Configuring Active Directory user to Authenticate against OSB proxy service

Hi,
I applied the oracle Predefined auth.xml WS-policy to the osb proxy service and that will query a web service that is running on separate weblogic server, and I configured ActiveDirectory as an Authentication Provider in the weblogic server under myrealm. when I pass the weblogic/weblogic which is an admin account in the OSB test console or soap ui to test the authentication works and I get the response back but when I pass in one of the Active directory username/password I'm getting the following Failed to assert identity with UsernameToken SOAP fault.
Do I have to change or add any configuration In the weblogic server to make this work? such as Identity Assertion provider in the weblogic server.
fault: <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-386201</con:errorCode>
<con:reason>
A web service security fault occurred[{http://www.w3.org/2003/05/soap-envelope}Sender][Failed to assert identity with UsernameToken.]
</con:reason>
<con:details>
<err:WebServiceSecurityFault xmlns:err="http://www.bea.com/wli/sb/errors">
<err:faultcode xmlns:soap="http://www.w3.org/2003/05/soap-envelope">soap:Sender</err:faultcode>
<err:faultstring>
Failed to assert identity with UsernameToken.
</err:faultstring>
</err:WebServiceSecurityFault>
</con:details>
<con:location>
<con:path>request-pipeline</con:path>
</con:location>
</con:fault>
Regards
Vick

Hi Manoj
I have configured the weblogic server to use the Active Directory Authentication provider which is supported in weblogic server and I can see the AD users under weblogic console under users and groups tab, but if I pass in the username/password of the users in AD I'm getting the above error.
thanks
Vick

Similar Messages

What do I need to do to enable Active Directory users to authenticate to AFP shares in 10.8 server?

We recently upgraded from 10.6 server to 10.8 server and are having trouble with AFP shares and Active Directory. We have shares on each of our OS X servers that should be mountable by any Active Directory user at the site the server resides. In 10.6, this worked beautifully. Simply adding the appropriate AD groups with appropriate permissions to the ACL of the folder(s) being shared worked without a hitch. In 10.8 server, this is not working. Permissions are defined correctly (as far as I can tell), the server is bound to AD, but yet no AD user who should have access can mount the share. When attempting to mount the share on a 10.6 client, the user gets the short and simple "You entered an invalid username or password. Please try again." On a 10.7 client, the window shakes.
What confuses me even more is that no local users can mount the share as well. I try as our admin account, I receive the following error message on our 10.6 clients:
Actually, as I was forumulating this post, logging in as the server administrator account is now working...???!!!
This was the error message we were receiving on 10.7 clients before it magically started working:
In any case, authenticating as an AD user is still no go. Any ideas?

I had something similar to this. In the name field put in DOMAIN\username rather than just the name.

Outlook 2003 mail delivery failed for Active Directory user

Server 2003/Exchange2003
We are using an outside company (Integra) to handle our email and only use Exchange for shared archived email.
When configuring active directory users the wizard automatically sets up email entries in the format: [email protected]
When responding to a meeting invite from outlook to a local AD user, all users receive undeliverable messages for the accounts in the format [email protected] as below...
The example below was a bounce back when I accepted the invite. The invite shows up on my calendar just fine.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
   by arelay1 with esmtpa (Exim 4.72)
   (envelope-from <[email protected]>)
   id 1W8D9b-0001kB-24
   for [email protected]; Tue, 28 Jan 2014 10:12:56 -0800
From: "Kevin Simmons" <[email protected]>
To: "miguel saucedo" <[email protected]>
Subject: Accepted: Miguel Chaperone School
Date: Tue, 28 Jan 2014 11:13:05 -0700
Message-ID: <398EA47278F54C9FA9CFFB725FD6C079@PK01>
MIME-Version: 1.0
Content-Type: text/calendar; method=REPLY;
   charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac8cSpjUhKBGTbBKQt+PScNbb6MWwAABfTJgAABJyYAAALiiEA==
X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
BEGIN:VCALENDAR
PRODID:-//Microsoft Corporation//Outlook 11.0 MIMEDIR//EN VERSION:2.0 METHOD:REPLY BEGIN:VEVENT ORGANIZER:MAILTO:/o=PKArchitects/ou=First Administrative
Group/cn=Recipients/cn=miguel
DTSTART:20140206T070000Z
DTEND:20140208T070000Z
LOCATION:Flagstaff
TRANSP:OPAQUE
SEQUENCE:3
UID:040000008200E00074C5B7101A82E00800000000102573EC0F1CCF010000000000000000100
0000037C3D09157000340AA5D3F23F6A60078
DTSTAMP:20140128T181305Z
SUMMARY:Accepted: Miguel Chaperone School
PRIORITY:5
X-MICROSOFT-CDO-IMPORTANCE:1
CLASS:PUBLIC
ATTENDEE;PARTSTAT=ACCEPTED:MAILTO:[email protected]
END:VEVENT
END:VCALENDAR

