Active Directory Access and Synchronization with R/3
Dear All,
What I have understood till now about users being maintained in Active Directory is: there are no Roles in Active Directory, users are to be assigned to Groups in the Active Directory.
My requirement is: I have to maintain the users in Active Directory, and ensure they are in sync with my BW system CUA.
First question is: Can we maintain users and roles in CUA?
If I want to synchronize between Active Directory and CUA, do I always need the EP to play a part? If not, what are my alternatives?
My second requirement is: I have to get the users and roles ( partly from Active Directory via LDAP Connector, and partly from BW CUA ), the challenge being, I am getting users from the Active Directory, how will I determine the role it is assigned to in CUA?
I will have the group of the user from Active Directory, where and how do I determine what is the role assigned to this user?
Please suggest.
Regards,
Prosenjit.
Prosenjit,
My apologies, I didnt really understand your scenario.
For your query -- I have to fetch the users from AD, check their roles, and display some relevant data.
You create the role in portal as assign it to the group (group can be anything either AD Groups, CUA Roles which would be groups on the portal or simple portal groups). Now the role will display the reports as links in the TLN and Detail level navigation however it would only be the authorizations which control what data will be visible to the end user.
Syncronization between AD - ABAP (CUA) would allow you to sync the user details between both the data sources roles dont come into the pitcure as far as I know and have seen (might be wrong also)
How will I conclude to which role the user is entitles in the BW side, just by getting the group?
I suppose you must have developed and then published reports on the portal. You will have to create a user - report matrix and then assign users to approproate groups.
Do clarify the requirement in further detail if this doesnt solve your issue.
Similar Messages
-
Replication with Domain and Sub domain in Active directory sites and services
I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
How Domain and Forest Trusts Work
http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc730868.aspx
http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Hi all,
I'd like to confirm which Domain/Forest functional levels of Active Directory is supported for "Active Directory Resource Pool Synchronization" in Project Server 2013.
I guess that 2003 or later is supported, but my customer required reliable sources.
I googled and searched article at TechNet, but I couldn't find.
Could anyone inform me the article about that?
Thank you in advance.
Kaori.Hi Michael and all,
Anyway I solved this issue.
I couldn't find article that I desired, so I asked advice to my colleagues and they told that the functional level 2003 or later are supported in their experience.
In addition, I found these articles about SharePoint sync limitations.
Members of the domain local group cannot view a Microsoft Office SharePoint Server 2007 Web site
http://support.microsoft.com/kb/932378/en-us
SharePoint supportability of Read only Domain controllers
http://support.microsoft.com/kb/970612 -
Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
General:
Could not connect to the Active Directory.
Active Directory Certificate Services will retry when processing requires Active Directory access.
We have a Windows 2008 Server Enterprise with AD . I would like to enable the service "Certificate Services" that
allow me to enable radius to authenticate users wireless with the active directory.Hi,
Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
Everything for us is exactly the same as szucsati and Racom
NMNM,
Please give us an answer on this as the link provided is absolutely useless.
Thank you. -
Can not open Active Directory Users and Computers
Problem Reported:
Out of the blue this has started happening:
When I go to "Active Directory Users and Computers" I get this message.
"MMC cannot open the file C:\WINDOWS\system32\dsa.msc.
This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.
Additional information:
This is a server that has been in use for 2+ years with active directory users that can and do login everyday.
As far as I know the system has no backup.
dsa.msc IS located in the system32 folder
I am using the administrator account.
OS:
Microsoft Windows Server 2003 R2
Standard x64 Edition
Service Pack 2
Please help with detail. Thank you.Have you tried to uninstall ADUC administrative tool and re-install it again? If no, please give a try.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Active directory, SSGD and password change
Hi everybody, we have some problems with SSGD, active directory and password change
Scenario:
We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
We have 2 different tarantella installations called "Sgd" and "Tlv";
Sgd servers are working servers and users authenticate against Eracle, used by our customer.
We made 2 basic different test with Tlv:
1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
2. we configure Tlv to authenticate users against Eracle ---> everything was ok
There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
There is ONE DIFFERENCE beetween Eracle and Gruppo:
Eracle Active Directory's properties:
Domain functional level: Windows 2000 mixed
Forest functional level: Windows 2000
Gruppo Active Directory's properties:
Domain functional level: Windows 2000 native
Forest functional level: Windows 2000
SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
Can someone help us^Hi Simon
I'll try again to explain you our problem, because it seems that I wasn't so clear.
Scenario:
We have 2 different perfectly working Active directory called "Gruppo" and "Eracle";
We have 2 different tarantella installations called "Sgd" and "Tlv";
Sgd servers are working servers and users authenticate against Eracle, used by our customer.
We made 2 basic different test with Tlv:
1. we configure Tlv to authenticate users against Gruppo (that is our real need)---> we can't change pasword using kpasswd or ttakpasswd
2. we configure Tlv to authenticate users against Eracle ---> everything was ok
There are NO DIFFERENCE beetween Sgd and Tlv, they have same configuration, same krb5.conf etc..
There is ONE DIFFERENCE beetween Eracle and Gruppo:
Eracle Active Directory's properties:
Domain functional level: Windows 2000 mixed
Forest functional level: Windows 2000
Gruppo Active Directory's properties:
Domain functional level: Windows 2000 native
Forest functional level: Windows 2000
SSGD documentation doesn't speak about different Active Directory properties. The SSGD documentation says that you can authenticate users against Active directory, so, IT HAS TO WORK even if the domain functional level of active directory is different.
Can someone help us?
Many thank
PatriziaAdded question.
Do you guys know if changing the password will change the password on their Active directory access.
Thanks,
helmut -
Windows 2008 Server - Cannot run Active Directory Users and Computers
Hi,
I am running Windows 2008 Server with latest windows updates installed. Directory Services Role also.
I attempt to open Active Directory Users and Computers tool and I get a;
Microsoft Visual C++ Runtime Library error;
"The Application has requested the runtime to terminate it in a unusual way. Please contact the application's support team for more information"
I click ok, then get the following debug info;
Problem signature:
Problem Event Name: APPCRASH
Application Name: mmc.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47919524
Fault Module Name: msvcrt.dll
Fault Module Version: 7.0.6001.18000
Fault Module Timestamp: 4791ad6b
Exception Code: 40000015
Exception Offset: 0000000000029b06
OS Version: 6.0.6001.2.1.0.272.7
Locale ID: 3081
Additional Information 1: 43aa
Additional Information 2: cf3a46656318492c1997480001b6b0e0
Additional Information 3: 3837
Additional Information 4: 92f72e0d0589ff77cef51e0a413aeff6
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
If someone could please assist, it would be very much appreciated.
Regards
B
Hi,
To solidly troubleshoot this kind of issue, we need to debug dump file. A suggestion would be to contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
However, I am also glad to share my research.
Some third party applications may lead to this error. Please check if you install other third party applications on Windows server 2008?
Also, please follow the article below to perform necessary steps to see how it's going?
FIX: You receive an "invalid page fault in module MSVCRT.DLL" error message after you install the run-time libraries from Visual C++ 6.0
http://support.microsoft.com/kb/190536/en-us
Hope this helps.
Best wishes
Morgan Che -
Not able to open active directory user and computer in windows server 2008r2
Hi All techies,
i would like to know one issue which i am facing mostly, i have created 5 virtual machine all with window server2008r2 and one windows 7 on vm-ware now when ever i start my virtual machines everything going rite but when i try to open active directory user/
computer or domain and trust i get a following error "data from active directory user and computers is not available from dc(null) bcoz unspecified error" even when i chk in events log its give me no help, and after 15-30 min everything works good
Please let me know the cause of it and really appreciate it .
Thanks
AtulYou need to ensure that
1. group policy that says "wait for network before logon" is applied to all computers including servers and workstations is applied
2. DNS record exists for all DCs in DNS
3. If there are multiple Domain Controllers in Forests, then they point them as secondary DNS server. This way they will be able to resolve IPs if local DNS server service takes time to start.
