Home
Administering
This documentation provides information about the administration tools for HCL Domino.
Administering with Domino Administrator
This documentation provides information about the administration tools for managing and monitoring servers and databases.
Administration tools
Topics in this section describe the tools you can use to administer a Domino® server.
The Administration Process
The Administration Process is a program that automates many routine administrative tasks.
Using AdminQ to process web user requests
Use Administration Quick (AdminQ) to expedite the processing of Administration Process (AdminP) requests that affect the user IDs of web users, for example, HCL Verse users. The users must have IDs in an ID vault.
How AdminQ key rollover requests are processed
When you initiate a Notes ID key rollover request from an ID vault Security Settings policy, the following steps occur to update the keys in the ID file of web user who has a vaulted ID.
Key rollover states in the ID vault and adminq
The following pictures illustrate the key rollover flow and states seen in the ID vault and adminq.nsf for a web user whose public key is upgraded from 1024-bit to 2048-bit.

Administering
This documentation provides information about the administration tools for HCL Domino.
- Administering with AdminCentral
  The AdminCentral application (admincentral.nsf) is automatically created by adminP on the Domino administration server. You can open AdminCentral directly from your Notes Standard or Nomad web client, without the need to start Domino Administrator. This application provides a simplified and easy-to-use way of managing fully functional Notes users and groups in a Domino deployment.
- Administering with Domino Administrator
  This documentation provides information about the administration tools for managing and monitoring servers and databases.
  - Administration tools
    Topics in this section describe the tools you can use to administer a Domino® server.
    - The Domino® Administrator
      The Domino® Administrator is the administration client for Notes® and Domino. You can use the Domino Administrator to perform most administration tasks.
    - The Server Controller and the Domino® Console
      The Server Controller is a Java-based program that controls a Domino® server. Starting the Server Controller starts the Domino server it controls. When a server runs under a Server Controller, you can send operating system commands, Controller commands, and Domino server commands to the Server Controller.
    - The Administration Process
      The Administration Process is a program that automates many routine administrative tasks.
      - Specifying the administration server for the Domino® Directory
        Choosing the administration server for the Domino® Directory depends on your network setup, the available equipment, and the anticipated changes that will be made to the Domino Directory via the Administration Process.
      - Setting up the Administration Process
        You complete a set of tasks to set up the Administration Process.
      - Administration Process support of secondary Domino® Directories
        Domino® supports the use of secondary Domino Directories for maintaining user names and groups that you want to store in a directory other than your primary Domino Directory, NAMES.NSF. For example, you may want to maintain Notes® users with Notes IDs in NAMES.NSF, but maintain Web-only users in a secondary Domino Directory.
      - Processing administration requests across domains
        The Administration Process for the Domino® Directory must be set up on a server in each domain.
      - Setting up ACLs for the Administration Process
        Each administrator who uses the Administration Process to perform tasks must have the appropriate access rights and roles in the Domino® Directory (NAMES.NSF), secondary directories -- if applicable, Administration Requests database (ADMIN4.NSF), and the Certification Log database (CERTLOG.NSF).
      - Modifying the Action field in the Access Control List (ACL)
        The Access Control List (ACL) dialog box for Notes® (.NSF) applications contains an Administration Server field and an Action field on the Advanced panel. Use caution when modifying these fields.
      - The Administration Requests database
        Use the views in the Administration Requests database (ADMIN4.NSF) to sort and examine requests in many ways.
      - Managing Administration Process requests
        Managing administration process requests involves approving requests, forcing requests when they must be processed immediately, and checking the Administration Requests database for errors.
      - Customizing the Administration Process
        You can customize the Administration Process.
      - Using AdminQ to process web user requests
        Use Administration Quick (AdminQ) to expedite the processing of Administration Process (AdminP) requests that affect the user IDs of web users, for example, HCL Verse users. The users must have IDs in an ID vault.
        The Administration Quick Requests database
        AdminP creates the Administration Quick Requests database (adminq.nsf) from the adminq.ntf template. adminq.nsf is used by AdminQ in its request processing.
        Customizing AdminQ
        You can use notes.ini settings to customize AdminQ.
        How AdminQ rename requests are processed
        When you rename a web user who has a vaulted ID, for example, an HCL Verse user, the steps to process the request occur automatically.
        How AdminQ recertify requests are processed
        When AdminQ is enabled on the domain administration server and you recertify the ID of a web user or a Notes user, the following steps to occur to process the request automatically.
        How AdminQ key rollover requests are processed
        When you initiate a Notes ID key rollover request from an ID vault Security Settings policy, the following steps occur to update the keys in the ID file of web user who has a vaulted ID.
        AdminQ key rollover illustration
        The following picture provides a graphical depiction of the steps taken to process a key rollover request for a web user such as an HCL Verse user.
        Key rollover states in the ID vault and adminq
        The following pictures illustrate the key rollover flow and states seen in the ID vault and adminq.nsf for a web user whose public key is upgraded from 1024-bit to 2048-bit.
        Performing additional key rollovers
        Once AdminQ has been used to do a key rollover on a web user ID, to allow another key rollover on that ID, use the Clear Rollover Completion Date action in the ID vault.
        Changing the scheduling of unprocessed web user key rollovers
        You can change the scheduled time for a key rollover request that you've initiated for a web user ID.
      - Statistics generated during administration request processing
        The Administration Process records statistics to help you monitor the request processing activity of the administration process tasks.
      - Administration request messages
        The response Log documents in the Administration Requests database contain error messages that describe any errors that occur during the processing of an administration request. Error messages also appear on the console of the administration server. Administrators who want to be notified when one of these events occurs on a server, can create an Event Handler document in EVENTS4.NSF to define how they want to be notified.
      - Administration Process requests
        An administration request is created by the administrator performing an action; it represents an administration task and is run by the server task AdminP (Administration Process). When an administration request is generated, it appears in the Administration Requests database.
    - Domino® server commands
      This section describes the Domino® server commands that are available, as well as methods of issuing those commands.
    - Domino® server tasks
      The information in this topic describes Domino® server tasks and their defaults in the NOTES.INI file.
    - IBM® i server commands
      You can use IBM® i server commands to manage Domino® with IBM i.
  - Managing users
    The Administration Process helps you manage users by automating many of the associated administrative tasks. For example, if you rename a user, the Administration Process automates changing the name throughout databases in the Notes® domain by generating and carrying out a series of requests, which are posted in the Administration Requests database.
  - Monitoring servers
    This section describes how to use the tools and features that help you monitor a Domino® system.
  - Managing servers
    Manage Domino® servers by performing any of these tasks.
  - Managing databases
    Topics in this section describe how to set up and manage Domino® databases.

Key rollover states in the ID vault and adminq

The following pictures illustrate the key rollover flow and states seen in the ID vault and adminq.nsf for a web user whose public key is upgraded from 1024-bit to 2048-bit.

When AdminQ detects that the key rollover date defined in the ID vault Security Settings policy has arrived, it creates an entry for the user assigned the "Rollover State" "None" and adds the scheduled time in the "Rollover Schedule Date" column. The time is calculated according to the Spread new key generation for all users over this many days value in the policy.
User Sara McAdams with a Rollover Scheduled Date in the ID vault

User Sara McAdams with a Rollover Scheduled Date in the ID vault

When AdminQ detects that the time for the scheduled rollover has arrived, it creates a "UserRollover" request in adminq.nsf marked as "Needs processing" and moves the date from the "Rollover Scheduled Date" column to the "New Key Creation Date" column in the vault:
UserRollover request in adminq.nsf in the "Needs processing" state for user Sara McAdams

UserRollover request in adminq.nsf in the "Needs processing" state for user Sara McAdams

User Sara McAdams with a rollover New Key Creation Date in the vault

AdminQ processes the request by creating a "Certify New Person Key Request" in admin4.nsf and then marks the request in adminq.nsf as "Pending key request." In the vault, it changes the "Rollover State" to "Pending," updates the "Strength" to the new key strength, and adds a "Request Creation Date":
UserRollover request in adminq.nsf in the "Pending key request" state for Sara McAdams

UserRollover request in adminq.nsf in the "Pending key request" state for Sara McAdams

User Sara McAdams with a rollover Request Creation Date in the vault

After AdminP processes the request in admin4.nsf to update the Person document, when AdminQ sees the change, it changes the "Rollover State" to "Completed" in the vault and then marks the request "Processed" in adminq.nsf.
User Sara McAdams with a "Completed" rollover request in the vault

User Sara McAdams with a "Completed" rollover request in the vault

UserRollover request in adminq.nsf in the "Processed" state for user Sara McAdams