test.siroe.com

commadmin domain purge

The commadmin domain purge command permanently removes all entries or service of entries that have been marked for removal. This can include domains, users, groups, and resources.

As part of periodic maintenance operations, use the commadmin domain purge command to remove all entries that have been deleted for a time period that is longer than the specified grace period.

You can perform a purge at any time by invoking the command manually.

When you invoke the command, the directory is searched and a list of domains is created whose entries include domains that have been marked for deletion longer than the specified grace period. The default value for the grace period is set to 5 days.

If the -d* option is specified, all domains are searched for users and domains that are marked as deleted. Users that are marked as deleted will be purged from their domain, but the domain will not be purged unless it is also marked as deleted. If a domain is marked as deleted, it will be purged along with all users within that domain.

After a service has been marked as deleted, a utility that removes resources such as mailboxes or calendars must be run before the service can be purged from the directory. For mail services, the program is called msuserpurge. Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility. For calendar services, the program is csclean. Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.

Note –

The commadmin domain purge command must be run by the Top-Level Administrator.

To remove users, groups, and Calendar resources from a domain

This procedure permanently removes users, groups, and Calendar resources from a domain. The domain itself remains intact in the LDAP directory. Only the LDAP entries selected for deletion are removed.

Mark the users, groups, and resources as deleted.

For example, to mark selected entries as deleted in the florizel.com domain:
commadmin user delete -D chris -w bolton -d florizel.com \ -n sesta.com -i deletedusers
commadmin group delete -D chris -w bolton -d florizel.com \ -n sesta.com -i deletedgroups
commadmin resource delete -D chris -w bolton -d florizel.com \ -n sesta.com -i deletedresources
In the preceding examples, deletedusers, deletedgroups, and deletedresources are input files listing the entries marked for deletion.

You also can use the Delegated Administrator console to delete entries:
1. Navigate to the specified organization.
2. Click the Users tab (if it is not already displayed), select the users to be deleted, and click Delete.
3. Click the Groups tab, select the groups to be deleted, and click Delete.
4. Click the Resources tab, select the resources to be deleted, and click Delete.

Remove resources from the selected users, groups, and calendars in the domain.

A resource can be a mailbox or a calendar.

For mail services, run the msuserpurge utility.

Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.

For calendar services, run the csclean utility.

Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.

Permanently remove the selected entries from the domain by invoking the commadmin domain purge command.

For example, to remove selected users, groups, and resources from the florizel.com domain:
commadmin domain purge -D chris -w bolton -d florizel.com -n sesta.com
In the preceding command, the florizel.com domain remains intact. Only the entries specified in the deletedusers, deletedgroups, and deletedresources input files are removed.

To remove services from a domain

This procedure permanently removes mail and calendar services from a domain and from each user, group, and resource in the domain. The domain itself, including its subordinate LDAP entries, remains intact in the directory.

Mark the service(s) in the domain as deleted by running the commadmin domain delete command.

For example, to mark mail and calendar services as deleted in the florizel.com domain:
commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com \ -S mail,cal

Remove resources from all users, groups, and resources in the domain.

A resource can be a mailbox or a calendar.

For mail services, run the msuserpurge utility.

Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.

For calendar services, run the csclean utility.

Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.

Note –
If the mailbox or calendar of any user in the domain is not removed, the service cannot be purged from the domain. For example, for mail service, be sure that the grace period has been reached and that the msuserpurge utility has been run on all mail message stores encompassed by the domain.

Permanently remove the service(s) from the domain by invoking the commadmin domain purge command.

For example, to remove mail and calendar services from the florizel.com domain:
commadmin domain purge -D chris -w bolton -d florizel.com -n sesta.com \ -S mail,cal

To permanently remove an entire domain

This procedure permanently removes a domain from the directory. All user, group, and resource entries in the domain are also removed from the directory.

Mark the domain as deleted by running the commadmin domain delete command.

For example, to mark the florizel.com domain as deleted:
commadmin domain delete -D chris -w bolton -d florizel.com -n sesta.com
You also can use the Delegated Administrator console to mark the domain for deletion by selecting the organization on the Organizations page and clicking Delete.

Remove resources from all users, groups, and resources in the domain.

A resource can be a mailbox or a calendar.

For mail services, run the msuserpurge utility.

Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.

For calendar services, run the csclean utility.

Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.

Note –
If the mailbox or calendar of any user in the domain is not removed, the domain cannot be removed. For example, for mail service, be sure that the grace period has been reached and that the msuserpurge utility has been run on all mail message stores encompassed by the domain.

