サポートと今すぐチャット
サポートとのチャット

Identity Manager 8.2 - Administration Guide for Connecting to HCL Domino

Managing HCL Domino environments Synchronizing an Domino environment
Setting up initial synchronization of a Domino environment Domino server configuration Setting up a gateway server Creating a synchronization project for initial synchronization of a Notes domain Adjusting the synchronization configuration for Domino environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing Notes user accounts and employees Managing memberships in Notes groups Login information for Notes user accounts Using AdminP requests for handling Domino processes Mapping of Notes objects in One Identity Manager
Notes domains Notes user accounts Notes groups Notes certificates Notes templates Notes policies Notes mail-in databases Notes server Reports about Notes objects
Handling of Notes objects in the Web Portal Basic data for managing a Domino environment Configuration parameters for managing a Domino environment Default project template for Domino Processing methods of Domino system objects Domino connector settings

Maintaining excluded lists and additional lists for Notes user accounts

Use this task to add the user account to additional and excluded lists for dynamic groups.

To add a user account to a dynamic group's additional list

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select the Maintain excluded and additional task.

  4. Select the Additional tab.

  5. In the Add assignments pane, assign groups with an additional list that will contain the user account as a member.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  6. Save the changes.

To add a user account to a dynamic group's excluded list

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select the Maintain excluded and additional task.

  4. Select the Excluded tab.

  5. In the Add assignments pane, assign groups with an excluded list that will contain the user account as a member.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  6. Save the changes.
Related topics

The Notes user account overview

Use this task to obtain an overview of the most important information about a user account.

To obtain an overview of a user account

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select Notes user account overview category.

Restoring user ID files

If a user has forgotten the password to a user account and lost the user ID file, the user ID file can be restored. Since Domino version 8.5, Domino provides the ID vault function to do this.

One Identity Manager uses ID restore to provide its own method for restoring the user ID files. This can be used if an older version of Domino is in use or if ID Vault should not be used.

NOTE: The method to be used for restoring user ID files is specified by the domain. This option is valid for all user accounts in the domain.

Detailed information about this topic

Restoring user ID files using ID vault

The ID vault is a Domino database that stores copies of user ID files. This allows Domino to be able to restore user ID files and to reset user account passwords. One Identity Manager provides a process for resetting the passwords in the ID vault.

Prerequisites
  • The Domino server that communicates with the gateway server, is also the ID vault server.

  • There are running permissions defined for agents for the synchronization user account. For more information, see Running restricted LotusScript/Java agents.

  • ID vault database permissions for the synchronization user account are set to: Manager access function and Auditor role. For more detailed information, see your Domino documentation.

  • Permissions for restoring passwords of the synchronization administrative user account and the ID vault server are set. For more detailed information, see your Domino documentation.

To use the ID vault

  1. In the Manager, select the HCL Domino > Domains category.

  2. Select the domain you want to use for the ID vault in the result list and run the Change main data task.

  3. Set the ID vault enabled option.

    This setting effects all user accounts in the domain.

  4. Save the changes.

NOTE: If certain user accounts are excluded from the ID vault by the ID vault policy in Domino, the password cannot be reset by One Identity Manager.

In order to ensure the passwords for all user accounts in a domain can be reset, assign a policy for ID Vault that cover the whole organization.

When a new user account is published in Domino, One Identity Manager saves the initial password in the One Identity Manager database (NDOUser.PasswordInitial). This initial password is used when a user account password needs to be reset. Passwords are saved automatically for user accounts that are initially setup in One Identity Manager. The initial password for all other user accounts has to be transferred to the One Identity Manager database by a customized process.

To reset a user account password

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select the ID restore task.

This task starts the NDO_NDOUser_PWReset_from_Vault process. This process replaces the password from the user ID file saved in the ID Vault with the initial password from the One Identity Manager database. If the user is logged into the Notes client at this point, the user‘s local ID file is replaced with the update copy from the ID Vault. The user has to login with the initial password when the Notes client is started the next time. If the user is not logged into the Notes client when the password is reset, the updated ID file must be provided separately.

Once the password has been successfully reset, the user must be provided with initial password and the ID file if necessary. This process has to be customized to meet your needs.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択