Export (0) Print
Expand All

How to Change ACLs on Domino Directory and Mail Databases

 

Topic Last Modified: 2006-09-14

For Exchange Connector for Lotus Notes to synchronize Active Directory® directory service and the Domino Directory, the Notes user ID that the connector uses must have Editor access (and can delete rights) to the Domino Directory. For doclinks to migrate to Microsoft Exchange Server 2003, the Notes user ID that the connector uses must have Reader access to all users' mail databases. Use these procedures to change the access control list (ACL) properties.

noteNote:
The connector's Notes user ID should have Manager (and can delete rights) to the exchange.box and exchange.bad databases.

noteNote:
Use this procedure only for Notes and Domino 6.

  1. Log on to a Lotus Domino Administration client that has Full Administrator rights.

  2. Click Administration, and then click Full Access Administration to enable Full Administrator rights

  3. Click the Files tab.

  4. Select the Domino Directory (names.nsf).

  5. Right-click the Domino Directory, click Access Control, and then click Manage.

  6. Click Add.

  7. In the People, Servers, Groups text box, click the browse icon.

  8. Select the user ID for Connector for Lotus Notes, click Add, and then click OK.

  9. From the Access list, select Editor, select Delete documents, and then click OK.

noteNote:
Use this procedure only for Notes and Domino 6.

  1. Log on to a Lotus Domino Administration client that has Full Administrator rights.

  2. Click Administration, and then click Full Access Administration to enable Full Administrator rights

  3. Click the Files tab.

  4. In the left pane, select the Mail directory.

  5. To select all of the mail databases, click the first database, and then press Shift while selecting the last database in the list.

  6. Right-click the selected databases, click Access Control, and then click Manage.

  7. Click Add.

  8. In the People, Servers, Groups text box, click the browse icon.

  9. Select the user ID for Connector for Lotus Notes, click Add, and then click OK.

  10. From the Access list, select Reader, and then click OK.

noteNote:
Use this procedure only for Domino 5.

  1. Start the Lotus Domino Administrator and log on as a user who has Lotus Domino Administrator permissions.

  2. Click File, point to Database, and then click Open.

  3. From the Server list, select the Lotus Domino bridgehead server.

  4. On the People and Groups tab, select the directory for the Lotus Domino domain.

  5. Click File, point to Database, click Access Control, and then click Add.

  6. In the People, Servers, Groups text box, click the browse icon.

  7. Select the user ID for Connector for Lotus Notes, click Add, and then click OK.

  8. From the Access list, select Editor.

  9. Ensure that the Delete documents check box is selected, and then click OK.

noteNote:
If you are not permitted to grant the connector ID Editor access to the Domino Directory, consider implementing a separate address book for the Exchange organization and granting the connector ID Editor access to this database.

There are two different ways in Domino 5 to add Exchange Connector for Lotus Notes user ID to users' mail database ACLs. You can use either of these methods.

  1. Click Start, point to All Programs, point to Lotus Applications, and then click Lotus Notes.

  2. To open the mailbox, click Mail.

  3. On the menu bar, click File, point to Database, and then click Access Control.

  4. In the Access Control List dialog box, click Add.

  5. In the Add User dialog box, click the browse icon.

  6. In the Names dialog box, select the user to whom you want to grant access (for example, the user ID for Connector for Lotus Notes), click Add, and then click OK.

  7. From the User type list, select Person.

  8. From the Access list, select Reader, and then click OK.

noteNote:
Administrators can use the following procedure to grant the required access rights on behalf of the users. This approach might be better than asking each user to perform the previous procedure individually

  1. On a computer with Lotus Domino Administrator installed, start Lotus Domino Administrator and log on as a user who has Lotus Domino Administrator permissions.

  2. On the menu bar, click File, and then click Open Server.

  3. From the Server list, select Local, and then click OK.

  4. From the Access list, select Reader, and then click OK.

  5. On the Files tab, in the right pane, expand Tools, expand Folder, and then click New Link.

  6. In the Create New Link dialog box:

    1. In the Link name text box, type Migration.
    2. Next to Link to a, select Folder.
    3. In the Path and filename to that folder or database text box, type the path to the Lotus Domino mail database on the server running Lotus Domino. For example, to connect to the default mail database on a server named server01 with Lotus Domino installed on drive D, type: \server01\d$\lotus\domino\data\mail.
  7. In the Who should be able to access this link list box, click the browse icon, and then add the Lotus Domino Administrator account. Click OK.

  8. Press F9 to refresh the list of folders. You can now see the Migration folder you created in the left pane.

  9. Click Migration. You can now see a list of users' mailboxes in the right pane.

  10. Press CTRL+A to select all the users at once.

  11. In the right pane, right-click the list of users, point to Access Control, and then click Manage.

  12. In the Multi ACL Management dialog box, click Add.

  13. In the Add ACL Entry dialog box, click the browse icon.

  14. In the Names dialog box, select the user to whom you want to grant access (for example, the user ID for Connector for Lotus Notes), click Add, and then click OK.

  15. From the User type list, select Person.

  16. From the Access list, select Reader, and then click OK. The user ID you specified now has access to the selected users' mailboxes.

  17. For security reasons, delete the folder link after you update the access control lists on the users' mailboxes. To delete the folder link, right-click the Migration folder link, and then click Delete.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft