How to recertify an admin id without another admin id

hcl-bot · December 11, 2005, 5:21pm

Hi, is there a way to recertify an admin id on a domino server if it has expired. This is the only admin account in the organisation. I have the server.id and the cert.id available.

Any help is appreciated as i am in a little strife.

hcl-bot · December 12, 2005, 1:52am

Subject: How to recertify an admin id without another admin id.

Yes it is possible.

I assume that you don’t have or use a group for your admins? The easiest way would be to put another name into that group.

You will have to make another id admin by adding it to the ACL of names.nsf, admin4.nsf and certlog.nsf, as well as the Administrator fields on the server document. Since you probably doesn’t have another id that is allowed to do this, you will have to take the server down and launch nlnotes to change the ACL manually on these databases. Remember to add all roles for the id.

When you have done this, you should be able recertify your admin id.

/Peter

hcl-bot · April 19, 2012, 12:37am

Subject: RE: How to recertify an admin id without another admin id.

ITHER:Use your server’s Notes client to recertify the Administrator.

OR

Get hold of an ID file for a user who hasn’t expired,

Add that user to the ‘LocalDomainAdmins’ group,

Access the Domino Directory on the server and recertify the Admin ID,

Remove the user from the ‘LocalDomainAdmins’ group,

Done.

The details:

Using a server.

Go to the physical domino server,

Browse to the Domino program folder,

Locate nlnotes.exe,

Run it.

hcl-bot · December 12, 2005, 9:28am

Subject: And for the future…

you might want to consider adding yourself to the admins group permanently; you’ve seen what can happen if you treat administrative access as something requiring a separate ID but then you don’t use that ID for months and months on end.

hcl-bot · December 14, 2005, 11:25am

Subject: RE: And for the future…

I agree, in part, but it can be a very good idea to not include oneself in the admin group, since that will also make it less of a disaster if you make a mistake in your daily chores that doesn’t require admin rights.

Another thing that would help such a situation in the future is to periodically recertify all users, or at least certify the admin id for more than 2 years as is the default.

Another solution could be as easy as making sure that you have the GroupModifier role in the NAB, so you can add yourself to the admin group if needed.

/Peter