Thursday, 1 November 2018

Domino 10 - Automatic Archiving of User ID Vault Documents to Restart ID File Synchronization


In this blog post a small addition to my previous blog post, Domino 10 - ID Vault Scanning. Enabling ID vault scanning allows Administrators to use the query vault console command or the Domino Administrator to add or update ID vault assignments and user ID vault document modification times in Person documents in the Domino directory. Enabling scanning also allows Administrators to manage archived ID vault user documents. When ID passwords on Notes clients and the ID vault become different synchronization of ID information between clients and the ID vault stops.
In Domino 10.0 Administrators can now, as a new Administrator feature, configure automatic archiving of ID vault user documents when this situation occurs for longer than seven days. Archiving renames user documents in the ID vault allowing ID files on clients to be uploaded again to the ID vault. This ensures that the most recent information stored in the local ID file is stored in the ID in the vault. Important is always to have a good backup of the ID Vault.

Enabling automatic archiving of ID vault user documents
Administrators can add the following setting to the server notes.ino to automatically replace the ID file in the ID vault with the current ID on the Notes client when synchronization remains stopped for longer than seven days.
ENABLE_AUTORECOVERY_FROMBADPASSWORD=1


Results of the new notes.ine setting
In case a Notes Client ID vault synchronization fails based on mismatched passwords the mismatch is flagged in the user's ID vault document. Next if more than seven days occur without successful ID vault synchronization the user's ID vault document is archived by renaming it to begin with a tilde (~). Finally at the next ID vault synchronization attempt the ID file is uploaded again from the Notes Client to the ID vault and the passwords are again in sync. The ID file is uploaded to the ID Vault again because the user's ID vault document isn't found due to the previous archiving.

Remark: Mismatched passwords that stops ID synchronization can occur in the situation when an administrator resets a user's password in the ID vault but the user doesn't use the new password on the client. Further the synchronization also stops in case a user changes the password on the client ID and the ID successfully is synchronized to the ID vault. Next the user then uses an older ID file on the same or a different computer that has a different password.

In my next blog post more about the new features in Domino 10.

No comments:

Post a Comment