top of page

Integrating HCL Domino and Microsoft 365

  • Justin Hill
  • Dec 7, 2021
  • 4 min read

Updated: May 14

There are times when you need to use multiple technologies and you need them working well together. One example is: Office 365 and Domino. Why would you need them both you ask? Well, maybe you have your email on Domino and also using O365 apps or your email is on Exchange and you have data and apps on Domino.


HCL Notes, Domino and Microsoft 365


Domino gives you a lot of great things, flexibility it offers you. You can be on prem, hybrid or in cloud and have the same level of security and all.


  • Collaboration client-server application

  • Email/Calendar/Contacts

  • Applications – business workflow, document libraries…

  • Sametime

  • Domino Server – Windows, Linux, OS/400, AIX, Docker containers, Kubernetes, OpenShift

  • Notes client, Verse, Traveler, Web Browser, Nomad, Outlook


Microsoft on the other hand is all about the cloud. 

  • Subscription based cloud services

  • Email/Calendar/Contacts

  • SharePoint

  • Teams, Skype for Business (deprecated)

  • Outlook and OWA

  • Powersuite – Apps/Automate/AI/BI – a great tool but quite on the expensive side of things.


Directory


As we all know already the Domino Directory is the heart and soul of Domino. It’s where you find all your server config and how you manage your users. 


  • Domino Directory – names.nsf


Microsoft is a bit more complex:


  • Active Directory – on premises

  • Azure Active Directory – cloud

  • Hybrid considerations

  • AAD requires additional licenses to behave more like AD in the cloud


Directory Components


These are the Directory Components you will find and use most often in Domino:

  • Person

  • Group

    • Multi, Server, ACL, Mail, Servers, Deny

  • Mail in Database

  • Resource

  • Server

  • Configuration

  • Connection

  • Program

  • Policy/Setting

  • Internet Site

 

Here is what Microsoft has to offer in this regard:

  • User

    • Mailbox user, mail user, mail contact

  • Group

    • Distribution, Dynamic Distribution, Security

  • Shared mailbox

  • Resource


Server vs Service Management


Two lists show IT admin tools. Left: Domino tools like notes.ini. Right: Microsoft tools like PowerShell. Text in blue and red.

Endpoint Management



Two lists compare software tools and settings, including Notes code, Marvel Client, Intune, RMM service, and Powershell.

What is HCL Nomad?


  • Similar to the HCL Notes Client Basic experience all within a web browser

  • Designed for users to access HCL Domino applications (NSFs) from the users’ desktops and/or laptops

  • Available as a fully native application for Android, Chromebook, and iOS mobile devices

  • Secure access to mail and/or HCL Domino applications 

  • Ironclad security leveraging HCL’s Safelinx technology (built-in, secure, VPN) in addition to updated Domino security layers (e.g., physical, OS, network, server, ID, application, application design, and workstation)

  • Includes: 

    • Biometric authentication for iOS mobile devices (face or touch ID)

    • Secure proxy integration (SafeLinx)

    • Two factor authentication (2FA)

    • Username detection for secure access

    • Local replica enablement to work off-line (on the native mobile version)

    • Field level security for applications

  • No specific design modifications required (to existing apps)!


Here is how Nomad looks like on Tablets and Smartphones



Mobile and tablet screens display travel and wine tasting apps with purple-themed interfaces, text lists, flags, and color charts.

Domino V12: Nomad for Web Browsers


Computer screen displaying a "Vacations, Travel & Expenses" list with dates and amounts. Purple and gray interface. Visible tabs include "Edit" and "Create."

Coexistence Considerations


  • Directory synchronization

  • SSO Authentication

  • Bi-directional mail routing with correct content and format

  • Calendar free/busy time lookups/scheduling

  • Instant Messaging coexistence

  • Application inter-operation


Client options


  • Outlook as a Domino client

  • HCL Traveler for Microsoft Outlook 3.x (HTMO)

  • Email/Calendar/Contacts

  • Future – Open Client

  • DOMI – Domino Online Meeting Integration

  • Teams at the center of everything Microsoft – Viva


Active Directory and Domino synchronization can prove to be a drag. Here is a scheme of how you can make this work.


Diagram of AD Domino Data Synchronization with text boxes showing server processes. Blue sidebar lists keywords: People, Groups, Passwords.

Domino Directory Sync


  • objectGUID field added

  • New Users – Register Selected Person

  • User Renames

    • Person document only – automatic

    • Registered Notes user – admin4.nsf, Rename common name requests

  • User Deletions

    • Person document only – automatic

    • Registered Notes user – No

  • Group Deletions – automatic


Groups


Two group settings panels for "AD GroupA" and "AD GroupB" with member details. Text shows group types: Mail and Access Control List.

AD Controller Password Sync Components


  • Domino Utility server registered and installed note: does not run

  • Domino Configuration Directory

  • Directory Assistance Database (New)

    • Document for directory of administration server

  • Domino Password Library (npwsync.dll)

  • Request Creator (names.nsf)

  • Password Change Request Database – adpwsync.nsf


Domino Domain Server Password Sync Components


  • Request Processor (names.nsf)

  • Configuration Settings document (names.nsf)

  • Password Change Request Database – adpwsync.nsf

  • Directory Assistance Database (New)

  • ID Vault


Password Flow – AD Controller


  • Local Security Authority 

    • Processes password change in AD

    • Passes user name and password to Domino Password Library


  • Domino Password Library

    • Finds objectGUID from user’s AD document

    • Uses Directory Assistance database to find objectGUID in Domino Directory (on Request Processor)

    • Creates document in Password Change Request database that contains the objectGUID and password

    • Copies document to Request Processor’s Password Change Request database


Password Flow – Domino


  • Request Processor Server sees new request

    • Uses objectGUID to find Person document in names.nsf

    • Updates Internet Password in Person document in names.nsf of administration server

    • Updates Notes ID Password in ID Vault


Authentication Coexistence


  • LDAP provides a way to authenticate, but both AD/AAD/O365 and Domino require they are the directory ”master” so Dirsync is necessary for these two systems to work together 

  • SAML – supported 90% by Domino and 100% by AAD, so this is a good path to pursue IMHO, however:

  • Assertions not supported (If this could be supported then we could support Domino ACLs for SAML users)

  • Managed logout not supported

  • OAuth – OAuth2 Support for Domino Web Applications

  • OAuth2 Support for Domino Web Applications allows administrators to configure token-based access to Domino-hosted ReST API’s.

  • Available with Domino V12



HCL Domino – Security Enhancements


Text on identity management lists SAML updates, ADFS 4.0 support, and more. IdP configuration interface with options and dropdown visible.

For any questions you might have we are here to help.

Comments


bottom of page