Wednesday, 14 November 2018

Consequences Administration Server Action Field Settings in the Access Control List Dialog Box


In my journey as Domino Administrator I performed a deep dive into the AdminP process during the past period especially for renaming and deleting users. One of the most important coherent settings that I encountered here are the Administration Server settings in the Access Control List of the databases especially the value in the action field. These setting can be set or modified using the Domino Administrator Client. From the Domino Administrator open the domain containing the server with the database for which an administration server must be added or changed. Next select the Files tab and select the database to which an administration server has to be assigned. From the Tools pane select Tools - Database - Manage ACL and select Advanced. In the Action field the values can be selected as described in the table below.

Field Value
Administration Server Choose one of these:
None -- If you do not want an administration server assigned for the database.
Server -- Select a server from the list.
Action Choose one of these according to whether you want modifications to the indicated fields to occur during a rename group, rename user, or rename server action; or during a delete server, delete group, or delete user action:

Do not modify Names fields
Names fields are not updated during any of the above rename and delete actions.

Modify all Readers and Authors fields
Reader and Author fields are updated during the rename and delete actions listed above. Any item of type Item_Readers or Item_ReadWriters is modified.

Modify all Names fields
All names fields are updated during any of the rename or delete actions listed above. Any item of type "Item_Names" is modified, for example, a list of users or groups would be modified. Item_Names includes Item_Readers and Item_ReadWriters making it a super-set of modifications that include Readers and Authors fields.


For more information see also the IBM Support documents Specifying an administration server for databases and Modifying the Action field in the Access Control List (ACL).

In a number of custom Notes applications, including the mail databases, the value in the Action Field is set to Modify All Names Fields in our Notes environment. Further in several custom Notes applications the user names are stored in Readers fields, Authors fields or Names fields.
When it comes to renaming a user in the Domino Administrator Client the value Modify all Names fields in the Action field in the Administration Server settings in the ACL in these databases means that the AdminP process will update the user's name in all Readers Fields, Authors fields and Names fields in accordance with a name change performed in the Domino Administration client. So far so good since this is what we want to accomplish with the setting in the Action field.
But here is the problem when it comes to deleting a user. When a user has been deleted in the Domino Administration client AdminP removes the user's name from all Readers fields, Authors fields and Names fields. In the Administration Request database there is an Delete in Readers/Authors Field entry. For specific custom Notes applications this means that important workflow information will be deleted. In mail files this means that anywhere the user's name appears the name will be removed. This includes also the information about who created a document and the information about who sent mail.


However, regarding the settings in the mail databases IBM recommends that for heavy users of Calendar and Scheduling specific to recurring meetings the Action field for the user's mail database should be set to Modify All Names fields. For users who are not frequently involved in the use of Calendar and Scheduling the Action field for the user's mail database should be set to Do not modify Names fields.
For more information see the IBM document Modifying the Action field in the ACL dialog box.
I specific tested the AdminP process for removing a user and for mail databases en workflow applications this is a major problem. Critical information is deleted when the Action field is set to Modify all Names Fields. We use the setting Modify all Names Fields in our mail databases because of the Calendar and Scheduling and recurring meetings.


The above situation yields a dilemma regarding which setting is best used in which database in the situation where use is made of the AdminP process when a user is renamed and when deleting a user.
In my humble opinion it can not be the intention to redesign existing Notes applications so that they can work the one-sides way that AdminP processes deletion requests. I would like to hear any solutions by Domino Administrators regarding the AdminP process for deleting users when in the ACL the value Modify all Names Fields is selected.
Below the recommendations for the names.nsf and admin4.nsf databases by IBM.

NAMES.NSF - Domino Directory
By default, the Action field for the administration server for the Domino Directory is set to "Do not modify names fields." Do not change the Action setting for the administration server for the Domino Directory. The purpose of this setting is to allow the Administration Process to update names (people, group, or server names) in critical areas of a database. The Administration Process automatically manages the names in the Domino Directory. Changing the Advanced ACL setting for this database causes the removal of names which are critical to other Domino features, for example, mail routing and calendaring and scheduling.

ADMIN4.NSF - Administration Requests database
The Administration Requests database (ADMIN4.NSF) is a log database from which documents are routinely purged. If you set the Action field on the ACL dialog box to anything other than "Do not modify names fields," you may cause performance problems when the Administration Process (adminp) processes requests. This does not apply to cross-domain administration requests.

In any case the above is certainly something to think about when selecting a value in the Action Field in the Administration Server settings in the Access Control List of a Notes database. I hope to receive some solutions from other Domino Administrators how this can best be solved without redesign existing Notes applications.

Sunday, 11 November 2018

Domino 10 - New Administration Feature: Document Deletion Logging (2)


As I mentioned in my blog post Domino 10 - New Administration Feature: Document Deletion Logging there is a new server compact option available in Domino 10 to enable logging of data about deleted documents in databases that can be specified. The deletion logging data is logged to entries in deletion log files added to the IBM_TECHNICAL_SUPPORT directory on the Domino Server. In my previous blog post I did not mention the possibility to log (field) items. Administrators can log up to four field values in a deleted document to help identify these documents. The items are specified when Administrators enable deletion logging for a specific database. Although Administrators can specify more than four field values only the first four that are found are shown in the log entries. Below an example enabling deletion logging in a mail database including four items.


The results of enabling deletion logging is that when documents are deleted from a specific database entries are added to the current deletion log file, delete.log. When the server is restarted a new deletion log file is created. Old deletion log files are renamed to delete_<servername>_yyyy_mm_dd@hh_mm_ss.log. As mentioned before the log files are stored in the IBM_TECHNICAL_SUPPORT directory. Below some examples from the log file including the logged (field) items.


delete_ICEDEARTH_2018_11_09@18_15_18.log
"20181109T183422,40+01","mail\joldenbu.nsf","C125832B:005DADBF","nserver","CN=Johnny Oldenburger/O=ALM","SOFT","0001","5CED9FCF:EF17A075C1258340:006074A4","Form","4","Memo","Subject","22","Items Deletion Logging","DeliveredDate","19","09-11-2018 18:33:33"
"20181109T183427,71+01","mail\joldenbu.nsf","C125832B:005DADBF","nserver","CN=Johnny Oldenburger/O=ALM","SOFT","0001","54060598:74EB0F79C1258340:00606893","Form","4","Memo","Subject","16","Deletion Logging","DeliveredDate","19","09-11-2018 18:33:02"

Next I will setup the nshDelLog - Domino Deletion Log Annotation and Backup V 0.9.0 database by IBM Champion Daniel Nashed. For more information see the blog post nshDelLog - Domino Deletion Log Annotation and Backup V 0.9.0. In one of my next blog post, I will describe my experience of this database. Thanks for sharing Daniel!

Friday, 9 November 2018

Domino 10 - Synchronize Database Replicas - New Option Replicate Command


This last blog post concerning the new IBM Domino 10 Administrator features  is meant purely for my own documentation in case I need the new replicate command in the near future. In IBM Domino 10 there is a new option for the Replicate command for Domino Administrators, -F, to force a full database replication when replicas of a database get out of sync. The replication takes place on the side and allows users to continue to see replication updates during the full replication. Administrators can use  the -L argument to log information about the documents (notes) that would replicate if the new option -F is used but without actually performing the replication. Until now the only option for Administrators to perform a full replication of content was by clearing the replication history. Be aware that for large databases a full replication can take time and delay the replication of new updates until it is complete. For example if the replication history of a mail file is cleared the mail user might not see new mail until the full replication completes.

To force a full replication Administrators can now use the following server command: replicate <server> <database> -F.
Example: replicate MS-DOMINO10/ALM mail\jdomino.nsf -F

Administrators can use the -L option to log details about the documents (notes) that would replicate if the -F option is used but without actually performing the replication. For example: replicate MS-DOMINO10/ALM mail\jdomino.nsf -L

Since I currently not have any replica's out of sync I don't get all the output as mentioned in the IBM documentation as shown below. Based on the new replicate command -F and the -L option to log details the output will look something like this on the Domino console.

