Hitting limit when adding users to groups via powershell

Similar Messages

• Suddenly getting 404 error when adding user to group

  Hi,
  I have an OAM 10.1.4.0.1 instance that's been working fine.
  However, today, I noticed that when I tried to add a user to a group, when I am in the selector page and click a user, I then get an HTTP 404 error.
  I've searched all of the log files that I can find, and I can't see any error messages. The only thing that is showing an error in a log is the IIS that I have setup with WebGate for OAM Admin. I get a "404" error with a sc-win32-status or "3".
  I have restarted everything, and that still hasn't helped.
  Does anyone here know what might be causing this, or how to diagnose the problem?
  Thanks,
  Jim

  Hi,
  I'm answering my own question/problem here, but hopefully this info will help someone else.
  I was able to get adding users to groups working again. I found that after I cleared the cache in my browser (IE6), the "add user to groups" started working again, without the HTTP 404 error.
  In hindsight, I guess this kind of makes sense, because if you ever watch the URIs on the selector pages, they all look alike, so I'm guessing the IE would not send a full GET request, but the "content" was no longer valid on the OAM server, thus the 404 error.
  Jim

• Field GROUPS not a member of INPUT when adding user to group in sap using BAPI_USER_CHANGE

  when trying to add User to Group using BAPI_USER_CHANGE in the Import Parameters GROUPSX = X
  I'm getting following error :
  com.sap.conn.jco.JCoRuntimeException: (127) JCO_ERROR_FIELD_NOT_FOUND : Field GROUPS not a member of INPUT
  BAPI_USER_CHANGE function work correctly for other parameters such as ADDRESSX, DEFAULTSX, PASSWORDX, LOGONDATAX, ALIASX
  But in case GROUPSX I am getting above error.
  Also I could able to add all above attributes including GROUPSX to user using sap logon. so it should be possible from BAPI as well.
  Any input will be appreciated.

  My bad,
  I meant GROUPS is not an input parameter but a table parameter.
  This is the ABAP definition of the BAPI:
  function bapi_user_change.
  *"*"Lokale Schnittstelle:
  *"  IMPORTING
  *"     VALUE(USERNAME) LIKE  BAPIBNAME-BAPIBNAME
  *"     VALUE(LOGONDATA) LIKE  BAPILOGOND STRUCTURE  BAPILOGOND OPTIONAL
  *"     VALUE(LOGONDATAX) LIKE  BAPILOGONX STRUCTURE  BAPILOGONX
  *"       OPTIONAL
  *"     VALUE(DEFAULTS) LIKE  BAPIDEFAUL STRUCTURE  BAPIDEFAUL OPTIONAL
  *"     VALUE(DEFAULTSX) LIKE  BAPIDEFAX STRUCTURE  BAPIDEFAX OPTIONAL
  *"     VALUE(ADDRESS) LIKE  BAPIADDR3 STRUCTURE  BAPIADDR3 OPTIONAL
  *"     VALUE(ADDRESSX) LIKE  BAPIADDR3X STRUCTURE  BAPIADDR3X OPTIONAL
  *"     VALUE(PARAMETERX) LIKE  BAPIPARAMX STRUCTURE  BAPIPARAMX
  *"       OPTIONAL
  *"     VALUE(COMPANY) LIKE  BAPIUSCOMP STRUCTURE  BAPIUSCOMP OPTIONAL
  *"     VALUE(COMPANYX) LIKE  BAPIUSCOMX STRUCTURE  BAPIUSCOMX OPTIONAL
  *"     VALUE(SNC) LIKE  BAPISNCU STRUCTURE  BAPISNCU OPTIONAL
  *"     VALUE(SNCX) LIKE  BAPISNCUX STRUCTURE  BAPISNCUX OPTIONAL
  *"     VALUE(BACK_DISTRIBUTION) LIKE  BAPIFLAG STRUCTURE  BAPIFLAG
  *"       DEFAULT SPACE
  *"     VALUE(PASSWORD) LIKE  BAPIPWD STRUCTURE  BAPIPWD OPTIONAL
  *"     VALUE(PASSWORDX) LIKE  BAPIPWDX STRUCTURE  BAPIPWDX OPTIONAL
  *"     VALUE(ADDCOMX) LIKE  BAPIADCOMX STRUCTURE  BAPIADCOMX OPTIONAL
  *"     VALUE(REF_USER) LIKE  BAPIREFUS STRUCTURE  BAPIREFUS OPTIONAL
  *"     VALUE(REF_USERX) LIKE  BAPIREFUSX STRUCTURE  BAPIREFUSX OPTIONAL
  *"     VALUE(ALIAS) TYPE  BAPIALIAS OPTIONAL
  *"     VALUE(ALIASX) LIKE  BAPIALIASX STRUCTURE  BAPIALIASX OPTIONAL
  *"     VALUE(GROUPSX) LIKE  BAPIGROUPX STRUCTURE  BAPIGROUPX OPTIONAL
  *"     VALUE(UCLASS) TYPE  BAPIUCLASS OPTIONAL
  *"     VALUE(UCLASSX) TYPE  BAPIUCLASSX OPTIONAL
  *"     VALUE(EXTIDSX) TYPE  BAPIUSEXTIDX OPTIONAL
  *"     VALUE(PRODUCTIVE_PWD) TYPE  BAPIFLAG-BAPIFLAG DEFAULT SPACE
  *"  TABLES
  *"      PARAMETER STRUCTURE  BAPIPARAM OPTIONAL
  *"      RETURN STRUCTURE  BAPIRET2
  *"      ADDTEL STRUCTURE  BAPIADTEL OPTIONAL
  *"      ADDFAX STRUCTURE  BAPIADFAX OPTIONAL
  *"      ADDTTX STRUCTURE  BAPIADTTX OPTIONAL
  *"      ADDTLX STRUCTURE  BAPIADTLX OPTIONAL
  *"      ADDSMTP STRUCTURE  BAPIADSMTP OPTIONAL
  *"      ADDRML STRUCTURE  BAPIADRML OPTIONAL
  *"      ADDX400 STRUCTURE  BAPIADX400 OPTIONAL
  *"      ADDRFC STRUCTURE  BAPIADRFC OPTIONAL
  *"      ADDPRT STRUCTURE  BAPIADPRT OPTIONAL
  *"      ADDSSF STRUCTURE  BAPIADSSF OPTIONAL
  *"      ADDURI STRUCTURE  BAPIADURI OPTIONAL
  *"      ADDPAG STRUCTURE  BAPIADPAG OPTIONAL
  *"      ADDCOMREM STRUCTURE  BAPICOMREM OPTIONAL
  *"      GROUPS STRUCTURE  BAPIGROUPS OPTIONAL
  *"      PARAMETER1 STRUCTURE  BAPIPARAM1 OPTIONAL
  *"      UCLASSSYS STRUCTURE  BAPIUCLASSSYS OPTIONAL
  *"      EXTIDHEAD STRUCTURE  BAPIUSEXTIDHEAD OPTIONAL
  *"      EXTIDPART STRUCTURE  BAPIUSEXTIDPART OPTIONAL
  So the error message is correct, GROUPS is not an INPUT parameter.

• Error when opening User and Group Preferences

  After upgrading to Lion there is an error when opening User and Group Preferences.
  I´ve repaired permissions but the problem is still there...
  Thanks...

  Hi,
  Double click on ur webdynpro application.Go to application properties tab.create new application property,select predefined property->browse->it will open a popup->select expiration time->give the value for expiration time.
  or
  Refer the note : [842635|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=842635&nlang=EN&smpsrv=https%3a%2f%2fwebsmp206%2esap-ag%2ede]
  Hope it helps,
  Reward points if helpful.
  Regards,
  Shailesh Nagar

• Adding users to groups

  Hi,
  can any one share documents/resources pertaining to how to create sap user groups in BOE.
  how to add groups to users.
  how to import sap users.
  etc

