SAP and MS Active Directory 2008

Similar Messages

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g

• Active Directory 2008 and Crystal Reporting

  Hello,
  My company is planning to upgrade to Active Directory 2008 R2. But before we do so, we must understand how our servers & applications interact/work with Active Directory 2008 R2. Could you please answer the following questions in regards to your application Crystal Reporting (version 10):
  1.     How does Crystal Reporting interact with Active Directory (AD)?
  2.     Is there a specific domain controller hardcoded with Crystal Reporting ?
  3.     Does Crystal Reporting support Active Directory 2008 R2?
  Your assistance and timely response with this matter is very much appreciated. Thank you.
  - Peter

  Hi Peter,
  Crystal Reports is a standalone install on the local Work Station. AD won't affect it. Unless there is some info you are telling us about how you access CR?
  Thank you
  Don

• Integration of sap R/3 (4.7) and Microsoft active directory (2003)

  Hi All,
  I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
  Pls help me with this issue.
  Thanks in advance,
  Regards,
  Raghav.

  Hi,
  First You should read:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
  Regards,
  Jarek

• Change All User Settings in Specific OU(s) In Active Directory 2008

  I want to Change the Password of All the Users in Some OUs in active Directory 2008.
  And Also i want to Change the Attributes of all users in specific OU(s).
  What is Procedure?
  Note:- My OUs names are in Arabic Language, I feel some errors whenever i user commands in Power Shell.
  Thanks

  Hello Genius
  In addition to other expert advice about bulk modify I have to add that although my first language is not English, I personally prefer to name my OU's in English language. I experienced some problems with non-English OU's especially when it comes to reporting
  with Powershell.
  Regards.
  Mahdi Tehrani Loves Powershell
  Please Do not hesitate to click on Vote As Helpfull
  if a post helps you or Mark As Answer
  if a post answers your question.
  @Mahdi,
  PowerShell Integrated Scripting Environment (ISE) 3.0
  supports Unicode Language (Arabic, Farsi/Persian, etc.), you do not have problem with non-english. Here is example:
  New-ADUser –sAMAccountName „شنگولی“ –UserPrincipalName شنگولی@contoso.com –givenname “شنگولی” –Surname “شنگول” –displayName “شنگولی شنگول” –Name “شنگولی شنگول” –Enabled $true –Path “OU=MSFT,DC=Contoso,DC=com” –AccountPassword (ConvertTo-Securestring “Password01” –asplaintext –Force)
  More Information:
  Windows PowerShell 3.0 Integrated Scripting Environment (ISE)
  Regards

• Cakll Manager 4.1 compatibility with Active Directory 2008

  I need to know the compatibility
  between windows 2008 Active Directory and Call Manager 4.1. I was told Call Manager
  4.1 was incompatibile with windows 2008 AD. Is that Active Directory
  2008 Domain and Forest functional level? I'm moving forw
  ard with replacing all our windows 2003 DCs with Windows 2008 DCs. The question is will
  call manager 4.1 be compatible? Need actual windows 2003 DC or can WIndows 200
  3 forest and domain functional level enough?

  Hello gentlemen,
  I just wanted to let you know that we actually got everything working again on our test bed environment.The DC is running on a virtualized Windows Server 2008 but with the forest and domain functional levels at 2003. What we had to do to resolve the ICM issues (Roggers, PGs and AW/HDS) was for all of the services that wouldn't automatically start, we had to update the 'log on as' settings to re-add those accounts and re-enter the passwords. Also, when running the ICMSetup util, it came back with an error saying that it couldn't see the 'Call Center Applications' OU even though it existed. To resolve that, we ran ICMSetup again, added the ICM instance, then upon going back to the main screen, exiting then re-running ICMSetup, everything worked again and the error did not re-occur. We were able to click on the various instance components (PG1A, CG1A, etc) where as before doing that, those instances were greyed out.
  For our CallManager server 4.1(3) we didn't need to resolve anything on it. It appears to be running ok and phones are registered to it as well.
  Mind you, this is a test bed environment, and the old test bed DC was created a few years ago, and with this new one being a copy of our existing production DC, there were many changes and updates done to it, so that's probably why the old accounts weren't recognized and new ones were created.
  We don't think that will happen in our production environment, but even so, we're not going to upgrade our production DCs to Windows Server 2008 just yet.
  Thanks for the feed back.
  Joe

• SCCM report to show last logged on user and the Active Directory department attribute of that user.

  I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.

  You problem is here.
  right
  join v_R_User USR on USR.ResourceID
  = CS.ResourceID
  USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
  end up with unreliable results.
  Anyways you need to make these changes to your query.
  left
  join v_R_User USR on USR.Unique_User_Name0
  = CS.UserName0
  http://www.enhansoft.com/

• OID and MS Active Directory  LDAP information Synchronization

  Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

  Hi, I have the same question.
  Thanks,
  Malin

• Windows Active Directory 2008 And Java

  Hi,
  I need to do the following.
  1. Integrate my application's authentication module with Microsoft Windows Active Directory (Server 2008 Edition).
  2. Need to use Kerberos authentication.
  Can you please let me know what api can I use? Is there a good tutorial for this ?
  Regards,
  Pradeep.
  Edited by: user10502962 on Oct 9, 2011 12:51 AM

  Finally managed to resolve the problem.
  I tried to do a lot of things reading forums. But this is what worked.
  1. create a key store using $ keytool -genkey -keystore /home/rohan/mystore -keysize 1024 -keyalg RSA --- created "mystore" key store. From the cert file I got the information on RSA and encryption of 1024 bits.
  2. import the certificate the keystore - $ keytool -import -keystore /home/rohan/mystore -alias primarydc -file DC2K8.cer
  3. In the code just added these lines
  env.put(Context.PROVIDER_URL, "ldap://myldapserver:389"); // Port 389 on Windows Domain Controller
  String keystore = "/home/rohan/mystore";
  System.setProperty("javax.net.ssl.trustStore",keystore);
  System.setProperty("javax.net.ssl.keyStorePassword","password");
  4. Change of Password (code provided by stevead )
  StartTlsResponse tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest());
                 tls.negotiate();
                 ModificationItem[] mods = new ModificationItem[2];
  String newQuotedPassword = "\""+password+"\"";
                 byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
                 mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
                 mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD)));
                 ctx.modifyAttributes(userName, mods);
  Useful links
  http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
  http://blog.smartkey.co.uk/2010/09/working-around-a-sslhandshakeexception/
  http://www.thinkplexx.com/learn/howto/security/tools/understanding-java-keytool-working-with-crt-files-fixing-certificate-problems
  Thanks to stevead and handat for helping.
  Rohan

• MS Active Directory 2008 as UME datasource for AS Java

  Hello,
  We are running SAP EP on top of a SAP AS Java using LDAP certification, so users
  from MS Active Directory 2003 domain are trusted by the Portal
  I've now a problem with the version upgrade of MS Active Directory from 2003 to 2008,
  it seems only SAP AS ABAP supports MS AD 2008, and our instance is JAVA only
  Note 983808 - "Certified LDAP servers" also confirm this
  Do you know if AD 2008 is supported, if any note has been released about this and
  any document to help me wiith this issue?
  thanks in advance!
  Rafael

  Hi Patrick, thanks for the answer
  I checked the note and it refers about Windows 2008 and a scenario with SSO, that's not our case.
  We just have AD as a LDAP UME datasource, users must still pass user and password which
  is then checked and then login is authorized
  you mentioned AD 2008 is supported for Netweaver AS Java, could you send me any document
  or note with procedures or anything for configuring it ?
  kind regards,
  Rafael

• OIM 9.1.0 Integration with Active Directory 2008 R2

  Hi,
  My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
  My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
  Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
  Any guidance is really appreciated.
  Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
  Is this a working and supported scenario by OIM v9.1.0 ?

  I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
  -Bikash

• BOBJ SAP Integration with Active Directory SSO via Portal

  Hi all,
  We are only interating BOBJ with BW/BI and the user experience is as follows:
  Users login to the SAP Portal using their Windows Active Directory user id and password to gain access to the portal.
  From my understanding at the moment, the way the interation kit works is that the BOBJ system is configured as per the manual importing the SAP roles and SAP users who will access the Crystal reports via either GUI or Portal.
  My question is: When creating a Crystal report is created, the connection details use SAP login credentials and in the CMC the SSO option can be set so that the SAP user who has logged onto GUI or Portal can launch the report... this is fine and works as intended taken that the user logged on with his/her SAP login. As per the user experience above, users log in using their AD Login into Portal, and never use GUI, where this in theory is SSO into Portal. So how does one get past the login screens (BOBJ and database) while preserving AD SSO to SAP and BOBJ?
  Any guidance, documents or comments will be much appreciated.
  Thanks
  Jacques

  HI,
  yes it is possible:
  take a look at the blogs I did on the install and configuration (specially the SAP Authentication):
  BusinessObjects and SAP - Installation and Configuration Part 1 of 4
  Install Part #1
  BusinessObjects and SAP - Installation and Configuration Part 2 of 4
  Install Part #2
  BusinessObjects and SAP - Installation and Configuration Part 3 of 4
  Install Part #3
  BusinessObjects and SAP - Installation and Configuration Part 4 of 4
  Install Part #4
  BusinessObjects and SAP - Configure SAP Authentication
  SAP Authentication
  Important here is that:
  - the BI System is configured to accept tickets
  - the portal and BI system are configured as trusted system
  - the SAP authentication is configured
  Ingo

• OIM Active Directory 2008 integration

  Hi All,
  Has anyone integrated (or being in the process of integrating just now) OIM 9.1 with Active Directory on a Windows 2008 Server using the AD 9.1 connector or a custom connector? Any problems or other experiences with such integration?
  The 9.1.1 connector will be cerfified for AD on Windows 2008 but the current connector 9.1 (or 9.1.0.1) is only cerfified for AD on Windows 2003 or 2000.
  Thanks,
  Albin

  I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
  -Bikash

• Enable SSO APEX 4 and MS Active Directory

  Hi,
  I want enable SSO on my APEX applications. Actually, we use Microsoft Active Directory and Windows 2003 (tomorrow maybe Windows 2008).
  Regarding your experiences, what is the best solution that I can us in order to implement SSO ?
  Thanks for your help,
  I have forget to give this informations :
  - Our Oracle Server is under Linux.
  - We use Oracle Database 11GR2.
  - Our domain controller is under Windows 2003 (we will probably upgrade to 2008 this year).
  - Our APEX version is 4.1.0.00.32.
  Edited by: user7224400 on 3 févr. 2012 16:23

  Morten -- Interesting. I wish we had found that before we implemented WebLogic and the APEX listener, it may have been an interesting other option to consider. I'm not sure it would have made it past our change control folks as they might bark at the supportability/security, but it is a intriguing option.
  Patrick -- (You have a great blog by the way.). We are talking about upgrading our APEX 3.1 instances this year so I am very interested in the new authentication type. Is it doing anything other than simply retrieving the logon_user? i.e., is it actually authenticating against anything or would it just read the logon_user and let them in if they matched a known username?
  AJ -- We just converted from Oracle Portal last year. When I had Oracle Portal, I had it setup to use Windows Native Authentication following the supported solution for that and then had APEX set up as a partner application for portal. So if someone hit portal first, they'd automatically logon as their active directory user through WNA and would be dropped into portal. If they then hit a link for APEX in portal, it would (in rapid succession) go to APEX, redirect back to the portal SSO server, see they were authenticated in app server, and drop them into APEX with barely a visible screen flicker. It worked flawlessly UNTIL we started upgrading to Windows 7. Then a number of changes and patches are required to get WNA to work with app server 10g and Windows 7. If you are using portal in your 10g IAS, you may want to consider that route.
  Pardon me while I hop on my soapbox briefly -- I think if our friends in Oracle land could come out with a fully supported method of using NTLM or similar technologies to automatically login to APEX applicaitons, it would help considerably in the adoption of APEX and the APEX listener in customers that have Oracle databases and Active Directory which is a pretty decent size market.
  Ok, soapbox moment ended. :-)
  Rgds/Mark M.

• Oracle account and microsoft active directory password synchronisation

  Hi
  We are migrating our application to use windows active directory authentication. We have separate oracle account for
  each logged in user in the application, and these oracle credentials have to be the same as the windows active directory
  credentials.
  Also, a password change on windows Active directory should change the oracle account password.
  Is there a tool available to manage and synchronize the microsoft active directory and oracle account.
  We use oracle 10g and application is hosted on Windows 2008 server.
  Thanks
  Karthik

  There's an OOTB connector for Password Synch between AD -> OIM. Please use that.
  http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
  For password synch, OIM- AD/Oracle, you can use triggers.
  Enabling update for provisioned user in OIM11g