As Chris mentioned, you need to start all DCs first, give a time of 5 minutes and then start member servers and workstations for successful logon.
- Sarvesh Goel - Enterprise Messaging Administrator -
Active directory users and computers wont start on a dc, "the server is not operational"
In our environment, we have 3 dc's
two which run server 2008 (they work perfectly)
and one never off branch dc that runs server 2008 r2.
We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
We have a third party DNS solution.
How do i troubleshoot this issue?dc01 (which replicates perfectly with dc02, and vise versa)
dcdiag /test:dns
C:\Users\adminuser>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Hostingpartner\ourdc01
Starting test: Connectivity
......................... ourDC01 passed test Connectivity
Doing primary tests
Testing server: Hostingpartner\ourdc01
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : int
Running enterprise tests on : int.domain.com
Starting test: DNS
Test results for domain controllers:
DC: ourdc01.int.domain.com
Domain: int.domain.com
TEST: Delegations (Del)
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
Summary of test results for DNS servers used by the above domain controllers:
DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
2 test failures on this DNS server
Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: int.domain.com
ourdc01 PASS PASS PASS FAIL n/a PASS n/a
......................... int.domain.com failed test DNS
dcdiag on dc01(which can replicate with dc02)
C:\Users\adminuser>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: hostingpartner\ourdc01
Starting test: Connectivity
......................... OURDC01 passed test Connectivity
Doing primary tests
Testing server: hostingpartner\ourdc01
Starting test: Replications
[Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
Win32 Error 8453.
......................... OURDC01 failed test Replications
Starting test: NCSecDesc
......................... OURDC01 passed test NCSecDesc
Starting test: NetLogons
[OURDC01] User credentials does not have permission to perform this operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... OURDC01 failed test NetLogons
Starting test: Advertising
......................... OURDC01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OURDC01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OURDC01 passed test RidManager
Starting test: MachineAccount
......................... OURDC01 passed test MachineAccount
Starting test: Services
......................... OURDC01 passed test Services
Starting test: ObjectsReplicated
......................... OURDC01 passed test ObjectsReplicated
Starting test: frssysvol
......................... OURDC01 passed test frssysvol
Starting test: frsevent
......................... OURDC01 passed test frsevent
Starting test: kccevent
......................... OURDC01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:10:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:11:17
(Event String could not be retrieved)
......................... OURDC01 failed test systemlog
Starting test: VerifyReferences
......................... OURDC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : int
Starting test: CrossRefValidation
......................... int passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... int passed test CheckSDRefDom
Running enterprise tests on : int.domain.com
Starting test: Intersite
......................... int.domain.com passed test Intersite
Starting test: FsmoCheck
......................... int.domain.com passed test FsmoCheck
The problematic dc03:
Dcdiag gives the same output as dcdiag /test:dns
C:\Users\adminuser>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = OURDC03
Ldap search capabality attribute search failed on server NTSDC03, return
value = 81
We have an infoblox dns server on ip address xxx.y.y.251.
first error in event logs on dc03:
error 1863
This is the replication status for the following directory partition on this directory server.
Directory partition:
CN=Configuration,DC=int,DC=domain,DC=com
This directory server has not received replication information from a number of directory servers within the configured latency interval.
Latency Interval (Hours):
24
Number of directory servers in all sites:
2
Number of directory servers in this site:
2
The latency interval can be modified with the following registry key.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
i have also go several warning 2088, 2093, 2087.
And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones -
Active Directory Users and Computer not displaying column data?
I am running Windows 8.1 Enterprise with RSAT installed. My Domain controllers are Server 2008 R2.
I am having and issue with Active Directory Users and Computers. Typically I will turn on Advanced Features and then add Columns for Email address and Display Name. This for example allows me to easily export lists of users and there email
addresses among other things.
The issue is that on my Windows 8.1 client, the columns for Email and Display Name are empty. It simply will not display this information. It only displays Name, TYpe and Description.
If I use a Windows 7 client, the information displays correctly.
