Admins: Modifying, Updating or Fixing your Config - do you have an ’Escape Clause’ database
Mat Newman September 7 2010 20:31:44
I've been working with a number of clients recently where we have made some changes (in a couple of cases - significant changes) to their Domino configuration.The great thing about your Server configuration in IBM Lotus Domino is that 98% of it will be contained within your Domino Directory.
What is a Domino Directory? Why, it's a Notes Database!
Which means that the configuration documents within this database are simply "Notes", or records in a Notes Database.
An 'Escape Clause' database is also pretty simple: It's a separate database based on the Domino Directory template.
What do you do with it?
Any time you are going to make a change to a configuration document or delete a configuration document, you copy that document first and then paste it into your 'Escape Clause' database.
If you need to restore any of the original settings - or even restore an entire configuration document - all you have to do is open your 'Escape Clause' database, locate the record you pasted before your change, and then either copy the settings back into your Domino Directory, or restore the entire document.
It's that simple.
I have recently come across a couple of Admins who were aware that they had problems within their environments related to old/outdated/badly configured settings in their existing directory and were about to go through the pain of implementing a new Domain in order to 'clean up' their system. That's pretty extreme.
The beauty of an 'Escape Clause' database is that you can identify configuration documents that may be 'stale' or no longer necessary, and rather than just deleting them and hoping for the best you can copy the record and paste it into the 'Escape Clause' database. Then you delete the original. If a situation does surface that appears to rely on the configuration you have removed, you just go into the 'Escape Clause' database, copy the record, and paste it back into your Domino Directory.
An 'Escape Clause' database is also really useful if you have itinerant contractors who you allocate a Notes account to while they are working for you. Rather than setting them up every time they work for your organisation, and then removing them afterwards, you can just copy-paste their person document to/from the 'Escape Clause' database. Remove them from, or put them back into, the groups that grant them access to your system and - as long as you have id recovery configured - give them back their ID file. When they finish, just run a normal AdminP delete to remove them from the system again.
How do you set it up?
- Create a New Database,
- Call it whatever you like (I normally call it "X Directory Archive"),
- Put it into a folder on your server with your other Admin databases,
- Choose the "Domino Directory" template (you may need to turn on "Advanced Templates"),
Once the database has been created, make sure you secure it properly by adding 'LocalDomainAdmins' and 'LocalDomainServers' (and any other Admin groups you use) as Managers with all roles, and change Anonymous and -Default- to "No Access" with no rights or roles.
That's it. Now you can make changes to your Domino system by modifying or removing configuration documents knowing that if anything goes wrong you have: An 'Escape Clause'.