Well it looks like none of our outlook installations actually are accessing the exchange email, nor are we able to send to those email addresses even though they exist. I have 2 email inboxes in Outlook, 1 is the Integra inbox - works fine. The
other is called Mailbox - UserName - populated with folder that are and always have been empty. If I send an email to myself at [email protected] I get the following bounce back.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
   by arelay2.integra.engr with esmtpa (Exim 4.72)
   (envelope-from <[email protected]>)
   id 1WBtMM-0005N1-Gr
   for [email protected]; Fri, 07 Feb 2014 13:53:18 -0800
Reply-To: <[email protected]>
From: "Kevin Simmons" <[email protected]>
To: <[email protected]>
Subject: test
Date: Fri, 7 Feb 2014 14:53:18 -0700
Message-ID: <F708D49EB6A64BE69891BF9C7B528529@PK01>
MIME-Version: 1.0
Content-Type: multipart/related;
   boundary="----=_NextPart_000_0050_01CF2414.572804A0"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac8kTwKRc8hlRKNXSlye9E4r5UyfJQ==
X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
This is a multi-part message in MIME format.
------=_NextPart_000_0050_01CF2414.572804A0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_001_0051_01CF2414.572804A0"
------=_NextPart_001_0051_01CF2414.572804A0
Content-Type: text/plain;
   charset="us-ascii"
Content-Transfer-Encoding: 7bit
test
Thanks!
Kevin Simmons
Project Manager
4515 S McClintock Dr. Suite 206
Tempe, Arizona 85282
p 602 283 1620
f 602 283 1621
c 480 702 9687
[email protected]
------=_NextPart_001_0051_01CF2414.572804A0
Content-Type: text/html;
   charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Dus-ascii" = http-equiv=3DContent-Type> <META name=3DGENERATOR content=3D"MSHTML 11.00.9600.16476"></HEAD> <BODY>
<DIV><FONT size=3D2 face=3DArial><SPAN=20 class=3D831025321-07022014>test</SPAN></FONT></DIV>
<DIV> </DIV><?xml:namespace prefix =3D "o" ns =3D=20 "urn:schemas-microsoft-com:office:office" /><o:SmartTagType=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"PostalCode"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"State"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"City"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"place"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"Street"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"address"></o:SmartTagType>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in = 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; =
mso-paper-source: 0; }
P.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
LI.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
DIV.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
SPAN.GramE {
   mso-style-name: ""; mso-gram-e: yes
DIV.Section1 {
   page: Section1
</STYLE>
<DIV class=3DSection1>
<P class=3DMsoNormal align=3Dleft><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks!</SPAN></P> <P class=3DMsoNormal> </P> <P class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Kevin=20 Simmons</SPAN></P> <P
class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Project=20 Manager</SPAN></P> <P class=3DMsoNormal><o:p> </o:p></P>
<P class=3DMsoNormal><IMG src=3D"cid:831025321@07022014-2937" = width=3D130 height=3D130=20 v:shapes=3D"_x0000_i1025"></P> <P class=3DMsoNormal><?xml:namespace prefix =3D "st1" ns =3D=20 "urn:schemas-microsoft-com:office:smarttags"
/><st1:Street=20 w:st=3D"on"><st1:address w:st=3D"on"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">4515 S McClintock Dr. = Suite=20 206</SPAN></st1:address></st1:Street></P>
<P class=3DMsoNormal><st1:place w:st=3D"on"><st1:City w:st=3D"on"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Tempe</SPAN></st1:City><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">, <st1:State=20 w:st=3D"on">Arizona</st1:State> <st1:PostalCode=20 w:st=3D"on">85282</st1:PostalCode></SPAN></st1:place></P>
<P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">p</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1620</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">f</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1621</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">c</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 480 702 9687</SPAN></P> <P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">[email protected]</SPAN></P></DIV>