[17F8:0002-1028] NoteRepl: CN=Mail\O=MSDOMINO10!!mail/jdomino.nsf to mail/jdomino.nsf Since 07/27/2018
 Replicating from remote replica (jdomino) to local replica (pull). Since = The replication history from 
[17F8:0002-1028]  07-11-2018 08:28:57 Starting replication with server Mail\MSDOMINO10
[17F8:0002-1028]  07-11-2018 08:28:57 Pulling mail\jdomino.nsf from Mail\MSDOMINO10 mail/jdomino.nsf
[17F8:0002-1028] NoteRepl: UNID 7235FD43:BB0874BA:852582A2:0052CF6C Cls 1
UNID and Cls = NoteClass
[17F8:0002-1028] Src: NID A96 SN 2 ST 07-11-2018 08:15:07  Mod: 07-11-2018 8:15:07
Source note info (in this case the source is the remote replica), NID = NoteID, SN = Sequence number
[17F8:0002-1028] Dest: NID 0 SN 0 ST Did not repl
Destination note info. "Did not repl" means that it should have replicated in the past, but the [17F8:0002-1028] NoteRepl: mail/jdomino.nsf to CN=Mail\O=MSDOMINO10!!mail/jdomino.nsf Since 07-11-2018 Replicating from local to remote. Since = Replication history from last push
[17F8:0002-1028] 07-11-2018 08:28:57  Pushing mail/jdomino.nsf to Mail\MSDOMINO10 mail/jdomino.nsf
[[17F8:0002-1028] NoteRepl: UNID 29BD9D7B:04808407:852582A2:0052CF6E Cls 1
[17F8:0002-1028] Src: NID A9E SN 2 ST 07-11-2018 08:28:43  Mod: 07-11-2018 08:28:43
[17F8:0002-1028] Dest: NID A9E SN 1 ST 12-10-2018 11:04:35 Waiting to repl
"Waiting to repl" means that this note will replicate the next time the databases replicate. [17F8:0002-1028] 07-11-2018 08:28:57 Finished replication with server Mail\Renovations
[17F8:0002-1028] 07-11-2018 08:28:57 AM Database Replicator shutdown

Another great new IBM Domino 10.0 Administrator feature. In my next blog post more about advanced search capabilities and query definitions in Notes databases using LotusScript.

Tuesday, 6 November 2018

Domino 10 - Programatically Schedule Mail Using LotusScript


In my previous blog post Domino 10 - New Administrator Feature to Push to Notes Clients: Scheduled Messages I described the new Domino 10 feature scheduled delivery of mail messages. As mentioned in the blog post the new Domino 10 Mail Servers supports scheduled delivery of mail messages. For example a user can compose a new mail message during the weekend and schedule the delivery of the email to be sent during the next work week. Scheduled messages are stored in mail.box on the sender's Mail Server. The router delivers or routes the messages at the scheduled time. Scheduled mail is enabled on a Domino 10 Server by default. In the Server Configuration Settings document in the Domino directory it can be disabled by the Administrator.
Scheduled messages are supported for Notes client users with mail files that are upgraded to he Notes 10 Mail Template (mail10.ntf). The feature is not supported for IBM iNotes, IBM Verse or IBM Traveler clients.
In this blog post I will describe how you can programatically schedule mail using LotusScript.


Scheduling mail programatically
To programatically schedule mail messages you must use the Summary DateTime item $SendAt to cause a message to be scheduled. Below a basic example using a simple function which is called form an Action Button on a Notes form.

A. Function ScheduledMail
In the Funtion ScheduledMail I use a Variant sendTime which indicates when the mail should be sent. The value of the Variant sendTime in the Function ScheduledMail is replaced in the field $SendAt to cause the message to be scheduled on the Domino Server.

Function ScheduledMail(note As NotesDocument)
Dim session As New NotesSession
Dim db As NotesDatabase
Dim memo As NotesDocument
Dim body As NotesRichTextItem
Dim sendTime As Variant
Dim linkDoc As NotesDocument
Dim sendTo As String
Set db = session.CurrentDatabase
Set memo = db.CreateDocument
Call memo.ReplaceItemValue("Form", "Memo")
Call memo.ReplaceItemValue("Subject", "Review IT Ticket Solution")
sendTo = note.mailuser(0)
sendTime = Today + 8 + TimeNumber(8, 0, 0)
Call memo.ReplaceItemValue("$SendAt", sendTime)
Call memo.ReplaceItemValue("SendTo", sendTo)
Set body = memo.CreateRichTextItem("Body")
Call body.Appendtext("Please review this IT Ticket: ")
Call body.Appenddoclink(linkDoc, "", "")
body.Update
Call memo.Send(False)
End Function

B. Mail.Box
If the user selects the Action Button on the Notes Form the function ScheduledMail is called and the mail is not send immediately but is placed in the Mail.Box on the Server as a Pending Message.


