• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Administrator person document disappeared?

Hi,

We noticed that our administrator account (the first one you create when setting up domino) still has a mail database out there, and the ID is still out there....but its not listed as a person anymore in our user list.

We can still log into domino as administrator.....

What does this all mean?  We are concerned its going to cause problems....
0
kjbbnk
Asked:
kjbbnk
1 Solution
 
BlackmoorianCommented:
The question here is, are you certain the document is gone? I know that we as administrators here use the document properties on a few of the groups, administration ids and test ids to hide them from the general populous. If you send an e-mail to the administrator account does it go through? If it does then you are probably looking at an administratively hidden document.

Which mean that the administrator went into the persons document properties in the address book. Clicked on the security tab (Key symbol), in the Who can read this document section deselected the checkmark All readers and above and selected specific people, groups, or servers that could read it. If this is the case you should be able to open the local notes on the server itself and open the address book and see this account.

If the document is truly gone then:

As long as the ID does not expire you can use it to access the server since the ID contains the correct certifier giving it a "pass code" into the Lotus Notes environment. Unless that ID is specifically mentioned to deny access this will remain the case.  

ACL (Access Control Lists) will prevent that ID access as well if the hierarchial name associate with that ID is not contained within groups that have been given access to the databases. "-Default-" access will allow any ID with the correct certifier to access the database with the permissions given to '-Default-' in the ACL.

If the administrator information in the server document has been changed to reflect new admins, then the absense of an administrator document should not pose any issues at all.

It all depends how the administrator access is set up in the server document and each database's ACL. If you take the time to update these for example the Administrator ID does not matter:

Having an Administrators group defined in the address book and then adding the hierarchial names of all administrators to this group.
Adding this group to every database’s ACL with manager access.
Adding this group to the appropriate fields in the server document.
This way in the event that an administrator quits or is fired you can remove their ID from this group and add their name to the deny access list. You then no longer have a possible compromise in security.

If you need further clarification or have any further questions let me know. Thanks.
0
 
kjbbnkAuthor Commented:
Whew...
Yes, I can email this account and it can email me back...
So maybe it is hidden?  I am not the smartest when it comes to domino, so can you help me with explaining in detail what this paragraph means:

>Which mean that the administrator went into the persons document properties in the >address book. Clicked on the security tab (Key symbol), in the Who can read this document >section deselected the checkmark All readers and above and selected specific people, >groups, or servers that could read it. If this is the case you should be able to open the local >notes on the server itself and open the address book and see this account.

Thank you, I am dying to unhide this!!
0
 
BlackmoorianCommented:
My apologies I have been out sick.

Go locally to the server itself. (Either sitting at the console or remote controlling in)
Open up NLNOTES.EXE (Should be in the root of your NOTES directory)
If prompted for an ID, (I don't think it does but in the event it does) use the Server ID
Open up the public address book (NAB) (NAMES.NSF)
Go to the 'People' view
Find the name you are looking for and right-click on the document and select 'Document Properties...'
Click on the security tab (Looks like a Key should be about the fourth tab in)
Where it says 'Who can read this document' the next line down should have a checkbox stating 'All readers and above'
Put a check in that box if you want everyone that has reader access in the database to be able to see it or you can check off groups listed or add your own if you want to hide it from some but reveal it to others.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
kjbbnkAuthor Commented:
bad news, when i go into that people view on the server
the admin person we're looking for is not there.......


any other ideas?
hope you're feeling better!
0
 
BlackmoorianCommented:
hmmmmm.......

Try opening up the NAB whilst holding down <CTRL><SHIFT>

Go to the ($People) view and look in there.
0
 
kjbbnkAuthor Commented:
Nope, he's not in there........
We have his ID, his database...........just not him!
0
 
BlackmoorianCommented:
Another possibility is look in the view Server\Mail-In Databases and Resources and see if he is set up as a Mail-In Database instead (Probably unlikely but it is an existing possibility.)

Also try doing a text search of all documents and see if there is an alias for that name existing in the database that is not the primary shown address.

The only other thing I can suggest at this point is possibly look through the other hidden views and see if he appears in any of those. I would try looking through this database using the server.id, the administrator id, and any other administration id's you might have. Hopefully one of these ID's is a match for you.



0
 
BlackmoorianCommented:
Another thing I thought of is go into the Domino Administrator. Go to the people view and see if you see him there. If he is go to the properties. Click on the security tab (Looks like a Key should be about the fourth tab in)
Where it says 'Who can read this document' the next line down should have a checkbox stating 'All readers and above'
Put a check in that box if you want everyone that has reader access in the database to be able to see it or you can check off groups listed or add your own if you want to hide it from some but reveal it to others.
0
 
kjbbnkAuthor Commented:
I talked to Lotus regarding this.  They had me extract the certificate info and create a new admin person and paste it in.

0
 
BlackmoorianCommented:
No objections here. We weren't able to provide a solution. However it would be good if kjbbnk would post the complete solution that was received from Lotus for future people that might run into this.
0
 
kjbbnkAuthor Commented:
OK from what I remember, she had me do a "switch ID" in my mail client, to the admin's ID.  Then go to user security, your certificates area, and under other actions choose "mail, copy cetificate".  Nothing happens as its just put to your clipboard.

Then in the person documents, add a new person (not register).  In the certificate info, do a paste.  Just fill in the rest of the info for the admin or user you deleted, and it should be okay or so they said :)

0
 
PashaModCommented:
Closed, 100 points refunded.
PashaMod
Community Support Moderator
0
 
MontereyCommented:
We have the same problem, but it was 4 users that disappeared out of our addressbook. their person document is not there, but they still have the id files.. would could cause the deletion of people from the domino directory "people" in admn?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now