  Hi,
  You can find the product documentation here:
  http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000713358&_SCENARIO=01100035870000000202&
  Specifically, go to the "Integration for SAP Solutions" section and take a look at the Installation and Administration guide:
  https://websmp210.sap-ag.de/~sapidb/011000358700000559912010E/xi31_sp3_bip_sap_inst_en.pdf
  As far as adding users and groups to the system, this is down through the CMC.  The Business Objects Enterprise Administrators guide should help you with these tasks: 
  http://help.sap.com/businessobject/product_guides/boexir31SP3/en/xi31_sp3_bip_admin_en.pdf
  To add users/groups to the BOE system, you have to go into the CMC/Authentication section and click on the SAP tab.  In here, you configure your SAP system information and add the groups that you wish to import into BOE.  Once you add the groups through here, the user accounts and groups will be mapped in to the Users and Groups section of the CMC.  From here, you can treat them like any other group in the system.
  You add users to the SAP groups the same way you would for BW or any other SAP product.  If a new user is added to an SAP group that is imported into BOE, then that user will be able to logon to the BOE system.
  We also have many notes on these subjects. 
  thanks
  Jonathan

• Is update not approved for a specific group via powershell.

  My apologies in advance for asking a similar question to the one I asked two months ago,
  is update approved for specific group via powershell? I thought I had this covered, but as I've found time to continue to work on this project I see that it does not.
  I have a script that iterates through updates and if the release date is older than 30 days and they have not already been “Approved for Install” or “Approved for Removal” for a specific group it approves them. I am currently faced with the dilemma that
  when an update is set to “Not Approved” for the specific group I’m working on it does not come across in my group’s approvals and there for I cannot detect its current state to know if I should approve it. In other words, I don’t want to approve an update
  that I set to not approved for a specific group.
  I am currently achieving all this so far by connecting to my WSUS server and getting any and all updates via $all = $wsus.GetUpdates(). I Then get my group’s approved updates via $groupApproved = $wsus.GetUpdateApprovals($GroupScope) where ApprovedStates
  = "Any" and ApprovedComputerTargetGroups.Add($current_wsus_group). While iterating through $all I grab updates that are older than 30 days and check to see if the updateID exists in my $groupApproved. If it does not, I approve the update. Like I
  said before, an explicitly unapproved update for my group does not show up in my $groupApproved. I understand it’s because of my GetUpdateApprovals($GroupScope) being just that and only getting approved for install or uninstall, but even when I try to simply
  GetUpdates($GroupScope) I am still not returned explicitly unapproved updates. Below is a screen shot of what I mean by explicitly setting an update to unapproved for a group. I’ve read up on
  ApprovedStates and possible enumerated values and it does include "NotApproved" defined as "Includes updates that have not been approved or declined.".
  Hope all that makes sense, thanks for the help.

  So, I've decided to go about this a different way. Rather than getting all updates and comparing them to approvals via a scope of updates for my specific group (which includes all actions but Not Approved), I am going to look at specific approvals for each
  update and see if there is a match for my group. A simplfied version of this is below. 
  $AnyAllUpdates = $wsus.GetUpdates()
  foreach ($udpate in $AnyAllUpdates)
  if ($update IsNOTDeclined IsNOTSuperseded LegacyNameNOTIA64 CreationDateLTDATE yada yada yada)
  # get the approvals for this udpate as they relate to my group
  $uApprovals = $update.GetUpdateApprovals() | ?{$_.ComputerTargetGroupId -eq $wsus_group.Id}
  if ($uApprovals)
  if ($uApprovals.action -eq "Install")
  # do nothing, the udpate was approved for install
  elseif ($uApprovals.action -eq "Uninstall")
  # do nothing, the update was approved for uninstall
  elseif ($uApprovals.action -eq "NotApproved")
  # do nothing, the udpate was not approved for install
  else
  # since there was no specific action then it must be an inherited not approved from teh parent group
  # approve the update!

• Known limit for how many characters can be entered in the To field when adding People and Groups ?

  I am running MOSS 2007 SP1. I browse to site settings > People and groups and a group which has more than 60 members. I select all > Click Actions > Email Users. Nothing happens. I select less users, new outlook window comes up as it should. I am running outlook 2007. I first thought that the limit was 50 users, but different user selections let me select 51 users as well. I then concentrated on the character limit and I noticed that there were about 1580 characters in the To field when I selected 50/51 users.
  Is there a known limit in sharepoint/outlook client for this function on how many characters can be entered in the To field?

  Hello Amar,
  This is a by-design behavior, not from SharePoint side, but Internet Explorer. The limitation by the 2083 characters in IE for the Max URL length is described in the following KB article:
  (KB208427) Maximum URL length is 2,083 characters in Internet Explorer
  http://support.microsoft.com/default.aspx?scid=kb;EN-US;208427
  As a workaround, you may need to divide the list up and not send all the email at the same time. Hope it helps!
  Best Regards,
  Lionel

• How can I see more than 100 users when adding users to a node?

  When adding new users through the User Management interface, only the
  first 100 entries are listed. How do I increase the number of entries
  so I can see the next hundred (or more) users? Is this done via the server
  configuration parameter maxsearchresult?
  <P>
  The GUI Add User to Node option was meant for infrequent adds in smaller
  environments. In large deployments (more than 100 user adds at a time), you
  should be using the command line script "unidsattach". See the Administrators
  Guide for more details on the command.
  <p>
  The parameter, maxsearchresult, is meant to limit the number of users that can
  be returned on a search request by the calendar client. For example, if you have
  1000's of calendar users and someone tries to search for all of them, this
  parameter will make sure that the user is not left waiting a long time for
  results.

  In Settings > Notification Center, try turning "on" all the six buttons under "Today View".  Also turn "on" the top two buttons under "Access on Lock Screen".  Doing that should show you "Tomorrow" at the bottom of Noticiation Center.

• What is the difference between using the command "dsmgmt" and the "Managed By" tab when adding users to the local administrators Account on a Read-Only Domain Controller?

  When I use the
  "dsmgmt" command to add a user to the local administrators account of a RODC I can actually see the user when I use the "Show Role Administrators" parameter. However, I can't see the members of the
  group added to the "Managed By" tab of the RODC object in AD. Even though, the users added using
  "dsmgmt" and by the "Managed By" tab can all log in locally and have admin rights to the RODC. Are there any differences between these two ways of adding users to the local administrators account? 

  Hi,
  For groups, managedBy is an administrative convenience to designate “group admins”. Whatever principal listed in
  managedBy gets permission to update a group’s membership (the actual security is updated on the group’s AD object to allow this).
  In Win2008 and later managedBy also became the way you delegated local administration on an RODC, allowing branch admins to install patches, manage shares, etc. (http://technet.microsoft.com/en-us/library/cc755310(WS.10).aspx). 
  On the RODC, this is updating the RepairAdmin registry value within RODCRoles.
  So the difference between them should be only the way they do the same thing.
  For more details, please refer to the below article:
  http://blogs.technet.com/b/askds/archive/2011/06/24/friday-mail-sack-wahoo-edition.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• TFS 2013: Access problem when adding a AD group to members

  Hi there!
  I have a big access problem. It seems I cant log into TFS if I add a AD group to a collection but I can log in if I add single users from the same group.
  EDIT: The group I want to add is from another domain. Maybe thats the reason for the problem?
  Any ideas? I dont want to add 150 users one by one ;)

  Hi John
  I will try to answer your questions :)
  There’s two domains, TFSdomain and Userdomain, right? - Yes
  The TFSdomain one way trust to Userdomain? - Yes
  If you add a single account(Userdomain) into your TFS Server, this single account(Userdomain) can connect to TFS Web Access or your account can connect to TFS Web Access? Your account and this single account(Userdomain) are not the same account? -
  I have two accounts, one User domain accout and one TFS domain account that is TFS administrator. If I use the TFS domain account to add the User domain account as a project group member this user domain account will be able to access the TFS web access
  from the user domain.
  If you add an AD group(Userdomain) into your TFS Server, the user in this AD group(Userdomain) will cannot access TFS Web Access or your account cannot access TFS Web Access? Your account and this user are the same account? Or your account included in this
  AD group(Userdomain) too? - The user domain:s "domain users" group includes my user domain account. If I add the user domain:s "domain users" group as a project group member in TFS (with my domain user) my user domain account will
  not be able to access the TFS web access from the user domain.
  When connect to TFS Web Access failed, what’s the error message you received? - There is no error message, I am only asked to log in again.
  If you cannot access TFS Web Access, how did you add AD group(Userdomain) into your TFS Server? Or once you added the AD group(Userdomain) into TFS Server, you will cannot access TFS Web Access immediately? Your account is a Userdomain user? -
  I added it with my TFS user domain administer account
  The scenario is as follows:
  I have a one way trust from tfs domain to user domain.
  I add a user domain account as a project group member in TFS. Now this account is granted access to the project using the TFS web access client.
  I remove the user again.
  I add the users domain:s "domain users" group (where my user domain account is included) as a project group member in TFS. Now my user account is
  not granted access to the project using the TFS web access client.
  Hope this will spread some light on the problem.
  Thanks Stefan

• Adding User to Group Programatically?

  I've used the APIs below to create portal users and apply a
  group number to them when they are inserted into the Portal User
  table. However, when the users log into the portal, they still
  are not attached to any group (i.e. Portal objects that can only
  be viewed by certain group members, cannot be seen by the
  programatically added users unless it is done manually in
  Portal). Does anyone have an idea as to how to get this to work?
  Thank You in advance,
  Justin
  Code to add users:
  PORTAL30_SSO.WWSSO_API_USER_ADMIN.CREATE_USER(v_username,
  v_password, v_admin_email, null, null, false, l_error_return);
  PORTAL30.WWCTX_API_PRIVATE.SET_CONTEXT('PORTAL30','');
  portal30.create_portal_user(v_username);
  portal30.wwsec_api.set_defaultgroup(10, v_username);

  I answered my own question. This seems to be the best procedure
  form programatically adding users and applying them to existing
  groups:
  PORTAL30_SSO.WWSSO_API_USER_ADMIN.CREATE_USER(v_username,
  v_password, v_email, null, null, false, l_error_return);
  PORTAL30.WWCTX_API_PRIVATE.SET_CONTEXT('PORTAL30','');
  portal30.create_portal_user(v_username);
  portal30.wwsec_api.set_defaultgroup(9, v_username);
  portal30.wwsec_api.add_user_to_list(portal30.wwsec_api.id
  (v_username), 9, portal30.wwsec_api.NOT_OWNER);

• AD Group membership not updating in Sharepoint Foundation when adding Active Directory group to Sharepoint group

  I have Sharepoint Foundation installed with the latest CU updates.  It is running on a VMware box (Windows Server 2008 R2 Standard) with its backend on a SQL Server 2008 R2 vmware box.  The farm account is a domain user and has been given all appropriate
  replication rights, etc to active directory.
  Everything seems to be working fine except for security integrated with AD groups.  When I go to edit permissions I can add individual AD users just fine and remove them just fine and their access is taken away right away or given to them right away.
   I can also find AD groups in the people picker and add them to the site. When I add new groups to AD, they are found immediately within Sharepoint, and when I delete groups from AD, they are taken out of the people picker right away.  Now comes
  the weird part.  When I add an AD group to the site, all users currently within that AD group are given access to the Sharepoint Site.  This works for the first time only.  Now when I add or remove users from the AD groups, it does not update
  in SharePoint.  For example, I have an AD testuser1 in the AD Group "All Users".  testuser1 does not have access to SharePoint.  So I add  the AD group to the Sharepoint group "Visitors".  testuser1 now has read access to the sharepoint
  site.  Now, I remove testuser1 from the AD group, but testuser 1 still has access to the site even though he is not part of the AD group, nor does he have any individual permissions to the site.  Now, I add testuser2 to the ad group.  testuser2
  does not have access to the site, even though he is part of the ad group.
  It seems that the only time AD group security is working for me is when I first initially add the AD group to the site.  From then on, it's like sharepoint is caching the members of the group and not updating any new adds or deletes from the groups.
   Any ideas?  I am lost on where to go from here as I have tried everything from clearing cache files, rebooting servers, iisresets....

