The Administration Process

The Administration Process is a program that automates many routine administrative tasks.

For example, if you delete a user, the Administration Process locates that user's name in the Domino® Directory and removes it, locates and removes the user's name from ACLs, and makes any other necessary deletions for that user. If you want to delete all replicas of a database, the Administration Process finds the replicas on servers in the domain and provides an interface for deleting them.

The Administration Process automates these tasks:

  • Name management tasks, such as rename person, rename group, delete person, delete group, delete server name, recertify users, and store Internet certificate.
  • Mail file management tasks, such as delete mail file and move mail file.
  • Server document-management tasks, such as store CPU count, store platform, and place network protocol information in Server document.
  • Roaming user management, such as roaming user setup, move roaming users to other servers, upgrade a nonroaming user to roaming status, and downgrade roaming user to nonroaming status.
  • User mail file management tasks, such as performing Access Control List (ACL) changes and enabling agents such as the Out of Office in the Notes® mail client.
  • Person document management tasks, such as storing the user's Notes® version and client platform information.
  • Replica management tasks, such as create replica, move replica, or delete all replicas of a database.

Administration servers

Administration servers control how the Administration Process does its work. You specify an administration server for the Domino® Directory and for specific databases. By default, the first Domino® server you set up in a domain is the administration server for the Domino® Directory. The administration server for the Domino® Directory maintains the Domino® Directory's ACL, performs deletion and name change operations in that Domino® Directory, and these changes are replicated to other servers in the domain. If you have multiple directories in your domain -- not replicas of other domain's directories, but more than one of your own -- you can specify an administration server for each of the directories in your domain. Do not specify an administration server in your domain for a replica of another domain's Domino® Directory.

All databases need an administration server to manage name changes and deletions that apply to the database -- for example, changes to the ACL, Readers and Authors fields, or Names fields. If a database has replicas, you assign an administration server to only one replica. Then the Administration Process makes all changes to that replica, and replication for that database carries out the changes in all other replicas.

You can also set up one or more extended administration servers to distribute across multiple servers the processing of administration requests that modify the Domino® Directory.

The Administration Requests database

The Administration Requests database (ADMIN4.NSF) is created on the administration server for the Domino® Directory when that server starts for the first time. Requests for work to be done by the Administration Process are stored in the Administration Requests database. The status of work done by the Administration Process is also stored there as response Log documents to the requests, in the form of Administration Request documents. To complete tasks, the Administration Process posts and responds to requests in the Administration Requests database. Domino® servers use replicas of this database to distribute requests made on one server to other servers in the domain.

When other servers start, if the Administration Requests database does not exist, the server creates a replica stub of the Administration Requests database and waits for it to be initialized from another server in the domain. Every server in the domain stores a replica of the Administration Requests database and the Domino® Directory.

The Administration Requests database also acts as the interface to the Domino® Certificate Authority requests. It is the responsibility of the Registration Authority to monitor the status of the Certification Authority (CA) Requests. The CA requests can be removed from the view or resubmitted for processing in the same manner as the Administration Process Requests.

The Certification Log

To use the Administration Process to perform name changes and recertifications, the Certification Log (CERTLOG.NSF) must reside on the server that stores the Domino® Directory in which you will initiate the name change or recertification. If the Certification Log exists on another server, move the Certification Log to the server containing the Domino® Directory on which you are initiating the name change or recertification. The Certification Log contains a permanent record of how you register servers and users, including information about the certifier ID. The Certification Log also contains messages that describe the results of recertification requests that the Administration Process is processing.