<DIV> </DIV></BODY></HTML>
------=_NextPart_001_0051_01CF2414.572804A0--
------=_NextPart_000_0050_01CF2414.572804A0
Content-Type: image/jpeg;
   name="image002.jpg"
Content-Transfer-Encoding: base64
Content-ID: <831025321@07022014-2937>
/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a
HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACCAIIDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+HwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3++iii
gAooooAKKKKACq97dGzg81bae4O4DZAoLfXkjirFFAHltr8ZNKtPtNteadrU00V1OhZbdCABIwA+
+OgwPwqf/hdmg/8AQI13/wABk/8Ai68juv8AkL6t/wBhG5/9GtTKxdVp2PKqY+cJuKS0PfvB
+Xiwe
JdNFylnqHlyXE4WaeNVVVEjYU4bqBgdO1dZXA/Bz/knsP/X5c/8Ao1q76tkepF3SYUUUUDCiiigA
ooooAKKy9S1yz017ZZJ4B5twIWLzKuzIJyc/T9ak/t3R/wDoK2P/AIEJ/jQBoUVjXfibTLc2yxX1
nM006Q4W4XKhu/XtWvHIkqB43V1PdTkUAOoqhqWqRad9nDFC0s6QkFwpUMcZq6jpIu5GVh6g5oAd
RRRQB8sXX/IX1b/sI3P/AKNamU+6/wCQvq3/AGEbn/0a1Mrkl8TPnK/8WXqz2z4Of8k9h/6/Ln/0
a1d9XA/Bz/knsP8A1+XP/o1q76upbH0MPhQUUUEgDJOAKZQUVU0/UYNTt2uLUs0O8qshXAkx/Evq
voe+OKG1G3GqLpysz3JjMjKi5Ea9ix7Z7euD6GgC3RRRQB5X8atNsF8N2EosbYSy6pH5jiJd
voe+z5R8
5OOa8g/s2x/58rf/AL9L/hXtPxs/5FXS/wDsKRf+gSV4vPMfMECZyeWK9ceg9/ft+VYVdzyce5e0
ST6EKCHT9Rsbuy06zlmtrlJNskYEZx/C2Oo9q3L7Xtd1NDHdarNFbEki0sP9GgXPbamCfxJrHkiY
JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+0SwjdK7HlYogf4yASSeFHJ7VMXJ6IypTqztTgz
JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+nbyD
SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+amvZZfh/aaZZWRtlXSzLdQx+TaHd/F
SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+96R2
yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+ecqnO1j2Jzz0J6Vp7N9Gdbwc0rxm7nPa
yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+F8Tv
E2hsqXzjW7MdVmwlwo/2XAw30YfjXsvhvxRpXivTftulXBdVO2WJxtkhb+669j/PtmvmaONWVsxy
W8qMUkjPDRupwykeoIIq3pesal4a1ePV9OkC3CYVweEuE/55yD09G7GlGo07MzoYyUZclUS6/wCQ
vq3/AGEbn/0a1MqG3vV1GS7vVjaIXF3PL5b9U3SMcH3GamrKXxM4K/8AFl6s9s+Dn/JPYf8Ar8uf
/RrV31cD8HP+Sew/9flz/wCjWrvWZUUsxCqBkknAArqWx9DD4UDMqKWYhVAySTgAV8/eNvFv9uX0
1hoWo6iukgss9x9sc/aieqoCeIx69+3HW98QPiA/ieSXR9HlZNEUlZ7hDg3hHVVP/PP1P8X068no
+j6h4i1aPR9HjUzkAyysP3dtH/eb+i96zlN35YnFiMRJy9lR3J9Gi8U+INVi0bRtd1nztoMk
+hv5P
LtY+m5sH8l7/AEr3bRPB1pokMQTUNUuJwyyTTTXjkzuMfM4zg5wOOmOKn8K+FdO8I6OthYKW
LtY+Zjvn
uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+EdOdui6nGT/AN8SV4zaRMkW+Ufv
uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+pPmf
2J7fhXsnxvCS+E9MTcP+QrETg+ivXkeR6isKu55OYv30vIr3sqwQCZ/uowY/QV7r8KfDDaL4
2J7fhXsnxvCS+E9MTcP+QrETg+Ttb2
9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+dfUt1fpZ3FhAqqVuZjDndjYAjN
9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+n/x3
H41VJaXNcuguRyK3iD/V6d/2EIP/AEKtK5toby2kt7iMSQyLtZT3FZfiB0MenfOv/H/B3/2quajq
K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+06TR/HMsUuSbuISFz/wAtSvAf6suAfVkY96wSARgj
K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+Ir0z
44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+fJuU8xP95eo/LH
44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+5VqV
Q1PC/ZJ/4orhOfZvlP8AOrryLGAzfdzgn0+tQ9Tmn7yUj234PMqfDuNmIVRd3JJJwAPNauJ+IHxA
bxNJJo+kTFNFVik9wpwbwjqqn/nn6n+L6deStPE2oXPg1PDcG6200XE73Mit811ukYhBjomO
bxNJJo+vr06
daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+oeItWj0fR41M5AMsrD93bR/3m/o
daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+vevo
Twr4V07wjo62FgpZmO+e4fmSd+7Mf6dAOBXL/By50h/CLWtlAIdSt5MakGO55JT0kJ7qw6en
Twr4V07wjo62FgpZmO+e4fmSd+I7V6
JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+G9PuYrC2ilk1WMPIkQDNlXzk98mvKPs0H
JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+/PGP
/vkV7F8cE8zwjpyZxnU4xn0+SSvHLaYzQgtgSL8rj0Ydawq7nk5hfnTXYjljtoJ7KV4YvLS8gL5U
Y2+Yuc+2K+k73wlpM11p8kOk6eEhnLyjyFG5fLdcdOeSp/CvmzUYRc2hgPHmELn0zX0J8N/E
Y2+Yuc+2K+x8Q+
EbE3T/6fDEEmB6vtO0t+YIPuPpVUnpY2y+d4OJNrvh3RY47DZpNku6+hU4gUZBbp0qzqnhLSrm2i
S20iwV1uIXb9yo+VZFLdvQGrXiD/AFenf9hCD/0KtZ3WNGd2CqoyWJwAPWtT0Dxr4z2Ok2Nt
S20iwV1uIXb9yo+4fs7
SxtIJ571pG8uJVJRIznoOmWFebfZoP8AnjH/AN8iul+Imqtr3jwT5PkWdsEhQjoHOQT7sPm+jLXP
1z1X7x4uPnerZdDM1OGER20SxIGluEUYXsDk/oKvPbxPEYtoEZPzKvAPsaoA/bdcRwcw2qEj0LNw
D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+qnqPQg1dr0fwp4Th8X/B1bPcsV7D