  I think I have at least cornered the problem, but am not 100% sure yet that it is the correct answer.  I think it could be 1 of the following 2 scenarios.
  Scenario 1:  We have 3 web applications setup on our web server ports 80 - Our sharepoint Web app, 2020 - Our My Site Web App, 2040 - Our Search Web app.  We are using host headers (http://sharepoint.***.com) instead of a server name.  So
  we setup our access mappings (Central Admin -> Application Management -> Configure Alternate access mappings) to use the host header (http://sharepoint.***.com) as the default mapping and the server name as the intranet access mapping.  By
  setting the default access mapping to host headers, i noticed that Sharepoint automatically assumes that all web apps are on port 80.  You can see this by going to (Central Admin -> Manage Web Applications).  The port listed all 3 web apps on
  port 80.  So I think when I was doing a profile sync and using mysites, it was messing with my AD security because of this.  What I did was the following.  I went to Central Admin -> Manage Service Applications -> [Name of your user profile
  service] -> Setup my sites.  I made sure that my preferred search center had the correct port number on it (mine originally had no port number), that my my site host had a port (again no port number originally), as well as the personal site location.
   I then saved this.
  Scenario 2:  Our user profile sync had 2 BDC connections that were corrupt and throwing errors.  I rebuilt the connections, remapped them to the proper user profile property.
  I did both of these scenarios above around the same time.  I then restarted all my servers, and at last the AD Group security is now functioning appropriately.  I have done multiple IIS resets and server restarts.  The issue has only reappeared
  once.  After restarting the machine again, we were back to the AD groups functioning correctly.  Because we had the issue reappear once after doing the above, I still do not feel 100% sure that either one of the above corrected the issue completely.
  As long as we are up and running currently, I am moving on to other tasks with this project.  My only concern that it will break again and I will have to revisit it is when we restart the servers....which is never fun.  I will update as I find
  a "true" answer to this issue....  Let me know if any of the above helped you or if you find something I may not have thought of.

• When to user Availability Group versus traditional Clustered SQL Server

  Hi...
  I'm trying to get my arms around when to use an SQL Server 2014 Availability Group. Here are the characteristics about my platform:
  2 physical servers (Windows Server 2012 / SQL Server 2014)
  Both servers connected to same LAN
  External SAN storage connected DIRECTLY to each physical server via fibr3-channel. (No fibre-channel switch)
  Database resides on SAN storage.
  I've set up a failover cluster between the 2 physical servers.
  I've created a high availability group with a Primary/Secondary and synchronization.
  Both Primary/Secondary are green and show synchronized. The concern I have is that the Primary says Synchronizing (No Data Loss) and the Secondary says Not Synchronizing (Data Loss). When I use the Failover Wizard to failover, it tells me that I will have
  data loss on the Secondary.
  So my questions are these, do you need more than one Secondary node to have an effective Availability Group? If I only plan to have the 2 physical servers, should I be setting up a traditional Clustered SQL Server installation.
  I've used the traditional Clustered SQL Server in the past and used the Active/Passive licensing for the SQL Server software but the Always On Availability Group looked interesting to me, but NOT if it requires more than 2 physical servers and more
  than 2 SQL Instances (and licenses) to provide proper failover capability.
  All input will be appreciated.
  Thanks,
  Brett

  Hi Brett,
  An AlwaysOn Availability Group is created between several standalone SQL Server instances, you don’t need to set up a traditional clustered SQL Server installation when configuring AlwaysOn Availability Group. Also you can have an effective Availability Group
  with only one Secondary node.
  From your description, you have an synchronous-commit availability secondary replica
  and it says Not Synchronizing. This issue can be caused by the following:
  •The availability replica might be disconnected.
  •The data movement might be suspended.
  •The database might not be accessible.
  •There might be a temporary delay issue due to network latency or the load on the primary or secondary replica.
  Please resolve any connection or data movement suspend issues. You can check the events for this issue using SQL Server Management Studio, and find the database error.
  Reference:
  Data synchronization state of some availability database is not healthy
  Availability databases in unhealthy data synchronization state (Error: 35285, Severity: 16, State: 1.)
  Thanks,
  Lydia Zhang
  If you have any feedback on our support, please click
  here.
  Lydia Zhang
  TechNet Community Support

