August 13 2013 Tuesday
Domino Directories and local replicas - another bad idea
In the post yesterday Mail file users having manager ACL and why it's a bad idea brought up some questions about getting the Domino Directory on the client as a replica. This is not a good idea unless you really know what you are doing (and even then, it's still a really, really bad idea), so I though instead of just answering that, I'd throw together some thoughts on various things related to replication of the Domino Directory.
I'm sure there are more, but that should be a good starting point to get you on the way. And do not send full replicas of the Domino Directory down to client machines.
- Never, ever replicate the full Domino Directory to a users PC. I have seen this implemented for a variety of purposes, although most likely it is to allow type ahead. There is a functionality in Domino called the condensed directory that will allow you replicate only the fields required needed for type ahead and other items (like office phone, cell phone, etc). You can also use a policy to replicate this down to clients.
- To stop old replicas of the Domino Directory sending old changes back to your replica, enable Purge Interval Replication Interval (PIRC) on the server Domino Directory.
- To stop design changes happening to the Domino Directory (they magically coming from older servers, just when you don't want them), enable "Refresh design on admin server only" in the design properties of the Domino Directory.
- Fully document any design changes you make to the Domino Directory as you really, really should upgrade the design of DomDir with every upgrade. Skipping design upgrade changes on the Domino Directory can lead to missing policy setting types, missing server document tabs and other really, really irritating stuff.
- Always have anonymous access set to "No Access". Yes. I see this tons.
I'm sure there are more, but that should be a good starting point to get you on the way. And do not send full replicas of the Domino Directory down to client machines.