Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to IBM Notes

Managing IBM Notes environments Setting up IBM Notes synchronization Basic configuration data Notes domains Notes certificates Notes templates Notes policies Notes user accounts Notes groups Mail-in databases Notes server Using AdminP requests for handling IBM Notes processes Reports about Notes domains Configuration parameters for synchronizing a Notes domain Default project template for IBM Notes

Memberships in dynamic groups

You cannot assign members directly to dynamic groups. Members are determined over the home servers assigned to the group. All user accounts that are assigned as mail server to this server are automatically members of the dynamic group. In addition, memberships can be edited through an excluded and additional list. At the same time, user accounts that are assigned to both the excluded and additional lists cannot be members of the dynamic group. User accounts and groups can both be added to the excluded and additional lists.

When IBM Notes is calculating effective members, it finds all the user accounts that:

  • The home server is assigned to as mail server
  • Are directly assigned to an additional list
  • Are assigned to an additional list as a member of a Notes group
  • Are assigned to an excluded list
  • Are assigned to an excluded list as a member of a Notes group.

Effective memberships in dynamic groups (table NDOUserInGroup) are not maintained in One Identity Manager, but only loaded in the One Identity Manager by synchronization. Excluded and additional lists can be edited in the Manager. Changes are immediately provisioned in the target system. Membership lists are recalculated there. After resynchronizing, the changes to the effective memberships are visible in One Identity Manager and can be taken into account by, for example, compliance checking.

If you use One Identity Manager's identity audit functionality and also check memberships in dynamic Notes groups in compliance rules, note the following:

NOTE: Changes to the excluded and additional lists in the Manager, cannot be immediately acted upon as effective memberships in dynamic groups are not updated until after resynchronization. Customize the synchronization schedule for your IBM Notes environment such that changes to effective memberships are promptly transferred to the One Identity Manager database.

For more detailed information about editing synchronization schedules, see the One Identity Manager Target System Synchronization Reference Guide.

Additional tasks for dynamic groups

To maintain memberships in dynamic groups, apply the following tasks to dynamic groups. Assign member is not available.

Assigning home servers

You can assign home servers to dynamic groups. All user accounts, only using this server as mail server become members of the dynamic group.

To assign a home server to a dynamic group

  1. Select the IBM Notes | Groups category.
  2. Select the dynamic group in the result list.
  3. Select the Assign home server task.
  4. In the Add assignments pane, assign the servers. To filter the servers shown, select a domain in the Notes domains field.

    - OR -

    In the Remove assignments pane, remove the servers.

  5. Save the changes.

Editing the excluded list

Use the excluded list to specify which objects you want to exclude from membership in a dynamic group.

To exclude user accounts from a dynamic group

  1. Select the IBM Notes | Groups category.
  2. Select the dynamic group in the result list.
  3. Select the Edit additional list task.
  4. Select the Users tab.
  5. In the Add assignments pane, assign user accounts.

    - OR -

    In the Remove assignments pane, remove user accounts.

  6. Save the changes.

To exclude groups from a dynamic group

  1. Select the IBM Notes | Groups category.
  2. Select the dynamic group in the result list.
  3. Select the Edit additional list task.
  4. Select the Groups tab.
  5. In the Add assignments pane, assign groups.

    - OR -

    In the Remove assignments pane, remove groups.

  6. Save the changes.

To exclude servers from a dynamic group

  1. Select the IBM Notes | Groups category.
  2. Select the dynamic group in the result list.
  3. Select the Edit additional list task.
  4. Select the Server tab.
  5. In the Add assignments pane, assign servers.

    - OR -

    In the Remove assignments pane, remove servers.

  6. Save the changes.

To exclude mail-in databases from a dynamic group

  1. Select the IBM Notes | Groups category.
  2. Select the dynamic group in the result list.
  3. Select the Edit additional list task.
  4. Select the Mail-in DB tab.
  5. In the Add assignments pane, assign mail-in databases.

    - OR -

    In the Remove assignments pane, remove mail-in databases.

  6. Save the changes.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating