LDAP Query for particular user account in local Administrators group on All Enabled Computer Accounts
Need to query on all enabled computer accounts that have a particular user account present in the local Administrators group.
Ldap query is best, because not all our machines have SCCM client
Thanks for any help you can provide. Lisa
Ya, I have 41800+ computer accounts in my directory. I think that option is not feasible :) Thanks for your reply.
I can use SCCM to do this too, but only for those that the client is running on and which are online. Thanks again.
Hope is not all lost; a scripting solution is still possible. The difference is instead of running a central script to pull info from all computers, you let the computers report back to you with the info.
If I were you, I'd do the following:
1) Create a file share and adjust the permissions so that "Domain Computers" have "Modify" Permissions.
2) Create a script similar to the 2nd link I posted above, with a bit of adjustment: at the end of the script, write the information to the file share created in (1), and name the file
ComputerName.txt
3) Use Group Policy Preference Scheduled Task to deploy the script, and make sure it only runs once.
4) Happily wait for the results to come back :)
The main benefit of this approach is you're not restricted by the computer connectivity at the moment you run the script. This is especially true if you have many mobile computers in your environment. Just wait for a reasonable time (they all need
to come back to the mother ship once a while don't they?) and the results will show up in the file share you created.
Cheers.
Similar Messages
-
Network dive map issue for particular user account.
Hi,
My one of the user want to access network drive. But when he logoff or restart the system, he lost the map drive.
He is a domain user. He already have few map drive in his profile. But now he need to map one more network drive. And special requirement is he want to access that map drive from any system from our organization. And that drive should not
get disconnect/dismount after he logoff or restart the system.
Note: User XYZ wants to access particular map network drive form any system, where he login in domain. And
no other user should be able to see or access that particular map drive.
Also if user XYZ logoff or reboot the own system, Then when next time he will login again from any system, he must be able to see and access that particular
map drive.
How do i configure this....Please help.
Regards,
Santosh PawarHi,
Using Group Policy Preferences to Map Drives could meet your requirement. It based on group membership.
About how to get it, please refer to this guide:
Using Group Policy Preferences to Map Drives Based on Group Membership
https://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx
For further help, I would like to suggest you ask Directory Services forum:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
Karen Hu
TechNet Community Support -
Add Local Users to the Local Admin Group
I am looking either via GPO or Third Party Tool. I would like to add 6 Users to the Local Admin Groups on all the computers running Windows 7/8. I want to Create a Group called "OUR Local Admins" and add these 6 local users (Not domain
Users) to this Group and then nest this Group into the Local Admin Group Built-in into Windows 8
Thank u> local users (Not domain Users) to this Group and then nest this Group
> into the Local Admin Group Built-in into Windows 8
You cannot nest local groups.
Greetings/Grüße,
Martin
Mal ein
gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me -
coke bottle design refreshment (-: -
How to find out when was local administrators group changed
Hi
Is there any way how to find out when was user added to local administrators group on server(2003 to 2012) ?Hi,
If you have auditing enabled for "Audit account management" and your security logs are not overwritten then you can look for a 4732 or 636 (Windows 2003) event ids.
https://technet.microsoft.com/en-us/library/cc737542(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/dd772663(v=ws.10).aspx
Hope it helps.
Regards,
Calin -
SCCM 2012 - How to add domain id to local administrator group of all clients
SCCM 2012 - How to add domain id to local administrator group of all clients
Hi,
i have a domain id sccmadmin which is a part of domain admins group too.
Need to add this ID to the local administrators group of all clients. How do I do this? Please help!Hi ,
you need to choose the second option .
First option will remove all the domains users from the local administrator group available in all the PC'S .Then local administrator group will only have the users updated on the members list present in group policy.
Note : Local admins accounts on the local administrators groups will not be removed.
Second option will add the newly created group to the local administrator group in all the PC'S and it will not remove the existing members in the local administrators group.
Step 1 : Just try to create one new group for SCCM management .
Step 2 : Then add the SCCM account to that group.
Step 3 : Then please create a new group policy on that just choose the second option.On that option just add the newly created group to be an member of administrator group in all the PC'S
Why i have asked you to create a new group ?
Because in second option , we don't have a option to add a individual user .
Once you have created a group policy it will like below snap.
As an additional i will tell how to find the newly created group policy is applying to computer objects or not ans also i will tell you how to force update the group policy
1.gpresult /r ----> To find the which group policy is applying on user and computer object .
2.rsop.msc ----> There you can able to find the change has been applied or not .
3.gpupdate /force -----> Forcefully updating the group policy in a client machine
4.In gpmc.msc there is one option called group policy results .That option will be used for centralized management to find the policies that are applied to a user and computer account.
5.Just check the event viewer in all the PC'S for group policy related events.
Most importantly you need to make sure all the computer accounts are placed in an ou ,where the newly created group policy is applying and also make sure that OU doesn't contain any inheritance block.
Please feel free to reply me if you have any queries.
Thanks & Regards S.Nithyanandham -
No data to retrieve in Query 1 for particular User
Error: No data to retrieve in Query 1 for particular User
Hello,
We have webi report in 3.1 version which is running fine in Infoview for particular user.
But when same report is send into Inbox of other user and if user try to run it in infoview it is giving below error.
"No data to retrieve in Query 1"
All the security and group member level settings for both the user are exactly same. What could be the reason for this behaviour.
ThanksCan you please check user is part of which group in enterprise receipts group.
Also please check dynamic receipts tab of publication where data can be filtered
Thanks,
Swapnil -
How to find out responsibility attached for particular user through query
hi
How to find out responsibility attached for particular user through query
Regards
9841672839Hi,
Following sql will help you find the responsibilities associated with the users in oracle applications.
SELECT frt.RESPONSIBILITY_NAME, furg.end_date
FROM
fnd_user_resp_groups furg,
FND_RESPONSIBILITY fr,
fnd_responsibility_tl frt,
fnd_user fu
WHERE fu.user_name = ‘&&username’
AND fu.user_id = furg.user_id
AND furg.responsibility_id = fr.RESPONSIBILITY_ID
AND frt.responsibility_id = fr.RESPONSIBILITY_ID
ORDER BY 1
Cheers... -
When I use the
"dsmgmt" command to add a user to the local administrators account of a RODC I can actually see the user when I use the "Show Role Administrators" parameter. However, I can't see the members of the
group added to the "Managed By" tab of the RODC object in AD. Even though, the users added using
"dsmgmt" and by the "Managed By" tab can all log in locally and have admin rights to the RODC. Are there any differences between these two ways of adding users to the local administrators account?Hi,
For groups, managedBy is an administrative convenience to designate “group admins”. Whatever principal listed in
managedBy gets permission to update a group’s membership (the actual security is updated on the group’s AD object to allow this).
In Win2008 and later managedBy also became the way you delegated local administration on an RODC, allowing branch admins to install patches, manage shares, etc. (http://technet.microsoft.com/en-us/library/cc755310(WS.10).aspx).
On the RODC, this is updating the RepairAdmin registry value within RODCRoles.
So the difference between them should be only the way they do the same thing.
For more details, please refer to the below article:
http://blogs.technet.com/b/askds/archive/2011/06/24/friday-mail-sack-wahoo-edition.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
IW32- order-print is giving error for particular User.
Dear Friends,
IW32- order-print is giving error for particular User and output type. Debugging authorization restricted on the system, hence I canu2019t trace out the problem. If anybody comes across such issues, please reply to the post.
Thanks In Advance for your reply.
Anil Dasari
Thanks In Advance.Hi,
Information about dump:
1. User and Transaction:
Runtime Errors MESSAGE_TYPE_X
Date and Time 06.05.2011 10:47:40
MM Used. 13116304
MM Free. 3639760
User and Transaction
Client.............. 700
User................ "BLADEF01"
Language key........ "N"
Transaction......... "IW32 "
Transactions ID..... "4DC387ECA12B684DE10000001A5B1803"
Program............. "/MRSS/SAPLRSG_PM_ORDER"
Screen.............. "SAPLCOIH 3000"
Screen line......... 33
Information on where terminated
Termination occurred in the ABAP program "/MRSS/SAPLRSG_PM_ORDER" - in
"/MRSS/RSG_MAINTAIN_MRS".
