New AdminCentral app

The AdminCentral application (admincentral.nsf) is automatically created by adminP on the Domino administration server. You can open AdminCentral directly from your Notes Standard or Nomad web client, without the need to start Domino Administrator.

This application provides a simplified and easy-to-use way of managing fully functional Notes users and groups in a Domino deployment.

As of HCL Domino 14.0 EA1, Adminp launches a new AdminCentral processing thread automatically on the Domino Domain administration server. The first time AdminP runs, it creates the AdminCentral application (admincentral.nsf) which is used by AdminCentral thread for request processing.

You can use the AdminCentral app to perform the following tasks:
  • Register a new Notes user using a form
  • Register multiple users using a CSV file in the same format that the Domino Administrator client uses
  • Register as Notes users AD contacts/Person documents that have dirsync'ed into Domino
  • Recertify a Notes user's certificate
  • Create a group in the Domino Directory
  1. Set up an ID vault for managing the user's Notes ID file (if one doesn't already exist in the current Domino deployment).
  2. Move the Notes Organization or OU certifier ID to the Domino certification authority (CA) as described in Migrating a certifier to the CA process.
    Note: Make sure that the Domino administration server (which is same as the administration server of the Domino Directory) is listed as an RAA (Registration Authority).

    See also the "Summary of prerequisites" page in the "cog" section under Planning in the AdminCentral app.

How do AdminCentral requests work?

AdminCentral (admincentral.nsf), created from the admincentral.ntf template, is used by AdminCentral threads in the AdminP task for request processing. In 14.0 EA1, there is one request processing thread for the AdminCentral app. AdminCentral inherits the ACL from admin4.nsf. All requests in AdminCentral are purged 30 days after creation.

There are three kinds of administrative requests in admincentral.nsf:
  • User Registration
  • User Recertification
  • Group Creation

The intent of the AdminCentral homepage is to show important administrator tasks that need attention. The areas being featured in EA1 are Notes user certificate expiration status and today's user registration status (from midnight on).

Notes user certificates needing action are saved in the AdminCentral app on a nightly basis by an AdminCentral maintenance thread running in the Domino AdminP task. This thread pulls the certificate expiration data of Person documents from the CertificateExpiration view of Domino Directory and creates Draft requests for those expired and expiring within a 14-day window in the AdminCentral app. From the homepage, the administrator can click the expired certificates and those expiring in 1-day, 7-day, and 14-day windows to quickly view the Draft requests for Notes user recertification. Recertify requests in Draft mode must be submitted to change the Pending state.

All user registration, manual recertification, and group creation requests done using the AdminCentral app are processed by the AdminCentral request processing thread, which maintains the status of these administrator requests (as processing is done by the thread itself or by the rest of AdminP processing). For a quick overview, the AdminCentral homepage groups the user registration requests by whether their state is completed, pending, or error.

Setting up a registration profile in AdminCentral

One of the first tasks in using the AdminCentral app is to create a Notes user registration profile that streamlines the various choices that an experiences Domino administrator has to make when registering Notes users. Registration profiles can be created and saved in AdminCentral by clicking the Settings icon (bottom left "cog" icon) and then clicking the Create Profile button. If there are multiple Organization and Organizational Unit certifiers in your Domino Domain that have been migrated into the Domino CA, create one registration profile per certifier.

Tip: Once one registration profile is created, you can use the view Copy into new profile action to easily create profiles for other certifiers.
Screenshot of AdminCentral "Planning" page

All the fields in the registration profile form, shown in the following images, are similar to the options for user registration that are available in the full Domino Administrator client.

In the registration profile that follows the Certifier selection, the administrator can enter a person's email address, selectable from Domino Directory, to send a notification email containing users' registration info. They can also customize this email notification with header/footer information that can contain any relevant organization-specific info to be sent along with the user registration info.

When the user registration request is completed, the admin receives an email notification:Email received via notification of user registration upon request completion
Note: The AdminCentral thread on the server generates a strong password based on the specified Security Policy settings.

Managing users and groups

Once you have created registration profiles for your Domino deployment in the AdminCentral app, you can use the app to easily create users and groups or recertify users, from either your Notes client or Nomad browser-based client.

Registering a user
To register a single user , Click Create from registration form. Select a registration profile that you created with your Organization certifier, fill in the Username details, and submit.
To register users from a CSV file using the same format as what the Domino Administrator client supports, click Import multiple users from CSV. In the registration form, select the registration profile to use and the CSV file that contains user registration information and submit the request. Once submitted, all the users from the CSV file are added to the Draft requests queue. The administrator can review the registration details and select one or more Draft requests and submit for registration. For more detail, see Registering users from a text file in the documentation for the Domino Administrator client.
If the Domino Directory is setup for Dirsync from an Active Directory LDAP server, you can also register those Active Directory contacts as Notes users. From the Users and Groups page, click Register Active Directory users. In the registration form, select a registration profile and click Select users. The user selection window shows all the Active Directory users that are not already registered, and you can select one or more users and then submit the registration request. These requests are added to the Draft requests queue, from which the administrator can submit multiple requests for registration.
Draft requests page
From the Users and Groups page , click Draft requests to view the various requests that have been created as part of the background recertification maintenance thread or as part of CSV/Active Directory user registration.

Create a group
To create a group in the Domino Directory, you must first have the GroupAdmin role in the ACL of admincentral.nsf (not names.nsf). Then click Create a new group under Create Tools. You can specify all the attributes of the group (similar to how you do in the Domino Directory "Add Group" action) and submit the request.
Recertify a user
To recertify a user's Notes certificate in the Domino Directory, click Recertify users under Modify Tools on the Users and Groups page. You can select the registration profile for the Notes certifier, select the user from Domino Directory, and submit the request.

Admin Activity log

The AdminCentral app provides an Activity Log page which lets the administrator view all the different requests that are submitted for various actions such as user registration/recertification and group creation. On this page, the administrator can filter the requests by completed/pending/error to easily view the status of the requests. In future EA drops of the application, we plan to add more elaborate status checks for each type of request and also provide more sorting options to customize the view of the Admin Activity log.