Script to logout users from a specific group, when queries are long
Hi,
I have a requirement that users from a specific group need to be logged out, when they are running queries for more than say 20 mins.
I could get the list of users from that group and could get the list of active sessions on the application, but I get too many info there like connection IP request state etc. and if I spool it to a file, output is not very easy to format to select what's required, rather I have to write lot of shell scripting to format the file.
So my question here is to know if there's a MAXL script or any other method through which I can just get only couple of columns from the "display session on application <app name>" that I require for my work like username, session ID, DB connect time, and request time.
Thanks!!
There are a number of ways to accomplish this, but AFAIK none of them is straightforward like writing a script to accomplish the task.
This could be accomplished quite readily with the Essbase API.
Unfortunately, when Maxl outputs tabular data such as what comes out after DISPLAY SESSION ALL; - it comes out as all one big string with lots of spaces.
So to parse that output you would need to use a language that can tokenize the text into a collection and parse that for the users.
Then you need to do the same sort of thing after running DISPLAY USER IN GROUP ALL; (or instead of all, use a specific group name);
Then run ALTER SYSTEM LOGOUT SESSION BY USER <parsed_username>;
What would be ideal (hello Oracle... <wink> ) is a MAXL command ALTER SYSTEM LOGOUT SESSION BY GROUP <GroupName>;
The way I would approach this would be to write a little utility that does exaclty what you seek:
- Scan the current session periodically (say, once every 5 mins)
- for each user that belongs to group(s) <group>(<group>...)
- if user has an open query running longer than n minutes, kill the user request.
This way you're not kicking people, your just taking back resources. Of course you can be more aggressive and code it to kick the user by forcefully ending (invalidating) his session too.
I can give you a hand with this offline if you want.
Robb
Similar Messages
-
Get OSX to retrieve users from a specific AD OU.
Hi All,
I work in a school with OSX and AD, two campuses (Secondary and Junior). On the Secondary campus we run the 'Golden Triangle' pretty well, but we just present a login box for users. On our Junior campus we run OSX as it's own directory master, with the WGM preference showing a list of names of network users.
Now while I can quite easily point our Junior school OSX server to our AD and get all the users showing in a list, we don't need to have all the Secondary school users showing in the Junior school list.
Is there a way to only show network users from a specific AD OU in the list of network users when we bind our OD to AD?
Thanks,
DustinThere are a number of ways to accomplish this, but AFAIK none of them is straightforward like writing a script to accomplish the task.
This could be accomplished quite readily with the Essbase API.
Unfortunately, when Maxl outputs tabular data such as what comes out after DISPLAY SESSION ALL; - it comes out as all one big string with lots of spaces.
So to parse that output you would need to use a language that can tokenize the text into a collection and parse that for the users.
Then you need to do the same sort of thing after running DISPLAY USER IN GROUP ALL; (or instead of all, use a specific group name);
Then run ALTER SYSTEM LOGOUT SESSION BY USER <parsed_username>;
What would be ideal (hello Oracle... <wink> ) is a MAXL command ALTER SYSTEM LOGOUT SESSION BY GROUP <GroupName>;
The way I would approach this would be to write a little utility that does exaclty what you seek:
- Scan the current session periodically (say, once every 5 mins)
- for each user that belongs to group(s) <group>(<group>...)
- if user has an open query running longer than n minutes, kill the user request.
This way you're not kicking people, your just taking back resources. Of course you can be more aggressive and code it to kick the user by forcefully ending (invalidating) his session too.
I can give you a hand with this offline if you want.
Robb -
Adding and removing current user from one SharePoint group to another with event receiver
hi friends
i need to change current user from one SharePoint group to another with list item adding event receiver.
please help meHi Malli,
Greetings. Its nt possible
http://sharepoint.stackexchange.com/questions/42286/event-receivers-on-add-remove-users
Please remember to click 'Mark as Answer' on the answer if it helps you -
Remove users from all distribution groups in Microsoft 365
Hello
I would like to know if there is a way I can remove a user from all distribution groups in Microsoft 365. I have a rather large list of users that this would need to be applied to though.
Any help would be greatly appreciated.
