You don’t have to recover the password, you have to use password recovery to allow the password to be reset. If your environment is correctly configured, as user or users have rights to extract recovery passwords from IDs that are enabled for password recovery.
From Domino Admin Help:
To obtain the ID file recovery password
For security reasons, the administrators must complete these steps from their own workstations, rather than from the same workstation. Using separate workstations prevents an unauthorized user from using a program to capture the keystrokes that the administrators enter on the same workstation. If an unauthorized user obtains an administrator’s ID file and password, the unauthorized user can obtain the administrator’s recovery password for all ID files. Therefore, you must protect the administrator’s ID file and require that multiple administrators work together to recover any given user ID file.
- Detach the encrypted backup of the user’s ID file from the mail or mail-in database to the local hard drive.
- If the user’s ID file is damaged, send a copy of the ID file from the centralized mail or mail-in database to the user.
- From the Domino Administrator, click the Configuration tab, and choose Certification – Extract Recovery Password.
- Enter the password to the administrator’s ID file.
- Specify the ID file you want to recover. This is the same ID you detached in Step 1.
- Give the user the recovery password that is displayed.