How to import your MS Active Directory users in an Oracle table
Hello,
I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
This doesn't work so I used an alternative solution:
How to import your MS Active Directory users in an Oracle table
- a Visual Basic script for export from Active Directory
- a table in my database
- a SQL*Loader Control-file
- a command-file to start the SQL*Loader
Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
Just to share my scripts:
I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
'Export_ActiveDir_users.vbs 26-10-2006
'Script to export info from MS Active Directory to a CSV-file
' Accountname, employeeid, Name, Function, Department etc.
' Richard de Boer - Wetterskip Fryslan, the Nethterlands
' samaccountname Logon Name / Account
' employeeid Employee ID
' name name
' displayname Display Name / Full Name
' sn Last Name
' description Description / Function
' department Department / Organisation
' physicaldeliveryofficename Office Location Wetterskip Fryslan
' streetaddress Street Address Harlingerstraatweg 113
' l City / Location Leeuwarden
' mail E-mail adress
' wwwhomepage Web Page Address
' distinguishedName Full unique name with cn, ou's, dc's
'Global variables
Dim oContainer
Dim OutPutFile
Dim FileSystem
'Initialize global variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
'Enumerate Container
EnumerateUsers oContainer
'Clean up
OutPutFile.Close
Set FileSystem = Nothing
Set oContainer = Nothing
WScript.Echo "Finished"
WScript.Quit(0)
Sub EnumerateUsers(oCont)
Dim oUser
For Each oUser In oCont
Select Case LCase(oUser.Class)
Case "user"
If Not IsEmpty(oUser.distinguishedName) Then
OutPutFile.WriteLine _
oUser.samaccountname & ";" & _
oUser.employeeid & ";" & _
oUser.Get ("name") & ";" & _
oUser.displayname & ";" & _
oUser.sn & ";" & _
oUser.description & ";" & _
oUser.department & ";" & _
oUser.physicaldeliveryofficename & ";" & _
oUser.streetaddress & ";" & _
oUser.l & ";" & _
oUser.mail & ";" & _
oUser.wwwhomepage & ";" & _
oUser.distinguishedName & ";"
End If
Case "organizationalunit", "container"
EnumerateUsers oUser
End Select
Next
End SubThis give's output like this:
rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
CREATE TABLE PG4WF.ACTD_USERS
samaccountname VARCHAR2(64)
, employeeid VARCHAR2(16)
, name VARCHAR2(64)
, displayname VARCHAR2(64)
, sn VARCHAR2(64)
, description VARCHAR2(100)
, department VARCHAR2(64)
, physicaldeliveryofficename VARCHAR2(64)
, streetaddress VARCHAR2(128)
, l VARCHAR2(64)
, mail VARCHAR2(100)
, wwwhomepage VARCHAR2(128)
, distinguishedName VARCHAR2(256)
)I made SQL*Loader Control-file:
LOAD DATA
INFILE 'ActiveDir_users.csv'
BADFILE 'ActiveDir_users.bad'
DISCARDFILE 'ActiveDir_users.dsc'
TRUNCATE
INTO TABLE PG4WF.ACTD_USERS
FIELDS TERMINATED BY ';'
( samaccountname
, employeeid
, name
, displayname
, sn
, description
, department
, physicaldeliveryofficename
, streetaddress
, l
, mail
, wwwhomepage
, distinguishedName
)I made a cmd-file to start SQL*Loader
: Import the Active Directory users in Oracle by SQL*Loader
D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
http://www.kouti.com/tables/userattributes.htm
Greetings,
Richard de Boer
I have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
Is there any way that I can find out what time each record has been inserted?
For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
First you need to clarify what you mean by 'the date that each record get inserted'. A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time.
Similar Messages
-
How to import Photos into Active Directory
Hi -
IT Director asked me to import employees pictures into Active Directory so that we can use them in Outlook, SharePoint, Lync etc.
Do you know how to import pictures into Active Directory?Thumbnailphoto Attribute in active directory is responsible for adding photos to Active directory.