Permanently remove the domain by invoking the commadmin domain purge command.

For example, to remove the florizel.com domain:
commadmin domain purge -D chris -w bolton -d florizel.com -n sesta.com

Syntax

commadmin domain purge -D login -n domain -w password -d domain [-g grace] [-h]
   [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the Top-Level Administrator.
`-n` `domain`	Domain of the Top-Level Administrator.
`-w` `password`	Password of the Top-Level Administrator.
`-d` `domain`	Purge specified domain. The * operator (`-d*`) may be used to search for a pattern.

The following options are non-mandatory:

Option	Description
`-g` `grace`	Delay period (grace period) in days before the domain is purged. Domains marked for deletion for fewer than `grace` days will not be purged. For example, if you use `-g 7`, all entries that have been marked for deletion for 7 days and more are purged, but entries marked for deletion for 6 days and fewer are not purged. A 0 indicates purge immediately. The default value is 5 days. The default value cannot be changed permanently. You can change the grace period only by using the `-g` grace option in the `commadmin domain purge`command.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-S` `service`	Removes service related object classes and attributes from the domain. If the domain contains users and resources it removes the service specific data from the directory for these users and resources. The list of services is separated by the comma (,) delimiter. The valid `service` values are `mail` and `cal.` These values are case-insensitive.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

In the following example, the siroe.com domain is purged and all entries within the domain are also removed:

commadmin domain purge -D chris -d siroe.com -n sesta.com -w bolton

commadmin domain search

The commadmin domain search command obtains all the directory properties associated with a single domain. To obtain all the directory properties for multiple domains, use the -i option. When - S is specified in this command, only the domains having active specified services are displayed.

Syntax

commadmin domain search -D login -n domain -w password [-d domain] [-h] [-?]
   [-i inputfile] [-p AM port] [-s] [-S service] [-t Search Template] [-v] [-V]
   [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	The domain of the user specified with the `-D` option.
`-w` `password`	The password of the user specified with the `-D` option.

The following options are non-mandatory:

Option	Description
`-d` `domain`	Search for this domain. If `-d` is not specified or `-d*` is specified, all domains are displayed.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-S` `service`	Specifies the services to be searched in the active domains. `service` can have the value of a single service or multiple services. The valid `service` values are `mail` and `cal.` These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: `-S mail,cal`
`-t` `Search template`	Specifies the name of the search templates to be used instead of the default search templates. Only active domains are displayed after the search.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

commadmin group create

The commadmin group create command adds a single group to the Access Manager. To create multiple groups, use the -i option.

If a group is created without any members, by default, it is a static group.

Note –

Groups cannot contain both static and dynamic members.

An email distribution list is one type of group. When a message is sent to the group address, Access Manager sends the message to all members in the group.

Syntax

commadmin group create -D login -G groupname -n domain -w password
   [-A [+]attributename:value] [-d domain] [-f ldap-filter] [-h] [-?]
   [-i inputfile] [-m internal-member] [-p AM port] [-s] [-v] [-V] [-X AM host]
   [-S service [-H mailhost] [-E email] [-M external-member] [-o owner] [-r moderator]]
   [-a true|false ] [-b true|false ] [-c group id]
   [-j DWPHost] [-q secondary owner] [-t time zone]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user who has permission to execute this command.
`-n` `domain`	The domain of the user specified by the `-D` option.
`-G` `groupname`	The name of the group (for example, `mktg-list`).
`-w` `password`	The password of the user specified by the `-D` option.

The following options are non-mandatory:

Option	Description
`-A` [+ ]`attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and `value` replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes.
`-d` `domain`	The fully qualified domain name of the group (for example, `varrius.com`). The default is the local domain. If `-d` is not specified, the domain specified by `-n` is used.
`-f` `ldap-filter`	Creates dynamic groups. Setup the LDAP filter by specifying an attribute or a combination of attributes. Multiple `-f` commands can be specified to define many LDAP filters for members of a group.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-m` `internal -member`	User ID of the internal members added to this group. To add more than one member, use multiple `-m` options. This options should be used to create static groups.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-S` `service`	Specifies the services to be added to the Group. `service` can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: `-S mail,cal`

If the -S mail option is specified, the following options are allowed:

Option	Description
`-o` `owner`	The group owner’s email address. An owner is the individual responsible for the distribution list. An owner can add or delete distribution list members. (This option is also allowed, and is mandatory, when the `-S cal` option is specified.)
`-E` `email`	The email address of the group. (This option is also allowed when the `-S cal` option is specified.)
`-H` `mailhost`	The mail host to which this group responds (for example, `mailhost.varrius.com`). The default is the local mail host.
`-M` `external-member`	Adds an external member to this group. The value of `external-member` is the user email address. To add more than one member, use multiple `-M` options.
`-r` `moderator`	The moderator’s email address.