JohnI would assume yes since there is a cmdlet called, "Remove-DistributionGroupMember", you usually have to have to post some code of what you have
tried or working on to get further help from most other people here. -
How to remove user from custom DLU Group
Hi,
I have created a DLU policy that creates a local user, and places this user
in a custom local group (Group is already present on the system). Now I want
to remove this user from this custom group and place it in another custom
group. I have created a second DLU policy to place the user in the new
custom group. The new custom group is added fine, but the old custom group
assignment also remains. How should I set up the policy so that the user is
removed from the old custom group, or is this not possible?
Regards,
HenHen,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
How to add users from person or group field in a sharepoint list to sharepoint group
Hi,
How to add users(single or multiple) from person or group field in a sharepoint list to sharepoint group programmatically?
Any suggestions would be appreciated.
Thank you,
AA.Hello,
Use SPGroup.AddUser() method to add user in group. I have just written sample code in notepad so it is not tested:
SPSecurity.RunWithElevatedPrivileges(delegate()
using(SPSite Site = new SPSite(SPContext.Current.Site.Url))
Using(SPWeb Web = Site.OpenWeb())
SPList list = web.Lists["ListName"];
SPQuery query=new SPQuery ();
query.Query = "<Where><Eq><FieldRef Name='Title' /><Value Type='Text'>Test</Value></Eq></Where>";
SPListItemCollection items = list.GetItems(query);
if(items.Count > 0)
foreach(SPListItem item in items)
//Get USers from person or group column
SPFieldUser userField = (SPFieldUser)item.Fields.GetField("Users");
SPFieldUserValueCollection userFieldValueCollection = (SPFieldUserValueCollection)userField.GetFieldValue(item["Users"].ToString());
SPGroup spGroup = spSite.RootWeb.Groups[groupName];//group name
if (users.Count != 0)
bool isUserInGroup = false;
foreach (SPFieldUserValue user in users)
foreach (SPUser item in spGroup.Users)
string itemUserName = item.LoginName;
string UserName = user.User.LoginName;
if (itemUserName == UserName)
isUserInGroup = true;
break;
if (!isUserInGroup)
spGroup.AddUser(user.User);
The above code will query list item and then get users from "Users" column. Now it will check whetehr user is already in group not, if not then add user in group.
http://rajanijilla.blogspot.sg/2012/09/add-users-to-group-programmatically.html
Hope it could help
Hemendra:Yesterday is just a memory,Tomorrow we may never see
Please remember to mark the replies as answers if they help and unmark them if they provide no help -
Restricting end user to one specific group with anyconnect
Hello all
I just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication. I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account. How do I restrict this so that the user can only use one profile? Currently users capable of VPN would be placed in one specifc AD group so that is what SecureACS checks. Is there a sample configuration guide to handle multiple profiles with different levels of access?Alternatively, you can use Radius authorization to place user into a specific group-policy:
- Configure the Group-Policy attribute under Radius to be OU=
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_extserver.html#wp1605475
On the ASA, just configure 1 tunnel-group, and depending on the authentication, the user will be placed into the correct group-policy specified under the ACS server. -
C#: Sending email from a specific account when multiple accounts exist in Outlook?
Somehow I accidentally deleted this message trying to edit it... sorry.
Microsoft.Office.Interop.Outlook.Application outApp = null;
outApp = Marshal.GetActiveObject("Outlook.Application") as Microsoft.Office.Interop.Outlook.Application;
MailItem mailItem = (MailItem)outApp.CreateItem(OlItemType.olMailItem);
mailItem.Subject = "Director Script Confirmation Request";
mailItem.To = person;
mailItem.Body = message;
//mailItem.Display(false);
mailItem.Send();
How do I send email from a specific account when multiple accounts exist in Outlook?
Below is the code that I have. I think I'm supposed to use the AddressEntry or AddressEntries to designate where emails are sent from. However, at the moment, I haven't found an example.
SVHello SV,
The MailItem class provides the
SendUsingAccount property which allows to set an Account object
that represents the account under which the MailItem is
to be sent. Here is what MSDN states:
The SendUsingAccount property can be used to specify the account
that should be used to send the MailItem when the Send method
is called.
Sub SendUsingAccount()
Dim oAccount As Outlook.account
For Each oAccount In Application.Session.Accounts
If oAccount.AccountType = olPop3 Then
Dim oMail As Outlook.MailItem
Set oMail = Application.CreateItem(olMailItem)
oMail.Subject = "Sent using POP3 Account"
oMail.Recipients.Add ("[email protected]")
oMail.Recipients.ResolveAll
oMail.SendUsingAccount = oAccount
oMail.Send
End If
Next
End Sub -
How can I remove computers from my itunes account when I no longer have the computers?
How can I remove computers from my itunes account when I no longer have the computers?
De-authorise all, then authorise the one you still have.
-
can you still download from UK i tunes when you are traveling abroad - I have UK i-tunes, but going to study in Europe, but still want to use my UK account?
You can ONLY buy from the itunes store of your country of residence ( proven by the valid billing address on your credit card) and ONLY while inside the borders of that country.
-
Hi All
I am trying to get a script together to run against a specific OU (our disabled Users OU) to make the process of leavers more automated.
I am trying to achieve the 4 main outcomes below
1. Disable User account
2. Hide from GAL
3. Export users group membership to a file based on SamAccountName
4. Remove users from all groups except domain users
I have some parts of this working from other peoples scripts i have found on the web but need to tie it all together which is proving to be beyond my basic scripting ability
Below is what i have so far, this does disable users / hide from GAL and remove groups however as stated i would really like it to export the group membership to a file before removing them so i have a record should a mistake be made.
$users= get-aduser -Filter {(Enabled -eq "True")} -SearchBase "ou=Disabled Accounts,dc=test2k8,dc=local"
Function RemoveMemberships
param([string]$SAMAccountName)
$user = Get-ADUser $SAMAccountName -properties memberof
$userGroups = $user.memberof
$userGroups | %{get-adgroup $_ | Remove-ADGroupMember -confirm:$false -member $SAMAccountName}
$userGroups = $null
$users | %{RemoveMemberships $_.SAMAccountName}
ForEach ($user in $users)
set-aduser -identity $user.sAMAccountName -Enabled $false -replace @{msExchHideFromAddressLists=$true}
exit
If there is anyone here that can help i would be very grateful
Many Thanks
NickTry this:
$Users = get-aduser -Filter {(Enabled -eq "True")} -SearchBase "ou=DisabledAccounts,dc=test2k8,dc=local"
Function Remove-GroupMembership
[CmdletBinding()]
param
[parameter(ValueFromPipeline=$true)]
$Identity
process
if ($Identity -is [string] -or !$Identity.memberof)
$Identity = Get-ADUser $Identity -properties memberof
Write-Verbose -message $Identity.samAccountname
foreach ($Group in $Identity.memberof)
Write-Verbose $Group
Remove-ADGroupMember $Group -confirm:$false -member $Identity
$Users | Remove-GroupMembership -verbose 4> c:\users\mmcnabb\desktop\groups.txt
forEach ($User in $Users)
set-aduser -identity $user.sAMAccountName -Enabled $false -replace @{msExchHideFromAddressLists=$true}
It uses the verbose stream to redirect the groups out to a text file of your choice. Please note this is untested so please use with caution. -
Script Help - Adding Users from AD Group to Computer Object Attribute
Environment:
Computer Objects have the following name convention - USERNAME-INV#-PC. An example is TEST1-54321-D. There is a GPO in place that adds any user populated under the managedBy attribute in a computer object to the administrators group for that computer
object.
Scenario:
Create "Local PC Admin" group
When user TEST1 gets added to the "Local PC Admin" group, a powershell script that runs on an hourly scheduled task goes out and finds any computer object (that is not a server) that has TEST1 in its name. For example, TEST1-54321-D for desktop
and TEST1-98765-L for laptop.
It then adds the user to the managedBy attribute of the computer object and appends the text "added as local admin on <currentdate>" to the computerobject description.
If TEST2 is added to the group later, the script should see that TEST1 has already been added and only add TEST2 to the managedBy attribute to the appropriate computer as well as the "added as local admin on <currentdate>".
Still thinking how this can be automated when a user is removed from the "Local PC Admin" group.
Can somebody please find holes in this scenario or suggest a better method to approach this?Security nightmare? How so? Regular domain users cannot modify the "managedBy" computer object attribute.
The "Local PC Admin" group would be a ADUC security group. The Help Desk and Network Admins would be the only ones that can either add users to the group or directly modify the "managedBy" computer object attribute.
