Issue with Active Directory User Target Recon

Hi ,
I am facing an issue with Active Directory User Target Recon
My environment is OIM 11g R2 with BP03 patch applied
AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
Checked the user profile of users processed can see AD account provisioned for users
My query is why this job is not processing allthe users.Please point if i am missing some thing .
thanks in advance

Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
-Bikash

Similar Messages

11gr2 Active Directory User Target Delete Recon Search Root

Hi All,
latest AD conector with the patch.
Have a situation where I need to change the root or base search for the delete recon. by default it seams to want to search at the domain level but that won't work for us. Checked the doc and can't seem to find anyway to change this for the delete recon.
Thanx in advance
Fred

Hi,
The issue is still pending. I am specifying the following parameters for the scheduled job :
Batch Size : 100
Object Type : User
Batch Start : 1
Resource Object Name : AD User
Filter : startsWith('samAccountName','c')
Scheduled Task Name : Active Directory User Target Recon
Incremental Recon Attribute : uSNChanged
Search Base : <blank>
IT Resource Name : Active Directory
Search Scope : subtree
Latest Token : <blank>
Sort By : samAccountName
Number of Batches : All
Sort Direction : asc
The job runs successfully but no records are reconciled into UD_ADUSER table and the job reports the following error in the logs :
[2012-10-25T02:32:04.785-07:00] [oim_server1] [ERROR] [] [org.quartz.impl.jdbcjobstore.JobStoreCMT] [tid: QuartzScheduler_OIMQuartzScheduler-iamoimdev-v1.capgroup.com1351057898397_MisfireHandler] [userId: oiminternal] [ecid: 80eeb34d89d5ed80:-343bffe9:13a9150ba30:-8000-0000000000000005,1:24567] [APP: oim#11.1.2.0.0] MisfireHandler: Error handling misfires: Unexpected runtime exception: null[[
org.quartz.JobPersistenceException: Unexpected runtime exception: null [See nested exception: java.lang.NullPointerException]
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3042)
at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.manage(JobStoreSupport.java:3789)
at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.run(JobStoreSupport.java:3809)
Caused by: java.lang.NullPointerException
at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStoreSupport.java:944)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSupport.java:898)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3029)
Edited by: IDM_newbie on Oct 25, 2012 2:38 AM

Cannot log into DTR with Active Directory User

Greetings,
I have set up and installed JDI correctly. I can log into /devinf, the cbs, cms and sld systems with no problem using both Administrator and my JDI.Administrator that I assigned to an Active Directory user. I can log into the DTR using a user from the database (i.e. Administrator), however, when trying to access the DTR with an Active Directory user, I get the following message:
500 Internal Server Error
SAP J2EE Engine/6.40
Application error occurred during the request procession.
Details: Error [javax.servlet.ServletException: Group found, but unique name "businessUnit.all.guests" is not unique!], with root cause [com.tssap.dtr.server.deltav.InternalServerException: Group found, but unique name "businessUnit.all.guests" is not unique!]. The ID of this error is
Exception id: [0012798F81680042000000090000165C0003FE9AA3C0B86B].
This group exists in multiple domainshowever, this has not caused us any issues to date with our portal and other pieces of SAP WASit's only this DTR error.
Any help is greatly appreciated.
Thanks,
Marty

Hi Marty,
In the document available at the link enclosed below, there is a part that explains how to configure DTR so that it always uses "Unique-IDs".
http://help.sap.com/saphelp_nw04/helpdata/en/20/f4a94076b63713e10000000a155106/frameset.htm
It is mentioned that this is valid for LDAP, but the information is applicable for Active Directory as well.
Regards,
Manohar

Unable to login @ login window with Active Directory User

I successfully bound my test machine to Active Directory and can search using dscl and id. I can also su to my active directory user account an authenticate perfectly. All search bases are correct and everything else looks fine.
When I attempt to login from the login window as an AD user, the window shakes. Clicking under Mac OS X shows that "Network Accounts Available". Looks like the CLI tool "dirt" is now gone as well, although insecure it would possibly show something here.
Anyone else having issues after binding to AD? I bound using the Directory Utility gui... I have not tried using my leopard bind script yet.
Thanks,
Ken

I have pretty well the same problem. The machine was already bound to AD prior to upgrade. After could not login on with my account (jball). Can log on with other accounts from the same domain (we only have one AD domain). Can also su to jball in a terminal session. Can't access network resources with jball when I try to connect to a windows server through the finder, instantly comes up with bad username or password, doesn't even think about it.
I have removed any copies of the home folder under either /Users or /Domain as I have had problems with that before. Have repaired permissions and unbind and bind the machine to AD. Have been at this all day now and no closer. Get these error messages in console:
31/08/09 4:49:27 PM SecurityAgent[666] Could not get the user record for 'jball@domainname' from Directory Services
31/08/09 4:49:27 PM SecurityAgent[666] User info context values set for jball@domainname
31/08/09 4:49:27 PM SecurityAgent[666] unknown-user (jball@domainname) login attempt PASSED for auditing

Tighter Integration with Active Directory User Groups

I just wrapped up a Jabber deployment with IM&P 9.1(1) and J4W clients 9.1(3).
The customer asked me if it is on Cisco's roadmap to allow groups in Active Directory to be pulled into the Jabber client. The primary business case is to allow those in IT to send out IM blasts to the corporation or certain departments.
Obviously, this would require a significant amount of development and a much tighter integration with Active Directory, but I need to ask anyway.
Has something like this been identified and placed on any roadmap?
Thanks,
Matthew Berry

Unfortunately this kind of questions cannot be addressed here, roadmap questions need to go thru official channels for an answer.
You need to reach your SE/AM for this question.
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk

Problems with Active Directory Users showing as not found in Open Directory work group manager

I’m running a golden triangle setup with Open directory assigning group policy and authentication provide by active directory. In workgroup manager I can search through the AD and add users or computers to groups in OD workgroup manager. However when I save and refresh the users or computer appear as ‘not found’. Is there a reason for this?

Hi Zero
It's very reassuring to know im not the only one having issues with this..
Im on my second re install of the server.. I like you have no wish to do another clean install as everything else is connected and it seems like the answer is probably very simple.
So today im going to re- run the terminal commands as layed out in the online guides.
However i was kinda hoping someone would be able to supply us with an answer.
thanks
J

Wireless Deployment with Active Directory User Group Integration

I am trying to find out the best practice in deploying a WLAN for users in the cooperate environment, which uses their company active directory integrated laptops to join to the WLAN.
I know this can be done using certificates easily but I want to just find a way to deploy this without certificates and only based on the AD user group. Maybe a Radius server + LDAP server integration solution would be great.
Please advice. Thanks.
Cheers
Lal Antony
www.lalantony.com

The easiest way to deply this is with a Microsoft toolkit, it has everything you need included, manuals, scripts to install and configure server-side components and it's very easy to use. You can get it from here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en
It's based on Win2003 server but I've been advised by MS that it should be OK on Win2008 as well.

Unable to access server files shares with Active Directory Users

Quick breakdown of my issue.
I have setup a Yosemite file server running the latest version of Yosemite and Server.
File sharing in Server.app is enabled and shares have been created
The server is bound to my company's Active Directory and you can directly login to the computer via AD credentials.
The big issue is this, unless the user has directly walked up to my server and logged into it at least once, they cannot authenticate to the file shares via their AD credentials.
For example: Administrator (me) I can login and access all file shares without issue.
Jane Smith (SMITH) who has actually walked up to my server and logged in via her AD credentials, can also access all file shares. (That she has access to)
John Doe (JDOE) who has not logged into the server in anyway, cannot authenticate to the server file shares at all (even though I have granted him permission) He just gets an "Access Denied" message.
I have gone into Directory Utility and changed the search order to give AD priority and this still doesn't resolve the problem.
We have unbound the server from AD and added in back again and still not able to resolve.
If you open Server.app and go to add someone from AD to a file share, it finds the AD user quickly and everything looks right. but still unable to authenticate to the server if they haven't directly logged into it before?
All of the documentation and google articles I have found say my server is setup correctly, any help would be greatly appreciate it!
Thanks in advance!

I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

Active Directory Users and Computer not displaying column data?

I am running Windows 8.1 Enterprise with RSAT installed. My Domain controllers are Server 2008 R2.
I am having and issue with Active Directory Users and Computers. Typically I will turn on Advanced Features and then add Columns for Email address and Display Name. This for example allows me to easily export lists of users and there email
addresses among other things.
The issue is that on my Windows 8.1 client, the columns for Email and Display Name are empty. It simply will not display this information. It only displays Name, TYpe and Description.
If I use a Windows 7 client, the information displays correctly.
Has anyone run into this issue or heard of this problem when using ADUC on Windows 8.1?

ADUC is an AD tool that is no longer being improved, with Microsoft now focusing on ADAC (Administrative Center). In 8.1, it has improved quite a bit since 7. You can also just try using the
ActiveDirectory PowerShell Module, which is easy to use and fairly powerful. It can be simple to export lists, and the module for AD is included with RSAT tools.
Example:
Import-Module ActiveDirectory
Get-ADUser -Filter {Manager -eq "John.Smith"} -Properties DisplayName,Mail | Export-Csv dump.csv -NoTypeInformation
So, recommendation: either use ADAC, or PowerShell -- ADUC is part of the wave of deprecation.

Can not open Active Directory Users and Computers

Problem Reported:
Out of the blue this has started happening:
When I go to "Active Directory Users and Computers" I get this message.
"MMC cannot open the file C:\WINDOWS\system32\dsa.msc.
This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.
Additional information:
This is a server that has been in use for 2+ years with active directory users that can and do login everyday.
As far as I know the system has no backup.
dsa.msc IS located in the system32 folder
I am using the administrator account.
OS:
Microsoft Windows Server 2003 R2
Standard x64 Edition
Service Pack 2
Please help with detail. Thank you.

Have you tried to uninstall ADUC administrative tool and re-install it again? If no, please give a try.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password

Issue in ldap-sync with active directory - OIM11gR2

Hi Expert,
I have enabled the ldap-sync with Active Directory in OIM11gR2. I followed the below document to enable the ldap-sync.
Enabling LDAP Synchronization in Oracle Identity Manager - 11g Release 2 (11.1.2)
For testing if ldap sync is working on not . I run the LDAPSync Post Enable Provision Users to LDAP schedule job. While running the job i encounter below exception in log. Please provide me some pointer to solve my issue. How we can sure ldap sync is configure properly? Please provide me some steps to test it out?
<Jul 31, 2013 9:51:25 AM PDT> <Warning> <JMS> <BEA-040442> <While attempting to bind JNDI name jms/b2b/B2BEventQueue for destination SOAJMSModule!dist_B2BEventQueue_auto_1_auto in module null a JNDI name conflict was found. This destination has not been bound into JNDI.>
<Jul 31, 2013 9:51:25 AM PDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <BEA-000000> <An error occurred while searching the entity in LDAP, and the corresponding error is - {0}
javax.naming.NameNotFoundException: Error: NO_SUCH_OBJECT
LDAP Error 32 : No Such Object [Root exception is oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 32 : No Such Object]
at oracle.ods.virtualization.jndi.OVDUtil.mapErrorCode(OVDUtil.java:151)
at oracle.ods.virtualization.jndi.OVDContext.search(OVDContext.java:439)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.search(LDAPUtil.java:1073)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.search(LDAPDataProvider.java:1218)
at oracle.iam.ldapsync.impl.util.CommonNamePolicyUtil.isUserExists(CommonNamePolicyUtil.java:84)
at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.isCommonNameExistingOrReserved(CommonNameGenerationUtil.java:192)
at oracle.iam.ldapsync.impl.plugins.FirstNameLastNamePolicy.getCommonNameFromPolicy(FirstNameLastNamePolicy.java:157)
at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.generateCommonName(CommonNameGenerationUtil.java:116)
at oracle.iam.ldapsync.impl.util.CommonNameGenerationUtil.generateCommonName(CommonNameGenerationUtil.java:82)
at oracle.iam.oimtoldap.impl.SeedOIMDataInLDAPImpl.createUserInLDAP(SeedOIMDataInLDAPImpl.java:182)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy710.createUserInLDAP(Unknown Source)
at oracle.iam.oimtoldap.api.SeedOIMDataInLDAPEJB.createUserInLDAPx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.oracle.pitchfork.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:34)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.oracle.pitchfork.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:42)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy709.createUserInLDAPx(Unknown Source)
at oracle.iam.oimtoldap.api.SeedOIMDataInLDAP_8d8qil_SeedOIMDataInLDAPRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.oimtoldap.api.SeedOIMDataInLDAP_8d8qil_SeedOIMDataInLDAPRemoteImpl.createUserInLDAPx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy163.createUserInLDAPx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy707.createUserInLDAPx(Unknown Source)
at oracle.iam.oimtoldap.api.SeedOIMDataInLDAPDelegate.createUserInLDAP(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.iam.platform.utils.DMSMethodInterceptor.invoke(DMSMethodInterceptor.java:25)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy708.createUserInLDAP(Unknown Source)
at oracle.iam.oimtoldap.scheduletasks.user.SeedOIMUsersInLDAP.execute(SeedOIMUsersInLDAP.java:59)
at oracle.iam.scheduler.vo.TaskSupport$1.processWithoutResult(TaskSupport.java:135)
at oracle.iam.platform.tx.OIMTransactionCallbackWithoutResult.process(OIMTransactionCallbackWithoutResult.java:9)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:13)
at oracle.iam.platform.tx.OIMTransactionCallback.doInTransaction(OIMTransactionCallback.java:6)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:128)
at oracle.iam.platform.tx.OIMTransactionManager.execute(OIMTransactionManager.java:22)
at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.scheduler.impl.quartz.QuartzJob$TaskExecutionAction.run(QuartzJob.java:266)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(weblogicLoginSession.java:52)
at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:75)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused By: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 32 : No Such Object
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:209)
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:47)

