I am working on configuring and environment for web users, including travelers, to authenticate with their AD Password, instead of Their Domino Internet Password.
This environment has over 7,000 users, so a rollout without a pilot is not an option. I have setup Directory Assistance to point to an OU within AD. I can update the person doc as needed and the once I remove the Intranet password, the user authenticates with AD.
Most users, who still have an Intranet password, still authenticate with their Domino Password. However there were 2 users in this OU, who could not authenticate with their Internet Password, even though their person doc was not changed.
I had always thought it would authenticate at the first match it finds and if the internet password is blank, then use Directory Assistance to check other the other directories.
Subject: Rollout of Authentication for Web users with AD
Walt
We used Directory Assistance for our Traveler & Inotes users. Both our Traveler & Inotes Servers are in a different Domino Domain so the servers have an empty address book apart from the usual connections and admin users. You will need to create 2 documents one for Notes lookups, and the other for Active Directory Authentication. For AD Authentication you need to make sure that the mail field in AD is the same as the Notes Users Internet address as you will need to map that field as the attribute to be used as the Notes Distinguished Name, and check the enabled name mapping box