Using Advanced Notes® user registration with the Domino® Administrator

Advanced registration offers all the settings included in Basic registration and also allows you to change default settings and apply advanced settings to users.

Before you begin

Make sure you have the following access before you begin registration:
  • Access to the certifier ID and its password, if you are not using the Domino® server-based certification authority (CA).
  • Access to the Domino® Directory from the computer you work on.
  • Editor access or Author access with Create Documents role and the UserCreator privilege in the Domino® Directory on the registration server.
  • Create new databases access on the mail server if you plan to create user mail files during registration.
  • Create explicit policies and settings documents if you plan to use policy-based system administration.
  • Access to the certification log (CERTLOG.NSF) on the registration server.

About this task

You can modify user settings at any time once you add the user to the User Registration Queue by selecting the user from the queue and then making changes. You can also modify certain settings for multiple users at once by selecting the users in the queue and making changes. You can cancel user registration and clear all fields at any time by clicking the red X.

Keep the following information in mind when selecting user registration options:

  • Storing user IDs in the Notes® ID vault – The user registration interface contains the setting In Notes ID vault on the ID Info tab. This setting is not modifiable in the user registration interface. If a user's effective policy has a Security policy settings document that assigns the user to a vault, the In Notes ID vault value is selected. If the server you are using is a pre-Domino 8.5 server, the field label changes to ID vault not supported for this version of Domino.
  • Hosted environments – If you are working in a hosted environment, when registering users, ensure that you are using a certifier that was created for the hosted organization into which you are registering the users. This applies regardless of whether you are using a certifier and password or the server-based CA.
  • Roaming users – If you are registering Domino® server roaming users, on the ID Info tab of the Register Person - New Entry dialog box, choose In Domino Directory as the location for storing user IDs if you want roaming users to access their Notes® IDs from their Contacts application. If you do not choose the In Domino Directory option, roaming users must either store their Notes® ID on a file server or physically carry their Notes® ID with them on a diskette or other storage media. If you elect to store the user ID in a file and in the Domino® Directory, the user IDs are stored in the user's Contacts application.
    Note: If you create Domino® server-based roaming users and do not elect to store their user IDs in the Domino® Directory, but later decide to store those user IDs in the Domino® Directory, disable the roaming user option, select the option to store the user ID in the Domino® Directory, and then enable the roaming user option again.

Procedure

  1. From the Domino® Administrator, click the People & Groups tab.
  2. From the Servers pane, choose the server to work from.
  3. Select Domino Directories, and then select People.
  4. From the Tools pane, click People > Register.
  5. Enter the certifier password and click OK. When the Certifier Information Recovery Warning dialog box appears, review the information in the dialog box, select the check box and click OK.
  6. Click Advanced.
  7. From the Basics tab, complete these fields:
    Table 1. Basics tab

    Field

    Enter

    Registration server

    Click Registration Server to change the registration server (which is the server that initially stores the Person document until the Domino® Directory replicates), select the server that registers all new users, and then click OK. If you have not defined a registration server in Administration Preferences, this server is by default one of these:

    • The local server if it contains a Domino® Directory
    • The server specified in NewUserServer setting of the NOTES.INI file
    • The administration server

    First name, Middle name, Last name

    The user's first and last names and (if necessary) middle name. The user's Short name and Internet address are automatically generated. To change the Short name or Internet address, click the appropriate space and enter the new text.

    Short name

    A short name in the format FirstInitialLastName is automatically created as you enter the user's name. For example, JSmith is the short name for John Smith. You can modify this field.

    Password

    A password for the user ID.

    Password options

    Click Password options to set a level for the password in the Password Quality Scale. The default level is 8. For more information, see The password quality scale in the related links.

    Choose the password encryption strength (or password key width). The encryption key that protects the Notes® keys that are stored in the user ID file is derived from the password. The stronger the encryption strength of the password, the stronger the encryption key that protects the Notes® keys.

    • Base strength on RSA key size - encryption strength is determined by the size of the RSA key stored in the ID file. If the RSA key size is less than 1024 bits, the password encryption strength is 64 bits; if RSA key size is 1024 or greater, the password key size is 128 bits.
    • Compatible with all releases (64 bits)
    • Compatible with 6.0 and later (128 bits)

    Enable the check box Set Internet password to give Internet users name and password access to a Domino® server and to set an Internet password in the Person document. This field is automatically selected if you select the Other Internet, POP, iNotes®, or IMAP mail types.

    Mail system

    Click to change the user's mail system from the default of Notes® to an Internet-based system or iNotes®.

    Explicit policy

    Select the explicit policy to apply to this user. For more information on policies, see Organizational and explicit policies in the related links.

    Policy synopsis

    Click to see a summary of this user's effective policies.

    Enable roaming for this person

    Click to enable roaming capabilities for this user. Doing so enables the Roaming tab.

    Note: If you are enabling roaming user for a current release Notes® user, see the topic Creating a Roaming policy settings document in the related links.

