By David Gewirtz
To Sigmund Freud, "Where id is, there shall ego be." But to Notes administrators, where id is, there might permission to enter the network be.
The Notes ID file is a unique file that identifies an individual user or server and contains a number of elements, including certifier information, public and private keys, encryption keys, and more. Without the ID file, you don't get into Notes or Domino.
You might think, what with thumb drives, CD-ROMs, DVD-ROMs, servers, backups, and terabyte hard drives costing less than dinner at Carrabba's, that losing every single copy of one's ID file might be impossible. You'd think that, but you'd be wrong.
Users lose their ID files all the time. And no, they don't have backups. And no, they didn't remember to make a copy.
Where ID is not, there shall access not be. And that, dear reader, is where some Notes users start to go crazy, especially if they've lost their ID file.
Just say no
Fortunately, it is possible to reconstruct an ID file.
Conscience is the internal perception of the rejection of a particular wish operating within us. -- Sigmund Freud
Like that particular wish, recovering an ID file is not necessarily a good idea, but it's possible. Let's first discuss why it's a bad idea, then we can discuss how you can do something rather ill-advised in the pursuit of expediency.
Here's the thing: the ID file exists as a security measure. The whole design premise was that if you don't have your ID file, you don't get in. More intentionally, if someone trying to hack in doesn't have the ID file, he doesn't get in. That's why it's a whole file, and not just a password.
So let's say Joe Luser loses the thumb drive his ID file resides on. And let's say Joe has access to some important corporate data that a competitor might love to see. Did he really lose his thumb drive or was it lifted?
He that has eyes to see and ears to hear may convince himself that no mortal can keep a secret. If his lips are silent, he chatters with his fingertips; betrayal oozes out of him at every pore. -- Sigmund Freud
Can you see where I'm going here? This is exactly the time you don't want to recreate the ID file, because if it's lost, it might be in the wrong hands.
Recreating that ID file
As Siggy himself once said, "I do not doubt that it would be easier for fate to take away your suffering than it would for me. But you will see for yourself that much has been gained if we succeed in turning your hysterical misery into common unhappiness."
Even though it's a bad, bad, baaaaad idea, we're about to show you how to recreate your ID file. What? It's not like I'm your mother. If you don't know right from wrong by now, sure as shootin' aint' my job to teach you.
A Freudian slip is when you say one thing but mean your mother. -- Author Unknown
From the user's point of view, recreating the ID file can be problematic as well. If Joe had any Notes databases or documents that he'd encrypted, he will never, ever be able to get them back if you recreate the ID file.
So, here's what you need to do. Pay close attention to this first step, because doing it even slightly wrong can cause you real problems. Do not do anything until I say to. Ready?
First, take a screenshot of the user's Person document. You're going to need to type in the user name later, exactly as it's shown here. A screenshot is the best way to get it right.
OK, you're going to need to delete the user's Person document (don't do anything yet!!). You have to go about this in a particular way. Do not NOT NOT use the Delete User option in the Admin client. If you do, the Admin process will delete the entire user, yank his butt from your Domino domain, and otherwise make your life miserable.
Instead, find the person document and simply hit the Delete key. Just one key. Just once.
Bizarrely enough, this will delete the document, without deleting the user. OK, now you can go do it.
Next, find Register User in the People and Groups tab. Register the user with the absolutely identical name for the previously registered user (you did take a screen shot, didn't you?)
Now, set the Mail System to None. This will prevent a new mail file from being created. In the Mail File field, use a file name that's different from the original mail file name. Then, find the Set ID File button and locate the ID file somewhere where you'll be able to find it later.
Take a moment and smack the user upside the head for losing his file in the first place. This could conceivably get you fired, but it'll feel good. And your user probably deserves it. Just don't blame me. In fact, don't blame me for anything. Remember, you were warned.
Sadism is all right in its place, but it should be directed to proper ends. And sometimes a cigar is just a cigar. -- Sigmund Freud
By now, you've created a new Person document and the user has been registered once again with Notes. Go ahead and edit the new Person document, configure the Mail System appropriately, and point the Mail File field to the original mail file.
Save and close. And make sure, this time, the user knows it's bad to lose the ID file.
I will take my leave of you, Dear Reader, at least for now. As we part company for this week, allow me to share with you one of The Sigmeister's wisest thoughts:
Time spent with cats is never wasted. -- Sigmund Freud
In all seriousness, it's not good to recreate ID files. But now, at least, you know how. Go, get a cat.