By Default Replication of this attribute will be disabled to Global catalog server. To make use of this facility we will have to enable replication of this attribute to Global Catalog. ( To accomplish this you will have to edit the schema using Active directory
schema snap in).
Refer Below link which explains about enabling the replication of Thumbnailphoto attribute to Global catalog.
http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/configuring-using-display-picture-exchange-server-2010.html
Requirements
Minimum requirement for your exchange enviornment to use this - Exchange 2010.
Exchange 2007 Don't support uploading photos AFAIK.
Domain controller should be running with atleast windows server 2008 or later. And
schema has to be windows server 2008
Additionally for your information,
How to remove the uploaded photos?
Either You can edit the Thumbnailphoto attribute using ADSIedit and remove the entry which is assocaited with Thumbnailphoto attribute.
Or,
Try this.
The Import-RecipientDataProperty and Export-RecipientDataProperty cmdlets allow you to import and export the photo blob to and from
thumbnailPhoto attribute, but there's no Remove-RecipientDataProperty cmdlet to remove it. You can use the
RemovePicture switch of Set-Mailbox cmdlet to remove a user's photo. For example:
Set-Mailbox "Bharat Suneja" -RemovePicture
Check out the below link which explains in and out of uploading photos,
http://blogs.technet.com/b/exchange/archive/2010/06/01/gal-photos-frequently-asked-questions.aspx
http://blogs.technet.com/b/ilvancri/archive/2009/11/17/upload-picture-in-outlook-2010-using-the-exchange-management-shell-exchange-2010.aspx
To know about uploading photo using powershell ask this question in powershell forum
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/threads
Regards,
_Prashant_
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
How to import data from excel or csv files to Oracle table
hello everybody,
I am new here and new in Oracle. I would like to know the steps how to import data from excel or csv files to Oracle table.
Let say I already have table inside the Oracle. Then my user give me the sets of data inside the Excel Worksheet.
So, how can I import the excel data into Oracle table.
Thank you in advance.
cheers,
shimaEven easier. Download JDeveloper 11G from this site.
Set up the database connection, right click on the table, select Import->Excel and specify your file to load it. On the import pop-up, you must view and update each tab indicating Columns, Data Types, and DML.
Columns -- move the selected columns that you want to load to the box on the right
Data Types -- select column name from second column to which the data for each column of the import file should load
DML -- click this tab to generate the INSERT SQL
Once done click 'Insert' -
How to create "folders" in Active Directory Users and Computers?
Hello Community
In Windows Server 2008R2 when you go to Active Directory Users and Computer
you will see icons of folders such as:
- Builtin has a folder icon
- Computers has a folder icon
- ForeignSecurityPrinicpals has a folder icon
- Domain Controller as a folder icon
- Managed Service Accounts has a folder icon
- Users has a folder icon
All of the above folders are visually identical.
If you right click and select “File” – “New”
on any of the selections the icon
will not look like the folder icon they have their own icons which look different
from the "Folder" icon.
I would like to create a “Folder” that looks just visually exactly like the ones
mentioned above, how can I create those types of Folders in Active Directory User
and Computers?
Note: I would like to put users in the folders.
Thank you
ShabeautHi,
you should use OUs (an OU is they type of object (folder) that is available for you to easily create.
The object type you are asking about is a "container", and there are various reasons why an OU is more flexible (applying GPO, etc).
Refer: Delegating Administration by Using OU Objects
http://technet.microsoft.com/en-us/library/cc780779(v=ws.10).aspx
and the sub-articles:
Administration of Default Containers and OUs
http://technet.microsoft.com/en-us/library/cc728418(v=ws.10).aspx
Delegating Administration of Account and Resource OUs
http://technet.microsoft.com/en-us/library/cc784406(v=ws.10).aspx
Also: http://technet.microsoft.com/en-us/library/cc961764.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Import and Export Active Directory users
Hello,
I want to export my Active Directory users and import them to different domain.