The main program was "SAPLCOIH ".
In the source code you have the termination point in line 441
of the (Include) program "/MRSS/LRSG_PM_ORDERU04".
2. Info. Where it got terminated.
Information on where terminated
Termination occurred in the ABAP program "/MRSS/SAPLRSG_PM_ORDER" - in
"/MRSS/RSG_MAINTAIN_MRS".
The main program was "SAPLCOIH ".
In the source code you have the termination point in line 441
of the (Include) program "/MRSS/LRSG_PM_ORDERU04".
3. How to correct the error.
How to correct the error
Probably the only way to eliminate the error is to correct the program.
If the error occures in a non-modified SAP program, you may be able to
find an interim solution in an SAP Note.
If you have access to SAP Notes, carry out a search with the following
keywords:
"MESSAGE_TYPE_X" " "
"/MRSS/SAPLRSG_PM_ORDER" or "/MRSS/LRSG_PM_ORDERU04"
"/MRSS/RSG_MAINTAIN_MRS"
If you cannot solve the problem yourself and want to send an error
notification to SAP, include the following information:
1.1. The description of the current problem (short dump)
To save the description, choose "System->List->Save->Local File
(Unconverted)".
2.2. Corresponding system log
Display the system log by calling transaction SM21.
Restrict the time interval to 10 minutes before and five minutes
after the short dump. Then choose "System->List->Save->Local File
(Unconverted)".
3.3. If the problem occurs in a problem of your own or a modified SAP.
I have been searching for notes recently implemented for IW32.
Thanks and Regards,
ANIL DASARI -
Identify if a particular user is authenticated locally in Apps 11i/R12
Hi,
How to identify if a particular user is authenticated locally in Apps 11i/R12 or against OID?
I think FND_USER TABLE.
ThanksCorrect - if the USER_GUID in FND_USER is populated, then the user is authenticated via OID/SSO, else user is authenticated locally.
MOS Doc 444573.1 - Basic checks for user integration when using Oracle E-Business Suite 11i with Oracle AS 10g
HTH
Srini -
Lock a tcode for particular user
Hi Experts
i need to lock few transaction for particular users only. we have n number of roles and the transactions have been assigned to some tcodes to be reasticted for a list of users. is there any method or program to built to restrict the users for few tcodes.is there any more query pl trigger me
regards
balahi
sagar:
as you said if i start creating roles to restrict some users then there atleast 25 tcodes are there to restrict and 120 roles are to be analyzed and the job becomes hefty by creating roles and there will too many number of roles and it becomes confusion in future forecast. there fore i nedd any suggestion like that the userscan be restricted when they are trying to access that particular code or lock the screen or inform them to not access these tcodes thro some message or writing a program to restrict the users while the user exits. i have an idea but i dont know how it will work - ( I am not a ABAPER) there should be tcode or program which should list tcodes authorized for particular users and where they can be locked like SM01 ( but it will lock for all) but locking for particular users
Am i more advanced??
regards
bala -
Information related to Outstanding Shopping carts for particular User
Hello All,
Is there any way(FM / table) by which we can get below info for any particular user:
1. All the SC he/she has raised
2. The outstanding SC's for particular user. (For eg: SC with amt 100, but only 70 has been confirmed)
Thanks,
DhananjayHello All,
Even I am also looking for same kind of report. I have query to delete user, but before deleting user I want to confirm is there any open SC or Held SC.
Kinldy let me know.
Thanks in advance.
Regards
Sharan -
How to disable Wifi for one user account?
Hi.
I am setting up very restricted user account in Lion that I want to use on gigs when using Ableton Live 8 on stage.
Basically, my user account should just allow to run Live 8 and nothing else.
