Change All User Settings in Specific OU(s) In Active Directory 2008

Similar Messages

• How to create User in the specific group in Microsoft Active Directory

  Hi,
  I am using Nestcape LDAP, and want to create user in the user defined group. I have created a new user group "TestUsers" in the "Users" container of Active Directory, I want to add the new user to Test Users group But my problem is that whenever I create a new user
  it get added to Domain Users group.
  I tried adding memberOf attribute with value "TestUsers"
  attr = new LDAPAttribute("memberOf", "TestUsers");          
  attrs.add(attr);
  It gives me following error :
  code= 53 Exception 0000209A: SvcErr: DSID-031A0D6F, problem 5003 (WILL_NOT_PERFORM), data 0
  Following is the code I am using.
  public LDAPResult createUserID(
  String userId,
  String pwd,
  String pId,
  boolean resetonLogOn,
  LDAPConnection ldCon) {
  boolean flag = false;
  int code=0;
  try {
  String pwdLastSetVal;
  String desName;
  String desc;
  /* Specify the DN of the new entry. */
  String dn =
  "CN=" + userId + ",CN=" + this.container + "," + this.baseDN; // container = "Users"
  /* Create and add attributes to the attribute set. */
  String objectclass_values[] =
  { "top", "person", "organizationalPerson", "user" };
  // LDAPEntry findEntry=null;
  /* Create a new attribute set for the entry. */
  LDAPAttributeSet attrs = new LDAPAttributeSet();
  /* Attribute sAMAccountName */
  LDAPAttribute attr = new LDAPAttribute(LDAP_SAM_KEY, userId);
  attrs.add(attr);
  /* Attribute unicodePwd */ // LDAP_PASSWORD_KEY = "unicodePwd"
  attr =
  new LDAPAttribute(
  LDAP_PASSWORD_KEY,
  (byte[]) this.encodePassword(pwd));
  attrs.add(attr);
  /* Attribute Display Name */
  desName = userId + ":" + pId;
  //desName = userId ;
  attr = new LDAPAttribute(LDAP_DIS_NAME_KEY, desName);
  attrs.add(attr);
  /** Attribute userAccountControl to enable the userid.
  attr = new LDAPAttribute(LDAP_ACCOUNT_KEY, LDAP_ACCOUNT_EN_VAL); // LDAP_ACCOUNT_EN_VAL= "548"
  attrs.add(attr);
  /* Attribute pwdLastSet to reset the password on first logon*/
  if (resetonLogOn == true) {
  pwdLastSetVal = "0";
  } else {
  pwdLastSetVal = "-1";
  attr = new LDAPAttribute(LDAP_RESET_KEY, pwdLastSetVal);
  attrs.add(attr);
  /* Attribute Description */
  desc = " Account Created by HelpNow App";
  attr = new LDAPAttribute(LDAP_DESC_KEY, desc);
  attrs.add(attr);
  /* Attribute objectclass */
  attr = new LDAPAttribute("objectclass", objectclass_values);
  attrs.add(attr);
  attr = new LDAPAttribute("memberOf", "TestUsers");          
  attrs.add(attr);
  /* Create an entry with this DN and these attributes . */
  LDAPEntry myEntry = new LDAPEntry(dn, attrs);
  /* Add the entry to the directory. */
  ldCon.add(myEntry);
  flag = true;
  }catch (LDAPException e) {
  flag = false;
  code=e.getLDAPResultCode();
  }catch (Exception e) {
  flag = false;
  code=LDAPException.OTHER;
  }finally {
  ldaprs.flag=flag;
  ldaprs.code=code;
  return ldaprs;
  }

  Refer to the post titled "JNDI, Active Directory and Group Memberships" available at http://forum.java.sun.com/thread.jspa?threadID=581444&tstart=150

• Securing AnyConnect VPN user access via specific LDAP groups in Active Directory?

  Is there a brief tutorial on how to secure AnyConnect VPN access using Active Directoty security groups?
  I have AAA LDAP authentication working on my ASA5510, to authenticate users against my internal AD 2008 R2 server, but the piece I'm missing is how to lock down access to AnyConnect users ONLY if they are a member of a specific Security Group (i.e. VPNUsers) within my AD schema.

  This looks fairly complete
  http://www.compressedmatter.com/guides/2010/8/19/cisco-asa-ldap-authentication-authorization-for-vpn-clients.html
  Sent from Cisco Technical Support iPad App

• My new macbook pro has little to no sound on all video's. I've changed all the settings but it's still no loud. is there something i've missed trying?

  my new macbook pro has little to no sound on all video's. I've changed all the settings but it's still no loud. is there something i've missed trying?

