3. Configuring Request Creator servers
Configure settings for Request Creator servers in the Server document and in a Configuration Settings document in the Domino directory.
About this task
If you sync passwords from multiple Active Directory domains, complete this procedure for the Request Creator server used for each one.
Request Creators and Request Processors can share the same Configuration Settings document or use separate ones. If they use separate ones, best practice is to use the same Active Directory Password Sync settings.
Procedure
-
Identify the server as a Request Creator in its Server document. Among others
things, this step establishes trust for the server ID to update passwords in the
ID vault.
- Open the Server document for the Request Creator in the Domino directory.
- Select the tab.
- In the Password Sync processing role field, select Request Creator.
- Optional: in the Password Sync requests database path and filename field, optionally specify a path and file name for thePassword Change Request database on this server. If you leave this blank, the database is created in the data directory with the file name adpwsync.nsf.
- In the Server document, select the Basics tab. In , add the name of the directory assistance database you created in 1. Creating a Directory Assistance database and document for password synchronization.
- Open the Configuration Settings document in the Domino directory that the Request Creator uses and select the Active Directory Password Sync tab.
-
Complete the Global settings:
Setting Description Domino password types to sync Select one of the following options: - Select Notes ID to sync only passwords for Notes IDs in the ID vault
- HTTP Password to sync only HTTP passwords in the directory
- HTTP and Notes ID to sync both types of passwords.
Note: To sync passwords to Notes IDs, the Request Creator server requires password reset authority to the ID vault.Request expiration time (minutes) Specify the amount of times in minutes after a request is submitted to allow the request to be processed. When the period expires, requests are deleted. Default is 365 minutes. Request storage database managers Specify the users who can access the Password Change Request database on this server. -
Complete the AD Domain Controller settings:
Setting Description Configuration refresh interval Specify how often the Domino password library on the Active Directory Domain Controller refreshes its configuration information from the Domino directory. Default interval is every two minutes. Statistics output interval Specify how often the Domino password library publishes statistics to its console log. Default interval is every five minutes. The statistics include configuration information and password sync processing information that can help to confirm proper operation and troubleshoot errors. Debug level Select one of the following options to control the level of password synchronization logging: - None
- Errors only Useful when initially configuring password synchronization
- Informational Use only if HCL Support suggests it.
- Verbose Use only if HCL Support suggests it.