Day: January 22, 2020

HCL Domino V11 – Directory Synchronzation – Part 7

Registering Active Directory users in Domino

When you use Directory Sync, you can register Active Directory users in Domino to create mail files and Notes IDs for them.

To register Active Directory users in Domino, open the Admin client and navigate to “People & Groups -> People“. Select the name of an Active Directory user to register. Right-click and select Register Selected Person.

Select the certifier and type in the password.

The Register Person dialog appears, pre-filled with …

ouups. NOTHING in there.

This is an issue, I ran into during BETA testing. It took a while until we found out the cause for it. If you encounter the same in V11 GA in your environment, open the Notes Client notes.ini and search for 

NewUserServer=<servername>

Most likely, servername is not the name of the registration server. Delete the entry from notes.ini and restart the Administration client.
If this does not fix the issue, check your policy settings. Chances are that the registration server in the registration policy does not match the server where you want to register the user.

This is a known issue and will be fixed hopefully in Domino V11.0.1. It’s being tracked under SPR# MOBNBHQQUH.

With the correct settings in place, you will see the following

Complete the registration dialog and register the user.

The Active Directory users is now registered in Domino.

By now, you can only register one user at a time. An enhancement request already exists to register ALL selected Active Directory users.

Renaming Domino users when their names change in Active Directory

When you use Directory Sync and the common name of a registered Domino user changes in Active Directory, follow this procedure to change the name in the Domino directory Person document, too.

The Rename Domino users upon Active Directory rename option must be enabled in the Directory Sync configuration document.

When a Domino user’s common name changes in Active Directory, a Rename Common Name administration process request is created. You must approve the request for the rename to be carried out in Domino.

I renamed the user in Active Directory

Here is what you see on the server console during the sync.

[0290:0004-16DC] DirSync  Entry with mail address 'd.vader@darkside.org' - NoteID 33086 was found in the target directory.
[0290:0004-16DC] DirSync  
DirSync  CSyncFromAD::DoModify(dn = 'CN=Darth Vaderman,CN=Sync,DC=ad,DC=fritz,DC=box', newentry=0)
[0290:0004-16DC] 22.01.2020 08:34:28 LLNDirSync CSyncToAdminP::ModifyPerson: FLATFirstFuameValue: CN=Darth Vaderman/CN=Sync/DC=ad/DC=fritz/DC=box
 Status: No error.
[0290:0004-16DC] DirSync Submitted adminp request to rename user CN=Darth Vader/O=singultus to CN=Darth Vaderman/O=singultus
[0290:0004-16DC] DirSync  Modified LastName from 'Vader' to 'Vaderman'
[0290:0004-16DC] DirSync  Modified memberOf from '' to 'CN=BadGuys,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  Modified uSNChanged from '234953' to '235340'
[0290:0004-16DC] DirSync  'person' Document updated, UTF8 Name = 'CN=Darth Vaderman,CN=Sync,DC=ad,DC=fritz,DC=box' 
[0290:0004-16DC] DirSync  CSyncFromAD::DoModify - Modified existing Note for 'CN=Darth Vaderman,CN=Sync,DC=ad,DC=fritz,DC=box'
[0290:0004-16DC] DirSync  
[0290:0004-16DC] 22.01.2020 08:34:28   DIRSYNC From Active Directory (AD) - Summary (1.111 sec, Start=235338, Adds=0, Modifies=1, Deletes=0, Skips=0, Errors=0, End=235340)

Open admin4.nsf and navigate to “Rename Common Name Requests”.

Select the names to process and click Complete rename for selected entries. Select certifier and provide the Notes certifier password.

Select “Change common name” in the next dialog box.

A standard administration process Rename In Domino Directory request is then initiated for each name processed.

Deleting registered users 

When users or groups are deleted in Active Directory, they are also deleted in the Domino® directory, with one exception: Active Directory users who are registered as Domino users (have mail files, etc) are not deleted from Domino.

The objectGUID item will be removed from the personrecord on next resync.

DirSync  Removed ObjectGUID for Registered User with Note ID 33086, user = CN=Darth Vaderman/O=singultus.