  Turn off Find My iPhone in iCloud on the iDevice.
  Log out of iMessage, Facetime, remove Apple ID from iTunes & App Store.
  Use Settings > Reset > Erase All Content and Settings.
  Then set it up as a new iPhone with your own Apple ID.

• After restart, all user settings are gone and reset to defaults

  Hi after waking up my iMac from sleep today, it appeared something had gone wrong (apps not responding…notification that my external drives had "not been ejected correctly" etc). I restarted. After restart, and logging back in to my regular user account, all user settings were missing and reset to factory defaults: Desktop reset to the "wave", Dock reset, Download folder missing (grey question mark), Dropbox unable to connect, Safari bookmarks missing (but still on my iPhone-- so it's a local iMac problem, not an issue with iCloud), small things like mouse scrolling prefs reset etc.
  Basically all of my user preferences are missing. I've seen a number of threads about how to fix some of these items individually, but seems like there is a single corrupt preference file somewhere maybe?
  I've repaired permissions a few times (there were a lot), and restarted but nothing has fixed it yet.
  I had been logged out of iCloud, but once I logged back in, my Mail came back (just my me.com account-- still missing my Gmail, will need to reset I guess), along with Calendar and Contacts-- those are ok.
  I keep all my files on an external LaCie RAID, and that all appears to be fine. Folders all intact etc.
  Suggestions?
  Thanks for your help!

  Try booting into the Safe Mode using your normal account.  Disconnect all peripherals except those needed for the test. Shut down the computer and then power it back up after waiting 10 seconds. Immediately after hearing the startup chime, hold down the shift key and continue to hold it until the gray Apple icon and a progress bar appear and again when you log in. The boot up is significantly slower than normal. This will reset some caches, forces a directory check, and disables all startup and login items, among other things. When you reboot normally, the initial reboot may be slower than normal. If the system operates normally, there may be 3rd party applications which are causing a problem. Try deleting/disabling the third party applications after a restart by using the application un-installer. For each disable/delete, you will need to restart if you don’t do them all at once.
  Safe Mode - Mavericks
  Safe Mode - About
  Try running this program when in your old account and then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor.  Please use copy and paste as screen shots can be hard to read.
  Etrecheck – System Information

• Im having concerns with privacy/security on my browser and settings. Someone seems to have hacked into my account and changes all my settings;

  So someone seems to have hockey my browser and has changed all my settings in my Firefox someone seems to be able to uninstall my firefox browser and change all my settings and pair my mobile phone to a computer through Firefox to sync all my information my mobile to computer that I have not done I don't own a computer just think my information to sync my information. Do you have any suggestions about what I should do on this ? I don't know where to go or turn on the security issue. thank you

  Is your Firefox for Android currently connected to a Firefox Sync account? If so, you should find a Firefox account in your Android accounts list, and you can remove it. Please see the last section of this article: https://support.mozilla.org/kb/how-do-i-set-up-firefox-sync#w_remove-an-android-device-from-firefox-sync
  I'm not sure whether this is one of the settings that is part of your Google account, but if you are not sure how secure your Google account is, you definitely should change that password and/or check Google's suggestions on next steps.

• The user and the mailbox are in different Active Directory Sites

  Hi All,
  I have 2 site, each site have an Exchange Server 2010 SP1, let say Site HQ and Site DRC I monitored it with SCOM 2007 R2, site HQ successfully monitored, then I continue try to monitor DRC site. I executed new-TestCasConnectivityUser.ps1 at MBX DRC Site
  to create extest user.
  Then I try to execute command to test-connectivity, but it failed.
  Test-OwaConnectivity -TestType:Internal -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true | fl
  RunspaceId                  : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  AuthenticationMethod        :
  MailboxServer               : CONMBX02.contoso.com
  LocalSite                   : CONMBX02.contoso.com
  SecureAccess                : False
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : DRCCAS01
  LocalSiteShortName          : CONMBX02
  ClientAccessServer          : DRCCAS01.contoso.com
  Scenario                    : Reset Credentials
  ScenarioDescription         : Reset automated credentials for the Client Access Probing Task user on Mailbox server CON
                                MBX02.contoso.com.
  PerformanceCounterName      :
  Result                      : Failure
  Error                       : [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while t
                                rying to access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extes
                                t_xxxxxxxx
                                 Additional information:
                                 [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
                                different Active Directory sites..
  UserName                    : extest_xxxxxxxx
  StartTime                   : 04/01/2012 20:46:19
  LaCONcy                     : 00:00:00.0156460
  EventType                   : Error
  LaCONcyInMillisecondsString :
  Identity                    :
  IsValid                     : True
  WARNING: No Client Access servers were tested.
  RunspaceId          : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  Events              : {Source: MSExchange Monitoring OWAConnectivity Internal
                        Id: 1005
                        Type: Error
                        Message: Couldn't access one or more test mailboxes.
                        The service that is being tested will not run against these mailboxes.
                         Detailed information:
                        Local Site:DRCProduction
                        [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while trying to
                         access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extest_xxxxxxxx
                         Additional information:
                         [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in differen
                        t Active Directory sites..
  PerformanceCounters : {Object: MSExchange Monitoring OWAConnectivity Internal
                        Counter: Logon LaCONcy
                        Instance: DRCCAS01.contoso.com|DRCProduction
                        Value: -1000}
  any help appreciate it.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