If the -S cal option is specified, the following option is mandatory:

Option	Description
`-o` `owner`	The group owner’s email address. An owner is the individual responsible for the Calendar group's distribution list. An owner can add or delete distribution list members. The group owner must have Calendar service. (This option is also allowed when the `-S mail` option is specified.)

Option

Description

-o owner

The group owner’s email address. An owner is the individual responsible for the Calendar group's distribution list. An owner can add or delete distribution list members.

The group owner must have Calendar service.

(This option is also allowed when the -S mail option is specified.)

If the -S cal option is specified, the following non-mandatory options are allowed:

Option	Description
`-a true\|false`	Allows or disallows calendar appointments to be accepted automatically. `true` enables automatic acceptance of appointments. `false` disables automatic acceptance of appointments.
`-b true\|false`	Allows or disallows calendar appointments to be double-booked, permitting more than one appointment at the same time. `true` enables double-booking of appointments. `false` disables double-booking of appointments.
`-c` `group id`	Specifies a group ID for the Calendar group. If this option is not specified, Delegated Administrator automatically supplies a group ID.
`-E` `email`	The email address of the group. This address is used to notify group members of Calendar events. (This option is also allowed when the `-S cal` option is specified.)
`-j` `DWPHost`	The DNS name of the back-end calendar server which hosts this Calendar group's calendar. This host is the Database Wire Protocol (DWP) server that stores the calendar and its data. If the DNS name of the back-end calendar server is not specified, the value stored in the `ics.conf`file of the server is used as the default value.
`-q` `secondary owner`	The secondary owner’s email address. A secondary owner can manage the Calendar group's distribution list. To add more than one secondary owner, use multiple `-q` `secondary owner` options. All secondary owners must have Calendar service.
`-t` `time zone`	The time zone used to display the Calendar group's calendar in the calendar’s user interface. See Calendar Time Zone Strings for a list of the valid time zone strings.

Example

To create a group testgroup in the domain sesta.com:

commadmin group create -D chris -n sesta.com -w bolton -G testgroup \
-d sesta.com -m lorca@sesta.com -S mail,cal -M achiko@varrius.com \
-o achiko@varrius.com -c calgroup1

commadmin group delete

The commadmin group delete command marks a single group as deleted. To mark multiple groups as deleted, use the -i option.

To disable a group’s usage of services such as Calendar Server or Messaging Server use the -S option. Here S is in uppercase.

Note –

In order to permanently remove a group, you must run the following command: commadmin domain purge.

Syntax

commadmin group delete -D login -G groupname -n domain -w password [-d domain]
   [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]

Options

The following are mandatory options:

Option	Description
`-D` `login`	The user ID of the user who has permission to execute this command.
`-G` `groupname`	The name of the group to be marked as deleted. For example, `mktg-list`.
`-n` `domain`	The domain of the user specified by the `-D` option.
`-w` `password`	The password of the user specified by the `-D` option.

The following are non-mandatory options:

Option	Description
`-d` `domain`	The domain of the group. If `-d` is not specified, the domain specified by the `-n` option is used.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-S` `service`	Modifies the value of the specified service status attribute value to ”deleted’. The services listed with the `-S` option are separated by a comma. The valid `service` values are `mail` and `cal.` These values are case-insensitive.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Examples

The following example marks the group testgroup@varrius.com as deleted:

commadmin group delete -D chris -n sesta.com -w bolton -G testgroup \
-d varrius.com

The following example marks the mail service for testgroup@varrius.com as deleted:

commadmin group delete -D chris -n sesta.com -w bolton -G testgroup \
-d varrius.com -S mail

commadmin group modify

The commadmin group modify command changes the attributes of a single group that already exists in the Access Manager. To change the attributes of multiple groups, use the -i option.

A mailing list is one type of group. When a message is sent to the group address, Access Manager sends the message to all members in the group.

Syntax

commadmin group modify -D login -G groupname -n domain -w password
   [-A [+|-]attributename:value] [-d domain] [-f [action]ldap-filter] [-h] [-?]
   [-i inputfile] [-m [+|-]internal-member] [-p AM port] [-s] [-v] [-V] [-X AM host]
   [-S mail [-o owner] [-E email] [-H mailhost] [-M external-member] [-r moderator]
   [-a true|false ] [-b true|false ] [-c group id]
   [-j DWPHost] [-q secondary owner] [-t time zone]

Options

The following are mandatory options:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-G` `groupname`	The name of the group to be modified. For example, `mktg-list`.
`-n` `domain`	The domain of the user specified by the `-D` option.
`-w` `password`	The password of the user specified by the `-D` option.