Has anyone run into this issue or heard of this problem when using ADUC on Windows 8.1?ADUC is an AD tool that is no longer being improved, with Microsoft now focusing on ADAC (Administrative Center). In 8.1, it has improved quite a bit since 7. You can also just try using the
ActiveDirectory PowerShell Module, which is easy to use and fairly powerful. It can be simple to export lists, and the module for AD is included with RSAT tools.
Example:
Import-Module ActiveDirectory
Get-ADUser -Filter {Manager -eq "John.Smith"} -Properties DisplayName,Mail | Export-Csv dump.csv -NoTypeInformation
So, recommendation: either use ADAC, or PowerShell -- ADUC is part of the wave of deprecation. -
Active Directory Integration and home folder mounting
Hello,
I've set up a G4 tower with Tiger 10.4.4 and bound it to our AD domain. Authentication works perfectly, however the home directories of the users (on smb shares on windows servers) do not mount consistently. At first I thought that it was working for administrative users but not for regular users, but one of our test accounts which has no admin priv's works perfectly. It does seem to work consistently for admins, though.
Most regular users are given a local home directory. Has anyone seen this? Any thoughts? Is there any particular log file that I might check for clues?
I'll try get in a little later to post the output of dsconfigad -show , which might help...
Anyhow any help will be appreciated..... thanks!
-JonathanI have been working on doing this as well. If I set the 'mount home directoy' property in the user in Active Directory Users and Computers it has worked for all users and I did not have to specify anything in the AD connector on the Macs.
Robert -
Route mail and Active Directory Sites and Services configuration
Folks,
I have a problem in the internal email routing. My network is spread across various regions and the branch offices are connected together in a mpls network (full mesh). Every region has its own Exchange Server with all roles installed and the smtp connection
to the outside world is linked to two Exchange servers in the headquarter server farm.
The problem is that internally I often see emails going across the Exchange Servers in the branch offices where there is low bandwidth (from 3 to 5 Mbps), thus email are sent first to these servers instead of going immediately to the Exchange hosting
the mailboxes of the intended recipients. This happens also with inbound emails.
This causes slowness in the email system and sometimes also the network with these branch offices suffers from packet loss or very high latency.
I know that Exchange is a site-aware application and uses the Active Directory topology for message routing and to communicate with the services that are running on other Exchange 2013 computers. For this reason I have checked the Active Directory Sites
and Services and surprisingly I have found that there are no sites, no subnets, nothing has been defined but the default settings, included the Inter-Sites transport which contains the default DEFAULTIPSITELINK.
Apart from the fact that clients use logon servers which are not supposed to use in the far remote offices, I am concerned of changing the Exchange Infrastructure whilst the email system is running and I would like to ask your opinion about my next steps:
1) Create subnets for every office
2) Create sites and then link them to the subnets done in point 1
3) Delete the DEFAULTIPSITELINK and create new site links based on the costs (network speed) in order to determine the best routing server. I have 5 remote offices with 5 different network bandwidth, so I'll have to create 5 IP site links: high cost for
link with slow network, low cost for fast network.
4) (Optional) Configure the Exchange-specific cost using the Set-AdSiteLink cmdlet to the AD IP site links created previously
Apart from the valid questions on why the previous Exchange Administrator have forgotten to set up the Active Directory (Topology) Sites and Services...
...And why have chosen to install all Exchange Roles to each server when there was no reason to do that (there are two servers connected to the external smtp gateways in the headquarter, so in my opinion the Exchange Servers in the remote branch offices
should have had only the mailbox and the cas role)...
As a matter of fact, my idea is to go further and create the sites,subnets and the ip site link. If I still notice a wrong email flow, I can configure an ad-hoc Exchange-specific cost using the Set-AdSiteLink cmdlet. Does this sound reasonable to you guys
or I am taking the wrong decisions?
ThanksThank you very much for your link. This is exactly the page I have read just before posting my question here. It is not easy for me to understand why this has been setup this way by a Microsoft certified engineer.
There are specific rules to follow when Active Directory and Exchange are located in multiple sites and I am not a skilled Exchange Administrator... he keeps saying that it is correct and also tells that if I go forward with my ideas there is the
risk to increase the level of complexity. I prefer more complexity than default setting, and as a consequence of that, connectivity problems!
Hopefully everything goes well. I will post my results here once I have done the changes
Regards -
Hide all except one object in Active Directory Users and Computers.
Hello,
I have a question.. I need to allow to one group of "administrators" creating users in one OU and adding computers to the domain, nothing else. I allowed them to log on DC using the GPO "Allow log on locally", because I don't want to give
them administrator rights, I allowed them to do these operations on one OU through delegation wizard and now I need to make all OUs, groups etc. invisible to them except this OU. What is the best way how to achieve this? Thank you...
d.I would disable the ability to allow them to login. I suggest to create a Computers OU that you can delegate to the "admins" to add computers, and don't use the default Computers container.
I assume the admins are using Windows 7 or newer. You can customize an RSAT installation to just provide the ADAC.
Description of Remote Server Administration Tools for Windows 7:
http://support.microsoft.com/default.aspx/kb/958830
Remote Server Administration Tools for Windows 7:
http://technet.microsoft.com/en-us/library/ee449475(WS.10).aspx
Remote Server Administration Tools for Windows 7
http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
Customizing - Installing Remote Server Administration Tools (RSAT) for Windows 7
http://www.petri.co.il/remote-server-administration-tools-for-windows-7.htm
Or if you want to chop it down and control it further, create a custom ADUC with just that OU you've delegated. I've done this in the past and worked fine for my customer:
Delegate an Organizational Unit (OU) in Active Directory Users and Computers (ADUC), then create a custom MMC or customized RSAT
http://blogs.msmvps.com/acefekay/2014/09/04/delegate-an-organizational-unit-ou-in-active-directory-users-and-computers-aduc-then-create-a-custom-mmc-or-customized-rsat/
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
How to Takes Active directory backup and Restore in different Hardware
Hi
how to takes Active directory backup and Restore in different Hardware in Windows server 2003 R2 standard Edition.You can give a look to that: https://support.microsoft.com/kb/249694/?wa=wsignin1.0
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Exporting Active directory users to excel with conditions
I'm trying to export AD users with selected fields out to a spreadsheet, with the condition that the employeeid field is greater than 99999. I found a VBScript elsewhere on this site that does everything i need, even filtering on the employeeid
field except that when it export to the spreadsheet the employeeid field comes back as if it's blank. But i know it's not as it will do the filtering correctly. Below is the script i've been using. As i said it will correctly list all users
with employeeid greated than 5 digits but it just won't export the actual employeeid field
Dim ObjWb
Dim ObjExcel
Dim x, zz
Set objRoot = GetObject("LDAP://RootDSE")
strDNC = objRoot.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE
Call ExcelSetup("Sheet1") ' Sub to make Excel Document
x = 1
Call enummembers(objDomain)
Sub enumMembers(objDomain)
On Error Resume Next
Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's
For Each objMember In objDomain ' go through the collection
if ObjMember.EmployeeID > 199999 Then 'if employee id greater than 199999 then add to spreadsheet (meaning physician)
x = x +1 ' counter used to increment the cells in Excel
' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code
' this was done so the script could be modified easier.
SamAccountName = ObjMember.samAccountName
FirstName = objMember.GivenName
LastName = objMember.sn
EmployeeID = ojbMember.employeeID
EmailAddr = objMember.mail
Addr1 = objMember.streetAddress
Title = ObjMember.Title
Department = objMember.Department
' Write the values to Excel, using the X counter to increment the rows.
objwb.Cells(x, 1).Value = EmployeeID
objwb.Cells(x, 2).Value = SamAccountName
objwb.Cells(x, 3).Value = FirstName
objwb.Cells(x, 4).Value = LastName
objwb.Cells(x, 5).Value = EmailAddr
objwb.Cells(x, 6).Value = Addr1
objwb.Cells(x, 7).Value = Title
objwb.Cells(x, 8).Value = Department
' Write out the Array for the 2ndary email addresses.