  Hi
     Removed existing test account on two site.
     Then created test account on DGC through new-TestCasConnectivityUser.ps1.
     Flushed Health Service on RMS.
  Terence Yu
  TechNet Community Support
  Hi
  What do you mean on DGC ? you mean I have remove both test account or just at DRC site only ?
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

• Test-OutlookConnectivity fails with '[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sites'.

  I have a two site DAG, and the command is running from the alternate site where the databases are not currently being hosted. The following command...
  Test-OutlookConnectivity -Protocol:TCP -TrustAnySSLCert:$true -MonitoringContext:$true
  ...errors with the following output:
  An error occurred while trying to access mailbox CurrentlyHostingMBServerName.InternalDomainName, on behalf of user InternalDomainName\extest_bb13200232474
   Additional information:
   [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sit
  es..
      + CategoryInfo          : OperationStopped: (Microsoft.Excha...onnectivityTask:TestOutlookConnectivityTask) [Test-
     OutlookConnectivity], CasHealthStorageErrorException
      + FullyQualifiedErrorId : F2F8AC0D,Microsoft.Exchange.Monitoring.TestOutlookConnectivityTask
  I thought this command would work based on the 'AllowCrossSiteRpcClientAccess: True' option on the DAG.  The command works well if run a CAS server in the active DB site.

  Hi,
  Exchange 2013 users use Outlook Anywhere to connect to CAS server. You may run the RCA to test the connectivity:
  https://www.testexchangeconnectivity.com/
  Thanks,
  Simon Wu
  TechNet Community Support

• Lost all User settings / presets

  hi
  Using LR 2.2
  on MacBook Pro / Leopard 10.5
  worked great so far.
  just finished a long development session, went through lots of pictures.
  After quitting LR I seem to have lost all my user settings, like my development settings, the metadata presets and the export presets.
  the catalog seems fine otherwise.
  any idea what happened here ?
  thank you
  b.

  It would appear that when you "change" this setting, Lr can no longer see the old settings since it's now looking in the wrong place. I would bet that any NEW presets you created AFTER changing to "save with catalog" would be remembered by Lr.
  The question is: When changing this setting, is there something that has to be done in order to get the old presets to re-save to the new location? My thinking is that when you change the setting, Lr does not automatically save the presets to the catalog since they're already saved elsewhere -- i.e. it doesn't realize that it has to re-save them again in order to see them the next time Lr is started.
  I'd be interested in hearing any further info on this.
  Thanks,
  Larry

• How Can I change all User Passwords Within a Directory Instance

  Hi Experts,
  I've been asked to refresh an old directory instance with some production data.  Easy enough I thought, however, the user has requested that all user passwords within the old directory instance are preserved.  Is that at all possible?  My chain of thought was that I can extract user passwords from the old instance into a file: -
  # ldapsearch -D cn="Directory Manager" -w xxxxxxxx -b o=xxxxxxx objectclass=* userpassword > <name of file>
  And then then use ldapmodify (or alike) to re-import the user passwords once I've refresh the old instance with the production data.  However, to my knowledge, in order to modify a particular entry via a file, i'd need the following format: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  The only information I have in the file I created using the ldapsearch command above is as follows: -
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  I don't want to have to edit the file and add the relevant missing entries accordingly as the generated file has somewhere in the region of 150 thousand entries.
  Am I approaching this the correct way?  Is there any other mean of achieving my requirement.
  Thanks in Advance.

  Hi,
  It does not seem a big deal to add the missing lines to your output file.
  For instance, the following awk command should do the trick
  cat search.out
  dn: gci=-1,ou=people,o=xxxxxxxx
  userpassword: xxxxxxxxxxxxxxxx
  cat search.out | awk '/userpassword/ {print "changetype: modify} ; print "replace: userpassword"; }  {print $0}
  dn: gci=-1,ou=people,o=xxxxxxxx
  changetype: modify
  replace: userpassword
  userpassword: xxxxxxxxxxxxxxxx
  Then you can use ldapmodify to apply your changes
  -Sylvain

• XPRESS code to find all users with a specific Admin Role

  I've been playing around for a while with a way to get a list of all users that have been assigned a particular Admin Role. I have a role for which I want a specific subset of users to be approvers on it, and I want to greate a Rule that will check for people with a particular Admin Role and then return that list as people to be approvers on the role.
  I haven't been able to find an easy way to write this code. Anyone run across this before or have another suggestion???
  Thanks.

