by Chip Carter
and Mary Jrolf
Level:
Intermediate
Works with:
Domino 5.0
Updated:
01-May-2000
Registration. If you're a
Domino
administrator, there's no way around it. If you have people and servers in your organization, you need to register them. If you want to create mail files and user IDs with the appropriate certificates for trusted communication, again, registration is your ticket.
And if you're administering Domino
for a large organization, user registration is something you do regularly.
To make user registration as easy and flexible as possible, the user interface (UI) for user registration in Domino R5 has been completely overhauled and radically improved. Retaining the best user registration features of previous releases, the new UI provides a more powerful and efficient means of getting your people up and running on Notes.
This article provides helpful tips and tricks to assist you in using the new registration UI to your advantage.
Specifically, it explains:
What the registration queue is and the benefits you can obtain from it. We'll also explain how to take full advantage of the user registration queue to increase your efficiency when performing registration-related tasks.
How to use Domino's three methods of setting user registration defaults, including how to set the Administration Preferences to save you time and energy while performing standard registration tasks and how to use basic and advanced registration options to make registration easy while still taking full advantage of the user registration queue and the Administration Preferences that you've defined.
How to take advantage of new registration features when migrating a large number of users at one time from foreign directory sources, as well as what's new about importing users via a text file.
This article assumes that you are a Domino administrator with an intermediate level of experience, although it will be useful for administrators who are new to the user registration interface.
You access the user registration interface in the Domino Administrator client, by clicking the People & Groups tab and then clicking People - Registration in the tool bar or by clicking the Configuration tab and then clicking Registration - Person. For more information, see
Domino 5 Administration Help
.
Registration queue basics
The registration queue is at the center of the new user registration UI design. The registration queue is a Notes database (userreg.nsf) that stores, and allows display of, information regarding new users who are pending registration. The registration queue appears in the UI as a view, and because the registration queue is a view of a database, you get view functionality for free.
The registration queue appears at the bottom of the Register Person dialog box, as shown in the following screen graphic:
If you select the Advanced checkbox, the registration queue remains at the bottom of the dialog box, and additional information and options appear.
About the User Registration database
There are several important things you should know about the User Registration database (userreg.nsf) that is behind the registration queue:
The database is meant to be used locally only.
Look, but don't touch. Userreg.nsf should only be modified or written to by the registration UI. Don't be tempted to open userreg.nsf and start changing information.
Use the same administrator's ID from one registration session to the next, particularly if you're saving users to register later. You can only register, modify, and delete those users who were added using your current administrator ID.
Benefits of the registration queue
The new features of the registration queue provide many benefits. You can:
Save successfully registered, incompletely registered, or unregistered users for another registration session. Icons identify each user's status. (See the
Registration queue icons sidebar
).
Sort the display of registration information in a variety of ways quickly and easily. Simply click on the individual column heading in the title bar. For example, to sort by user name in descending order instead of the default ascending order, click on User Name.
Resize the column widths to display varying amounts of information.
Efficiently navigate through large numbers of queued users with standard navigation keys.
Selectively delete and register queued users. To delete a user from the queue, click in the left column beside the user's name and then click Delete. (If nothing is selected, the user name in focus is deleted.) You will then be prompted as to whether you want to delete that user. To selectively register users in the queue, click in the left column to select the user and then click Register.
View complete registration feedback on user registration failure and success in the Registration Status field. To see the entire registration status message when it is too long to display in the column, you can either resize the column or look at the Basics pane with the Advanced checkbox not selected. If the user isn't ready for registration or if registration failed, the reason is included here. You can also view the date and time the entry was added to the queue.
Easily determine which users were registered by you and which were registered by other administrators by viewing the small column to the left of the Registration Status column. If this column is blank, you can register, modify, or delete that user. If there is a red icon in the column, you can only view that user in the registration queue. The icon indicates that the user was registered by another administrator using a different ID.