I have checked the OIM vs AD attribute mapping. now I am getting below error. I have also attached the LDAPUsers.xml file . I don't know what went wrong .. How to test ldap-sync is configure properly? I created the user in OIM but in AD user is not getting created. I am not able to see any thing log file liek (dignostic and nohup log) .. Any idea where I can see the log to identify the issue??
g 1, 2013 8:15:15 AM PDT> <Warning> <JMS> <BEA-040442> <While attempting to bind JNDI name jms/b2b/B2BEventQueue for destination SOAJMSModule!dist_B2BEventQueue_auto_1_auto in module null a JNDI name conflict was found. This destination has not been bound into JNDI.>
<Aug 1, 2013 8:15:15 AM PDT> <Warning> <oracle.ods.virtualization.engine.backend.jndi.LDAP1.ConnectionHandle> <OVD-40082> <Could not modify entry.
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
<?xml version='1.0' encoding='UTF-8'?>
<tns:entity-definition xmlns:tns="http://www.oracle.com/schema/oim/entity" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.oracle.com/schema/oim/entity ../entity.xsd ">
<entity-type child-entity="false">LDAPUser</entity-type>
<provider-instance>
<repository-instance>Directory Server</repository-instance>
<provider-type>LDAPDataProvider</provider-type>
<parameters>
<parameter name="base">
<value>dc=cgtest,dc=adtest,dc=com</value>
</parameter>
<parameter name="rdnattribute">
<value>cn</value>
</parameter>
<parameter name="objectclass">
<value>orclIDXPerson</value>
</parameter>
<parameter name="idattribute">
<value>objectGUID</value>
</parameter>
<parameter name="entityIdentifierObjectclass">
<value>inetorgperson</value>
</parameter>
<parameter name="excludeObjectclass">
<value>orclappiduser</value>
</parameter>
</parameters>
</provider-instance>
<container-capability>
<enabled>false</enabled>
</container-capability>
<entity-attributes>
<attribute name="User Login">
<type>string</type>
<required>true</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="First Name">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Last Name">
<type>string</type>
<required>true</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Middle Name">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Display Name">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
<multi-represented>true</multi-represented>
</attribute>
<attribute name="usr_password">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>false</searchable>
</attribute>
<attribute name="LDAP GUID">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="LDAP DN">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Role">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Email">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Start Date">
<type>date</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="End Date">
<type>date</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="usr_timezone">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="usr_manager_key">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Country">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Department Number">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Description">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Common Name">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Employee Number">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Fax">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Generation Qualifier">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Hire Date">
<type>date</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Home Phone">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Home Postal Address">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Locality Name">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Mobile">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Pager">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Postal Address">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Postal Code">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="PO Box">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="usr_locale">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="State">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Street">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Telephone Number">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Title">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="Initials">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="LDAP Organization">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="LDAP Organization Unit">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
<MLS>false</MLS>
</attribute>
<attribute name="User Status">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Lock Status">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Accessibility Mode">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Color Contrast">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Font Size">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Number Format">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Currency">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Date Format">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Time Format">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="Embedded Help">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="FA Language">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="FA Territory">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
<attribute name="User Name Preferred Language">
<type>string</type>
<required>false</required>
<attribute-group>Basic</attribute-group>
<searchable>true</searchable>
</attribute>
</entity-attributes>
<target-fields>
<field name="uid">
<type>string</type>
<required>true</required>
</field>
<field name="givenname">
<type>string</type>
<required>false</required>
</field>
<field name="sn">
<type>string</type>
<required>true</required>
</field>
<field name="middleName">
<type>string</type>
<required>false</required>
</field>
<field name="cn">
<type>string</type>
<required>true</required>
</field>
<field name="userPassword">
<type>string</type>
<required>false</required>
</field>
<field name="objectGUID">
<type>string</type>
<required>false</required>
</field>
<field name="dn">
<type>string</type>
<required>false</required>
</field>
<field name="employeeType">
<type>string</type>
<required>false</required>
</field>
<field name="mail">
<type>string</type>
<required>false</required>
</field>
<field name="orclActiveStartDate">
<type>date</type>
<required>false</required>
</field>
<field name="orclActiveEndDate">
<type>date</type>
<required>false</required>
</field>
<field name="orclTimeZone">
<type>string</type>
<required>false</required>
</field>
<field name="manager">
<type>string</type>
<required>false</required>
</field>
<field name="c">
<type>string</type>
<required>false</required>
</field>
<field name="departmentNumber">
<type>string</type>
<required>false</required>
</field>
<field name="description">
<type>string</type>
<required>false</required>
</field>
<field name="employeeNumber">
<type>string</type>
<required>false</required>
</field>
<field name="facsimileTelephoneNumber">
<type>string</type>
<required>false</required>
</field>
<field name="orclGenerationQualifier">
<type>string</type>
<required>false</required>
</field>
<field name="orclHireDate">
<type>date</type>
<required>false</required>
</field>
<field name="homePhone">
<type>string</type>
<required>false</required>
</field>
<field name="homePostalAddress">
<type>string</type>
<required>false</required>
</field>
<field name="l">
<type>string</type>
<required>false</required>
</field>
<field name="mobile">
<type>string</type>
<required>false</required>
</field>
<field name="pager">
<type>string</type>
<required>false</required>
</field>
<field name="postalAddress">
<type>string</type>
<required>false</required>
</field>
<field name="postalCode">
<type>string</type>
<required>false</required>
</field>
<field name="postOfficeBox">
<type>string</type>
<required>false</required>
</field>
<field name="preferredLanguage">
<type>string</type>
<required>false</required>
</field>
<field name="st">
<type>string</type>
<required>false</required>
</field>
<field name="street">
<type>string</type>
<required>false</required>
</field>
<field name="telephoneNumber">
<type>string</type>
<required>false</required>
</field>
<field name="title">
<type>string</type>
<required>false</required>
</field>
<field name="initials">
<type>string</type>
<required>false</required>
</field>
<field name="o">
<type>string</type>
<required>false</required>
</field>
<field name="ou">
<type>string</type>
<required>false</required>
</field>
<field name="displayName">
<type>string</type>
<required>false</required>
</field>
<field name="orclAccountEnabled">
<type>string</type>
<required>false</required>
</field>
<field name="orclAccountLocked">
<type>string</type>
<required>false</required>
</field>
<field name="orclAccessibilityMode">
<type>string</type>
<required>false</required>
</field>
<field name="orclColorContrast">
<type>string</type>
<required>false</required>
</field>
<field name="orclFontSize">
<type>string</type>
<required>false</required>
</field>
<field name="orclNumberFormat">
<type>string</type>
<required>false</required>
</field>
<field name="orclCurrency">
<type>string</type>
<required>false</required>
</field>
<field name="orclDateFormat">
<type>string</type>
<required>false</required>
</field>
<field name="orclTimeFormat">
<type>string</type>
<required>false</required>
</field>
<field name="orclEmbeddedHelp">
<type>string</type>
<required>false</required>
</field>
<field name="orclFALanguage">
<type>string</type>
<required>false</required>
</field>
<field name="orclFATerritory">
<type>string</type>
<required>false</required>
</field>
<field name="orclDisplayNameLanguagePreference">
<type>string</type>
<required>false</required>
</field>
</target-fields>
<attribute-maps>
<attribute-map>
<entity-attribute>User Login</entity-attribute>
<target-field>uid</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>First Name</entity-attribute>
<target-field>givenname</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Last Name</entity-attribute>
<target-field>sn</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Middle Name</entity-attribute>
<target-field>middleName</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Common Name</entity-attribute>
<target-field>cn</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>usr_password</entity-attribute>
<target-field>userPassword</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>LDAP GUID</entity-attribute>
<target-field>objectGUID</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>LDAP DN</entity-attribute>
<target-field>dn</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Role</entity-attribute>
<target-field>employeeType</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Email</entity-attribute>
<target-field>mail</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Start Date</entity-attribute>
<target-field>orclActiveStartDate</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>End Date</entity-attribute>
<target-field>orclActiveEndDate</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>usr_timezone</entity-attribute>
<target-field>orclTimeZone</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>usr_manager_key</entity-attribute>
<target-field>manager</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Country</entity-attribute>
<target-field>c</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Department Number</entity-attribute>
<target-field>departmentNumber</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Description</entity-attribute>
<target-field>description</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Employee Number</entity-attribute>
<target-field>employeeNumber</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Fax</entity-attribute>
<target-field>facsimileTelephoneNumber</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Generation Qualifier</entity-attribute>
<target-field>orclGenerationQualifier</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Hire Date</entity-attribute>
<target-field>orclHireDate</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Home Phone</entity-attribute>
<target-field>homePhone</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Home Postal Address</entity-attribute>
<target-field>homePostalAddress</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Locality Name</entity-attribute>
<target-field>l</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Mobile</entity-attribute>
<target-field>mobile</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Pager</entity-attribute>
<target-field>pager</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Postal Address</entity-attribute>
<target-field>postalAddress</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Postal Code</entity-attribute>
<target-field>postalCode</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>PO Box</entity-attribute>
<target-field>postOfficeBox</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>State</entity-attribute>
<target-field>st</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Street</entity-attribute>
<target-field>street</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Telephone Number</entity-attribute>
<target-field>telephoneNumber</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Title</entity-attribute>
<target-field>title</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Initials</entity-attribute>
<target-field>initials</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>LDAP Organization</entity-attribute>
<target-field>o</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>LDAP Organization Unit</entity-attribute>
<target-field>ou</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Display Name</entity-attribute>
<target-field>displayName</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>User Status</entity-attribute>
<target-field>orclAccountEnabled</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Lock Status</entity-attribute>
<target-field>orclAccountLocked</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Accessibility Mode</entity-attribute>
<target-field>orclAccessibilityMode</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Color Contrast</entity-attribute>
<target-field>orclColorContrast</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Font Size</entity-attribute>
<target-field>orclFontSize</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Number Format</entity-attribute>
<target-field>orclNumberFormat</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Currency</entity-attribute>
<target-field>orclCurrency</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Date Format</entity-attribute>
<target-field>orclDateFormat</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Time Format</entity-attribute>
<target-field>orclTimeFormat</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>Embedded Help</entity-attribute>
<target-field>orclEmbeddedHelp</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>FA Language</entity-attribute>
<target-field>orclFALanguage</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>FA Territory</entity-attribute>
<target-field>orclFATerritory</target-field>
</attribute-map>
<attribute-map>
<entity-attribute>User Name Preferred Language</entity-attribute>
<target-field>orclDisplayNameLanguagePreference</target-field>
</attribute-map>
</attribute-maps>
<control-attributes>
<attribute name="container">
<type>LDAPContainer</type>
<required>false</required>
</attribute>
</control-attributes>
</tns:entity-definition>

