Batch adding users to group
Is it possible to create a LC user group and batch add users to the group?
Example: I have ~120,000 users in my domain but I want only 950 of those users to have access to a new form we will be going live with soon. To do this I want to create a group for this form but I don't want to have to manually add the 950 users to the group.
~Josh
1. Create a DirectoryManagerServiceClient Instance as follows,
Properties connectionProps = new Properties();
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, "jnp://localhost:1099");
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,Service ClientFactoryProperties.DSC_EJB_PROTOCOL);
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, userName);
connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, password);
//Create a ServiceClientFactory object
ServiceClientFactory scf = ServiceClientFactory.createInstance(connectionProps);
//Create a DirectoryManagerServiceClient object
DirectoryManagerServiceClient directoryManager = new DirectoryManagerServiceClient(scf);
2. Create a local group as follows,
Group group = UMBaseLibrary.createGroup(groupCanonicalName, domainName, PrincipalTypes.PRINCIPALTYPE_GROUP);
String groupOid = directoryManager.createLocalGroup(group);
You can also create the above group by going to User Manager AdminUI. i.e. Home > Settings > User Management > Users and Groups
3. Once done with creating a group, now we want to make the 950 users members of this group
The API to be used is directoryManager.addPrincipalToLocalGroup(String userOid, String groupOid);
4. You'll have to run the above API for all the 950 users.
So, fetch the userOid through PrincipalSearchFilter based on some matching critera as follows, let say emailAddress
PrincipalSearchFilter filter = new PrincipalSearchFilter();
filter.setPrincipalType(User.PRINCIPALTYPE_USER);
filter.setRetrieveOnlyActive(true);
filter.setEmail(Email_address_OfUser_To_be_Searched);
List principals = (ArrayList)directoryManager.findPrincipals(filter);
for(Principal principal:principals){
User user = (User)principal;
directoryManager.addPrincipalToLocalGroup(user.getOid(), groupOid);
Similar Messages
-
Hi,
can any one share documents/resources pertaining to how to create sap user groups in BOE.
how to add groups to users.
how to import sap users.
etcHi,
You can find the product documentation here:
http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000713358&_SCENARIO=01100035870000000202&
Specifically, go to the "Integration for SAP Solutions" section and take a look at the Installation and Administration guide:
https://websmp210.sap-ag.de/~sapidb/011000358700000559912010E/xi31_sp3_bip_sap_inst_en.pdf
As far as adding users and groups to the system, this is down through the CMC. The Business Objects Enterprise Administrators guide should help you with these tasks:
http://help.sap.com/businessobject/product_guides/boexir31SP3/en/xi31_sp3_bip_admin_en.pdf
To add users/groups to the BOE system, you have to go into the CMC/Authentication section and click on the SAP tab. In here, you configure your SAP system information and add the groups that you wish to import into BOE. Once you add the groups through here, the user accounts and groups will be mapped in to the Users and Groups section of the CMC. From here, you can treat them like any other group in the system.
You add users to the SAP groups the same way you would for BW or any other SAP product. If a new user is added to an SAP group that is imported into BOE, then that user will be able to logon to the BOE system.
We also have many notes on these subjects.
thanks
Jonathan -
Suddenly getting 404 error when adding user to group
Hi,
I have an OAM 10.1.4.0.1 instance that's been working fine.
However, today, I noticed that when I tried to add a user to a group, when I am in the selector page and click a user, I then get an HTTP 404 error.
I've searched all of the log files that I can find, and I can't see any error messages. The only thing that is showing an error in a log is the IIS that I have setup with WebGate for OAM Admin. I get a "404" error with a sc-win32-status or "3".
I have restarted everything, and that still hasn't helped.
Does anyone here know what might be causing this, or how to diagnose the problem?
Thanks,
JimHi,
I'm answering my own question/problem here, but hopefully this info will help someone else.
I was able to get adding users to groups working again. I found that after I cleared the cache in my browser (IE6), the "add user to groups" started working again, without the HTTP 404 error.
In hindsight, I guess this kind of makes sense, because if you ever watch the URIs on the selector pages, they all look alike, so I'm guessing the IE would not send a full GET request, but the "content" was no longer valid on the OAM server, thus the 404 error.
Jim -
Adding User to Group Programatically?
I've used the APIs below to create portal users and apply a
group number to them when they are inserted into the Portal User
table. However, when the users log into the portal, they still
are not attached to any group (i.e. Portal objects that can only
be viewed by certain group members, cannot be seen by the
programatically added users unless it is done manually in
Portal). Does anyone have an idea as to how to get this to work?
Thank You in advance,
Justin
Code to add users:
PORTAL30_SSO.WWSSO_API_USER_ADMIN.CREATE_USER(v_username,
v_password, v_admin_email, null, null, false, l_error_return);
PORTAL30.WWCTX_API_PRIVATE.SET_CONTEXT('PORTAL30','');
portal30.create_portal_user(v_username);
portal30.wwsec_api.set_defaultgroup(10, v_username);I answered my own question. This seems to be the best procedure
form programatically adding users and applying them to existing
groups:
PORTAL30_SSO.WWSSO_API_USER_ADMIN.CREATE_USER(v_username,
v_password, v_email, null, null, false, l_error_return);
PORTAL30.WWCTX_API_PRIVATE.SET_CONTEXT('PORTAL30','');
portal30.create_portal_user(v_username);
portal30.wwsec_api.set_defaultgroup(9, v_username);
portal30.wwsec_api.add_user_to_list(portal30.wwsec_api.id
(v_username), 9, portal30.wwsec_api.NOT_OWNER); -
when trying to add User to Group using BAPI_USER_CHANGE in the Import Parameters GROUPSX = X
I'm getting following error :
com.sap.conn.jco.JCoRuntimeException: (127) JCO_ERROR_FIELD_NOT_FOUND : Field GROUPS not a member of INPUT
BAPI_USER_CHANGE function work correctly for other parameters such as ADDRESSX, DEFAULTSX, PASSWORDX, LOGONDATAX, ALIASX
But in case GROUPSX I am getting above error.
Also I could able to add all above attributes including GROUPSX to user using sap logon. so it should be possible from BAPI as well.
Any input will be appreciated.My bad,
I meant GROUPS is not an input parameter but a table parameter.
This is the ABAP definition of the BAPI:
function bapi_user_change.
*"*"Lokale Schnittstelle:
*" IMPORTING
*" VALUE(USERNAME) LIKE BAPIBNAME-BAPIBNAME
*" VALUE(LOGONDATA) LIKE BAPILOGOND STRUCTURE BAPILOGOND OPTIONAL
*" VALUE(LOGONDATAX) LIKE BAPILOGONX STRUCTURE BAPILOGONX
*" OPTIONAL
*" VALUE(DEFAULTS) LIKE BAPIDEFAUL STRUCTURE BAPIDEFAUL OPTIONAL
*" VALUE(DEFAULTSX) LIKE BAPIDEFAX STRUCTURE BAPIDEFAX OPTIONAL
*" VALUE(ADDRESS) LIKE BAPIADDR3 STRUCTURE BAPIADDR3 OPTIONAL
*" VALUE(ADDRESSX) LIKE BAPIADDR3X STRUCTURE BAPIADDR3X OPTIONAL
*" VALUE(PARAMETERX) LIKE BAPIPARAMX STRUCTURE BAPIPARAMX
*" OPTIONAL
*" VALUE(COMPANY) LIKE BAPIUSCOMP STRUCTURE BAPIUSCOMP OPTIONAL
*" VALUE(COMPANYX) LIKE BAPIUSCOMX STRUCTURE BAPIUSCOMX OPTIONAL
*" VALUE(SNC) LIKE BAPISNCU STRUCTURE BAPISNCU OPTIONAL
*" VALUE(SNCX) LIKE BAPISNCUX STRUCTURE BAPISNCUX OPTIONAL
*" VALUE(BACK_DISTRIBUTION) LIKE BAPIFLAG STRUCTURE BAPIFLAG
*" DEFAULT SPACE
*" VALUE(PASSWORD) LIKE BAPIPWD STRUCTURE BAPIPWD OPTIONAL
*" VALUE(PASSWORDX) LIKE BAPIPWDX STRUCTURE BAPIPWDX OPTIONAL
*" VALUE(ADDCOMX) LIKE BAPIADCOMX STRUCTURE BAPIADCOMX OPTIONAL
*" VALUE(REF_USER) LIKE BAPIREFUS STRUCTURE BAPIREFUS OPTIONAL
*" VALUE(REF_USERX) LIKE BAPIREFUSX STRUCTURE BAPIREFUSX OPTIONAL
*" VALUE(ALIAS) TYPE BAPIALIAS OPTIONAL
*" VALUE(ALIASX) LIKE BAPIALIASX STRUCTURE BAPIALIASX OPTIONAL
*" VALUE(GROUPSX) LIKE BAPIGROUPX STRUCTURE BAPIGROUPX OPTIONAL
*" VALUE(UCLASS) TYPE BAPIUCLASS OPTIONAL
*" VALUE(UCLASSX) TYPE BAPIUCLASSX OPTIONAL
*" VALUE(EXTIDSX) TYPE BAPIUSEXTIDX OPTIONAL
*" VALUE(PRODUCTIVE_PWD) TYPE BAPIFLAG-BAPIFLAG DEFAULT SPACE
*" TABLES
*" PARAMETER STRUCTURE BAPIPARAM OPTIONAL
*" RETURN STRUCTURE BAPIRET2
*" ADDTEL STRUCTURE BAPIADTEL OPTIONAL
*" ADDFAX STRUCTURE BAPIADFAX OPTIONAL
*" ADDTTX STRUCTURE BAPIADTTX OPTIONAL
*" ADDTLX STRUCTURE BAPIADTLX OPTIONAL
*" ADDSMTP STRUCTURE BAPIADSMTP OPTIONAL
*" ADDRML STRUCTURE BAPIADRML OPTIONAL
*" ADDX400 STRUCTURE BAPIADX400 OPTIONAL
*" ADDRFC STRUCTURE BAPIADRFC OPTIONAL
*" ADDPRT STRUCTURE BAPIADPRT OPTIONAL
*" ADDSSF STRUCTURE BAPIADSSF OPTIONAL
*" ADDURI STRUCTURE BAPIADURI OPTIONAL
*" ADDPAG STRUCTURE BAPIADPAG OPTIONAL
*" ADDCOMREM STRUCTURE BAPICOMREM OPTIONAL
*" GROUPS STRUCTURE BAPIGROUPS OPTIONAL
*" PARAMETER1 STRUCTURE BAPIPARAM1 OPTIONAL
*" UCLASSSYS STRUCTURE BAPIUCLASSSYS OPTIONAL
*" EXTIDHEAD STRUCTURE BAPIUSEXTIDHEAD OPTIONAL
*" EXTIDPART STRUCTURE BAPIUSEXTIDPART OPTIONAL
So the error message is correct, GROUPS is not an INPUT parameter. -
Adding users to group www with NetInfo doesn't seem to work
I've added several users to the www group using NetInfo. As you can see, it seems to have worked:
whisper:~ mark$ sudo niutil -read . /groups/www
users: www,mark,rbgramacy
realname: HTTP Users
name: www
generateduid: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000046
smb_sid: S-1-5-21-170
passwd: *
gid: 70
However, when I look at what groups I belong to, www is not one of them:
computer:~ mark$ id
uid=501(mark) gid=501(mark) groups=501(mark), 81(appserveradm), 79(appserverusr), 80(admin)
Any ideas as to how I might get the addition of the group to actually kick in? The system won't let either user assigned the www group edit files with group www.I wouldn't edit the www group if I were you. That group is used internally by OS X and meddling with it could have unintended consequenses.
I recommend creating your own custom group and adding the users you want to it. Netinfo Manager is not the easiest tool to use for this. Instead, download the Server Admin Tools from Apple and use Workgroup Manager. It makes creating custom groups a snap. -
if I change membership of a user in the enterprise portal the license does not adapt on the desktop application or web overview. I have tried changing group membership and changing the user.
While changing the membership an error 500 returns at the top of the screen, but membership is changed.
Any advice?
Thanks,
EricHi Ashish,
That was the first thing I tried. logging off from creative desktop, browser even logged off from Windows and OSX, no results. Adding a new non-existent user to the groups works, but changing a user to a different group does not work.
Eric -
Is there a howto for programmatically adding users and groups
Hi. I'm using WLS 7.0 SP2, and I'm trying to find docs/howtos to
programmatically add users and add them to groups. But unfortunately I must
be looking in the wrong places, cause I can't seem to find any straight
forward code. I've found some in a book called "J2EE Applications and BEA
Weblogic Server" (the white book with the race car on the front) but that
code is deprecated and for wls 6.1. I would like to find something as
straight forward as they have in their security section.
Can anyone help? Thank you in advance."Flip" <!no_spam![email protected]> wrote in message
news:[email protected]..
Hi. I'm using WLS 7.0 SP2, and I'm trying to find docs/howtos to
programmatically add users and add them to groups. But unfortunately Imust
be looking in the wrong places, cause I can't seem to find any straight
forward code. I've found some in a book called "J2EE Applications and BEA
Weblogic Server" (the white book with the race car on the front) but that
code is deprecated and for wls 6.1. I would like to find something as
straight forward as they have in their security section.
Can anyone help? Thank you in advance.
See the UserEditor and GroupEditor MBeans documentation. There have also
been some
posts in this news group with example code.
http://e-docs.bea.com/wls/docs81/javadocs/weblogic/management/security/authe
ntication/UserEditorMBean.html
> -
Hitting limit when adding users to groups via powershell
I've written a powershell to search AD for users with a specific UPN suffix and add them to a group. It's working, except I am hitting some limit. After the script runs, I see that the group only had 1,500 members (exactly). I am expecting somewhere in the
neighborhood of 7,000.
I did some digging and changed the LDAP policy MaxValRange from 1500 to 15000. This increased my results up to 5,000 (exactly).
I appear to be hitting some other limit....any ideas what it could be? Here are my current LDAP policies:
Policy Current(New)
MaxPoolThreads 4
MaxDatagramRecv 4096
MaxReceiveBuffer 10485760
InitRecvTimeout 120
MaxConnections 10000
MaxConnIdleTime 900
MaxPageSize 1000
MaxQueryDuration 120
MaxTempTableSize 10000
MaxResultSetSize 262144
MinResultSets 0
MaxResultSetsPerConn 0
MaxNotificationPerConn 5
MaxValRange 15000
ThreadMemoryLimit 0
SystemMemoryLimitPercent 0
Thanks!Hello,
have you seen
http://technet.microsoft.com/en-us/library/cc756101.aspx for limits in AD.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Adding Users from sharepoint into Active Directory Groups
I have a requirement for Approval Workflow where the Approved User gets added to AD group directly,i think 2 way sync is possible.plz help
Out of the box, I really doubt that this is possible BUT it can more than likely be achieved via the Object Model. A good discussion and some attached code can be seen here.
https://social.technet.microsoft.com/Forums/office/en-US/a1905a01-e7a7-458b-a7a6-d24cd4e19e09/action?threadDisplayName=add-a-user-in-ad-group-from-sharepoint
Steven Andrews
SharePoint Business Analyst: LiveNation Entertainment
Blog: baron72.wordpress.com
Twitter: Follow @backpackerd00d
My Wiki Articles:
CodePlex Corner Series
Please remember to mark your question as "answered" if this solves (or helps) your problem. -
I jumped on my parents computer, which is on a domain. I added a new local user(with my live.com login) and gave it admin status. That's when the trouble began.
The main user profile disappeared. I used the command prompt fix (see other fixes) to add the missing user back into admin. I logged back in, and it set up the account for the first time (WTF?). I cannot access any files from the main account
(that I logged into just fine before to get this debacle started.)
When going to Local Computer Management --> System Tools, my users and groups tool is missing.
I ran lusrmgr.msc only to find out that the most current version of Windows 8.1 and this is what it said "This snapin may not be used with this edition of Windows 8.1. To manage user accounts for this computer, use the User Accounts tool in the
Control Panel." <---- Awesome! (that was sarcasm.)
I have spent over two hours in the User Account tool during the course of this problem only to prove that a picture of a computer is more useful that that "tool".
To anyone reading this ticket, the best advice I can offer you (as long as its not a crucial machine) is to back up what you can gain access to, format your hard-drive and reinstall windows and start over again. I wouldn't recommend reinstalling 8.1,
I would say go back to 7 and wait until 10 comes out. Windows 8 is the new Vista. Good luck!Hello AhavahOlam,
I can understand your feelings.
If my understanding is right, after adding a new local user in domain-joined Windows 8.1, you can’t open the local users and groups.
Can you still add account by going to Control Panel\User Accounts and Family Safety\User Accounts\Manage Accounts?
As this computer is domain-based, it is recommended to contact the domain administrator to see if the option is blocked.
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
How to get count of group of current login user if AD Group is added in SharePoint Group?
My Client has 2 SharePoint Application. For the AD Users they have created AD Group and added users in that AD Group as per requirement. Later AD Group is added in SharePoint Group. When I'm trying to fetch Current User Group count, I can able to get the
count of Groups using below statement.
int groupCount = SPContext.Current.Web.CurrentUser.Groups.Count;
Above Statement, returns always 0 value if I tried with User who are added in AD Group and if I add AD User and then it will return the exact count.
Please suggest solution to get Count of Group of Current User. My Application contains more than 60 SharePoint group.Hello,
I believe your code doesn't count those AD group users until they login at least once. If this is the case then try to use "SPUtility.GetPrincipalsInGroup" as suggested in below post:
http://stackoverflow.com/questions/4314767/getting-members-of-an-ad-domain-group-using-sharepoint-api
Hemendra:Yesterday is just a memory,Tomorrow we may never see
Please remember to mark the replies as answers if they help and unmark them if they provide no help -
Script Help - Adding Users from AD Group to Computer Object Attribute
Environment:
Computer Objects have the following name convention - USERNAME-INV#-PC. An example is TEST1-54321-D. There is a GPO in place that adds any user populated under the managedBy attribute in a computer object to the administrators group for that computer
object.
Scenario:
Create "Local PC Admin" group
When user TEST1 gets added to the "Local PC Admin" group, a powershell script that runs on an hourly scheduled task goes out and finds any computer object (that is not a server) that has TEST1 in its name. For example, TEST1-54321-D for desktop
and TEST1-98765-L for laptop.
It then adds the user to the managedBy attribute of the computer object and appends the text "added as local admin on <currentdate>" to the computerobject description.
If TEST2 is added to the group later, the script should see that TEST1 has already been added and only add TEST2 to the managedBy attribute to the appropriate computer as well as the "added as local admin on <currentdate>".
Still thinking how this can be automated when a user is removed from the "Local PC Admin" group.
Can somebody please find holes in this scenario or suggest a better method to approach this?Security nightmare? How so? Regular domain users cannot modify the "managedBy" computer object attribute.
The "Local PC Admin" group would be a ADUC security group. The Help Desk and Network Admins would be the only ones that can either add users to the group or directly modify the "managedBy" computer object attribute.
The Group Policy that runs against the desktops/laptops looks to see if the managedBy attribute of the computer object is populated. If so, it adds that user as a local admin to their workstation/laptop and removes any other user/group not specified
and given local admin rights. This would only be done for a handful of users (those in the Local PC Admin group) that need admin access ; in other words, the attribute would only be populated for a few computer objects and not the entire organization.
If it is not populated, it does nothing and leaves the default admins on it.
More info on how the GPO works here: http://fbinotto.blogspot.com/2014/01/making-user-object-set-in-managedby.html -
Adding users in Local Administrators Group using GP Restricted Group
Hi Experts.
I have approx 200 servers. There are user1, user2 and user3 which I have added in
Local Administrators Group using GP Restricted Group in all 200 servers. This works fine. In Add Group option I added "Administrator" and Added user1, user2 and user3 in "Members of this Group". Now all 3 users are reflected as a Local
Administrators member.
Now there is a need that user 4 should be in Local Administrators Group using GP Restricted Group for certain servers only. Lets say 50.
In Add Group option I added "Administrator" and Added user4 in "Members of this Group". BUT it doesn't work.
Any idea?
Regards Suman B. SinghHi,
How is it going? I agree with Martin. To do this, we can configure the setting in two different GPOs. For instance, in GPO1, we add user1, user2, and user3 to the local admin group; in GPO2, we add user1, user2, user3, and user4 to the local admin group;
and then we can use Security Filtering to apply the specific GPOs to specific computers.
Regarding security filtering, the following article can be referred to for more information.
Security filtering using GPMC
https://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx
Filter Using Security Groups
https://technet.microsoft.com/en-us/library/cc752992.aspx
Besides, in addition to Restricted Groups, we can also use Group Policy Preferences Local Users and Groups to do this, in which way we can configure two Local Group items in one GPO and utilize Item-Level Targeting to apply the specific items to specific
computers.
Regarding GPP Local Users and Groups, the following article can be referred to for more information.
Configure a Local Group Item
https://technet.microsoft.com/en-us/library/cc732525.aspx
How to use Group Policy Preferences to Secure Local Administrator Groups
http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
Regarding Item-Level Targeting, the following article can be referred to for more information.
Preference Item-Level Targeting
https://msdn.microsoft.com/en-us/library/cc733022.aspx
Best regards,
Frank Shen -
Hi All,
i am facing a strange problem. i am having a sharepoint group ( i.e. SP1). inside
SP1 grops i have added one AD group (i.e. AD1). when try to findout the Current user groups it not including this. However if addd the user directly to SP1 then it show the groups.
I use below code to find out the groups.
SPContext.Current.Web.CurrentUser.OwnedGroups
Thanks and Regards
Er.Pradipta Nayak
Visit my Blog
XchangingHi,
The
SPUser.OwnedGroups property returns a group of
SPGroup objects that the SPUser owns.
When AD users or AD groups added in a SharePoint group, both will be seen as SharePoint user objects. That means “AD1” is only a SPUser object, not a “group”, there
is not a collection of SPUser objects in this SPUser object(AD1).
Therefore, the AD users added in the AD group will not belong to a SPGroup, though they have the permissions given through this SPGroup.
Best regards,
Patrick
Patrick Liang
TechNet Community Support
Maybe you are looking for
-
Problem with minimize and maximize of the AIR WIndow
If I execute the below code I will get an window with 100 buttons. With vertical scrolling on. If I bring the vertical scroll down say positioned at some button. Minimize it using minimize button and maxmize it . The vertical scroll position is reset
-
Do I need to get 300 Senior Managers ?
Hi... Do i need to get 300 Oracle Consultant Senior Managers to put 9iAS working, or i just need to burn out the TECHNET CD's ? I think each day Oracle products are getting worse... I've read 3 times the FAQs, the Release Notes, the Installation Guid
-
I want to capture data through I/O while posting to Customer Line items
Hi Experts Can you please suggest me that while posting to Customer line items i would require to capture data through Internal Order, is this possible if yes please explain Regards Sreenivasulu
-
TB keeps asking for pass word how do I stop it?
When I go to send an email a box pops up asking for my password. I type it in and it comes back saying try again or new pass word. I have to keep typing it in until it finally accepts it, some times three or four times. Master password has it right.
-
I went on a trip and charged my iPod Touch using my MacBook. To do this I switched off "automatically synch" etc. Now I want to synch my iPod Touch but my MacBook keeps wanting to charge it. I can't see the iPod icon nor does plugging it into the USB