I try to use ldifde without any success.
Do anyone have any idea??
Thanks,
LiorI would suggest the Active Directory Migration tool.
http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
D/L link: http://www.microsoft.com/en-us/download/details.aspx?id=8377
If you have 2012, it will be a little more complicated. -
How to display active directory users through weblogic portal Application?
Hi,
Does anyone has faced this situation?
I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
I have two doubts on this?
1)Is it I need to write custom code to view the active directory users in our portal?
2)Does I need to use any jars that supports active directory authenticator?
I would appreciate if any one can reply on this with helpfull docs/information.
We are using BEA 8.1 SP4.
Windows 2000.
SurendraHi,
I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%@ page import="java.util.Set" %>
<%@ page import="javax.naming.Context" %>
<%@ page import="weblogic.jndi.Environment" %>
<%@ page import="weblogic.management.MBeanHome" %>
<%@ page import="weblogic.management.configuration.DomainMBean" %>
<%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
<%@ page import="weblogic.management.security.RealmMBean" %>
<%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
<%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
<%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
<%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
<%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
<%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
<%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
<%@ page import="weblogic.management.utils.ListerMBean" %>
<%@ page import="javax.management.MBeanException" %>
<%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
<%@ page import="examples.security.providers.authentication.manageable.*" %>
<%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
<%@ page import="weblogic.management.utils.InvalidParameterException" %>
<%@ page import="weblogic.management.utils.NotFoundException" %>
<%@ page import="weblogic.security.SimpleCallbackHandler" %>
<%@ page import="weblogic.servlet.security.ServletAuthentication"%>
<%!
private String makeErrorURL(HttpServletResponse response,
String message)
return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
%>
<html>
<head>
<title>Password Changed</title>
</head>
<body>
<h1>Password Changed</h1>
<%
// Note that even though we are running as a privileged user,
// response.getRemoteUser() still returns the user who authenticated.
// weblogic.security.Security.getCurrentUser() will return the
// run-as user.
System.out.println("------------------------------------------------------------------");
String username = request.getRemoteUser();
System.out.println("User name -->"+username);
// Get the arguments
String currentpassword = request.getParameter("currentpassword");
System.out.println("Current password -->"+currentpassword);
String newpassword = request.getParameter("newpassword");
System.out.println("New password -->"+newpassword);
String confirmpassword = request.getParameter("confirmpassword");
System.out.println("Confirm password -->"+confirmpassword);
// Validate the arguments
if (currentpassword == null || currentpassword.length() == 0 ||
newpassword == null || newpassword.length() == 0 ||
confirmpassword == null || confirmpassword.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Password must not be null."));
return;
if (!newpassword.equals(confirmpassword)) {
response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
return;
if (username == null || username.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Username must not be null."));
return;
// First get the MBeanHome
String url = request.getScheme() + "://" +
request.getServerName() + ":" +
request.getServerPort();
System.out.println("URL -->"+url);
Environment env = new Environment();
env.setProviderUrl(url);
Context ctx = env.getInitialContext();
MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
System.out.println("MBean home obtained....");
DomainMBean domain = mbeanHome.getActiveDomain();
SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
// Sar
EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
RealmMBean realm = secConf.findDefaultRealm();
System.out.println("RealmMBean obtained....");
AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
System.out.println("AuthProvMBean obtained....");
// Now get the UserPasswordEditorMBean
// This code will work with any configuration that has a
// UserPasswordEditorMBean.
// The default authenticator implements these interfaces
// but other providers could work as well.
// We try each one looking for the provider that knows about
// this user.
boolean changed=false;
UserPasswordEditorMBean passwordEditorMBean = null;
System.out.println("UserPwdEdtMBean obtained....");
//System.out.println("Creating MSAI....");
//ManageableSampleAuthenticatorImpl msai =
// new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
//System.out.println("Done....");
for (int i=0; i<authenticators.length; i++) {
System.out.println("### Authenticator --->"+authenticators);
if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
ActiveDirectoryAuthenticatorMBean adamb =
(ActiveDirectoryAuthenticatorMBean)authenticators[i];
System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
String listers = adamb.listUsers("*",0);
while(adamb.haveCurrent(listers))
System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
adamb.advance(listers);
if (authenticators[i] instanceof UserPasswordEditorMBean) {
passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
System.out.println("Auth match ...."+passwordEditorMBean);
try {
// Now we change the password
// Sar comment
System.out.println("Password changed....");
//passwordEditorMBean.changeUserPassword(username,
// currentpassword, newpassword);
changed=true;
// Sar Comment
catch (InvalidParameterException e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
catch (NotFoundException e) {
catch (Exception e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
// Sar code
LDAPAuthenticatorMBean ldapBean = null;
UserReaderMBean urMBean = null;
UserEditorMBean ueMBean = null;
GroupReaderMBean gMBean = null;
//ListerMBean lBean = null;
try
if (authenticators[i] instanceof LDAPAuthenticatorMBean)
ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
String userFilter = ldapBean.getAllUsersFilter();
System.out.println("userFilter ="+userFilter);
if (authenticators[i] instanceof UserEditorMBean)
try
System.out.println("UserEditorMBean...");
ueMBean = (UserEditorMBean) authenticators[i];
System.out.println("List users..."+ueMBean);
boolean b = ueMBean.userExists("webuser");
System.out.println("User Exists->>>"+b);
String cursor = ueMBean.listUsers("webuser", 2);
System.out.println("List User ----->"+cursor);
catch(InvalidParameterException e)
response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
catch(java.lang.reflect.UndeclaredThrowableException e)
response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
e.printStackTrace();
catch(Exception e)
response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
catch(Exception ex)
ex.printStackTrace();
response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
return;
if (passwordEditorMBean == null) {
response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
return;
System.out.println("pwd changed ->"+changed);
if (!changed) {
// This happens when the current user is not known to any providers
// that implement UserPasswordEditorMBean
response.sendRedirect(makeErrorURL(response,
"No password editors know about user " + username + "."));
return;
%>
User <%= username %>'s password has been changed!
<br>
<br>
</body>
</html>
Here is the console log
User name -->webuser
Current password -->i
New password -->u
Confirm password -->u
URL -->http://localhost:7011
MBean home obtained....
Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
RealmMBean obtained....
AuthProvMBean obtained....
UserPwdEdtMBean obtained....
### Authenticator --->Security:Name=myrealmDefaultAuthenticator
Auth match ....Security:Name=myrealmDefaultAuthenticator
Password changed....
UserEditorMBean...
List users...Security:Name=myrealmDefaultAuthenticator
User Exists->>>true
java.lang.reflect.UndeclaredThrowableException
at $Proxy1.listUsers(Unknown Source)
at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
a:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
64)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.management.MBeanException
at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
ava:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
... 14 more
### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
pwd changed ->true
Can u pls let me know how to get all the entries from LDAP.
Thanx
Sar -
Hi My self Arun in my current project i have a task on that active directory user need to automatically populate in share point list drop down please help me. is that any out of box feature in share point 2010 ?
Thanking You
ArunArun,
If you plan to implement the "Querying the Active Directory" based on my code snippet,
and if you do not have permission [your account must be the part of domain admin] to do so,
Then still you can do it in least effort through code,
string usersInXml = SPContext.Current.Web.AllUsers.Xml;your xml string look like this.
<Users><User ID="2" Sid="" Name="Administrator"
LoginName="i:0#.w|murugesan\administrator" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1" Sid="" Name="Murugesa Pandian" LoginName="i:0#.w|murugesan\murugesan" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1073741823" Sid="S-1-0-0" Name="System Account" LoginName="SHAREPOINT\system" Email="" Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0" /></Users>
You can user Linq to XML to filter the "LoginName,Name and Email and then populate your drop down list.
* User must be logged into the site at least once.
Murugesa Pandian.,MCTS|App.Devleopment|Configure -
Windows 2008 Server - Cannot run Active Directory Users and Computers
Hi,
I am running Windows 2008 Server with latest windows updates installed. Directory Services Role also.
I attempt to open Active Directory Users and Computers tool and I get a;
Microsoft Visual C++ Runtime Library error;
"The Application has requested the runtime to terminate it in a unusual way. Please contact the application's support team for more information"
I click ok, then get the following debug info;
Problem signature:
Problem Event Name: APPCRASH
Application Name: mmc.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47919524
Fault Module Name: msvcrt.dll
Fault Module Version: 7.0.6001.18000
Fault Module Timestamp: 4791ad6b
Exception Code: 40000015
Exception Offset: 0000000000029b06
OS Version: 6.0.6001.2.1.0.272.7
Locale ID: 3081
Additional Information 1: 43aa
Additional Information 2: cf3a46656318492c1997480001b6b0e0
Additional Information 3: 3837
Additional Information 4: 92f72e0d0589ff77cef51e0a413aeff6
Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
If someone could please assist, it would be very much appreciated.
Regards
B
Hi,
To solidly troubleshoot this kind of issue, we need to debug dump file. A suggestion would be to contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request please take a look at the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
However, I am also glad to share my research.
Some third party applications may lead to this error. Please check if you install other third party applications on Windows server 2008?
Also, please follow the article below to perform necessary steps to see how it's going?
FIX: You receive an "invalid page fault in module MSVCRT.DLL" error message after you install the run-time libraries from Visual C++ 6.0
http://support.microsoft.com/kb/190536/en-us
Hope this helps.
Best wishes
Morgan Che -
MySites for non-Active Directory users
Hi,
we are planning to provide a collaboration farm for
internal users (AD)
external users (external AD, no-trust relationship)
We plan to authenticate users via Claims/ADFS. The idea is to provide a MySite-Farm.
Questions
Are there any issues with providing MySites to non-AD users?
Are there any limitations for providing MySites to non-AD users?
SvenHi,
According to your post, my understanding is that you wanted to create MySite for non-Active Directory users.
Yes, it is possible to create them for non-AD users on on-premises SharePoint farms.
You can use the ADFS authenticate to import the users to the user profile database, then create the MySite.
If you are trusted the users to access your site or give them appropriate permissions, I don’t think there are some limitations to create MySite for non-AD users.
Thanks,
Jason
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Jason Guo
TechNet Community Support -
Cannot log into DTR with Active Directory User
Greetings,
I have set up and installed JDI correctly. I can log into /devinf, the cbs, cms and sld systems with no problem using both Administrator and my JDI.Administrator that I assigned to an Active Directory user. I can log into the DTR using a user from the database (i.e. Administrator), however, when trying to access the DTR with an Active Directory user, I get the following message:
500 Internal Server Error
SAP J2EE Engine/6.40
Application error occurred during the request procession.
Details: Error [javax.servlet.ServletException: Group found, but unique name "businessUnit.all.guests" is not unique!], with root cause [com.tssap.dtr.server.deltav.InternalServerException: Group found, but unique name "businessUnit.all.guests" is not unique!]. The ID of this error is
Exception id: [0012798F81680042000000090000165C0003FE9AA3C0B86B].
This group exists in multiple domainshowever, this has not caused us any issues to date with our portal and other pieces of SAP WASit's only this DTR error.
Any help is greatly appreciated.
Thanks,
MartyHi Marty,
In the document available at the link enclosed below, there is a part that explains how to configure DTR so that it always uses "Unique-IDs".
http://help.sap.com/saphelp_nw04/helpdata/en/20/f4a94076b63713e10000000a155106/frameset.htm
It is mentioned that this is valid for LDAP, but the information is applicable for Active Directory as well.
Regards,
Manohar -
Report on Active Directory User Attributes in SCCM 2012
I need to output a list of all users in a collection, along with certain user attributes from Active Directory. I can get part of what I need with the following query:
SELECT v_FullCollectionMembership.ResourceID,
v_R_User.Windows_NT_Domain0,
v_R_User.Distinguished_Name0,
v_R_User.Full_User_Name0,
v_R_User.Mail0,
v_R_User.User_Name0
FROM v_FullCollectionMembership, v_R_User
WHERE v_FullCollectionMembership.ResourceID = v_R_User.ResourceID
AND v_FullCollectionMembership.CollectionID = 'SMS00002'
If possible I need to add:
Last logon timestamp
User account status (enabled or disabled)
I have added "lastLogon" and "lastLogonTimestamp" as additional attributesunder Active Directory User Discovery. This discovery method is enabled and I have run a full discovery about a month ago, and again today. I read in
another thread that these attributes should appear in the table v_R_User, however they have not. Is v_R_User the right place to look for this or is there another view or table I can query?
Once I have the above sorted out, how can I find the user account status in SCCM? I have done reports in the past directly from AD and used the 'useraccountcontrol' attribute and I noticed there is a column named 'User_Account_Control0' in v_R_User, however
the values do not match those found in Active Directory.
Thanks.Have you checked the attribute from the Active Directory in decimal format? Check that and compare it to the value ConfigMgr has stored in its 'User_Account_Control0'...
User Account Control tells you multiple things of the account, for example does the account have "Smart card login required" -option checked from the account properties.
The tricky part here is to actually get the report show you what you really want, because "useraccountcontrol" -attribute is a numeric value, you have to calculate what decimal combination means what in readable text.
More info on the attribute can be found from here
http://support.microsoft.com/kb/305144 and from there you can also find the values for different settings. For example:
account is enabled = 512
account is disabled = 514
account is enabled with smart card = 262656 -
Best practice for Active Directory User Templates regarding Distribution Lists
Hello All
I am looking to implement Active Directory User templates for each department in the company to make the process of creating user accounts for new employees easier. Currently when a user is created a current user's Active directory account is copied, but
this has led to problems with new employees being added to groups which they should not be a part of.
I have attempted to implement this in the past but ran into an issue regarding Distribution Lists. I would like to set up template users with all group memberships that are needed for the department, including distribution lists. Previously I set this up
but received complaints from users who would send e-mail to distribution lists the template accounts were members of.
When sending an e-mail to the distribution list with a member template user, users received an error because the template account does not have an e-mail address.
What is the best practice regarding template user accounts as it pertains to distribution lists? It seems like I will have to create a mailbox for each template user but I can't help but feel there is a better way to avoid this problem. If a mailbox is created
for each template user, it will prevent the error messages users were receiving, but messages will simply build up in these mailboxes. I could set a rule for each one that deletes messages, but again I feel like there is a better way which I haven't thought
of.
Has anyone come up with a better method of doing this?
Thank youYou can just add arbitrary email (not a mailbox) to all your templates and it should solve the problem with errors when sending emails to distribution lists.
If you want to further simplify your user creation process you can have a look at Adaxes (consider it's a third-party app). If you want to use templates, it gives you a slightly better way to do that (http://www.adaxes.com/tutorials_WebInterfaceCustomization_AllowUsingTemplatesForUserCreation.htm)
and it also can automatically perform tasks such as mailbox creation for newly created users (http://www.adaxes.com/tutorials_AutomatingDailyTasks_AutomateExchangeMailboxesCreationForNewUsers.htm).
Alternatively you can abandon templates at all and use customizable condition-based rules to automatically perform all the needed tasks on user creation such as OU allocation, group membership assignment, mailbox creation, home folder creation, etc. based on
the factors you predefine for them. -
SMB access for Active Directory users
Hi there,
My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
[2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
My smb.conf file is as follows:
; Configuration file for the Samba software suite.
; ============================================================================
; For the format of this file and comprehensive descriptions of all the
; configuration option, please refer to the man page for smb.conf(5).
; The following configuration should suit most systems for basic usage and
; initial testing. It gives all clients access to their home directories and
; allows access to all printers specified in /etc/printcap.
; BEGIN required configuration
; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.
[global]
debug pid = yes
log level = 1
server string = Mac OS X
printcap name = cups
printing = cups
encrypt passwords = yes
use spnego = yes
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
map to guest = Bad User
guest account = nobody
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = 437
vfs objects = darwinacl,darwin_streams
; Don't become a master browser unless absolutely necessary.
os level = 2
domain master = no
; For performance reasons, set the transmit buffer size
; to the maximum and enable sendfile support.
max xmit = 131072
use sendfile = yes
; The darwin_streams module gives us named streams support.
stream support = yes
ea support = yes
; Enable locking coherency with AFP.
darwin_streams:brlm = yes
; Core files are invariably disabled system-wide, but attempting to
; dump core will trigger a crash report, so we still want to try.
enable core files = yes
; Configure usershares for use by the synchronize-shares tool.
usershare max shares = 1000
usershare path = /var/samba/shares
usershare owner only = no
usershare allow guests = yes
usershare allow full config = yes
; Filter inaccessible shares from the browse list.
com.apple:filter shares by access = yes
; Check in with PAM to enforce SACL access policy.
obey pam restrictions = yes
; Don't be trying to enforce ACLs in userspace.
acl check permissions = no
; Make sure that we resolve unqualified names as NetBIOS before DNS.
name resolve order = lmhosts wins bcast host
; Pull in system-wide preference settings. These are managed by
; synchronize-preferences tool.
include = /var/db/smb.conf
[printers]
comment = All Printers
path = /tmp
printable = yes
guest ok = no
create mode = 0700
writeable = no
browseable = no
; Site-specific parameters can be added below this comment.
; END required configuration.
Any help would be much appreciated!!
Thanks.I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
[2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
[2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
Not feeling the Mac OS X love tonight.
Bill
System is bound to active directory - green light in Directory Utility -
Active directory users and computers wont start on a dc, "the server is not operational"
In our environment, we have 3 dc's
two which run server 2008 (they work perfectly)
and one never off branch dc that runs server 2008 r2.
We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
We have a third party DNS solution.
How do i troubleshoot this issue?dc01 (which replicates perfectly with dc02, and vise versa)
dcdiag /test:dns
C:\Users\adminuser>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Hostingpartner\ourdc01
Starting test: Connectivity
......................... ourDC01 passed test Connectivity
Doing primary tests
Testing server: Hostingpartner\ourdc01
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : int
Running enterprise tests on : int.domain.com
Starting test: DNS
Test results for domain controllers:
DC: ourdc01.int.domain.com
Domain: int.domain.com
TEST: Delegations (Del)
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
Summary of test results for DNS servers used by the above domain controllers:
DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
2 test failures on this DNS server
Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: int.domain.com
ourdc01 PASS PASS PASS FAIL n/a PASS n/a
......................... int.domain.com failed test DNS
dcdiag on dc01(which can replicate with dc02)
C:\Users\adminuser>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: hostingpartner\ourdc01
Starting test: Connectivity
......................... OURDC01 passed test Connectivity
Doing primary tests
Testing server: hostingpartner\ourdc01
Starting test: Replications
[Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
Win32 Error 8453.
