지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 8.2.1 - Administration Guide for Connecting to HCL Domino

Managing HCL Domino environments Synchronizing a Domino environment
Setting up initial synchronization of a Domino environment Domino server configuration Setting up a gateway server Creating a synchronization project for initial synchronization of a Notes domain Adjusting the synchronization configuration for Domino environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing Notes user accounts and employees Managing memberships in Notes groups Login information for Notes user accounts Using AdminP requests for handling Domino processes Mapping of Notes objects in One Identity Manager
Notes domains Notes user accounts Notes groups Notes certificates Notes templates Notes policies Notes mail-in databases Notes server Reports about Notes objects
Handling of Notes objects in the Web Portal Basic data for managing a Domino environment Configuration parameters for managing a Domino environment Default project template for Domino Processing methods of Domino system objects Domino connector settings

Restoring user ID files through ID restore

ID restore is a One Identity Manager mechanism that can be used when a user has forgotten his password or the ID file itself has been lost. If the user ID file is restored with the ID restore procedure, the full name of the user account and the display name are determined from the user account name, organizational unit and certificate.

The following information is required to run an ID restore:

  • An ID file that is initially imported into the database including the associated password (NotesUser.NotesID, NotesUser.PasswordInitial)

  • The certifier that the initial ID file was created with (NotesUser.UID_NotesCertifierInitial)

  • A copy of the initially loaded or added employee document in the gateway server’s archive database archiv.nsf

  • The GUID of the document copy in the archive database (NotesUser.ObjectGUID_Archiv)

This data is automatically generated and saved for the user accounts that were added in the One Identity Manager. A one-off custom import of the files mentioned above has to be run for all other user accounts.

To restore the user ID file

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select the ID restore task.

    The ID restore process carries out the following steps:

    • Deletes all current employee documents from the Domino directory.

    • Copies initial employee documents from archive database to the Domino directory.

    • Exports the initially saved ID files to the gateway server.

    • Starts the AdminP request to track the changes made to the original ID up until now. This includes changes to the components of the user’s name, changes to the ID expiry date and exchanging certifiers.

    • Update the restored employee document using the known values.

  4. If the ID file is restored, provide the user with the ID file and the initial password.
Related topics

Locking and unlocking Notes user accounts

A user is considered to be locked in Domino if it is no longer possible for the user to log on to a server in the domain with this user account. The user loses access to the mailbox file through this. Access to a server can be prevented if the user account has the Not access server permissions type for the corresponding server document. This is very complicated in environments with several servers because a user account, which is going to be locked, must be given this permissions type for every server document.

For this reason, denied access groups are used. Each denied access group initially gets the Not access server permissions type for each server document. A user that is going to be locked becomes a member of the denied access group and therefore is automatically prevented from accessing the domain servers.

The way you lock user accounts depends on how they are managed.

Scenario:

The user account is linked to employees and is managed through account definitions.

User accounts managed through account definitions are locked when the employee is temporarily or permanently disabled. The behavior depends on the user account manage level. Accounts with the Full managed manage level are disabled depending on the account definition settings. For user accounts with a manage level, configure the required behavior using the template in the NDOUser.AccountDisabled column.

Scenario:

The user accounts are linked to employees. No account definition is applied.

User accounts managed through user account definitions are locked when the employee is temporarily or permanently disabled. The behavior depends on the QER | Person | TemporaryDeactivation configuration parameter

  • If the configuration parameter is set, the employee’s user accounts are locked when the employee is permanently or temporarily disabled.

  • If the configuration parameter is not set, the employee’s properties do not have any effect on the associated user accounts.

To lock the user account when the configuration parameter is disabled

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select the Change main data task.

  4. On the General tab, set the Account is disabled option.

  5. Save the changes.
Scenario:

User accounts not linked to employees.

To lock a user account that is no longer linked to an employee

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select the Change main data task.

  4. On the General tab, set the Account is disabled option.

  5. Save the changes.

The user account becomes anonymous when it is locked and is not shown in address books. Access to Notes servers is removed. The TargetSystem | NDO | MailBoxAnonymPre configuration parameter is checked if the user is made anonymous.

To unlock a user account

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Select the Change main data task.

  4. Disable the Account is disabled option on the General tab.

  5. Save the changes.

    Anonymity is rescinded and the user account removed from denied access groups.

Detailed information about this topic
Related topics

Deleting and restoring Notes user accounts

NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the account definition assignment is removed, the user account that was created from this account definition, is deleted.

You can delete a user account that was not created using an account definition through the result list or from the menu bar. After you have confirmed the security alert the user account is marked for deletion in the One Identity Manager. Depending on the deferred deletion setting, the user account is either deleted immediately from the address books and the One Identity Manager database or at a later date.

For more information about deactivating and deleting employees and user accounts, see the One Identity Manager Target System Base Module Administration Guide.

To delete a user account that is not managed using an account definition

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Click in the result list.
  4. Confirm the security prompt with Yes.

To restore a user account

  1. In the Manager, select the HCL Domino > User accounts category.

  2. Select the user account in the result list.

  3. Click in the result list.

Related topics

Notes groups

You manage groups in a Domino environment with One Identity Manager. These are mapped in the One Identity Manager database as Notes groups. All groups known to the Domino Directory are mapped. Users obtain access to network resources through membership in groups and through assigned policies.

Users, mail-in databases, groups, and servers can be grouped together into groups. Domino divides groups into different group types. The group's type specifies its intended purpose and whether it is visible in the Domino Directory.

Detailed information about this topic
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택