Is it possible that the airport get switched off when login into this particular user account?
Thanks in advance for your helpEDIT: If the stuff below seems more complicated than you wish to be involved in, feel free to ignore it.
The Mac will send packets bound for the Internet to the Top-Most ACTIVE interface listed in the left side of the box at:
System Preferences > Network
If you set the 'Service Order' to have Ethernet at the top, whenever Ethernet is working, Wi-Fi will be ignored.
Set Service order is available using the gear Icon at the bottom of that box.
So all my Internet traffic is going over my Ethernet connection, even though Wi-Fi is still connected and nominally "active". -
Safari 3.1.2 crashes on startup, but only for one user account
This is weird: If I'm logged in as one user and launch Safari, it strugggles and grinds the disk for a long time, brings my start page up partway, then crashes. If I'm logged in as another user on the same machine, Safari launches in mere seconds and works fine. I have tried re-installing Safari from scratch, and have also deleted the Library/Safari folder, all to no avail. There is clearly something about this particular user account that's messed up, but I don't know what.
This is on an 1-GHz iBook G4 running OSX 10.4.11. Safari used to work fine on this user account as well, and I don't know what might have changed.First, have you installed any programs in that particular user account that are intended to enhance Safari or otherwise might influence internet/browsing activity? If so, uninstall those programs using their installers (which often have an uninstall option) or an included uninstaller if applicable.
If you don't have any such programs installed, or that doesn't fix the problem: Make sure you're logged into the account where Safari is having problems, make sure Safari is quit, and then open that user's home folder (indicated in a Finder window sidebar by the little house icon with the username) and open the Library folder inside it, then the Preferences window inside that.
(In other words navigate to \~/Library/Preferences, where "~" is the user's home folder.)
Locate the "com.apple.Safari.plist" file in that preferences folder and drag it to the trash.
Launch Safari and check to see if it's any better now.
Message was edited by: Rachel R -
Is it possible to setup a different language for the user account?
Hi,
My server is in English but many of my users will use French.
Can I setup in WGM a different language (international) for the user?The settings are changed in at least three locations for a user account. Changes are made to ~/Library/Preferences/.GlobalPreferences, ~/Library/Preferences/com.apple.HIToolBox.plist, and ~/Library/Preferences/ByHost/com.apple.HIToolBox.<MACAddress>.plist. There are a lot of keys in there that get changed and might vary between 10.4.x and 10.5.x -if you have a mixed OS environment. So while you you may be able to import the first two into WGM, the last one might be the most trouble as it's machine specific.
If you gave access to the 'International' System Prefpane, it wouldn't affect anything but the student account since their prefs are saved to a network location or to their local PHD account. Changes would revert to whatever the system default preferences were on logout. Those would be the prefs in /Library/Preferences.
The 'International' System Prefpane has many listings for the other language choices that are installed on the system which could be a source of confusion for student users. Removing those resources, using certain tools like MonoLingual, can make certain software behave badly or even make the system unusable. Use with caution.
Maybe you are looking for
-
I signed up for iCloud and downloaded everything for it. According to my iTunes account, everything should be swell, but when I try to sign into the Cloud, it tells me my Apple ID is valid but it's not an iCloud account. What do I do??IC
-
When I click on the Firefox logo it owns screen and the mail box button appears. I click on that and it requires me to enter my e-mail address and password. There is a box with a checkmark in it to stay logged in but it doesn't work. Whether it is on
-
Archive logs are not transferring to DR server in DataGuard
Dear Gurus, We have implemented data guard on 10g and it was working properly till last week.All of a sudden it is stopped working and i am getting the error in primary server alert log as "ORA-12154: TNS:could not resolve the connect identifier spec
-
MacBook Air stuck on start-up screen - cannot login
Macbook Air - 3 months old. It was shut down ok but now when trying to login the username and password fields remain blank when typing in. After hitting a few keys it acts like one key is stuck (it isn't) and random characters get input into the fiel
-
I have a full Creative Cloud subscription. How do I add email hosting to my free hosted website?