The following are non-mandatory options:

Option	Description
`-A` [+ \| -]`attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign.
`-d` `domain`	The domain of the group. If `-d` is not specified, the domain specified by the `-n` option is used.
`-` `f` [`action`] `ldap-filter`	Indicates whether a ldap filter is added to or removed from the group A “+” before the `ldap-filter` indicates that it is to be added to the existing filters. A “-” indicates removing the existing filter. Type `-f-*` to remove all the filters. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. If `action` is not specified, by default the filter is added provided it is not already present. Otherwise an error message is displayed.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-m` [`action`] `internal -member`	Indicates whether to add or remove an internal member. The value of internal`-member` is either a mail address or user ID. An `action` value of: + adds the member to an existing list of internal members. - removes the member from an existing list of internal members. If the “-” is used, it must be preceded by two backslashes or enclosed in quotes if the command is specified on the command line. `-m-* removes all the internal members.`
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the local host if no default was configured at install time.
`-S` `service`	Specifies the services to be added to the group during modification. Before a service is added, Delegated Administrator validates whether the service already exists. If the service exists, an error message is displayed. `service` can have the value of a single service or multiple services. The valid service values are mail and cal. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: `-S mail,cal`

If the -S mail option is specified, the following options are allowed:

Option	Description
`-o` `owner`	The group owner’s email address. An owner is the individual responsible for the distribution list. An owner can add or delete distribution list members. (This option is also allowed, and is mandatory, when the `-S cal` option is specified.)
`-E` `email`	The email address of the group. (This option is also allowed when the `-S cal` option is specified.)
`-H` `mailhost`	The mail host to which this group responds (for example, `mailhost.varrius.com`). The default is the local mail host.
`-M` `external-member`	Adds an external member to this group. The value of `external-member` is the user email address. To add more than one member, use multiple `-M` options.
`-r` `moderator`	The moderator’s email address.

If the -S cal option is specified, the following option is mandatory:

Option

Description

-o owner

The group owner’s email address. An owner is the individual responsible for the Calendar group's distribution list. An owner can add or delete distribution list members.

The group owner must have Calendar service.

(This option is also allowed when the -S mail option is specified.)

If the -S cal option is specified, the following non-mandatory options are allowed:

Option	Description
`-a true\|false`	Allows or disallows calendar appointments to be accepted automatically. `true` enables automatic acceptance of appointments. `false` disables automatic acceptance of appointments.
`-b true\|false`	Allows or disallows calendar appointments to be double-booked, permitting more than one appointment at the same time. `true` enables double-booking of appointments. `false` disables double-booking of appointments.
`-c` `group id`	Specifies a group ID for the Calendar group. If this option is not specified, Delegated Administrator automatically supplies a group ID.
`-E` `email`	The email address of the group. This address is used to notify group members of Calendar events. (This option is also allowed when the `-S cal` option is specified.)
`-j` `DWPHost`	The DNS name of the back-end calendar server which hosts this Calendar group's calendar. This host is the Database Wire Protocol (DWP) server that stores the calendar and its data. If the DNS name of the back-end calendar server is not specified, the value stored in the `ics.conf`file of the server is used as the default value.
`-q` `secondary owner`	The secondary owner’s email address. A secondary owner can manage the Calendar group's distribution list. To add more than one secondary owner, use multiple `-q` `secondary owner` options. All secondary owners must have Calendar service.
`-t` `time zone`	The time zone used to display the Calendar group's calendar in the calendar’s user interface. See Calendar Time Zone Strings for a list of the valid time zone strings.

Examples

To remove an internal member (jsmith) from the group testgroup within the domain varrius.com:

commadmin group modify -D chris -d varrius.com -G testgroup -n sesta.com \
-w bolton -m \\-jsmith

To add Calendar service to the group testgroup within the domain varrius.com:

commadmin group modify -D chris -d varrius.com -G testgroup -n sesta.com \
-w bolton -S cal -o achiko@varrius.com -c calgroup1

commadmin group search

The commadmin group search command obtains all the directory properties associated with a single group. To obtain all the directory properties for multiple groups, use the -i option.

Syntax

commadmin group search -D login -n domain -w password [-d domain] [-E string]
   [-G string] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service]
   [-t search template] [-v] [-V] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	The domain of the user specified by the `-D` option.
`-w` `password`	The password of the user specified by the `-D` option.