Add as many soon-to-be Notes users as you want, save them in the queue, and register them at your leisure due to Domino R5's scalability. This scalability allows you to migrate thousands of users from a foreign directory and to import thousands of users from text files. Without this scalability, you would not be able to migrate or import the volume of users for registration. Prior to Domino R5, user registration information was stored in memory; therefore, when you exited the user registration UI, you lost that information. Now that registration data is stored in a database, you can store users in the queue as long as you want to and continually track their registration status via the registration queue.
Additional benefits that are discussed in more detail in the following sections include:
Keeping successfully registered users in the queue.
Using multi-select editing to change information for multiple users simultaneously, instead of selecting and editing users one at a time.
Specifying more unique registration information for each user. In previous releases, you needed to specify some information, such as the registration server and certification information, on a per-registration session basis. Now, you can specify this information and change it individually for each user in the queue during a single registration session.
Migrating foreign directory users and groups from Exchange, cc:Mail, LDIF text files, NT, GroupWise 4 and 5, Netscape, and MS Mail into the registration queue. Then you can massage the data and register them at your leisure, and you can convert the mail for these users as part of user registration.
Importing text files with hundreds or thousands of users right into the registration UI. No more blindly registering users in bulk. No more editing a monstrous text file to get the data just right. No more adjusting user information in the Domino Directory post-registration, person-by-person.
Saving user names in the registration queue
As previously mentioned, you can save registered users or you can queue users for registration, save them, and then register them at a later time. Saving users in the registration queue allows you to track their registration status and to ensure that you don't re-register a successfully registered user. You can remove saved users from the queue at any time, regardless of their registration status.
To save successfully registered user names in the registration queue, open the Advanced Person Registration Options dialog box and select the "Keep successfully registered people in the queue" checkbox.
To save unregistered or partially registered users in the registration queue, you simply click Yes when prompted to do so upon exiting the Register Person dialog box. Even after exiting your registration session, these users will still display in the queue.
The Advanced Person Registration Options dialog box provides additional control over registration processes. For example, user registration will never register previously registered users stored in the queue -- even if you click the Register All button -- unless you select the "Allow registration of previously registered people" checkbox in the Advanced Person Registration Options dialog box. Remember that when you do re-register a successfully registered user, the original registration settings for that user are replaced with the settings in effect when you re-register the user.
A quick word about multi-select mode and editing
You can select multiple users in the registration queue and then register or delete them, just as you do for individual users. You can also use this multi-select capability to edit registration information on several selected users at the same time. In multi-select mode, you can make changes to some fields and then apply those changes to all selected users simultaneously. Fields that are specific to each individual user -- such as last name -- are not available for multi-select editing, while fields such as Internet Domain, Mail Server, and Certifier ID are available. See the
Fields available for multi-select editing sidebar
for a complete list of available fields.
Here's an example of multi-select editing. Let's say that after adding Bill, Catherine, and John, you want to change the Internet Domain field information for each of them to lotus.com. Instead of editing the Internet domain for each user individually, you can change the value for all users simultaneously. When you begin editing the Internet Domain field, the disabled Add Person button changes to an enabled Apply button. Click this button to apply the Internet domain change, and only this change, to all three users at once. If there's a problem with the change, an error message appears, and the registration information is not modified.
Specifying unique registration information for individual users
To make registration easy for users who require unique registration settings, R5 has increased the number of values that you can specify on a per-user basis. This is significant because you can change specific registration settings for one or more individual users
during
a registration session.
The following sections discuss the new fields that can be set on a per-user basis in R5.
Registration Server
The registration server is the server whose Domino Directory will receive the Person document created during registration. It's also the server from which the groups and User Setup Profile lists are obtained in the Groups and Other panes, respectively.
Short name
This field value is automatically generated using the first name initial followed by last name. For example, a short name for Bill Shakespeare will be generated as BShakespeare. You can edit the Short name field immediately before registration if you don't like the generated name.
Mail Server
Changes made to the Mail Server field may force a change to the Mail file template field, and vice versa. For example, if you have specified a mail template that does not exist on the mail server to which you are changing, you will have to specify a new mail template as well.