• Batch adding users to group

  Is it possible to create a LC user group and batch add users to the group?
  Example:  I have ~120,000 users in my domain but I want only 950 of those users to have access to a new form we will be going live with soon.  To do this I want to create a group for this form but I don't want to have to manually add the 950 users to the group.
  ~Josh

  1. Create a DirectoryManagerServiceClient Instance as follows,
      Properties connectionProps = new Properties();
      connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, "jnp://localhost:1099");
      connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,Service ClientFactoryProperties.DSC_EJB_PROTOCOL);
      connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
      connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, userName);
      connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, password);
      //Create a ServiceClientFactory object
     ServiceClientFactory scf = ServiceClientFactory.createInstance(connectionProps);
     //Create a DirectoryManagerServiceClient object
     DirectoryManagerServiceClient directoryManager = new DirectoryManagerServiceClient(scf);
  2. Create a local group as follows,
     Group group = UMBaseLibrary.createGroup(groupCanonicalName, domainName, PrincipalTypes.PRINCIPALTYPE_GROUP);
     String groupOid = directoryManager.createLocalGroup(group);
     You can also create the above group by going to User Manager AdminUI. i.e. Home  > Settings > User Management > Users and Groups
  3. Once done with creating a group, now we want to make the 950 users members of this group
     The API to be used is directoryManager.addPrincipalToLocalGroup(String userOid, String groupOid);
  4. You'll have to run the above API for all the 950 users.
     So, fetch the userOid through PrincipalSearchFilter based on some matching critera as follows, let say emailAddress
         PrincipalSearchFilter filter = new PrincipalSearchFilter();
         filter.setPrincipalType(User.PRINCIPALTYPE_USER);
         filter.setRetrieveOnlyActive(true);
         filter.setEmail(Email_address_OfUser_To_be_Searched);
         List principals = (ArrayList)directoryManager.findPrincipals(filter);
         for(Principal principal:principals){
            User user = (User)principal;
            directoryManager.addPrincipalToLocalGroup(user.getOid(), groupOid);

• Multiple event handlers registered for the same event and error when adding users to sec groups

  Project Server 2013 CU April (May) 2014
  I've created and installed two event handlers (separate dll:s) and both are triggering on Project Published - initially, both are working fine.
  After an IISReset, trying to create a new security group (or add a user to an existing group) will result in an error on the page and a corresponding error in the ULS log - the latter indicating an error in the method security.creategroups, and specifically
  a problem 'An item with the same key has already been added.'
  An SQL trace reveals a break in execution after executing the proc 'pub.MSP_ADMIN_ReadEventReceivers' which returns all registered event handlers.
  In my case, the result of that proc execution shows that there are two event handlers registered with an EVENT_ID of 53 (Project Published) and with ORDER_FIRED set to 1 and 2 respectively.
  I tried removing one of the event receivers using the Central Admin PWA interface and then everything worked just fine - I added the event receiver back again, and everything STILL worked! IISReset and I got the error back again. :-(
  Since there's obviously some problem with reading multiple entries from that table regardless of the ORDER_FIRED differentiation, I tried temporarily modifying one of the '53' entries in the table directly and then the sec group was created just fine!
  I would like to know if anyone else has seen this? I've seen this on three separate installations now after deploying a second event listener onto those systems.
  /Lars Hammarberg
  //Lars Hammarberg www.connecta.se

  Hi Lars,
  yes I have seen the same issue. It is not related to April CU. I had the error before with SP1.
  It is not only an issue with the security groups. At least in our case nothing worked at all. No custom field editing, all Queue Jobs failing.
  For your case I suggest you consolidate your code in one eventhandler.
  Theory says that you can have more than 1 (up to 999) eventhandlers for one Event (http://msdn.microsoft.com/en-us/library/ms481079(v=office.12).aspx) but that seems not to
  work. Not sure, if it worked in earlier versions.
  Kind regards
  Christoph
  Christoph Muelder | Senior Consultant, MCTS, MCSE, MCT | SOLVIN information management GmbH, Germany