D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+e3Mt
ncEf6uUStjP+yehHoa83AmjklguYWguoHMU8LdY3HUf4HuMVU421N8VQ5LTWz/MvaHrl34X1
ncEf6uUStjP+6DWr
NWfyxsuYFP8Ar4SeV/3h1X3HvX0npuo2ur6bb6hYzLNa3EYkjkXoQa+X67b4YeLf+Ef1caHeyY0v
UJM27MeILg/w+yv+jfWqpz6M3wOIt+6l8j3Siiitz1QooooA81+Nn/Iq6X/2FIv/AECSvF5YzHJ5
yHbnhj2+p9q9o+Nn/Iq6X/2FIv8A0CSvH6wq7nkZg7VF6FWaYARCQGM+YvXofoa6Pwj4ki8N
yHbnhj2+p9q9o+6o32
qd4dOuH3/aYvmazlxjeV/ijYAB19ge1c89tcyXFpbWMPnyz3CRxwbgu5j0AJ4H48U65VLG6NtqNo
9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+jD6E1
9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+R8Ye
OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+9NMW
OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+n2YZ
pPIQsdzvKwLMfUk8k1o6qtodkswjy+6ncsPdNJPNcXlyJ7y5kaadxyXduuAO3YDsAKakN5qN
pPIQsdzvKwLMfUk8k1o6qtodkswjy+1BY2
ls8tzcvsht1+9Kff+6o6k+laug+Gtc8TOq6JpjC3Y4N7cIYoFHqCRl/oor2/wX4C0/whA0oc
ls8tzcvsht1+9Kff+6o6k+laug+3mqT
DE97IoDEf3UH8K+w/HNTGDbuzGjhZ1Jc9TT8z53srOWx+1W1wyPcRXMscrp0Zlcrx7cce1Wq
DE97IoDEf3UH8K+fdf8
hfVv+wjc/wDo1qZWct2cdf8Aiy9T2z4Of8k9h/6/Ln/0a1Y3xa8IEqfFmnREywoF1GJBzJEO
hfVv+kgH9
5O/qv0FbPwc/5J7D/wBflz/6Nau9ZQ6lWAKkYII4IrptdWPe5FOnyy2aPlUEMoZSCpGQR3FNliSe
JopBlWGDXR+N/CZ8HeIPKgQ/2RfMz2Tdom6tCfp1X247Vz9c0k4ux4NWnKjPlZ7Z8MPGT+IN
JopBlWGDXR+LbSt
Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+80fVLXVtOYLe2jbkBOFkU/ejb2Yce3B7V9IeHdes/
Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+Euh2
2q2LHypl5RvvRsOGRvQg5FdEJcyPZwuI9tDXdGpRRRVnUea/Gz/kVdL/AOwpF/6BJXj9ewfGz/kV
dL/7CkX/AKBJXj9YVdzx8x/iL0Lug/8AI4eHf+wpB/OvpW8sbTUIDBe2sFzCesc0YdT+Br5q0H/k
cPDv/YUg/nX07V0vhOrL/wCF8ziNV+FvhO7MDW/h3T42FwjS7E8vKZ+YfLWvp/gXwppcgksvD2mx
SDo/2dSw/EjNHh3xpovim/1Sy0u4eSbTZfKnDJtGckZX1GVPNc3qfxq8IaRqt5pt098J7SVoZdls
SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+B9jfTPpWLN478OQeEU8UPqSf2TIPklAOWb
SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+ONoX
ruyCMexql4X+JnhvxdNc2+nTzpdW8Zle3uItjlB/EB3HT86AMG2+Dei3P2i4vbnWI55bqZyF
ruyCMexql4X+JnhvxdNc2+vOCD
IxB6dxg/jU//AApXw1/z/a1/4G//AFq6K08daLe+CpfFkLTnS4ldmJiw+Fbafl+oqtd/Ejw/Zm3E
rXWZ9M/tVNsJP7jGf++valZEOnB6tIk8G+Eo/DVgIIri/Ecc85SGW43qVaRtrEY6kYP1rqq81tfj
n4Nu7yK1ibUDLK6xqDanqTgZ5qfVPjT4R0jVrzTLlr/7RaTNDLstiwDKcHBzTLOh8SeDNO8U2k9v
qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+/tSO5GVkCagxViDjcPY9cdRnFdDe/Efw5p3h
qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+Oz8S
XVzLFZXv/HvGYz5spyRgJ+H0qnY/FjwrqPh7UdZgnuPK07b9pgaEiZAzBQdvcZPUGlZEuMXuin/w
pbwr/wA9tW/8Dnq3pXw+tvDN6i6Rdap9huWJuYvtzAq+OJPfptI+h7Gqel/Gvwjq+q2um2rX5uLm
ZYYw1qQNzHAyc8danv8A4x+DtO1+TSJrycyRTCCa4SEmGJ84IZvY9SMiiyBRitkd9RSAhlDK
ZYYw1qQNzHAyc8danv8A4x+DtO1+QQRk
Ed6KZR5t8bP+RV0v/sKRf+gSV4/XsvxK0TXvENjYWEB02NDqSNC0jyZOFfG7C+npXH/8Kh8Y
Ed6KZR5t8bP+f8/e
hf8Afyb/AOJrKpByeh52Mw9SrNOC6HL6D/yOHh3/ALCkH86998ca8PDPgrVtW3ASQQN5We8jfKn/
AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+JPCbeMtHtLDWbjyEhuluJY7Q5SYLn
AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+CksM
455qqaaVmb4SlKnT5Zb3PD/hdr+h6J458ORabePLJqdi1pqgdGUC5LF1OT15IXI9PerMniHxX4a1
Lx/qGiaZp91pqatILuS4Qu0RJIBCgjK888GvafFHgjTPE2n21uf9BltrlLmG4to1Do6dO3TmjSfB
Gn6Y3iHfLJdRa7O81zHKBtG4EFRjtyas6jyWDQrXSofhZpst3DqGm3N9NdSSqP3UkrbWQAHsM4wf
f6V6pq1v4VXxfFNOLdfExsJBbDcQ7RYbPA4P8XXnrWbB8J9JXwR/wi11fXlzaxTm4tJ2KrLat/sE
D1J6+pqTwt8MNP8ADmoXWp3Gp3+q6pPCYBd3sm5o4z2X/GgDxrSZPHQ+B90lpBpJ8M+VNvdy
D1J6+pqTwt8MNP8ADmoXWp3Gp3+ftG3
ed2OcZznHFdt4cAPxL8CgjI/4RJP5Gu4sfh5Y2Hw6m8GJe3LWkqSIZ2C+YN7Fj2x3qWw8B2Wn+IN
H1dLy4aXS9MGmxowXa6D+I8daAOd8Hov/C7PHo2rgR2mOOnyVy3h0eOD4w8bf8IpForwf2vJ
H1dLy4aXS9MGmxowXa6D+5x1D
du3ZONu3tivV9L8J22leLta8RR3Mzz6qsQkibG1Ni4GO/wCdcjffBuC61rUdTtvFWuWDX9w1xLFa
zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+0/Nu2A+gAI+grtrS28KJ48v3thbjxK9
zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+qv2p
VJ3mLIwSOn93nr0rM1L4Y6fq3hjTdKu9T1F7zTWZ7XVfN/0lGJyfm7jp+Qq14L+H2n+DZby7S7u9
Q1O8x9ovbt90jAdB7D/PYUAYPw2Rf+E3+IXyjjVFxx04auM+y6p4e0rXLzRBpPinwJPdS3F7bsds
0YyC4zwcqMc89M4r2DQPClt4f1fXNRguJpZNXuRcSq4GEIzwuO3PeuRv/grpF3qt1PBq+qWenXk3
nXemQTbYZWzkjHYH9O2KAPQtLmtrjSbOazXbayQI8K4xhCoKj8sUVYhhjt4I4YUCRRqERR0UAYAo
oAcVVsblBwcjI6GloooARlVsblBwcjI6GloooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP
/9k=
------=_NextPart_000_0050_01CF2414.572804A0--
beyond that - the Global Address Book does not update!