The following options are non-mandatory:

Option	Description
`-d` `domain`	The domain of the group to be searched. If `-d` is not specified, all domains are searched.
`-E` `string`	Email address of the group. The wildcard operator (*) may be used within any part of string.
`-G` `string`	The name of the group to be searched. For example, `mktg-list`. If `-G` is not specified, all groups in the domain specified by `-d` are displayed. The wildcard operator (*) may be used within any part of string.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the IS server is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-S` `service`	Specifies the service to be searched. The only valid value for `service is` `mail.` This value is case-insensitive. For Example: `-S mail` Only groups with active services are displayed.
`-t` `Search Template`	Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active groups are searched for.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

To search for a group named developers under the siroe.com domain:

commadmin group search -D chris -n sesta.com -w password -G developers \
-d siroe.com

commadmin resource create

The commadmin resource create command creates a directory entry for a resource.

For instructions on creating a resource, see Creating a Resource.

Syntax

commadmin resource create -D login -n domain -w password -u identifier -N name
   [-c calendar identifier] [-A [+]attributename:value] [-C DWPHost]
   [-d domainname ] [-h] [-?] [-i inputfile][-p AM port] [-s] [-T time zone] [-v]
   [-V] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	Domain of the user specified with the `-D` option.
`-w` `password`	Password of the user specified with the `-D` option.
`-u` `identifier`	Resources’ unique identifier. This `identifier` value should be unique within the domain namespace or within all the users and resources the calendar manages in the calendar mode.
`-N` `name`	Friendly name used to display the resource in the calendar GUI.
`-c` `calendar identifier`	Identifier for this resource's calendar. The identifier value should be unique throughout all the calendars managed by the Calendar Server

The following options are non-mandatory:

Option	Description
`-A` [+ ] `attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and `value` replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes.
`-C` `DWPHost`	The DNS name of the back end calendar server which hosts this user's calendars. If the DNS name of the backend calendar server is not specified, the value stored in the ics.conf file of the server is used as the default value.
`-d` `domain name`	Domain of the resource. If `-d` is not specified, the domain specified by `-n` is used.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-T` `time zone`	The time zone used to display the resource's calendar in the calendar’s user interface. See Calendar Time Zone Strings for a list of the valid time zone strings.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

To create a resource with Name peter in the calendar cal.siroe.com under the domain varrius.com:

commadmin resource create -D chris -n sesta.com -w bolton \
-d varrius.com -u id -c calid -N peter -C cal.siroe.com

Creating a Resource

A resource consists of two data descriptions: a directory entry and a calendar in the Calendar Server database. The directory entry has an attribute, icsCalendar, whose value is the name of the calendar associated with the resource.

You can create a resource with the two data descriptions, using either of the following methods:

Use commadmin resource create to create a directory entry.

The calendar for the resource is created automatically when the resource is first invited to an event. The ics.conf parameter, resource.invite.autoprovision, determines whether a resource's calendar is created automatically when the resource is invited to an event. By default, the value of this parameter is set to Yes.

To create the resource's calendar before any invitations are sent to the resource, use the cscal utility.

Example

Use commadmin resource create to create a directory entry:
commadmin resource create -D amadmin -w ampassword -n blink.sesta.com \ -X blink -p 5555 -d varrius.com -u resourceOne \ -N firstResource -c resourceOneCalendar
The directory entry is as follows:
dn: uid=resourceONE,ou=People,o=varrius,o=domainroot uid: resrouceONE objectClass: icsCalendarResource objectClass: top cn: firstResource icsStatus: active icsCalendar: resourceOne
Use the csresource utility by itself. The csresource utility creates a directory entry and a calendar.

However, using csresource to create both the directory entry and the calendar is only recommended if the directory is in a Schema 1 environment and you are not using Access Manager.

You can now log in as any user and invite the resource to an event.

For a detailed description of the csresource and cscal utilities, see Appendix D, Calendar Server Command-Line Utilities Reference, in Sun Java System Calendar Server 6.3 Administration Guide.

commadmin resource delete

The commadmin resource delete command marks the resource as deleted.

Note –

To permanently remove the resource, run the commadmin domain purge.