    Create a Notes® ID for this person

    Click to create a Notes® ID for this person during the registration process.
  8. Click the Mail tab and complete any of these fields.
    Table 2. Mail tab

    Field

    Enter

    Mail system

    Choose one of the available mail types and complete the necessary associated fields:

    • Notes® (default)
    • Other Internet
    • POP
    • IMAP
    • iNotes®
    • Other
    • None

    If you select Notes®, POP, or IMAP, the Internet address is automatically generated.

    If you select Other Internet, POP, or IMAP, the Internet password is set by default.

    If you select iNotes®, you can change other user registration selections to iNotes® defaults by clicking Yes when prompted.

    If you select Other or Other Internet, enter a forwarding address. This address is the user's current address, where the user wants mail to be sent. For example, if a user temporarily works at a different location and/or uses a different mail system, the user can have her mail forwarded to that new address. Or, a user may resign from the company but leave a forwarding address so that mail addressed to the old address is forwarded to the new location.

    Mail server

    The user's mail server. If you have not defined a mail server in Administration Preferences, this server is (by default) the local server if it contains a Domino® Directory; otherwise, it is the Administration server.

    Mail file name

    The file name of the mail file. By default, the path and file name are mail/firstinitialfirst7charactersoflastname.nsf

    Create file in background

    Click this to force the Administration Process to create the files in the background. Use this option to save time during the user registration process. If you do not choose to create the file in the background, mail files are created during the user registration process.

    Mail file template

    A mail template from the list of available mail templates. For a description of the template, select the template and click About.

    Create full text index

    Click to generate a full-text index of the mail database.

    Mail file replicas
    Click to open the Mail Replica Creation Options dialog box. This option applies only to clustered servers.
    • Create mail database replica(s) – Lets you add or remove servers in the list of mail database replicas. If the server on which the mail database resides is not a clustered server, you see the message No cluster mates found for mail server.
    • Add Server(s) – Select one or more servers to add to the list of servers on which mail replicas will be created.
    • Remove Server(s) – Select one or more servers to be removed from the list of servers on which mail replicas will be created.
    • Create mail replica(s) in background – Enable this option to allow continued use of the Domino® Administrator client after you click OK to start creation of the replicas you have specified.

    Mail file owner access

    Select the level of access in the access control list to assign to the user of the mail database from the Mail file owner access list. By default, mail users have Editor with Delete documents access to their own mail files; all other users have no access. This option can be used to prevent mail users and/or owners from deleting their own mail file. If the mail owner access is Designer or Editor, the administrator ID currently being used is added to the mail file ACL as Manager.

    Set database quota

    Click to enable, and then specify a size limit (maximum of 10GB) for a user's mail database.

    Set warning threshold

    Click to generate a warning when the user's mail database reaches a certain size, and then enter the warning size (maximum of 10GB).
  9. Click the Address tab, and enter values in any of these fields.
    Table 3. Address tab

    Field

    Enter

    Internet address

    The Internet email address assigned to this user.

    Internet Domain

    The domain to be used in the Internet address -- for example, Renovations.com.

    Address name format

    The format of the Internet address. The default format is FirstNameLastName@Internet domain without a separator -- for example, RobinRutherford@Renovations.com.

    Separator

    The character inserted between names and initials in the Internet address. The default is None.
  10. Click the ID Info tab, and enter values in any of these fields.
    Table 4. ID Info tab

    Field

    Enter

    Create a Notes® ID for this person

    Click to create a Notes® ID for this user.

    Certifier Name list

    Choose a certifier ID to use when creating the user name during user registration when a Notes® user ID is not being created for the user.

    This field appears if the check box Create a Notes ID for this person is not selected.

    Use CA process

    Click to use the Domino® server-based certification authority (CA) to register this user. The certifier ID and password will not be needed to complete the user registration process if you use the Domino® CA.

    This field appears if the check box Create a Notes ID for this person is selected.

    Certifier ID

    Click if you want to use a certifier ID and password instead of the server-based CA. To change to a different certifier ID, click Certifier ID, select the new ID, enter the password, and then click OK.

    This field appears if the check box Create a Notes ID for this person is selected.

    License type

    Choose either North American or International. The license type determines the type of ID file created and affects encryption when sending and receiving mail and encrypting data. North American is the stronger of the two types.

    This field appears if the check box Create a Notes ID for this person is selected.

    Certification expiration date

    The expiration date of the user ID in mm-dd-yy format. The default is two years from the current date.

    This field appears if the check box Create a Notes ID for this person is selected.

    Location for storing user ID

    Choose one:

    • In Domino® Directory (default). The ID file is stored as an attachment to the user's Person document. If you are registering roaming users, choose this option to store their Notes® IDs in the Domino® Directory. If you do not choose this option for roaming users, the users must either store their Notes® IDs on a file server or carry their Notes® IDs with them on diskette or other storage media. When you choose this option, the user's IDs are stored in their Contacts file.
    • In file (default location: datadirectory\ids\people\user.id). Click Set ID file to change path.
    • In mail file. This option is only available with iNotes® and allows Notes® users to read their encrypted mail while using iNotes®. This field appears if the check box Create a Notes ID for this person is selected.
    • In Notes® ID vault. The field is not modifiable. This value is set in the security policy settings document. If this field is checked, the user ID will be stored in the Notes® ID vault, an optional, server-based database that holds protected copies of Notes® user IDs.
    • ID vault not supported for this version of Domino®. This setting displays if you are using a pre-Domino 8.5 server.