Creating active directory users with dscl

Our mac workstations (OSX 10.8) are bound to a 2008 Active Directory server. We are attempting to use some existing dscl scripts on the mac client computer to create Active directory users. We can successfully read and change AD attributes of an existing user with dscl, but creating new users or new attributes for an existing user gives us an error. Here are some examples.
SUCCESSFUL READ OF AD USER ATTRIBUTE:
root# dscl -u administrator "/Active Directory/CXAD/All Domains" -read /Users/jholmes SMBHomeDrive
Password:
SMBHomeDrive: H:
root#
SUCCESSFUL DELETE OF ABOVE USER ATTRIBUTE
root# dscl -u administrator "/Active Directory/CXAD/All Domains" -delete /Users/jholmes SMBHomeDrive
Password:
root#
FAILED ATTEMPT AT RE-CREATING THE DELETED ATTRIBUTE
root# dscl -u administrator "/Active Directory/CXAD/All Domains" -create /Users/jholmes SMBHomeDrive
Password:
<main> attribute status: eDSInvalidRecordType
<dscl_cmd> DS Error: -14130 (eDSInvalidRecordType)
root#
The same error occurs when attempting to create a new user. Any ideas? Thanks in advance for any suggestions.

In the end I could not find them; account info is ONLY stored locally in Open Directory when they have mobile accounts.
However, I found I could migrate their user directories in Terminal via ditto ( I connected the old macs via Firewire Target mode) , and when they log in all their stuff and settings are there.
the command is: ditto /Volumes/<old mac hard drive>/Users/<username> /Users/<username>

Exporting Active directory users to excel with conditions

I'm trying to export AD users with selected fields out to a spreadsheet, with the condition that the employeeid field is greater than 99999. I found a VBScript elsewhere on this site that does everything i need, even filtering on the employeeid
field except that when it export to the spreadsheet the employeeid field comes back as if it's blank. But i know it's not as it will do the filtering correctly. Below is the script i've been using. As i said it will correctly list all users
with employeeid greated than 5 digits but it just won't export the actual employeeid field
Dim ObjWb
Dim ObjExcel
Dim x, zz
Set objRoot = GetObject("LDAP://RootDSE")
strDNC = objRoot.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE
Call ExcelSetup("Sheet1") ' Sub to make Excel Document
x = 1
Call enummembers(objDomain)
Sub enumMembers(objDomain)
On Error Resume Next
Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's
For Each objMember In objDomain ' go through the collection
if ObjMember.EmployeeID > 199999 Then 'if employee id greater than 199999 then add to spreadsheet (meaning physician)
x = x +1 ' counter used to increment the cells in Excel
' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code
' this was done so the script could be modified easier.
SamAccountName = ObjMember.samAccountName
FirstName = objMember.GivenName
LastName = objMember.sn
EmployeeID = ojbMember.employeeID
EmailAddr = objMember.mail