By using sendTime = Today + 8 + TimeNumber(8, 0, 0) in the Function ScheduledMail the Scheduled Time for the Mail Message is set on 14-11-2018 08:00:00.


The above function can be easily adjusted so that the users can enter the scheduled date and time themselves. Another great new feature in Domino 10. In my next blog post more about scheduling messages using @Formula.

Friday, 2 November 2018

Getting Started with IBM Domino Mobile Apps 1.0


As most of you may already know since a few days IBM Domino Mobile Apps 1.0 Beta is available for testing. IBM Domino Mobile Apps is the Notes client that you already know for working with your applications – but on, and optimized for, the iPad. For getting started with IBM Domino Mobile Apps 1.0 Beta see this IBM Support Document to quickly get up and running with IBM Domino Mobile Apps 1.0 Beta. For more information see also IBM Domino Mobile Apps - IBM Notes Applications on your iPad.
There are already some very interesting blog post regarding first impressions and tips. I recommend to read the blog posts IBM Domino Mobile Apps BETA is available and Quick-Tip: Remove Tile from IDMA Recent Apps by Oliver Busse.



I will add more info to this blog post as soon as more information becomes available regarding IBM Domino Mobile Apps.

Notes 10 - Forward Multiple Messages as EML Attachments


One of the cool new mail features in IBM Notes 10.0 concerns the EML attachments feature. In Notes 10.0 users can select multiple messages in their Notes Inbox and forward them as .eml attachments. EML is a file extension for an e-mail message saved to a file in the MIME RFC 822 standard format. The primary purpose of creating a .eml file is for storing the files offline and to allow forwarding of e-mail messages and their content.
This new feature in Notes 10.0 allows users to keep multiple messages separate rather than having them run together in the forwarded message.

Forward messages as .eml
To use the new Notes 10.0 feature open the Inbox and select one or more messages to forward. Next select Forward - Forward as Attachments.


Next a new IBM Notes Email message is opened with the emails attached as .eml attachments.


Result
When the recipients of the email with the attached .emal attachments receive the message  and open the attachments in the email the formatting and structure of the IBM Notes Email message stays in tact regardless of the mail client the recipients use.


If an Email message that a user is forwarding contains attachments, the attachments are also included in the .eml attachment for the Email message. I tested this an it works like a charm. Another great feature in Notes 10.

Notes 10 - Default Enabled Notes Client Preferences


Today I started to look at the new features in Notes 10 in more detail. Initially a number of preferences are enabled by default for new installations of IBM Notes 10. As an IBM Domino Administrator I am not a big proponent of standard enabled features in new releases or installations. I prefer to decide myself, based on our company policies, which (new) preferences should be enabled for the users in the Notes Client. However, to be more specific, there are three preferences enabled by default in Notes 10. A small remark applies here, namely these enhancements do require the IBM Notes 10 mail template (mail10.ntf). Below a shot description of these preferences.

Cancelled Meetings
By default canceled meetings are now shown as canceled in the calendar rather than removed. This by default enabled preference is is set in File - Preferences - Calendar & To Do - Display - Views.

Administrators can change this default setting by using a Mail Policy. Select Calendar and To Do - Display - Process cancelled meetings automatically and select the desired setting.

Delete Calendar Document
By default, when a user deletes a calendar document from their mail the calendar document is deleted automatically without asking the user to confirm the deletion. This by default enabled preference is set at File - Preferences - Mail - Basics.

Administrators can also change this default setting by using a Mail Policy. Select Mail - Basic - When user deletes a calendar document from any view or folder and select the desired setting.

Mail Rules
By default mail rules run on existing messages. This by default enabled preference is set at File - Preferences - Mail - Basics.

Finally Administrators can change this default setting by using a Mail Policy. Select Mail - Basic - Enable Run Rules on existing mail and select the desired setting.

In my next blog post more about the new Notes 10 features.