Lotus Application server domain or not domain member?

Hi All,

There're 8 application server in our company. When the last was installed the central admin told me not to make it to a member of our domain.
Now, I need to create folders and share them for different users but I can't add the users since the server isn't a domain member.
I'd like to know, what happens when I make 1 application server to a domain member but the other 7 will stay a "not domain member"?
Will something be affected by this action e.g. making replica with other "not domain member" application servers?
Why, do you think, has the central admin told me that it shouldn't be a domain member?
I can't ask him because he's already left the company.
Who is Participating?
SysExpertConnect With a Mentor Commented:
There is no special requirement to access a Workgroup.
WHat I would do is do 1 and 2, and for then Change the workgroup name to be the same as your Domain Name.

The problem with this is that you need to add all the users manually onto the server or at least a single user or more that everyone can use.

Again, it is NOT a good idea to do any file or  folder sharing on a Lotus Domino server !!!!

In general, it is a good policy NOT to let anyone have access to any shares on a Domino server, especially anything related to the program or data directories.

Domino does not care if it is part of a Windows Domain or not, so functionality should not change as long as there are no agents that depend  upon OS logins ( rare ).

I hope this helps !

You mean, not a member of the Notes domain, or not a member of the Windows domain?

This is most often done for:
- development and test environments
- servers that sit in a DMZ
- servers that otherwise communicate with outside entities
- servers that have to host something special, such as a very secure application where you only want to authorize special IDs to have access

I'm nit sure what you mean by "create folders and share them."  Are you a former Exchange admin, and want something akin to public folders?

You also seems to being saying two contraidtcory things:
* last [app server] was installed the central admin told me not to make it to a member of our domain
* make 1 application server to a domain member but the other 7 will stay a "not domain member"
First statment implies that one is out of the domain but ALL OTHERE are IN the domain. Second statement implies that ONE is in the domain while SEVEN ARE NOT in the domain.  Which one is it???

The only real effects of replicating with a non-domain member are:
1) you have to make sure the replicating servers trust each other (cross-certified if necessary)
2) the servers allow eahc other access overall (allow/deny lists)
3) the servers may need to be explicitly listed in each ACL, as groups may differ across the NABs, or you may have to duplicate groups and sync them manually for every change
4) monitoring can be more difficult
5) although not a good practice anyway, and not commonly done, flat names may not resolve correctly
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

didier20Author Commented:
I meant that the 1 Application server isn't in the Windows domain.
And that's what makes me headache. I created subfolders on the Application server and want to add domain users to this folders but I can't because the Appl. server isn't a Windows domain member and doesn't know the domain users.
Is that correct that if I create a folder on an Application server (not in Windows domain) then EITHER  everybody OR nobody will have access to it?
didier20Author Commented:
And the original question.
What will happen if I put a Lotus application to the Windows domain?
The application server is in the Lotus domain and replicates with other application server fine.
I really can not see any issue of adding it to the Domain.

It should not make any difference.
The only thing that may be affected is if you are doing synch of AD to Notes directory, but since it is an Apps Server, I really do not think that it will be in use.

Just do a full backup of the server before doing it, and make sure that you know how to restore or remove it from the Domain if there are issues.

Other option, If you want users to access the Apps server folders, you should use a Workgroup name that is the same as the Domain Name,and add the users on the Apps server. You will need the same username and password as used on the Domain servers. It may be possible to export and import using one of the Windows Resource kit utilities.

I hope this helps !

You can have 12 Domino servers in 12 domains, or 12 in one domain, or you can use a mix or workgroups and odmains... none makes any difference.  The only minor difference would be if you use matching Domino server names and Windows computer names, use Windows for DNS, and have a single Windows domain.  In that situation, all Domino servers will be automatically resolvable by server name, since the srever name can be found in DNS.

However, the operation you are performing seems WRONG.  You don't use Windows to create folders in Domino.  There's noi reason to.  Further, granting SMB access (file share access) is also a bad idea, as Domino DOES NOT want anything but the Domino srever itself to access those files.

If you just want to have the NSF files located in specific folders that do not currently exist, that's no big deal.  If I tell Lotus Note sto create a file on a Domino server, and give it a filename of abc\xyz\junk\whatever\something.nsf, Domino will make sure the enire nested folder structure exists, and if it does not exist, it will AUTOMATICALLY CREATE THE FOLDERS without any interaction from th ecreator.  It just happens.  Nice, no?

So, please don't bother with the WIndows SMB stuff, don't sweat it at all.  If you want the Windows box to join your AD domain, that's fine.  Or you can "not bother."  (I have seen some admins leave servers out of the domain because they thought th Windows admins were getting snoopy or applying policies that they did not want applied or for security reasons, but otherwise, we really don't care much about where the hosting Windows box sits AD-wise or workgroup-wise.  Just make sure we get registered nicely in DNS.)
didier20Author Commented:
1.  I can add the application server to the domain without any problem but better to make a backup before.
2. I know that I can create a file in a folder and if the folder doesn't exist then it will be created automatically.
3. If I want users to access the Apps server folders, I should use the  Workgroup name but for doing that I need to install some Windows utility.
The 3 part is what I never did and a little bit hard to imagine for me. I mean a not domain Lotus Application server would recognize the domain user name after installing (exporting/importing) a Windows Resource kit. And what's the name of that kit?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.