Cannot log into DTR with Active Directory User

Greetings,
I have set up and installed JDI correctly. I can log into /devinf, the cbs, cms and sld systems with no problem using both Administrator and my JDI.Administrator that I assigned to an Active Directory user. I can log into the DTR using a user from the database (i.e. Administrator), however, when trying to access the DTR with an Active Directory user, I get the following message:
500 Internal Server Error
SAP J2EE Engine/6.40
Application error occurred during the request procession.
Details: Error [javax.servlet.ServletException: Group found, but unique name "businessUnit.all.guests" is not unique!], with root cause [com.tssap.dtr.server.deltav.InternalServerException: Group found, but unique name "businessUnit.all.guests" is not unique!]. The ID of this error is
Exception id: [0012798F81680042000000090000165C0003FE9AA3C0B86B].
This group exists in multiple domainshowever, this has not caused us any issues to date with our portal and other pieces of SAP WASit's only this DTR error.
Any help is greatly appreciated.
Thanks,
Marty

Hi Marty,
In the document available at the link enclosed below, there is a part that explains how to configure DTR so that it always uses "Unique-IDs".
http://help.sap.com/saphelp_nw04/helpdata/en/20/f4a94076b63713e10000000a155106/frameset.htm
It is mentioned that this is valid for LDAP, but the information is applicable for Active Directory as well.
Regards,
Manohar

SMB access for Active Directory users

Hi there,
My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
My smb.conf file is as follows:
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Don't be trying to enforce ACLs in userspace.
acl check permissions = no
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
Any help would be much appreciated!!
Thanks.

I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility

Active directory users and computers wont start on a dc, "the server is not operational"

In our environment, we have 3 dc's
two which run server 2008 (they work perfectly)
and one never off branch dc that runs server 2008 r2.
We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
We have a third party DNS solution.
How do i troubleshoot this issue?

dc01 (which replicates perfectly with dc02, and vise versa)
dcdiag /test:dns
C:\Users\adminuser>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Hostingpartner\ourdc01
Starting test: Connectivity
......................... ourDC01 passed test Connectivity
Doing primary tests
Testing server: Hostingpartner\ourdc01
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : int
Running enterprise tests on : int.domain.com
Starting test: DNS
Test results for domain controllers:
DC: ourdc01.int.domain.com
Domain: int.domain.com
TEST: Delegations (Del)
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
Summary of test results for DNS servers used by the above domain controllers:
DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
2 test failures on this DNS server
Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: int.domain.com
ourdc01 PASS PASS PASS FAIL n/a PASS n/a
......................... int.domain.com failed test DNS
dcdiag on dc01(which can replicate with dc02)
C:\Users\adminuser>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: hostingpartner\ourdc01
Starting test: Connectivity
......................... OURDC01 passed test Connectivity
Doing primary tests
Testing server: hostingpartner\ourdc01
Starting test: Replications
[Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
Win32 Error 8453.
......................... OURDC01 failed test Replications
Starting test: NCSecDesc
......................... OURDC01 passed test NCSecDesc
Starting test: NetLogons
[OURDC01] User credentials does not have permission to perform this operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... OURDC01 failed test NetLogons
Starting test: Advertising
......................... OURDC01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OURDC01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OURDC01 passed test RidManager
Starting test: MachineAccount
......................... OURDC01 passed test MachineAccount
Starting test: Services
......................... OURDC01 passed test Services
Starting test: ObjectsReplicated
......................... OURDC01 passed test ObjectsReplicated
Starting test: frssysvol
......................... OURDC01 passed test frssysvol
Starting test: frsevent
......................... OURDC01 passed test frsevent
Starting test: kccevent
......................... OURDC01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:10:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:11:17
(Event String could not be retrieved)
......................... OURDC01 failed test systemlog
Starting test: VerifyReferences
......................... OURDC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : int
Starting test: CrossRefValidation
......................... int passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... int passed test CheckSDRefDom
Running enterprise tests on : int.domain.com
Starting test: Intersite
......................... int.domain.com passed test Intersite
Starting test: FsmoCheck
......................... int.domain.com passed test FsmoCheck
The problematic dc03:
Dcdiag gives the same output as dcdiag /test:dns
C:\Users\adminuser>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = OURDC03
Ldap search capabality attribute search failed on server NTSDC03, return
value = 81
We have an infoblox dns server on ip address xxx.y.y.251.
first error in event logs on dc03:
error 1863
This is the replication status for the following directory partition on this directory server.
Directory partition:
CN=Configuration,DC=int,DC=domain,DC=com
This directory server has not received replication information from a number of directory servers within the configured latency interval.
Latency Interval (Hours):
24
Number of directory servers in all sites:
2
Number of directory servers in this site:
2
The latency interval can be modified with the following registry key.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
i have also go several warning 2088, 2093, 2087.
And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones

Exchange 2010 - #554 5.2.0 The Active Directory user wasn't found

We have migrated form Exchange 2003 to Exchange 2010 a year ago with no issues. All Exchange legacy servers uninstalled with no issues. We had an issue today were emails sent to mail-enabled public folder was returning NDRs. This happened on two or three
and then trickled down thorugh several public folders. This client has several public folders and uses them for business processes. There have been 100s of incidents now.
Symtoms:
E-mail messages that been sent to mail-enabled public folder in Exchange Server 2010 environment rejected with the following NDR:
#554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn't found. ObjectNotFoundException: The Active Directory user wasn't found. ##
We are getting the following Event log messages on Hub transport servers.
Log Name:      Application
Source:        MSExchange Store Driver
Date:          5/29/2014 2:45:53 PM
Event ID:      1020
Task Category: MSExchangeStoreDriver
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxxxxx
Description:
The store driver couldn't deliver the public folder replication message "Backfill Request (xxxxxxx)" because the following error occurred: The Active Directory user wasn't found..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="MSExchange Store Driver" />
    <EventID Qualifiers="49156">1020</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-05-29T18:45:53.000000000Z" />
    <EventRecordID>168407</EventRecordID>
    <Channel>Application</Channel>
    <Computer>xxxxxx</Computer>
    <Security />
</System>
<EventData>
    <Data>"Backfill Request (xxxxxxx)"</Data>
    <Data>The Active Directory user wasn't found.</Data>
</EventData>
</Event>
Actions:
We have executed the following steps.
1. Start the ADSI Edit MMC Snap-in. Click Start, then Run, and type adsiedit.msc, and then click OK.
2.       Connect & Expand the Configuration Container [YourServer.DNSDomainName.com], and then expand CN=Configuration,DC=DNSDomainName,DC=com.
3.       Expand CN=Services, and then CN=Microsoft Exchange, and then expand CN=YourOrganizationName.
4.       You will see an empty Administrative Group. Expand the CN=YourAdministrativeGroupName.
5.       Expand CN=Servers.
6.       Verify there are no server objects listed under the CN=Servers container.
7.       Right click on the empty CN=Servers container and choose Delete.
8.       Verify the modification, and try to send again the E-mail to the mail-enabled public folder.
To no avail the issue still exists.
We have not rebooted the servers and plan to in the early morning.
We have dismounted/mounted public folder DBs
Does anyone have any other suggestions?
Danny Kennedy, MCSE, MCITP

I have already uninstalled legacy servers a year ago.
This was the solution:
I moved the public folder hierarchy to exchange 2010 using ADSIEdit.
                                  If you don't know adsiedit tool that much check this
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%253Demr_na-c03067450-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&sp4ts.oid=1840527&ac.admitted=1401455429281.876444892.492883150
Danny Kennedy, MCSE, MCITP

MySites for non-Active Directory users

Hi,
we are planning to provide a collaboration farm for
internal users (AD)
external users (external AD, no-trust relationship)
We plan to authenticate users via Claims/ADFS. The idea is to provide a MySite-Farm.
Questions
Are there any issues with providing MySites to non-AD users?
Are there any limitations for providing MySites to non-AD users?
Sven

Hi,
According to your post, my understanding is that you wanted to create MySite for non-Active Directory users.
Yes, it is possible to create them for non-AD users on on-premises SharePoint farms.
You can use the ADFS authenticate to import the users to the user profile database, then create the MySite.
If you are trusted the users to access your site or give them appropriate permissions, I don’t think there are some limitations to create MySite for non-AD users.
Thanks,
Jason
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Jason Guo
TechNet Community Support

How to display active directory users through weblogic portal Application?

Hi,
Does anyone has faced this situation?
I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
I have two doubts on this?
1)Is it I need to write custom code to view the active directory users in our portal?
2)Does I need to use any jars that supports active directory authenticator?
I would appreciate if any one can reply on this with helpfull docs/information.
We are using BEA 8.1 SP4.
Windows 2000.
Surendra

