As I posted last week, Domino 12 and Sametime 11.6 and Traveler 12 and Nomad Web 1.0 are all out and there’s lots of good news for admins, users and developers alike but since I’m an admin that’s what I’m going to talk about. Instead of a large dull blog listing all the things I think are most interesting useful, I’m going to do a series of short slightly-less-dull blogs focusing in on each one individually.
This isn’t where I tell you to deploy ID Vault - you’ve already done that right? ID Vault not only contains encrypted secured copies of all your IDs but it allows admins to do password resets against Notes IDs directly on the server and have that immediately take effect for the user. It also means never having to physically copy ids around to workstations and it can be set up in 10 mins so a lot to like but Domino 12 brings us some very welcome enhancements. If you already have an ID Vault then don’t forget to refresh its design from the v12 template called idvault.ntf on the server.
Manually Uploading An ID To The Vault
It’s now possible for both administrators and users to upload IDs to the Vault manually. Users can only upload their own IDs but anyone designated as a vault administrator can upload any user ID into the vault.
To do that as a User, open the server’s names.nsf in your Notes client, choose the People and Groups view and right mouse click (it will only let you upload your own ID). You will then be asked to upload the ID and confirm its password.
To do an ID update or multiple ID updates as an Administrator go to the People & Groups view in Domino Administrator and select Upload ID into Vault from the Action menu. Note it is only available via the actions menu and not via right mouse click in the Admin client. You can then choose if you are uploading a single ID or multiple IDs. Since you are supplying the password the Vault will be able to unlock the ID and know what user it belongs to.
If you want to upload multiple IDs then you need to create a 2 column, comma separated CSV file where
Column 1 = a path to the Notes ID relative to your client machine
Column 2 = the password for each Notes ID
For background, a vault administrator is different from a server administrator and isn’t set by server security but by ID vault security.
New Query Vault Command
if you have errors running this command such as “QVR - the local security feature is not supported” see my next blog and verify you have the notes.ini setting IDV_Enable_Vault_Scan = 1
Referenced in detail here but just to highlight two commands I will use a lot
“load qvault -x {vaultname} -u {username} -a (for archive) - this is for if (when) an ID stops syncing into the vault, this command archives the existing vaulted ID and that will tell the Notes client to sync its ID into the vault thinking there isn’t one there alreaady.
“Load qvault -x {vaultname} -u {username} -i OR -v (i for “inactivate” and v for “reactivate” an ID)
let’s break that down - what is your vaultname? To find that go to Domino Administrator and the “Configuration” tab and then on the left hand side choose ID Vault under Security. Your vault will show in the view to the right and the first column contains the Vault Name. What will display will have a “/” in front of it but in the actual name that is replaced by O= so in the screenshot below my vault name is O=DemoVault.
Of course you can also look at the document properties for the field “VaultName”
What is your username?. That is the canonical format of the first entry in the fullname field of the person document (the static text for that field is “User Name”). So for “Gabriella Davis/Turtle” that would be “CN=Gabriella Davis/O=Turtle” Don’t forget to use quote marks as there are spaces in the user name and the command line on the console won’t like that without quotes around it.
So now we have the command to inactivate user “Graham Hedley” **
load qvault -x O=DemoVault -u “CN=Graham Hedley/O=Turtle” -i
or to archive Graham Hedley’s existing vaulted ID so the one being used by his client can be vaulted in its place
load qvault -x O=DemoVault -u “CN=Graham Hedley/O=Turtle” -a
The qvault command is used for maintenance of the ID Vault and can also archive IDs in the vault as well as cleanup already archived IDs. See here for full documentation.
The Turtle Partnership Blog 
Just a related IDVault question.. if there are 5 offices, each with a server, would you create 5 IDVaults? or one for all (all replicate to a main server)
It really depends on your network architecture and organisational hierarchy. There’s no reason to have an ID Vault on every server and I would usually have one vault for the entire O= level. The Notes client learns where the vaults are and asks the home mail server then a vaulted server for the ID so if the home mail servers are the nearest in each office and none are clustered and the connectivity from workstation at office A to server at office B is iffy, you’d put vault replicas on each server. You don’t use replication (sorry if you know this) but when configuring the vault itself you tell it what servers to put instances on and it’s all handled in the background. If you just put a replica on a server the ID Vault and the server don’t know it’s there and just treat it as a regular database. Hope that makes sense.
Thanks 🙂