Clear Groupwise user password on restored system

I work for a prosecutors office. I have tape backups going back years. Our office policy does not require that we be able to search thru old mailbox's of users that left years ago and whose user object was deleted years ago but a defense attorney has gone to the court and is requesting this information now. I created a test server in a test tree and restored the directory structure from tape to this server. I can start the po agent on the test server and open up a users mailbox, who was deleted years ago... if they never created a groupwise password. The test server is not connected to our production network. Is there a way to change the groupwise password with out connecting to or installing a replica of our production eDirectory on the test server? It's frustrating because it's very simple to get to the point where I can read an old users mailbox, but only if they never had a password. I wish there was a utility or command that could clear the password when just the groupwise directory structure was available.
  • dgonnse;2272863 wrote:
    .. The test server is not connected to our production network. Is there a way to change the groupwise password with out connecting to or installing a replica of our production eDirectory on the test server?.


    If you get the Domain/MTA running in that environment you should be able to graft the GroupWise system and objects into your test tree (via ConsoleOne). Then you should be able to manage the restored GroupWise system and be able to send a password reset for the account to the POA.

    I don't know of ways to do a reset with a running POA only (other than having Novell NTS take a look).

    -Willem
  • Hi.

    Like Willem said, to (re)set a password of a user you need a working
    domain (MTA) too that can properly talk to the post office. With just
    the post office alone, you can't.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • You should read this TID:

    Recover deleted mail for legal action
    - https://www.novell.com/support/kb/doc.php?id=3373106

    Following this method you do not even need a post office agent.
  • bvandenberg;2273051 wrote:
    You should read this TID:

    Recover deleted mail for legal action
    - https://www.novell.com/support/kb/doc.php?id=3373106

    Following this method you do not even need a post office agent.


    Interesting method, combining a postoffice rebuild with clearing the user account's client settings. Hadn't ever seen that procedure/TID... thanks!

    As an added note, one still also needs the restored domain to be able to do this on a restored post office structure.

    Cheers,
    Willem
  • On 20.07.2013 12:46, magic31 wrote:
    >
    > bvandenberg;2273051 Wrote:
    >> You should read this TID:
    >>
    >> Recover deleted mail for legal action
    >> - https://www.novell.com/support/kb/doc.php?id=3373106
    >>
    >> Following this method you do not even need a post office agent.

    >
    > Interesting method, combining a postoffice rebuild with clearing the
    > user account's client settings. Hadn't ever seen that procedure/TID...
    > thanks!


    I'm afraid that method to reset/clear the user password in steps 4 to 6
    of the alst paragraph don't work consistently. On some accounts it will
    work, on others not. You will end up having to run a real MTA and POA
    anyways to get the password changed.

    OTOH, if you also have an eDir tree *and* graft the restored system into
    the edir tree, you can authenticate via eDirectory (and of course chnage
    the users eDir PW to your liking) by setting the "no password for
    edirectory" option. That's the only way how you would be guaranteed to
    get access without having to actually run a MTA and POA.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • mrosen;2273293 wrote:

    I'm afraid that method to reset/clear the user password in steps 4 to 6
    of the alst paragraph don't work consistently. On some accounts it will
    work, on others not. You will end up having to run a real MTA and POA
    anyways to get the password changed.


    Thanks for adding that in Massimo, good to know. Had not ever needed to try that (only working with direct mode/file access to restore account data) as a building a restore/dummy server along with running GroupWise agents is a quick enough task to do (with virtualisation, templates for quick roll out and all that)
  • I used TID 3373106 and it worked great. I found out I don't even have to clear their password in console one. Just doing it from gwcheck takes care of it. I did get a java error trying to run a groupwise client from the Linux server but I just connected up a pc and used the groupwise client on it. I did not have to install agents or create domain or post office. Just connected up to the old directory structure, grafted and the other stuff mentioned in the TID. Thanks for your help!