The Group Policy that runs against the desktops/laptops looks to see if the managedBy attribute of the computer object is populated. If so, it adds that user as a local admin to their workstation/laptop and removes any other user/group not specified
and given local admin rights. This would only be done for a handful of users (those in the Local PC Admin group) that need admin access ; in other words, the attribute would only be populated for a few computer objects and not the entire organization.
If it is not populated, it does nothing and leaves the default admins on it.
More info on how the GPO works here: http://fbinotto.blogspot.com/2014/01/making-user-object-set-in-managedby.html -
How to retrieve all users in a specific group
Hi,
I am using SunOne directory server. Can someone please post a sample code that illustrates how to fetch all the list of users in a particular group.
1) Let's say I want to find all the users in a group called "marketing". The root context is dc=mycompany,dc=com This group can be anywhere below this root context. Only information I am told is the name of the group - "marketing". How will I get all the users in this group?
2) For each user that is retrieved from the group marketing, how will I find out the user's DN?
Thanks for the help,
- SatishDo it like this...
String searchBase = "ou=marketing";
StringBuffer filter = new StringBuffer();
filter.append("(|");
if (organizationName != null && !organizationName.trim().equals("")) {
filter.append("(");
filter.append(ou);
filter.append("=");
filter.append("marketing");
filter.append(")");
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setCountLimit(200); // How many users should be found
constraints.setTimeLimit(100000); // how much time should this search wait
// Get a initial context and set it to the ctx object
ctx.search(searchBase, filter.toString(), constraints); -
I have SQL login group as "SC_NT\group_name" in server. There are multiple users using this login group to access database objects. User "A" can able to access db object(stored_procedure_1) from .net application. But when user "B"
tried to access same db object(stored_procedure_1), its showing like
Error: The EXECUTE permission was denied on the object 'stored_procedure_1', database 'test',schema 'dbo'.
Both the users are using windows authentication for access the objects. Could you suggest me the way to resolve this?
VenkatThanks for your response
Erland Sommarskog....
my stored procedure "stored_procedure_1"
does not has any granted permissions to execute. But still user A
able to execute the sp from UI, where user B not able to do it. If any permission provided for a particular object, then only it will display in the above query whatever u have given.
Any other possibilities??
Venkat G -
Shared Services 11.1.2 Unable to remove assigned user from a security group
In Shared Services 11.1.2 - trying to remove a user from the assigned users list of a security group. Initially, I am able to remove the user and the assigned users total decreases by one - but when I relaunch the group properties - this user is still in there? The change does not hold. Any suggestions would be appreciated - thanks,
PaulHello Paul,
Not sure if this is related to yours, but it might be worth having a look at the following articles on Oracle support --
External users in EPM Shared Services (e.g. MSAD users) cannot be removed from Native groups if they have multiple IDs in the external user directory. [ID 1526569.1]
Users from External User Directories Cannot be Removed from Native Groups [ID 1272309.1]
Thanks,
hyperionEPM
Please mark answers as correct or helpful for others to find them easily.
Maybe you are looking for
-
Invalid object name 'dbo.uf_GetRateSrcMember'
Hello Friends, We recently applied the SP3 (CPMBPC03P_1-20002499) for BPC 5.1. We are in Single Server environment. Our BPC 5.1 build was 5.0.486 which was required to install the SP3. After the installation it is 5.0.502 We are getting the error be
-
Hello I've packaged my classes and relevent images and html help into a jar file in a structured directory format. I'm using the method this.getClass().getResource(String path) to access the files. On linux my program executes 100%, images load, html
-
ECC Client switch to SCM 7.0
Hello, We are planning to switch our ECC Development client from 120 to 130 which is already connected to SCM system and has data related to ECC 120. When switch the ECC client from 120 to 130 and run the Integration Models again, what are possibilit
-
Hi, I have created very simple custom service - it only writes in the log. I am calling it from url and It works fine, but it is very strange that according to the logs it executes twice, if trays layout are turn on. If i turn on top menus it execute
-
I posted a verbose thread earlier - I hope this will attract more responses. We currently deploy forms 9i bespoke applications over our intranet via IE. Our group has been asked to re-engineer our forms to meet the company's SOA vision. Jdeveloper 10