For ll = 1 To 20
objwb.Cells(x,26+ll).Value = Secondary(ll)
Next
' Blank out Variables in case the next object doesn't have a value for the property
EmployeeID = "-"
SamAccountName = "-"
FirstName = "-"
LastName = "-"
EmailAddr = "-"
Addr1 = "-"
Title = "-"
Department = "-"
For ll = 1 To 20
Secondary(ll) = ""
Next
End If
' If the AD enumeration runs into an OU object, call the Sub again to itinerate
If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then
enumMembers (objMember)
End If
Next
End Sub
Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row
Set objExcel = CreateObject("Excel.Application")
Set objwb = objExcel.Workbooks.Add
Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName)
Objwb.Name = "Active Directory Users" ' name the sheet
objwb.Activate
objExcel.Visible = True
objwb.Cells(1, 1).Value = "EmployeeID"
objwb.Cells(1, 2).Value = "SAMAccountName"
objwb.Cells(1, 3).Value = "FirstName"
objwb.Cells(1, 4).Value = "LastName"
objwb.Cells(1, 5).Value = "Email"
objwb.Cells(1, 6).Value = "Addr1"
objwb.Cells(1, 7).Value = "Title"
objwb.Cells(1, 8).Value = "Department"
End Sub
MsgBox "User dump has completed.", 64, "AD Dump" ' show that script is completeHere is a test version
Set xl = CreateObject("Excel.Application")
xl.Visible = True
Set wb = xl.Workbooks.Add()
Set sheet = wb.Worksheets("sheet1")
sheet.Name = "Active Directory Users"
i = 1
With sheet
.Cells(i, 1).Value = "EmployeeID"
.Cells(i, 2).Value = "SAMAccountName"
.Cells(i, 3).Value = "FirstName"
.Cells(i, 4).Value = "LastName"
.Cells(i, 5).Value = "Email"
.Cells(i, 6).Value = "Addr1"
.Cells(i, 7).Value = "Title"
.Cells(i, 8).Value = "Department"
End With
Set users = GetADUsers()
While Not users.EOF
i = i + 1
With sheet
.Cells(i, 1).Value = users("employeeID")
.Cells(i, 2).Value = users("samAccountName")
.Cells(i, 3).Value = users("GivenName")
.Cells(i, 4).Value = users("sn")
.Cells(i, 5).Value = users("mail")
.Cells(i, 6).Value = users("streetAddress")
.Cells(i, 7).Value = users("Title")
.Cells(i, 8).Value = users("Department")
End With
users.MoveNext
Wend
Function GetADUsers()
Set rootDSE = GetObject("LDAP://RootDSE")
base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
filt = "(&(objectClass=user)(objectCategory=Person))"
attr = "employeeid,SAMAccountName,mail,GivenName,sn,streetAddress,Title,Department"
scope = "subtree"
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.CommandText = base & ";" & filt & ";" & attr & ";" & scope
Set GetADUsers = cmd.Execute()
End Function
¯\_(ツ)_/¯
Maybe you are looking for
-
Expand/Collapse feature in table maintenance view
Hello experts, We have created a custom table and maintenace view. For some table rows, the only key value difference is an EFFECTIVE DATE. The generated table maintenace dialog by default "Collapses" the rows that only differ by Effective Date.
-
Satellite p75-a7200 error on boot. Please help ASAP.
Just bought this laptop for my daughter on Christmas. Here is the error information. When I power on the system I get a blue screen with this on it. Recovery Your PC Needs to be repaired The Boot Configuration Data file is missing some required infor
-
I have just bought a new computer..I have an old Iphone 3GS, i would like to now put everything that is on my Iphone, onto my new computer. The new compter does not have anything on it at the moment.... but if i do a back up i dont wanna loose anythi
-
Links to other list views in webpart
In list view webpart, added to `start.aspx` page, can I have links to other list views? If I navigate to the list url (eg. /Lists/MyList), I have links to several views (eg. "open items", "closed items", "All Items"...). When I view this list as webp
-
We are having a lot of problems using Premiere Pro CS4 under Windows 7 64 with Office 2010 32 bits. It seems to be related to a Helvetica font loaded with CS4 as it does not happen with regular Windows 7 64 bit computers. After installing CS4 any fil