I've been working on a directory cleanup project to prepare for a metadirectory implementation for the last few months. What a pain in the a$$... Cleaning up AD and the LDAP directory used for external authentication has been a breeze because we can just check last logon dates and disable/delete as needed. Domino, on the other hand, is killing me. I've probably spent 100 hours writing queries, analyzing data, trying to come up with new approaches, etc. Every time we think we have the data that we need in order to find accounts that are safe to delete, we keep finding new exceptions that throw things off. Not all of it is because of Domino--of course half the users seem to have different account names in each of the directories. That cleanup is the biggest pain. But, just today, I found another 1000 accounts where the Notes username doesn't match the mailfile name withing Domino. This makes it impossible to match up Domino activity data with anything--even other Domino data that I am pulling via LDAP.
Ok, rant over. The good news, Horizon was just in and they are doing a serious evaluation on moving to Exchange...I just won't be consulting here anymore by the time anything happens with it (at least I certainly hope I'm not!).