Mail file template
You can select the mail template you want used when a new user's mail file is created. The template list is based on the mail server selected, and both mail server and template can be individually specified for each user in the registration queue. Be aware that all templates from the selected mail server appear in the list. Make sure you select a template meant to be used for mail files!
Set database quotas and set warning threshold levels
You can establish these values (on the Mail pane) for the new mail file. The maximum quota and warning threshold is 9,999 megabytes. When the database quota level is reached, any user opening their mail file receives a message stating that the database quota would be exceeded. When the warning threshold level is reached, a message is placed in the miscellaneous events view of the log file.
Mail file owner access
You can set the access for the mail file owner to Designer or Editor, instead of using the default setting of Manager. With these settings, users can no longer delete their own mail files! If the administrator selects either Designer or Editor, the administrator is added to the mail file's Access Control List (ACL) as Manager. This prevents Domino from creating a mail file whose ACL cannot be modified because only those with Manager access can modify a database ACL. Use this option to restrict mail access, for example, to deny a mail user the ability to create a LotusScript or a Java agent.
Certifier information
Previously, the certifier information had to be set prior to entering the user registration UI, and it then applied to all users registered in that session. Now you can assign different certifier IDs, security types, and certificate expiration dates to individual users if you desire. Then, if you end the registration session and choose to save the queued users, when you re-enter the Register Person dialog box, you are prompted to supply the certifier ID passwords for each certifier ID saved in the queue. For example, suppose you have 100 users stored in the registration queue database. When you created the users, you chose cert1.id for the first 50 queued users, cert2.id for the next 30 users, and cert3.id for the last 20 users. Now when you re-enter the Register Person dialog box, you'll be prompted three times to supply the passwords for cert1.id, cert2.id, and cert3.id. In general, this means that you no longer have to register existing queued users before you specify different certifier settings for additional users.
Alternate name information
Alternate naming allows you to supply a user name in a language other than that of the primary user name. The alternate name and alternate organization unit work just like the primary name and can be used like one. This is useful for a Domino user who works in multiple cultural contexts. For example, Catherine Great may spend significant time in Norway on business. An alternate Norwegian name -- using Norwegian characters -- allows Norwegians to use her Norwegian alternate name instead of the less practical English primary name.
A reminder
You can set default, per-domain values for many user registration settings (mail, ID, and others) in the Administration Preferences dialog box, as discussed below.
Setting registration preferences and defaults
Setting defaults can make life easier for any administrator, particularly the one who frequently registers many users. Why are defaults so useful? It's simple -- because you don't have to modify settings from one user to the next.
Domino R5 offers three methods of setting defaults for user registration:
Setting Administration Preferences
Specifying defaults during registration
Defining User Setup Profiles
Setting Administration Preferences
You can use the Administration Preferences dialog box to set defaults for user registration and save them on a per-domain basis. Of the three mechanisms for setting defaults, only this one remembers and applies the defaults every time you enter the registration UI. This is particularly useful when you are registering numerous users who require identical or very similar registration settings.
If you modify a few values using the Register Person dialog box, those modified values only apply to the users you want them to apply to. The next time you enter the user registration UI, your standard Administration Preferences are still in effect.
The following registration defaults can be set in the Administration Preferences dialog box:
Registration Server
Certifier ID
Mail system
Mail Server
Mail file template
ID path (for ID files saved to disk -- the default directory is data\person\ids)
Password Quality
Internet Domain (for Internet address)
Setup profile
Setting defaults during registration
When you add a new user to the registration queue via Basic or Advanced registration (not by importing text files or migrating users) and you specify some of the registration settings on the registration panes of the Register Person dialog box, some of the settings for that user are also applied to the next user you add.
Defaults set in this way override the defaults set in the Administration Preferences dialog box and are retained until you exit the registration UI. You can set these defaults on the Basics pane and optionally on other panes that you access during user registration when you select Advanced in the Register Person dialog box. Additional editing, importing, or migrating users does not change these defaults.
For information on which fields can be set as defaults, see "Defining default settings for users" in
Domino 5 Administration Help
.