Addr1 = objMember.streetAddress
Title = ObjMember.Title
Department = objMember.Department
' Write the values to Excel, using the X counter to increment the rows.
objwb.Cells(x, 1).Value = EmployeeID
objwb.Cells(x, 2).Value = SamAccountName
objwb.Cells(x, 3).Value = FirstName
objwb.Cells(x, 4).Value = LastName
objwb.Cells(x, 5).Value = EmailAddr
objwb.Cells(x, 6).Value = Addr1
objwb.Cells(x, 7).Value = Title
objwb.Cells(x, 8).Value = Department
' Write out the Array for the 2ndary email addresses.
For ll = 1 To 20
objwb.Cells(x,26+ll).Value = Secondary(ll)
Next
' Blank out Variables in case the next object doesn't have a value for the property
EmployeeID = "-"
SamAccountName = "-"
FirstName = "-"
LastName = "-"
EmailAddr = "-"
Addr1 = "-"
Title = "-"
Department = "-"
For ll = 1 To 20
Secondary(ll) = ""
Next
End If
' If the AD enumeration runs into an OU object, call the Sub again to itinerate
If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then
enumMembers (objMember)
End If
Next
End Sub
Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row
Set objExcel = CreateObject("Excel.Application")
Set objwb = objExcel.Workbooks.Add
Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName)
Objwb.Name = "Active Directory Users" ' name the sheet
objwb.Activate
objExcel.Visible = True
objwb.Cells(1, 1).Value = "EmployeeID"
objwb.Cells(1, 2).Value = "SAMAccountName"
objwb.Cells(1, 3).Value = "FirstName"
objwb.Cells(1, 4).Value = "LastName"
objwb.Cells(1, 5).Value = "Email"
objwb.Cells(1, 6).Value = "Addr1"
objwb.Cells(1, 7).Value = "Title"
objwb.Cells(1, 8).Value = "Department"
End Sub
MsgBox "User dump has completed.", 64, "AD Dump" ' show that script is complete

Here is a test version
Set xl = CreateObject("Excel.Application")
xl.Visible = True
Set wb = xl.Workbooks.Add()
Set sheet = wb.Worksheets("sheet1")
sheet.Name = "Active Directory Users"
i = 1
With sheet
.Cells(i, 1).Value = "EmployeeID"
.Cells(i, 2).Value = "SAMAccountName"
.Cells(i, 3).Value = "FirstName"
.Cells(i, 4).Value = "LastName"
.Cells(i, 5).Value = "Email"
.Cells(i, 6).Value = "Addr1"
.Cells(i, 7).Value = "Title"
.Cells(i, 8).Value = "Department"
End With
Set users = GetADUsers()
While Not users.EOF
i = i + 1
With sheet
.Cells(i, 1).Value = users("employeeID")
.Cells(i, 2).Value = users("samAccountName")
.Cells(i, 3).Value = users("GivenName")
.Cells(i, 4).Value = users("sn")
.Cells(i, 5).Value = users("mail")
.Cells(i, 6).Value = users("streetAddress")
.Cells(i, 7).Value = users("Title")
.Cells(i, 8).Value = users("Department")
End With
users.MoveNext
Wend
Function GetADUsers()
Set rootDSE = GetObject("LDAP://RootDSE")
base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
filt = "(&(objectClass=user)(objectCategory=Person))"
attr = "employeeid,SAMAccountName,mail,GivenName,sn,streetAddress,Title,Department"
scope = "subtree"
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.CommandText = base & ";" & filt & ";" & attr & ";" & scope
Set GetADUsers = cmd.Execute()
End Function
¯\_(ツ)_/¯

