Many thanks to all who responded! This message summarizes:

(1) I reported being unable to edit existing user entries with admintool.

The problem was simply a bug in admintool. The solution was to install

patch #101384-01, which gives admintool the ability to read and modify

user entries with -1 in the expiration field. I guess nobody else is

crazy enough to give people passwords with no expiration, or else

everyone else has the patch installed...

(2) I asked about making batch changes to lots of users at once. In my

case, I wanted to change some users' group ID from one GID to another.

Almost everyone who knew, agreed that the NIS+ utilities make this job

easy. In particular, nistbladm seems the way to go, I just hadn't

stumbled across it yet. It was suggested that the man pages for

usermod, useradd, userdel, pwconv, would prove informative (and so they

are...), and even passwd has an awful lot of options of which I was

unaware.

I also received two clever-looking commands to try. I haven't had the

time to hack through them, or the courage to try them yet, with most of

our users still logged in, but I will include them here, in the

interest of expediency. If you want to "play" with them, you assume

all risks...

        (bright flash) ... "oops!" ... (sound of explosion)

                :-)

+-----------------------+----------------------------+-----------------+

| Sumner K Hushing III | GENERAL DYNAMICS | This space |

|hushing@gdwest.gd.COM | Space Systems Division | intentionally |

| 619-547-4542 | PO Box 85990, MZ 55-5050 | left blank |

| 619-547-5791 messages | San Diego, CA 92186-5990 | :-) |

+-----------------------+----------------------------+-----------------+

Thanks again, to the following, and any who reply in the future:

misik@alpha.dcs.fmph.uniba.sk (Andrej Misik)

David.Miner@East.Sun.COM (Dave Miner - MINERS REFUSE TO WORK AFTER DEATH)

erics@fsg.com (Eric Stone)

"rogerio@bvl.pt <rogerio@bvl.pt>" <rogerio@bvl.pt>

Leif Hedstrom <hedstrom@inf.ethz.ch>

reggie@rentec.com (Reggie Dugard)

peters@oes.amdahl.com (Peter Sivo)

Zdzislaw Meglicki <Zdzislaw.Meglicki@arp.anu.edu.au>

EXAMPLE 1 ==========================================================

This was useful before the admintool patch was available. If you

haven't patched admintool, you can't edit users who have -1 in the

expiration field. The quick hack? Blank out all the expiration

fields:

#!/bin/sh

DOMAINNAME=`domainname`

niscat passwd.org_dir.$DOMAINNAME. |

    grep -v ":::::::$" |

    awk 'BEGIN{ FS=":"}{ print $1 }' |

    while read a

    do

        echo modifying shadow for $a

        nistbladm -m shadow="::::::" [name=$a],passwd.org_dir.$DOMAINNAME.

    done

EXAMPLE 2 =========================================================

Here's the command to replace group IDs. I tried the nisgrep line by

itself, and I see that it just generates a list of usernames with

matching group IDs. I suppose I'll bite the bullet and let it run the

nistbladm command on each of those users tonight.

#!/bin/sh

oldgid=<the gid to change>

newgid=<the new gid to replace it with>

nisgrep gid=$oldgid passwd.org_dir | cut -d':' -f1 |

while read u

do

    nistbladm -m gid=$newgid [name=$u]passwd.org_dir

done