Changing administrator information for ID recovery

If an IBM® Domino® administrator leaves an organization or changes job responsibilities within an organization, update the administration recovery information used to recover user ID files and then send the new information to users to add to their ID files.

About this task

The updated recovery information is automatically accepted into users' ID files the next time the users authenticate with their home servers by accessing a database on the server.

To add or delete administrators

About this task

An administrator with access to the certifier ID completes these steps, and is known as a recovery authority.

Procedure

  1. From the Domino® Administrator, click the Configuration tab, and then click Certification.
  2. Click Edit Recovery Information.
  3. In the Choose a Certifier dialog box, if the correct server name does not appear, specify the registration server name from the Domino® Directory, and specify the certifier for which you are creating recovery information.
    1. Use the default server or click Server to specify a server.
      • If you are supplying a certifier ID, select the server that is used to locate the list of certifiers so that the Certifier ID file can be updated with the latest set of certificates for itself and all of its ancestors.
      • If you are using the Domino® server-based CA, select the server that is used to access the Domino® Directory to look up the list of certifiers.
        Note: This is also the server on which CERTLOG.NSF is updated.

      Then select one of these options:

    2. Supply a certifier ID and password.
      • Click Certifier ID if you want to use an ID other that which is displayed.
      • Otherwise, click OK, enter the password for the selected certifier ID, and click OK.
    3. Use the CA Process. If you have configured the Domino® server-based CA, select a CA configured certifier from the list and click OK.
  4. Optional: Change the number of recovery authorities (administrators) required to unlock an ID.
  5. Do one:
    • To delete an authority, highlight the authority's name, and then click Remove.
    • To add new authorities, click Add and then select the names of administrators who are authorized to recover ID files.
  6. Optional: Select I want to create a new mailbox and specify a new mail address where recovered ID files are to be mailed.
  7. Optional: Customize a message to be sent to users with the recovered ID file information.
  8. When you finish modifying authorities, click OK.