    Public key specification

    The public key specification that you use impacts when key rollover is triggered. Key rollover is the process used to update the set of Notes® public and private keys that is stored in user and server ID files.

    Choose one:

    • Compatible with all releases (630 Bits)
    • Compatible with 6.0 and later (1024 Bits)
    • Compatible with 7.0 and later (2048 bits)

    For information about the significance of the public key specification and key rollover, see the topic User and server key rollover.
  11. Optional: To add the user to an existing group:
    1. Select (highlight) one or more users and then click the Groups tab.
    2. Select the group or groups to assign and click Add.
      Note: You cannot add a user to an auto-populated group during user registration. If you attempt to do so, a message displays indicating that you must edit the group directly.
  12. Optional: If you selected Enable roaming for this person and Create a Notes ID for this person on the Basics tab, click the Roaming tab, and complete any of these fields.
    Note: These settings apply to Domino® server roaming. If you are enabling file server roaming, see the related links for information on using policy settings documents to register and configure roaming users and creating a Roaming policy settings document.
    Table 5. Roaming tab

    Field

    Description

    Put roaming user files on mail server

    Click to store the user's roaming information on the same server used for mail.

    Roaming server

    Click to open the Choose Roaming User dialog box on which you specify the server that stores the user's Domino® server-based roaming information. If you select Put roaming user files on mail server, the Roaming Server defaults to the user's mail server.

    Personal roaming folder

    Specify the top-level directory name, under which the roaming file path will reside. This is the parent directory for the user's roaming data, by default its name is roaming.

    Sub-folder format

    Specify the directory path, relative to the folder name specified previously, in which the user's roaming data will reside. This is typically the user's name. This determines the default personal roaming folder for each user on the roaming server.

    Create roaming files in background

    Check this option to create the user's roaming files the next time the Administration Process (AdminP) runs. Creating roaming files in the background forces the Administration Process to create the files and saves time during the user registration process.

    Clean-up option

    Choose one of the following clean-up options to occur on clients that have been installed and configured for multiple users.

    • Do not clean-up (default) -- Roaming user data will never be deleted from the Notes® client to which the user roamed.
    • Clean-up periodically -- Enables the Clean up every N days field in which you specify the number of days that should pass before roaming user data is deleted from the Notes® client.
    • Clean-up at Notes® shutdown -- Roaming user data will be deleted from the Notes® client immediately upon Notes® shutdown.
    • Prompt user -- The user is prompted on exiting the client as to whether they want to clean up their personal files. If the user chooses Yes, the data directory on that client is deleted. If the user chooses No, the user is prompted as to whether they want to be asked again on that client. If the user chooses No, the user is not prompted again. If the user chooses Yes, the user is prompted again the next time the user exits Notes®.

    Roaming Replicas

    Click this button to open the Roaming Files Replica Creations Options dialog box on which you can designate to which servers a user's roaming files should replicate. This option only applies to clustered servers.
  13. Click the Other tab, and complete any of these fields.
    Table 6. Other tab

    Field

    Enter

    Setup profile

    Name of a User Setup profile to assign.

    If you are using policies, you cannot use a user setup profile.

    Unique org unit

    A word that distinguishes two users who have the same name and are certified by the same certifier ID.

    Location

    Departmental or geographical location of the user.

    Local administrator

    The name of a user who has Author access to the Domino® Directory but who does not have the UserModifier role. This setting allows the local administrator to edit Person documents.

    Comment

    A comment about the user, regarding the user's registration.

    Alternate name language

    Choice of alternate name language. The certifier ID used to register this user must contain the alternate name language for it to appear here.

    For more information, see Adding an alternate name and language.

    Alternate name

    The alternate name of the user. The certifier ID used to register this user must contain the alternate name language for it to appear here.

    Alternate org unit

    A word that distinguishes two users who have the same name and are certified by the same certifier ID. The certifier ID used to register this user must contain the alternate name language.

    Preferred language

    Choose a preferred language for the user, that is, the language that the user prefers to use.

    Windows user options
    Click to set user options for Microsoft Windows. Opens the Add Person to Windows dialog box where you can specify whether to add the user to Microsoft Windows, and optionally, to a Windows group. Do the following:
    • Click Add this person to Windows. When you choose this option, the other fields become available.
    • (Optional) Modify the name shown in Windows user name. It displays the default Window user name composed of the user's first initial and last name. For example, JSmith is the default for John Smith.
    • (Optional) Under Add person to Windows group, select one or more groups to which you want to add this user.
  14. Click the green check mark. The user name appears in the Registration status view (the user registration queue).
  15. Click Register and then click Done.