Improved name lookup to find Active Directory users

When Domino users want to add the names of Active Directory users or groups to Domino groups, database ACLs, or email messages, Active Directory can now be one of the directories that is available for them to search. Previously, users had to add LDAP accounts to their personal address books for this capability.

This feature is useful primarily when Active Directory Sync is not used and therefore Active Directory users do not have Person documents in the Domino directory.

This feature requires an LDAP Directory Assistance document that is configured to connect to the Active Directory. The document must have the following fields enabled:
  • Make this domain available to: Notes clients and Internet Authentication/Authorization
  • To allow searching of Active Directory groups to be added to database ACLs, Group authorization: Yes.

When directory assistance requirements are met, when users search a directory to add names to groups, database ACLs, or email address fields, the domain name configured for the Active Directory in directory assistance is shown in the list of available directories.

For example, when a user clicks Add from the Access Control dialog box and selects the directory button directory button, if AD FOR AUTHENTICATION is the directory assistance domain name for the Active Directory, they can see and select it in the list of directories.

Once selected, to find a name, they can enter a name in the Search for field:
Results of "garcia" entered in the Search for field
They can select a name and click Details to see more information:
Details about Jerry Garcie
They can click Advanced Search and add search conditions such as by Department.
Advanced Search options that include searching by the Department music
  • Names added to ACLs or groups are shown in their Active Directory format, for example CN=Jerry Garcia/OU=Acme/DC=Acme Corp/DC=Com rather than Jerry Garcia/Acme. Addresses are shown in Active Directory email format, for example,
  • If user or group names change in Active Directory, the Administration Process does not update them in Domino in this scenario. The names need to be updated manually. Controlling access through Active Directory groups rather than individual user names is recommended since group names may change less frequently.