Hi,
I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%@ page import="java.util.Set" %>
<%@ page import="javax.naming.Context" %>
<%@ page import="weblogic.jndi.Environment" %>
<%@ page import="weblogic.management.MBeanHome" %>
<%@ page import="weblogic.management.configuration.DomainMBean" %>
<%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
<%@ page import="weblogic.management.security.RealmMBean" %>
<%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
<%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
<%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
<%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
<%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
<%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
<%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
<%@ page import="weblogic.management.utils.ListerMBean" %>
<%@ page import="javax.management.MBeanException" %>
<%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
<%@ page import="examples.security.providers.authentication.manageable.*" %>
<%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
<%@ page import="weblogic.management.utils.InvalidParameterException" %>
<%@ page import="weblogic.management.utils.NotFoundException" %>
<%@ page import="weblogic.security.SimpleCallbackHandler" %>
<%@ page import="weblogic.servlet.security.ServletAuthentication"%>
<%!
private String makeErrorURL(HttpServletResponse response,
String message)
return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
%>
<html>
<head>
<title>Password Changed</title>
</head>
<body>
<h1>Password Changed</h1>
<%
// Note that even though we are running as a privileged user,
// response.getRemoteUser() still returns the user who authenticated.
// weblogic.security.Security.getCurrentUser() will return the
// run-as user.
System.out.println("------------------------------------------------------------------");
String username = request.getRemoteUser();
System.out.println("User name -->"+username);
// Get the arguments
String currentpassword = request.getParameter("currentpassword");
System.out.println("Current password -->"+currentpassword);
String newpassword = request.getParameter("newpassword");
System.out.println("New password -->"+newpassword);
String confirmpassword = request.getParameter("confirmpassword");
System.out.println("Confirm password -->"+confirmpassword);
// Validate the arguments
if (currentpassword == null || currentpassword.length() == 0 ||
newpassword == null || newpassword.length() == 0 ||
confirmpassword == null || confirmpassword.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Password must not be null."));
return;
if (!newpassword.equals(confirmpassword)) {
response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
return;
if (username == null || username.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Username must not be null."));
return;
// First get the MBeanHome
String url = request.getScheme() + "://" +
request.getServerName() + ":" +
request.getServerPort();
System.out.println("URL -->"+url);
Environment env = new Environment();
env.setProviderUrl(url);
Context ctx = env.getInitialContext();
MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
System.out.println("MBean home obtained....");
DomainMBean domain = mbeanHome.getActiveDomain();
SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
// Sar
EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
RealmMBean realm = secConf.findDefaultRealm();
System.out.println("RealmMBean obtained....");
AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
System.out.println("AuthProvMBean obtained....");
// Now get the UserPasswordEditorMBean
// This code will work with any configuration that has a
// UserPasswordEditorMBean.
// The default authenticator implements these interfaces
// but other providers could work as well.
// We try each one looking for the provider that knows about
// this user.
boolean changed=false;
UserPasswordEditorMBean passwordEditorMBean = null;
System.out.println("UserPwdEdtMBean obtained....");
//System.out.println("Creating MSAI....");
//ManageableSampleAuthenticatorImpl msai =
// new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
//System.out.println("Done....");
for (int i=0; i<authenticators.length; i++) {
System.out.println("### Authenticator --->"+authenticators);
if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
ActiveDirectoryAuthenticatorMBean adamb =
(ActiveDirectoryAuthenticatorMBean)authenticators[i];
System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
String listers = adamb.listUsers("*",0);
while(adamb.haveCurrent(listers))
System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
adamb.advance(listers);
if (authenticators[i] instanceof UserPasswordEditorMBean) {
passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
System.out.println("Auth match ...."+passwordEditorMBean);
try {
// Now we change the password
// Sar comment
System.out.println("Password changed....");
//passwordEditorMBean.changeUserPassword(username,
// currentpassword, newpassword);
changed=true;
// Sar Comment
catch (InvalidParameterException e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
catch (NotFoundException e) {
catch (Exception e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
// Sar code
LDAPAuthenticatorMBean ldapBean = null;
UserReaderMBean urMBean = null;
UserEditorMBean ueMBean = null;
GroupReaderMBean gMBean = null;
//ListerMBean lBean = null;
try
if (authenticators[i] instanceof LDAPAuthenticatorMBean)
ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
String userFilter = ldapBean.getAllUsersFilter();
System.out.println("userFilter ="+userFilter);
if (authenticators[i] instanceof UserEditorMBean)
try
System.out.println("UserEditorMBean...");
ueMBean = (UserEditorMBean) authenticators[i];
System.out.println("List users..."+ueMBean);
boolean b = ueMBean.userExists("webuser");
System.out.println("User Exists->>>"+b);
String cursor = ueMBean.listUsers("webuser", 2);
System.out.println("List User ----->"+cursor);
catch(InvalidParameterException e)
response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
catch(java.lang.reflect.UndeclaredThrowableException e)
response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
e.printStackTrace();
catch(Exception e)
response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
catch(Exception ex)
ex.printStackTrace();
response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
return;
if (passwordEditorMBean == null) {
response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
return;
System.out.println("pwd changed ->"+changed);
if (!changed) {
// This happens when the current user is not known to any providers
// that implement UserPasswordEditorMBean
response.sendRedirect(makeErrorURL(response,
"No password editors know about user " + username + "."));
return;
%>
User <%= username %>'s password has been changed!
<br>
<br>
</body>
</html>
Here is the console log
User name -->webuser
Current password -->i
New password -->u
Confirm password -->u
URL -->http://localhost:7011
MBean home obtained....
Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
RealmMBean obtained....
AuthProvMBean obtained....
UserPwdEdtMBean obtained....
### Authenticator --->Security:Name=myrealmDefaultAuthenticator
Auth match ....Security:Name=myrealmDefaultAuthenticator
Password changed....
UserEditorMBean...
List users...Security:Name=myrealmDefaultAuthenticator
User Exists->>>true
java.lang.reflect.UndeclaredThrowableException
at $Proxy1.listUsers(Unknown Source)
at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
a:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
64)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.management.MBeanException
at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
ava:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
... 14 more
### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
pwd changed ->true
Can u pls let me know how to get all the entries from LDAP.
Thanx
Sar

Open Directory Active Directory users want to know Is there a method?