Synchronization with Active Directory issue - Error ID 1004

I found the Application Event Log error below.
Error ID 1004: The resource 'D:\SharePoint 2010\14.0\Service\Microsoft.ResourceManagement.Service.exe' does not exist.
This means, the Network Service account does not have rights to the %programfiles%\Microsoft Office Servers\14.0 folder so,
the User Profile Synchronisation with Active Directory does not run properly.
The solution is to grant read access to the Network Service account to the ...\14.0 folder.
https://support2.microsoft.com/kb/2473430?wa=wsignin1.0
But I cannot find %programfiles%\Microsoft
Office Servers\14.0 folder. Instead
there is a folder in D drive: 'D:\SharePoint 2010\14.0 and I granted read access to the Network Service account to this
folder and ran Full synchronization but still not a joy.
Could you please advise me?
Thanks

Thanks Victoria,
I granted full access to the user
NETWORK SERVICE:, which
is listed in the error message on the folder D:\SharePoint 2010\14.0.
Then reset IIS and ran a full
synchronization, but there are still some user accounts who are a member of an AD group (this AD group has contribute right to the Intranet) and when
I check permission for those users, it seems they don't inherit permission from that AD group.
For example :
AD group name: TeamMembers
TeamMembers has contribute
permission.
user1, user2, user3 and user4 are members of TeamMembers
user1 and user2 have contribute
permissionGiven through the "TeamMembers"
group.
user3 and user4 have no permission!!!
I don't know what the problem is. I don't have access to Active Directory but the people who have access to say all users are members of that AD group.
Could you please advise?
Thanks

Error while running AD User Target Recon

Hi,
We are getting the below error while running AD User Target Recon:
[2012-09-04T10:07:32.262-04:00] [oim_server2] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 98fe4d9aa175090d:7101298f:13991840195:-8000-0000000000000235,0] [APP: oim#11.1.2.0.0] ADP ClassLoader failed to load: Script1[[
java.lang.ClassNotFoundException: ADP ClassLoader failed to load: Script1
at com.thortech.xl.dataobj.tcADPClassLoader.findClass(tcADPClassLoader.java:229)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at oracle.iam.scheduler.vo.ClassLoaderObjectInputStream.resolveClass(ClassLoaderObjectInputStream.java:72)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
at java.io.ObjectInputStream.readClass(ObjectInputStream.java:1461)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1311)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:78)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1282)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3074)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.perform(LookupActor.java:2495)
at oracle.iam.consoles.faces.mvc.canonic.Model.perform(Model.java:579)
at oracle.iam.consoles.faces.mvc.admin.Model.perform(Model.java:326)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doPerform(Controller.java:257)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:179)
at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:889)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:379)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:179)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
[2012-09-04T10:07:32.314-04:00] [oim_server2] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 98fe4d9aa175090d:7101298f:13991840195:-8000-0000000000000235,0] [APP: oim#11.1.2.0.0] [[
java.lang.NullPointerException
at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:76)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1282)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3074)
at oracle.iam.features.scheduler.agentry.operations.LookupActor.perform(LookupActor.java:2495)
at oracle.iam.consoles.faces.mvc.canonic.Model.perform(Model.java:579)
at oracle.iam.consoles.faces.mvc.admin.Model.perform(Model.java:326)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doPerform(Controller.java:257)
at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:179)
at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:675)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:889)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:379)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:179)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Have anyone faced this issue ?? Any idea how to resolve this ??
Thanks,
Hrushi

920194 wrote:
Hi Bikash,
Thank you that helped a bit!! I see the same behaviour i.e., recon events are created when using displayName or givenName attribute and it does not work using "samAccountName". Were you able to find the solution for this ??The solution would have to be provided by Oracle as this looks like a bug, since the connector doc gives example of filter as samAccountName.
Also, when we reconcile using displayName/givenName attribute, even though the recon event is created, the status if the scheduler is Failed with "oracle.iam.connectors.icfcommon.exceptions.OIMException: Thor.API.Exceptions.tcAPIException: Row index out of bounds" Any idea on this ??Full stacktrace??
Thanks,
Hrushi

Issue with Active Directory User Target Recon

Similar Messages

Maybe you are looking for