......................... OURDC01 failed test Replications
Starting test: NCSecDesc
......................... OURDC01 passed test NCSecDesc
Starting test: NetLogons
[OURDC01] User credentials does not have permission to perform this operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... OURDC01 failed test NetLogons
Starting test: Advertising
......................... OURDC01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OURDC01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OURDC01 passed test RidManager
Starting test: MachineAccount
......................... OURDC01 passed test MachineAccount
Starting test: Services
......................... OURDC01 passed test Services
Starting test: ObjectsReplicated
......................... OURDC01 passed test ObjectsReplicated
Starting test: frssysvol
......................... OURDC01 passed test frssysvol
Starting test: frsevent
......................... OURDC01 passed test frsevent
Starting test: kccevent
......................... OURDC01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:10:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:11:17
(Event String could not be retrieved)
......................... OURDC01 failed test systemlog
Starting test: VerifyReferences
......................... OURDC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : int
Starting test: CrossRefValidation
......................... int passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... int passed test CheckSDRefDom
Running enterprise tests on : int.domain.com
Starting test: Intersite
......................... int.domain.com passed test Intersite
Starting test: FsmoCheck
......................... int.domain.com passed test FsmoCheck
The problematic dc03:
Dcdiag gives the same output as dcdiag /test:dns
C:\Users\adminuser>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = OURDC03
Ldap search capabality attribute search failed on server NTSDC03, return
value = 81
We have an infoblox dns server on ip address xxx.y.y.251.
first error in event logs on dc03:
error 1863
This is the replication status for the following directory partition on this directory server.
Directory partition:
CN=Configuration,DC=int,DC=domain,DC=com
This directory server has not received replication information from a number of directory servers within the configured latency interval.
Latency Interval (Hours):
24
Number of directory servers in all sites:
2
Number of directory servers in this site:
2
The latency interval can be modified with the following registry key.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
i have also go several warning 2088, 2093, 2087.
And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones -
Active Directory Users and Computer not displaying column data?
I am running Windows 8.1 Enterprise with RSAT installed. My Domain controllers are Server 2008 R2.
I am having and issue with Active Directory Users and Computers. Typically I will turn on Advanced Features and then add Columns for Email address and Display Name. This for example allows me to easily export lists of users and there email
addresses among other things.
The issue is that on my Windows 8.1 client, the columns for Email and Display Name are empty. It simply will not display this information. It only displays Name, TYpe and Description.
If I use a Windows 7 client, the information displays correctly.
Has anyone run into this issue or heard of this problem when using ADUC on Windows 8.1?ADUC is an AD tool that is no longer being improved, with Microsoft now focusing on ADAC (Administrative Center). In 8.1, it has improved quite a bit since 7. You can also just try using the
ActiveDirectory PowerShell Module, which is easy to use and fairly powerful. It can be simple to export lists, and the module for AD is included with RSAT tools.
Example:
Import-Module ActiveDirectory
Get-ADUser -Filter {Manager -eq "John.Smith"} -Properties DisplayName,Mail | Export-Csv dump.csv -NoTypeInformation
So, recommendation: either use ADAC, or PowerShell -- ADUC is part of the wave of deprecation.
Maybe you are looking for
-
How do I make a button NOT take focus when it is clicked?
I am trying to create a virtual keypad and the problem is that when I have a Robot make a KeyEvent for a certain number when a certain button is pressed, the TextField loses focus and the focus is placed on the button that was pressed, so nothing app
-
How to justify the values in table using report generation tool kit
Hi How can we align the values in excel table using report generation toolkit. like left,right,center. Regards, hari Attachments: Report_excel.vi 34 KB New Bitmap Image.JPG 134 KB
-
Crash when editing a Password Protected page
I have an issue with a Mac user that is trying to edit a site I created. Some folders on this site are password protected – meaning that pages on the site require user names and passwords to be entered for them to be viewed by web surfers. This user
-
Can I fit any 2.5" drive to my 2009 MacBook Pro please?
Hi My Pro's hard drive is failing badly and I need to order a new one urgently. Will this drive work please: http://www.amazon.co.uk/Hitachi-Travelstar-1000GB-Internal-Drive/dp/B007Y4BOH8/r ef=sr_1_26?s=computers&ie=UTF8&qid=1385257684&sr=1-26&keywor
-
Sending message while order get Pending Status
Hi, We r using status profile for releasing order. If order fails the condition, it remains in the Pending Status. So we need to send these order to Sales Rep for review. How to send email to Sales Rep?