There is a new feature in ND 8.5 that allows Domino administrators to manage users' ID files with less effort, called the ID Vault. You can read more about this feature later in Chapter 10. In Lotus Notes Domino 8.5 a new method was added, called ResetUserPassword. This new method allows you to leverage the ID Vault feature in custom applications. It can be used to reset the password and download count on an ID file stored in the ID Vault and to set both the password and download count. Using this method, a developer could design an application for your help desk to perform password resets, or a self-serve application that end users could access to reset their passwords. Lotus Notes Domino 8.5 comes with a sample self-service application, called PwdResetSample.nsf, which uses the new method in a LotusScript agent that you can customize for your needs. In order to run this method from a LotusScript agent or Java agent, you must give password reset authority with the "Self-service password reset authority" flag to a user identity that has signed the agent. It is recommended that one is registered specifically for this purpose. The server on which you deploy the agent must also have this authority and must give the agent signer "Run restricted LotusScript/Java agents" access. You must give password reset authority with the "Self-service password reset authority" flag to the user or server identity under which the application is authorized to run, when the ResetUserPassword method is used in a non-agent application. To set the access, do the following: Switch to the Configuration tab in the Administrator client and select your ID Vault under Security | ID Vault. Then click on Tools | ID Vaults | Authority to Reset Passwords.

Set both the Vault Administrator (your Server Administrator) and your Domino Server as self-service password reset authorities.