Help
Open Directory Active Directory users want to know Is there a method?
Or can I make the Active Directory users to share on the Open Directory.
My goal is to use our school Mac computers with SSO

If I understand your question correctly, using Active Directory with OSX, there are a few ways this can be accomplished.
One way is by joining each Mac directly to Active Directory. This doesn't take advantage of the additional managed preference available to OSX, but does allow AD users to authenticate on OSX. On each machine, one would open System Preferences > Accounts > Login Options > Click Join next to Network Account Server. Follow the prompts and provide the domain name of your Active Directory deployment to join the system.
Another method is to follow the steps above, but only after extending the Active Directory Schema to support the OSX-specific managed preferences. It's a mostly harmless operation and means that you'll have a single administration interface for both OSX and Windows systems. The AD Schema information is available from Apple Support, but may also be readily available on the Internet.
Because our Windows team preferred to not change our AD schema any more than we already had, we used a different method. We created an Open Directory Master on one of our OSX servers, then we joined it as a member server to Active Directory. Next, we join all of our OSX workstations and laptops as members to the Open Directory domain instead of to Active Directory. This way, SSO still works. New user accounts are added to Active Directory and all managed preferences for OSX can be managed through the native OSX Workgroup Manager tool.
I think there are some instructions in the User Management PDF (Mac OS X Server, User Management, Version 10.6 Snow Leopard) or in the Advanced Server Admin PDF (Mac OS X Server, Advanced Server Administration, Version 10.6 Snow Leopard) but not completely certain. This page might have the docs.

Unable to login @ login window with Active Directory User

I successfully bound my test machine to Active Directory and can search using dscl and id. I can also su to my active directory user account an authenticate perfectly. All search bases are correct and everything else looks fine.
When I attempt to login from the login window as an AD user, the window shakes. Clicking under Mac OS X shows that "Network Accounts Available". Looks like the CLI tool "dirt" is now gone as well, although insecure it would possibly show something here.
Anyone else having issues after binding to AD? I bound using the Directory Utility gui... I have not tried using my leopard bind script yet.
Thanks,
Ken

I have pretty well the same problem. The machine was already bound to AD prior to upgrade. After could not login on with my account (jball). Can log on with other accounts from the same domain (we only have one AD domain). Can also su to jball in a terminal session. Can't access network resources with jball when I try to connect to a windows server through the finder, instantly comes up with bad username or password, doesn't even think about it.
I have removed any copies of the home folder under either /Users or /Domain as I have had problems with that before. Have repaired permissions and unbind and bind the machine to AD. Have been at this all day now and no closer. Get these error messages in console:
31/08/09 4:49:27 PM SecurityAgent[666] Could not get the user record for 'jball@domainname' from Directory Services
31/08/09 4:49:27 PM SecurityAgent[666] User info context values set for jball@domainname
31/08/09 4:49:27 PM SecurityAgent[666] unknown-user (jball@domainname) login attempt PASSED for auditing

Logging into weblogic console using Active directory users?

Hi,
We developed a portal application using BEA 8.1 by getting users from embidded LDAP provided with the weblogic server.Now we need to access the users accounts stored in active directory.we configured new active directory authenticator and able to see the user and group names in the weblogic console. when we try to login to the console using one of the active directory user names, we are unable to login.
I would be thankful if any one can help on this.
Thanks & Regards
Surendranath Reddy

Hi Surendranath,
I am trying to attempt the same task, but have been unsuccessful so far. If you have had any luck with this, please let me know.
I can get MS AD to work just fine in the Security Provider and it works via the developers application, but I cannot login using the Active Directory users from the Admin Console.
Thanks,
Kevin.

10.7.4 Web Access for Active Directory Users

Does anyone know how to permantly set the AuthType in Web Services to Basic ?
The reason I ask is I have a web site I want to protect and allow active directory users access to it.
I have added the users to a local group, added the group to the Who Can Access option.
Local users can log in but not Active Directory. If I edit the conf file for the site in /etc/apache2/sites and change the AuthType from Digist to Basic it works fine until I change something in the server app then the conf file gets rewritten.
Dan

I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility

Issue with Active Directory User Target Recon

Hi ,
I am facing an issue with Active Directory User Target Recon
My environment is OIM 11g R2 with BP03 patch applied
AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
Checked the user profile of users processed can see AD account provisioned for users
My query is why this job is not processing allthe users.Please point if i am missing some thing .
thanks in advance

Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
-Bikash

Windows 2008 Server - Cannot run Active Directory Users and Computers

Hi,
I am running Windows 2008 Server with latest windows updates installed. Directory Services Role also.
I attempt to open Active Directory Users and Computers tool and I get a;
Microsoft Visual C++ Runtime Library error;
"The Application has requested the runtime to terminate it in a unusual way. Please contact the application's support team for more information"
I click ok, then get the following debug info;
Problem signature:
Problem Event Name: APPCRASH
Application Name: mmc.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47919524
Fault Module Name: msvcrt.dll
Fault Module Version: 7.0.6001.18000
Fault Module Timestamp: 4791ad6b
Exception Code: 40000015
Exception Offset: 0000000000029b06
OS Version: 6.0.6001.2.1.0.272.7
Locale ID: 3081
Additional Information 1: 43aa
Additional Information 2: cf3a46656318492c1997480001b6b0e0
Additional Information 3: 3837
Additional Information 4: 92f72e0d0589ff77cef51e0a413aeff6
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
If someone could please assist, it would be very much appreciated.
Regards
B

Hi,
To solidly troubleshoot this kind of issue, we need to debug dump file. A suggestion would be to contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
However, I am also glad to share my research.
Some third party applications may lead to this error. Please check if you install other third party applications on Windows server 2008?
Also, please follow the article below to perform necessary steps to see how it's going?
FIX: You receive an "invalid page fault in module MSVCRT.DLL" error message after you install the run-time libraries from Visual C++ 6.0
http://support.microsoft.com/kb/190536/en-us
Hope this helps.
Best wishes
Morgan Che

Configuring Active Directory user to Authenticate against OSB proxy service

Similar Messages

Maybe you are looking for