Syntax

commadmin resource delete -D login -u identifier -n domain -w password [-d domainname]
   [-h] [-?] [-i inputfile] [-p AM port] [-s] [-v] [-V] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	Domain of the user specified with the `-D` option.
`-w` `password`	Password of the user specified with the `-D` option.
`-u` `identifier`	Resource’s unique identifier

The following options are non-mandatory:

Option	Description
`-d` `domainname`	Domain of the resource. If `-d` is not specified, the domain specified by `-n` is used.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specify the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

To mark a resource as deleted:

commadmin resource delete -D chris -n sesta.com -w bolton -u bill023

commadmin resource modify

The commadmin resource modify command modifies the resource.

Syntax

commadmin resource modify -D login -n domain -w password -u identifier
   [-A [+|-]attributename:value] [-d domainname ] [-h] [-?] [-i inputfile]
  [-N name] [-p AM port] [-s] [-T time zone] [-v] [-V] [-X sAM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	Domain of the user specified with the `-D` option.
`-w` `password`	Password of the user specified with the `-D` option.
`-u` `identifier`	Resources's unique identifier.

The following options are non-mandatory:

Option	Description
`-A` [+ \| -]`attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign.
`-d` `domainname`	Domain of the resource. If `-d` is not specified, the domain specified by `-n` is used.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-N` `name`	Common name used to display the resource in the calendar user interface.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-T` `time zone`	The time zone used to display resource's calendar in the calendar GUI. See Calendar Time Zone Strings for a list of the valid time zone strings.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

To modify a resource with the unique identifier bill023 with a new common name bjones:

commadmin resource modify -D chris -n sesta.com -w bolton -d test.com \
-u bill023 -N bjones

commadmin resource search

The commadmin resource search command searches for a resource.

Syntax

commadmin resource search -D login -n domain -w password [-d domain] [-h] [-?]
   [-i inputfile] [-N string] [-p AM port] [-s] [-t Search Template] [-u string]
   [-V] [-v] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with the permission to execute this command.
`-n` `domain`	Domain of the user specified with the `-D` option.
`-w` `password`	Password of the user specified with the `-D` option.

The following options are non-mandatory:

Option	Description
`-d` `domain`	Domain of the resource. Search is performed only in the domain. If `-d` is not specified or `-d*` is specified, then all domains are searched.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-N` `string`	Enter the resource’s common name. The wildcard operator (*) may be used within any part of string.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-t` `Search Template`	Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active resources are searched for.
`-u` `string`	The resource identifier specified must be unique for the domain namespace or for all the users and resources the calendar manages. The wildcard operator () may be used within any part of string. If the identifier is not specified or `-l` is specified all resources are displayed during the search.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specify the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

To search for a resource arabella in the domain sesta.com:

commadmin resource search -D serviceadmin -w serviceadmin -n sesta.com \s
-d sesta.com -u arabella

commadmin user create

The commadmin user create command creates a single user in the Access Manager system. To create multiple users, use the -i option.

Syntax

commadmin user create -D login -F firstname -n domain -L lastname -l userid
   -w password -W password [-A [+]attributename:value] [-d domain]
   [-I initial] [-h] [-?] [-i inputfile] [-p AM port] [-s] [-v] [-V] [-X AM host]
   [-S mail [-E email] [-H mailhost]]
   [-S cal [-B DWPHost] [-E email] [-k calid_type] [-J First Day of Week] [-T time zone]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-F` `firstname`	The user’s first name; must be a single word without any spaces.
`-n` `domain`	The domain of the user specified with the `-D` option.
`-l` `userid`	The user’s login name.
`-w` `password`	The password of the user specified with the `-D` option.
`-W` `password`	The password of the user that is being created. You may also specify `password` via a text file, `password.txt`. For example, if you specify `-W` `mypassword.txt`, and the content of the `mypassword.txt` file is `secret`, the `commadmin` utility takes the string `secret` as the password. Note that if you specify `-W` `mypassword.txt`, and the `mypassword.txt` file does not exist, the `commadmin` utility takes the string `mypassword.txt` itself as the password.
`-L` `lastname`	The User’s last name.

The following options are non-mandatory:

Option	Description
`-A` [+ ]`attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and `value` replaces any and all current values for this attribute in the directory. Repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes.
`-d` `domain`	Domain of the user. If `-d` is not specified, the domain specified by `-n` is used.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-I` `initial`	User’s middle initial.
`-h`, `-?`	Prints command usage syntax.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.
`-S` `service`	Adds the specified service to the user during creation. `service` can have the value of a single service or multiple services. The valid `service` values are `mail` and `cal.` These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: `-S mail,cal`
The following options are only allowed if the `-S` `mail` option is specified:
`-E` `emai`l	The email address of the user.
`-H` `mailhost`	The mail host of the user.
The following options are only allowed if the `-S ca`l option is specified:
`-B` `DWPHost`	DNS name of the back end calendar that hosts the user’s calendar.
`-E` `email`	The email address of the calendar user.
`-J` `First Day of Week`	First day of the week shown when the calendar is displayed in the calendar server user interface. The valid values are 0-6 (0 is Sunday, 1 is Monday, and so on).
`-k` `calid_type`	Specifies the type of calendar id that is created. The accepted values are `legacy` and `hosted`. If `-k legacy` is specified, only the calendar id is used (for example, `jsmith`). If `-k hosted` is specified, the calendar id plus domain is used (for example, `jsmith@sesta.com`). If the `-k` option is not specified, the default is to use the calendar id plus domain (`hosted`). You can set the value of the calendar id type that is created if the `-k` option is not specified. To do so, add the following parameter to the `resource.properties` file: `switch-caltype=`value where value is “`hosted`” \| “`legacy`”. The `resource.properties` file is located in the following directory: da-base`/data/WEB-INF/classes/sun/comm/cli/ \ server/servlet/resource.properties`
`-T` `time zone`	The time zone in which the user’s calendar is displayed. See Calendar Time Zone Strings for a list of the valid time zone strings.

Example

To create a new user, smith, enter:

commadmin user create -D chris -n sesta.com -w secret -F smith -l john \
-L major -W secret -S mail -H mailhost.siroe.com

commadmin user delete

The commadmin user delete command marks a single user as deleted. To mark multiple users as deleted, use the -i option.

No undelete utility exists. However, you can use the ldapmodify command to change the status attribute of a user entry to active at any time before the purge grace period has expired and a purge is set to run against the entry.

To remove a user

Mark the user as deleted by running the commadmin user delete command.

Remove resources from the user.

A resource can be a mailbox or a calendar.

For mail services, the program is called msuserpurge. Refer to the Sun Java System Messaging Server Administration Reference for information about the msuserpurge utility.

For calendar services, the program is csclean. Refer to the Sun Java System Calendar Server Administration Guide for information about the csclean utility.

Permanently remove the user, by invoking the following command: commadmin domain purge.

For more information about removing users, see commadmin domain purge.

Syntax

commadmin user delete -D login -n domain -l login name -w password [-d domain]
   [-h] [-?] [-i inputfile] [-p AM port] [-s] [-S service] [-v] [-V] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with the permission to execute this command.
`-n` `domain`	The domain of the user specified with the `-D` option.
`-w` `password`	The password of the user specified with the `-D` option.
`-l` `userid`	The user ID of the user to be deleted.

The following options are non-mandatory:

Option	Description
`-d` `domain`	Domain of the user. If `-d` is not specified, the domain specified by `-n` is used.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-S` `service`	Specifies the services to be removed from the user. The user remains active, but only the specified services are deactivated. If `-S` is not specified, then the user is deleted. `service` can have the value of a single service or multiple services. The valid `service` values are `mail` and `cal`. These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: `-S mail,cal`
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

To mark an existing user as deleted:

commadmin user delete -D chris -n sesta.com -w bolton -l smith

To delete the mail services only from user smith:

commadmin user delete -D chris -n sesta.com -w bolton -l smith -S mail

commadmin user modify

The commadmin user modify command modifies attributes of a single user’s directory entry. To modify multiple user, use the -i option.

Syntax

commadmin user modify -D login -n domain -l userid -w password
   [-A [+|-]attributename:value] [-d domain] [-h] [-?] [-i inputfile] [-p AM port]
   [-s] [-v] [-V] [-X AM host]
   [-S mail -H mailhost [-E email]]
   [-S cal [-B DWPHost] [-E email] [-k calid_type] [-J First Day of Week] 
   [-T time zone]]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	Domain of the user specified with the `-D` option.
`-w` `password`	The password of user specified with the `-D` option.
`-l` `userid`	User’s login ID.

The following options are non-mandatory:

Option	Description
`-A` [+ \| -]`attributename`:`value`	An attribute to modify. The `attributename` is defined in the LDAP schema and value replaces any and all current values for this attribute in the directory. You can repeat this option to modify multiple attributes at the same time, or to specify multiple values for the same attribute. A “+” before the `attributename` indicates adding the value to the current list of attributes. A “-” indicates removing the value. If the “-” is used, it must be preceded by two backslashes if the command is specified on the command line. If the option is provided within an input file, one backslash must precede the “-” sign.
`-d` `domain`	Domain of the user or group. If `-d` is not specified, the domain specified by `-n` is used.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-p` `AM port`	Specifies an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.
`-S` `service`	Adds the specified services to the user after validating whether the user has the service specified with `-S` option.If the user already has the service an error message is displayed. `services` can have the value of a single service or multiple services. The valid `service` values are `mail` and `cal.` These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: `-S mail,cal`
The following options are only allowed if the `-S` `mail` option is specified:
`-E` `email`	Specifies the email address of the user.
`-H` `mailhost`	The mail host of the user. This option is mandatory if the `-S mail` option is specified.
The following options are only allowed if the `-S cal` option is specified:
`-B` `DWPHost`	Specifies the DNS name of the backend calendar server that hosts this user’s calendars. Note: This attribute can only be added and cannot be modified if it already exists.
`-E` `email`	Specifies the email address for the calendar user.
`-J` `First Day of Week`	The first day of the week shown when the calendar is displayed in the calendar server user interface. The valid values are 0-6 (0 is Sunday, 1 is Monday, and so on).
`-k` `calid_type`	Specifies the type of calendar id that is created (when adding the calendar service). The accepted values are `legacy` and `hosted`. If `-k legacy` is specified, only the calendar id is used (for example, `jsmith`). If `-k hosted` is specified, the calendar id plus domain is used (for example, `jsmith@sesta.com`). If the `-k` option is not specified, the default is to use the calendar id plus domain (`hosted`). You can set the value of the calendar id type that is created if the `-k` option is not specified. To do so, add the following parameter to the `resource.properties` file: `switch-caltype=`value where value is “`hosted`” \| “`legacy`”. The `resource.properties` file is located in the following directory: da-base`/data/WEB-INF/classes/sun/comm/cli/ \ server/servlet/resource.properties`
`-T` `time zone`	A user’s calendar is displayed in this time zone. See Calendar Time Zone Strings for a list of the valid time zone strings.

Examples

The following example adds a mail service for the user smith:

commadmin user modify -D chris -n sesta.com -w bolton -l smith \
-A description:"new description" -S mail -H mailhost.siroe.com

In this example, a mail forwarding address is added for user smith:

commadmin user modify -D chris -n sesta.com -w bolton -l smith \
-A +mailforwardingaddress:tsmith@siroe.com

commadmin user search

The commadmin user search command obtains all the directory properties associated with a single user. To obtain all the directory properties for multiple users, use the -i option. Only active users are displayed after a search.

Syntax

commadmin user search -D login -n domain -w password [-d domain] [-E string]
   [-F string] [-h] [-?] [-i inputfile] [-L string] [-l string] [-p AM port] [-s]
   [-S service] [-t Search Template] [-v] [-V] [-X AM host]

Options

The following options are mandatory:

Option	Description
`-D` `login`	The user ID of the user with permission to execute this command.
`-n` `domain`	The domain of the user specified with the `-D` option.
`-w` `password`	The password of the user specified with the `-D` option.

The following options are non-mandatory:

Option	Description
`-d` `domain`	The domain of the user. The user is searched only in the specified domain. If `-d` is not specified, all domains are considered for the search.
`-E` `string`	Searches for user’s mail address. The wildcard operator (*) may be used within any part of string.
`-F` `string`	Searches for user’s first name. The wildcard operator (*) may be used within any part of string.
`-h`, `-?`	Prints command usage syntax.
`-i` `inputfile`	Reads the command information from a file instead of the command line.
`-L` `string`	Searches for user’s last name. The wildcard operator (*) may be used within any part of string.
`-l` `string`	Searches for user’s login name. The wildcard operator (*) may be used within any part of string.
`-p` `AM port`	Use this option to specify an alternate TCP port where the Access Manager is listening. If not specified, the default `AM port` is used, or Port 80 is used if no default was configured at install time.
`-s`	Use SSL (Secure Socket Layer) to connect to the Access Manager.
`-S` `service`	Specifies the services to match in the user search. `services` can have the value of a single service or multiple services. The valid `service` values are `mail` and `cal.` These values are case-insensitive. The list of services is separated by the comma (,) delimiter. For Example: `-S mail,cal`
`-t` `Search template`	Specifies the name of the search templates to be used instead of the default search templates. This is an entry in the directory that defines the filter for the search. Only active users are searched for.
`-v`	Enable debugging output.
`-V`	Prints information about the utility and its version.
`-X` `AM host`	Specifies the host on which the Access Manager is running. If not specified, the default `AM host` is used, or the localhost if no default was configured at install time.

Example

The following example searches for users in the varrius.com domain:

commadmin user search -D chris -w bolton -d varrius.com -n sesta.com