Adding or removing ID vault servers

After you create an ID vault on one server, you can replicate it to other servers in the HCL Domino® domain for better availability. You use the ID Vaults > Manage tool to add or remove vault replicas or to specify a different vault primary server. Always use this tool to manage vault replicas rather than traditional database replication tools.

About this task

To add or remove replicas of a vault, you must be a vault administrator, have access to the vault ID file and password, and have Editor access to the Domino® Directory. If you are adding a vault replica, you must also have Create new replicas server access to the server to which you add it.

You cannot use the ID Vaults > Manage tool to delete the vault primary server replica. You can do this only using the ID Vaults > Delete tool when it is the last replica in the domain and you are deleting the vault entirely.
CAUTION: To avoid issues, you must not remove any vault server from either the vault or the Domino directory if it is still referenced in an ID Vault user document VOKeyName item. Removing such a server from the vault or Domino directory would cause adverse effects on administrative client operations on user documents where that VOKeyName is active. For more information, see ID vault not working after the original primary ID vault server is removed as a replica and the ID vault server is decommissioned and deleted from directory.

To add or remove a replica of an ID vault, or specify a different vault primary server, perform the following steps:


  1. Open the Domino® Administrator and click the Configuration tab.
  2. Click the Security > ID Vaults view and select the vault document of the vault you are managing. To see the current list of servers with replicas (vault servers), open the vault document.
  3. Click Tools > ID Vaults > Manage, select the task Manage vault replica servers.


When you create a vault replica, the replication is initiated immediately. If the vault is very large, it may take time to replicate, and an ID vault operation that uses the new replica may fail. In this case, the operation is performed on another vault server.