Admin4 database synchronization between two domains

hcl-bot · January 19, 2009, 11:50am

Hello,

I have two domains. One domain, lets call it Domain A, is where all the internal users are located and registered. On our DMZ domain we replicate the mailboxes for external users.

These two domains have different admin4 and names databases. Now I want to send adminP requests over to the DMZ domain so that the mailboxes will be deleted when a user is removed.

I have investigated and found that the admin4.nsf has to be the same on both domains, and a cross-domain document has to be created.

I have also heard that replacing a admin4 database in a server domain could be tricky and a bit risky.

What is the best practise for this when it contains about 5 servers, and not much adminP requests at all in the admin4 database.

Johan

hcl-bot · January 20, 2009, 3:55pm

Subject: Response

You need to create a cross-domain configuration document, but you don’t make the admin4.nsf databases replicas across domains. That won’t work.

http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_CREATING_A_CROSS_DOMAIN_CONFIGURATION_DOCUMENT.html

hcl-bot · January 22, 2009, 9:16am

Subject: Admin request not unique

Hi,

I have now preformed as you posted. But the request is stopped in the mail router since the Administrator request is not unique in Domino Directory.

I use the names.nsf for both domains in the Domain suppose to recive the requests.

I cannot find it in people, groups or mail-in.

Is this a entry in the names.nsf that is not listed anywhere in the views?

Johan

hcl-bot · February 9, 2010, 10:51pm

Subject: Re: Response - cross domain

Does anyone know if any of the options allow for the internet password change ?

"Select any of these requests that this server will accept from other domains and then click OK.

Create Replica

Delete Person in Address Book

Delete Server in Address Book

Get Replica Information for Deletion

Rename Person in Address Book

Rename Server in Address Book "

hcl-bot · January 28, 2009, 5:27pm

Subject: Admin4.nsf

This must be unique to each domain. You cannot do this across two notes domains. You must have an outbound and inbound Cross Domain AdminP Request document for the domains, if you want the changes to go both ways.

If you only want Domain A to send to Domain B, then first cross certify the O level Certifiers for each. If these are the same O then you do not need to cross certify as they are the same entity.

Then in Admin4.nsf on Domain A, create an outbound to Domain B specifying the Admin server of Domain A as the entity authorized to send requests.

On Domain B, create an inbound Cross Domain AdminP document specifying the Domain A server for the inbound.