  Below is the code to find user based on condition.
  <set name='adminList'>
  <invoke name='getObjectNames' class='com.waveset.ui.FormUtil'>
  <ref>:display.session</ref>
  <s>User</s>
  <map>
  <s>conditions</s>
  <list>
  <new class='com.waveset.object.AttributeCondition'>
  <s>AdminRoles</s>
  <s>contains</s>
  <s>adminRoleName</s>
  </new>
  </list>
  </map>
  </invoke>
  </set>
  Edited by: Jay on Mar 7, 2012 4:03 AM

• Tiger Killed All User Settings & Registrations: Recovery Ideas?

  Booted up today to find every single user setting hosed. Dock was in default setting with bad app links, all bookmarks on Firefox gone, all email settings erased. All software registrations nada. The works.
  System was shut down normally last night. I regularly maintain with Cocktail and Disk Utility.
  Repairs begun:
  Disk Warrior, which found some issues and repaired (apparently unrelated to the problem at hand). Then ran Disk Utility, no problems found. Still hosed.
  I had been running Tiger for about two weeks, installing 10.4 from DVD and upgrading by the book. Have now returned to the safety of 10.3.9
  Anyone heard of this issue, or have any suggestions on what happened or how to return to original? As this was a test of the new OS, my backup was the prior system. So only some bookmarks and outgoing mail lost. Obviously I’m not impressed with the stability of Tiger.

  "
  From what you are saying, it would appear (at least to me) that your User Preferences Folder got hosed. "
  From the little inspection that I did (in order to retrieve data not backed up), the user settings were not deleted ... but were sidestepped. In the bookmarks for Firefox, for instance, a blank bookmarks.html file was created, while the saved ones were re-labeled bookmarks-1.html, -2 etc.
  Not sure how the software registrations were "lost".
  I can see the advantage in a clean install. I did this with Panther upgrading from Jaguar, and moved my registrations, passwords, etc., file-by-file. (Some registrations aren't written down and have to be moved). It's time consuming but possible. Time is money, and Tiger's time-saving enhancements have just been nulled by this sudden maintenance issue. Next year when I have time I might give Tiger another go.

• Ability to change all email address to specific SMTP?

  When I was using my PC and mozilla thunderbird, there was an extension which allowed me to change ALL my outgoing mail servers to a default smtp which I would routinely change between work, home and travelling etc. It also had a button in the menu bar so that I would not have to go into the preference settings.
  Is there a way this can be done with mail as well? Thanks in advance.

  Just in case it isn't clear, you must modify the script with your own account & server settings for it to work. You do this by copying the script text from the post into a new script created in the application "Script Editor" (found in /Applications/AppleScript).
  Wherever you see "account" in the script (4 places) you should substitute the actual name of the account you want the script to change, enclosed in quotes. This name is the same as the description field in the account preference in Mail.
  You must also change the 4 server name text strings to the appropriate server names for your account. For the two imap server name strings, you use the Incoming Mail Server field in the account preference you would enter for the appropriate location, typically something like "imap.xyz.com." (In your case, these may or may not be the same.) For the two smtp server names, you use the appropriate name from the popup Outgoing Mail Server (STMP) list in the preference, typically something like "smtp.xyz.com."
  Note that the script as written is limited to two locations. If you need more, the script can be modified to handle this, but the dialog that asks for your choice will require substantial modification. Also note that while the script will switch all stored outgoing mail server settings (password, port, SSL, etc.), it switches only the incoming imap server's name. If you require a different port number, password, or authentication method for the incoming mail server for different locations, the script will need to be modified for that as well.
  These things are probably better addressed in the AppleScript Discussions forum, but if you need only a minor change or clarification, post them to this topic & we will see what we can do.

• How do i get an iphone 5's battery to last. Just bought a brand new one. Changed all the settings as in location services, dim display push mail, yet it doesn't last half a day.

  Just bought a brand new iphone 5. But the battery doesnt even last. I have changed all the location services n all. Still it doesnt last even half day. And the usage isnt heavy. My wife is using it, so it doesnt have a heavy usage. Tried every thing.

  Gidday, I had the same problem when I bought my iPhone 5. If you drain the battery right down to nothing until it is completely flat and then recharge it 100%, drain it again, and fully charge it you should be good to go.
  Hope this works.....

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g