Although some of the fields for which you can set defaults do not appear in the registration panes unless you click the Advanced checkbox, it does not mean that these defaults are not created or set for the user. In fact, once you've set registration preferences or defaults in a registration session, you can add users in Basic mode to simplify and streamline user entry. You are not required to click the Advanced checkbox and access the other panes of information unless you want to change a setting. The Advanced checkbox can be toggled on or off at any time during a registration session.
Additionally, there is a special provision for setting defaults prior to importing text file users or migrating users, without having to add a new user via UI entry. Prior to migrating users by clicking the Migrate people button or importing a text file by clicking the Import Text file button, click the Add Person button to put the registration UI in New Entry mode. Now make modifications to any registration setting, but don't add user-specific information such as last name, password, and so on. The modifications you make will serve as defaults when you click the Import Text file or Migrate people button. Migrating and importing text file users are discussed in more detail below.
Defining User Setup Profiles
To create default settings that appear on all users' workstations and/or default values to be stored in their Location documents, you can create a User Setup Profile. When you are registering numerous users, this is a real time-saver. You enter the information once in the User Setup Profile rather than entering it repeatedly in the Location document for each individual user you are registering.
If you are registering users by group, you can create and save User Setup Profiles that apply to the users in one or more specific groups. For example, if all of the users in one group need to connect to a remote server, you can create a User Setup Profile that contains that server setting. This example illustrates how User Setup Profiles can make your user setup tasks that much easier.
In addition to simplifying and speeding up registration tasks, the User Setup Profile also helps ensure consistency in user settings.
Migration and text file import
Migrating users from foreign directories and importing users via text files are new for Domino R5 and are possible because of Domino R5's scalability.
Migrating users from foreign directories
Migration is the process of moving user directory information, mailboxes, mail, and addresses from one system to another, in this case, to Notes and Domino R5. You can migrate hundreds or even thousands of users from a foreign directory to Notes and Domino using the Migration Tools. (Remember that to use the Migration Tools, you need to select the option to install them. For instructions, see
Domino 5 Administration Help
.
When you are migrating users to Notes from a non-Notes mail system, you are usually migrating a very large number of users. As an administrator, you need to determine
how
you are going to register the users that you migrate from other mail systems. It's often most efficient to register these users in groups that have identical, or at least similar, registration settings. This allows you to register numerous users and specify registration defaults and Administration Preferences for entire groups, instead of for individual users. For example, if the users you are migrating have similar or identical registration settings, you may want to register them in groups of users according to job responsibilities, department, or some other arrangement that works for you. This will help you keep track of which users you have successfully registered and will prevent you from accidentally re-registering users.
Remember, though, that you can also specify registration settings on a per-user basis whenever necessary.
When you are migrating and registering groups of users, R5 lets you register them in a group, register them and create a new group, or move them to an existing group with the same name.
Because of the large number of users typically involved when migrating users, you may want to perform a two-phase migration. First, migrate your users to Notes without converting the mail files. Next, you can access the Migrate people option (in the Register Person dialog box) and then select the Convert Mail Only option for those users that you have already migrated. This is especially useful when you are trying to control the load on your systems. For example, if you know it takes 20 minutes to convert your average mail file, you can schedule an appropriate number of mail file conversions during off-peak time, such as between 6:00 PM and 8:00 AM.
The previously-described option to "Keep successfully registered people in the queue" can serve you well if you are migrating many users. You can use the queue to sort and track users who have or have not been registered. If you are migrating group-by-group, you can use the registration queue to identify duplicate users (for example, users who have been registered as part of a group previously migrated to the registration queue and registered). If you sort users by name in the registration queue, all duplicate names will list alphabetically in sequence.You can then just delete the extraneous user names.
There are some special considerations regarding mail-related information when you are migrating people into the registration queue. If migrated users need mail conversion, the mail file cannot be created in the background. If this option is set as the default when users needing mail conversion are migrated, it will be changed to "Create file now." Further, when users needing mail conversion are migrated, if the mail system default is not set to Lotus Notes, POP, or IMAP, the mail system defaults to Lotus Notes.
Importing text files
With R5, importing text files for user registration has become easier and more powerful. When you import a text file of user information into R5 for registration, the information in that text file is pulled directly into the registration UI. You can then view it in the registration queue, check the data, and massage it if necessary. In short, user information that is imported via a text file is no different than any other user information in the queue, except that it came from a text file.
The text files that you import can use separators other than the comma ( , ). To specify a separator character, use the NOTES.INI setting BatchRegSeparator.
You can specify any one of the five separators shown in the following table or any other character that is not part of a registration setting value or string. For example, you could not use the backslash character ( \ ) because it can appear in a mail file path setting (for example, mail\mjackson.nsf).
Separator
Description
|
Vertical bar
;
Semicolon
,
Comma
&
Ampersand
#
Pound sign
Once you have a large number of users in the registration queue who are ready for registration, make use of the Advanced options such as the "Don't prompt" options to facilitate unattended, uninterrupted registration. For example, clicking the "Don't prompt for a duplicate person" checkbox and then clicking the "Skip the person registration" checkbox causes duplicate users to be bypassed during registration of many users. These duplicate users remain in the registration queue with an appropriate error message. If the Don't prompt options are not selected, prompts requiring administration intervention will appear for each duplicate user/mail file, which will stop registration until the prompt is addressed. Using these options, you can kick off registration for a large number of users at the end of the day and be sure that the registration process will not stop overnight due to an error or prompt.
Additional new and noteworthy features
Domino R5 contains other new fields and features that enhance user registration. The following sections present some highlights.
ID file storage location
The default ID file storage location is now <current Domino data directory>\ids\people. Prior to R5, it was the A:\ drive. This simplifies and streamlines registration by preventing the administrator from being prompted for a floppy drive disk for each user.
The Group pane
The Group pane contains one of the best new features of R5 user registration. You can use the Group pane to assign each user to one or more groups during registration. This removes the burden of the common post-registration task required in previous releases, which was adding each new user in the Domino Directory to the necessary groups. Group assignment is also available for editing in multi-select mode so that you can select multiple users and assign them to a new group or change their existing group setting.
Password quality
The Password quality controls and password quality in general are new in R5. Password quality now takes both dictionary checks and password complexity (password length, distribution, and variety of alphanumeric characters) into account when evaluating a password. Password quality relates to the ongoing quality of the password, not just the quality of the password when the user is registered. After the user is registered, the password quality set at registration is enforced when the password is changed for the user. If a password is required but is insufficiently complex for the password quality selected, you can select the "Try to register queued people with error status" checkbox in the Advanced Person Registration Options dialog box, and the user will be successfully registered. This means that you can migrate or import users with insufficiently complex passwords, register them, and still get enforcement of password quality after registration.
If you are migrating users and the passwords are not supplied, Domino can generate a password of sufficient complexity. To take advantage of this feature, simply select the "Generate password" option in the Migration dialog box.
For more information on the password quality scale, see "Understanding the password quality scale" in
Domino 5 Administration Help
.
Internet address fields
An Internet address that is unique in its domain is required when registering a new user. Domino uses the Internet address to route mail. Like the short name, the Internet address is automatically generated, but you can edit it directly. The Internet address is constructed from the name components, the Internet domain, and the Internet address format settings. The default Internet domain is the current host TCP domain, but you can change this default in the Administration Preferences dialog box. The format settings include a name format and a separator, and can be accessed via the Format button in the Basics pane.
If registration returns an error stating that the Internet address for a particular user is not unique, you don't have to change the user's name. You can use the Set Internet Address Format dialog box to modify the format, starting with a different separator.
Make the most of the registration UI
Domino R5 makes registration really easy -- thanks to the new user interface and some powerful new tools. If you take full advantage of these features and tools, your registration tasks should be easier and more efficient than ever.
ABOUT THE AUTHORS
Chip Carter is Development Manager of the Domino Administration Development team at Iris. He designed and developed the new registration features and the Domino Upgrade Services (DUS) migration framework for R5.
Mary Jrolf is a Principal Technical Writer at Lotus. She is responsible for writing several sections of the Domino Administration documentation.