Script to logout users from a specific group, when queries are long

Similar Messages

• Get OSX to retrieve users from a specific AD OU.

  Hi All,
  I work in a school with OSX and AD, two campuses (Secondary and Junior). On the Secondary campus we run the 'Golden Triangle' pretty well, but we just present a login box for users. On our Junior campus we run OSX as it's own directory master, with the WGM preference showing a list of names of network users.
  Now while I can quite easily point our Junior school OSX server to our AD and get all the users showing in a list, we don't need to have all the Secondary school users showing in the Junior school list.
  Is there a way to only show network users from a specific AD OU in the list of network users when we bind our OD to AD?
  Thanks,
  Dustin

  There are a number of ways to accomplish this, but AFAIK none of them is straightforward like writing a script to accomplish the task.
  This could be accomplished quite readily with the Essbase API.
  Unfortunately, when Maxl outputs tabular data such as what comes out after DISPLAY SESSION ALL; - it comes out as all one big string with lots of spaces.
  So to parse that output you would need to use a language that can tokenize the text into a collection and parse that for the users.
  Then you need to do the same sort of thing after running DISPLAY USER IN GROUP ALL; (or instead of all, use a specific group name);
  Then run ALTER SYSTEM LOGOUT SESSION BY USER <parsed_username>;
  What would be ideal (hello Oracle... <wink> ) is a MAXL command ALTER SYSTEM LOGOUT SESSION BY GROUP <GroupName>;
  The way I would approach this would be to write a little utility that does exaclty what you seek:
  - Scan the current session periodically (say, once every 5 mins)
  - for each user that belongs to group(s) <group>(<group>...)
  - if user has an open query running longer than n minutes, kill the user request.
  This way you're not kicking people, your just taking back resources. Of course you can be more aggressive and code it to kick the user by forcefully ending (invalidating) his session too.
  I can give you a hand with this offline if you want.
  Robb

• Adding and removing current user from one SharePoint group to another with event receiver

  hi friends
  i need to change current user from one SharePoint group to another with list item adding event receiver.
  please help me

  Hi Malli,
  Greetings. Its nt possible
  http://sharepoint.stackexchange.com/questions/42286/event-receivers-on-add-remove-users
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Remove users from all distribution groups in Microsoft 365

  Hello
  I would like to know if there is a way I can remove a user from all distribution groups in Microsoft 365. I have a rather large list of users that this would need to be applied to though.
  Any help would be greatly appreciated.
  John

  I would assume yes since there is a cmdlet called, "Remove-DistributionGroupMember", you usually have to have to post some code of what you have
  tried or working on to get further help from most other people here. 

• How to remove user from custom DLU Group

  Hi,
  I have created a DLU policy that creates a local user, and places this user
  in a custom local group (Group is already present on the system). Now I want
  to remove this user from this custom group and place it in another custom
  group. I have created a second DLU policy to place the user in the new
  custom group. The new custom group is added fine, but the old custom group
  assignment also remains. How should I set up the policy so that the user is
  removed from the old custom group, or is this not possible?
  Regards,
  Hen

  Hen,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• How to add users from person or group field in a sharepoint list to sharepoint group

  Hi,
  How to add users(single or multiple) from person or group field in a sharepoint list to sharepoint group programmatically?
  Any suggestions would be appreciated.
  Thank you,
  AA.

  Hello,
  Use SPGroup.AddUser() method to add user in group. I have just written sample code in notepad so it is not tested:
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using(SPSite Site = new SPSite(SPContext.Current.Site.Url))
  Using(SPWeb Web = Site.OpenWeb())
  SPList list = web.Lists["ListName"];
  SPQuery query=new SPQuery ();
  query.Query = "<Where><Eq><FieldRef Name='Title' /><Value Type='Text'>Test</Value></Eq></Where>";
  SPListItemCollection items = list.GetItems(query);
  if(items.Count > 0)
  foreach(SPListItem item in items)
  //Get USers from person or group column
  SPFieldUser userField = (SPFieldUser)item.Fields.GetField("Users");
  SPFieldUserValueCollection userFieldValueCollection = (SPFieldUserValueCollection)userField.GetFieldValue(item["Users"].ToString());
  SPGroup spGroup = spSite.RootWeb.Groups[groupName];//group name
  if (users.Count != 0)
  bool isUserInGroup = false;
  foreach (SPFieldUserValue user in users)
  foreach (SPUser item in spGroup.Users)
  string itemUserName = item.LoginName;
  string UserName = user.User.LoginName;
  if (itemUserName == UserName)
  isUserInGroup = true;
  break;
  if (!isUserInGroup)
  spGroup.AddUser(user.User);
  The above code will query list item and then get users from "Users" column. Now it will check whetehr user is already in group not, if not then add user in group.
  http://rajanijilla.blogspot.sg/2012/09/add-users-to-group-programmatically.html
  Hope it could help
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• Restricting end user to one specific group with anyconnect

  Hello all
  I just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication.  I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account.  How do I restrict this so that the user can only use one profile?  Currently users capable of VPN would be placed in one specifc AD group so that is what SecureACS checks.  Is there a sample configuration guide to handle multiple profiles with different levels of access?

  Alternatively, you can use Radius authorization to place user into a specific group-policy:
  - Configure the Group-Policy attribute under Radius to be OU=
  http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_extserver.html#wp1605475
  On  the ASA, just configure 1 tunnel-group, and depending on the  authentication, the user will be placed into the correct group-policy  specified under the ACS server.

• C#: Sending email from a specific account when multiple accounts exist in Outlook?

  Somehow I accidentally deleted this message trying to edit it... sorry.
  Microsoft.Office.Interop.Outlook.Application outApp = null;
  outApp = Marshal.GetActiveObject("Outlook.Application") as Microsoft.Office.Interop.Outlook.Application;
  MailItem mailItem = (MailItem)outApp.CreateItem(OlItemType.olMailItem);
  mailItem.Subject = "Director Script Confirmation Request";
  mailItem.To = person;
  mailItem.Body = message;
  //mailItem.Display(false);
  mailItem.Send();
  How do I send email from a specific account when multiple accounts exist in Outlook?
  Below is the code that I have. I think I'm supposed to use the AddressEntry or AddressEntries to designate where emails are sent from. However, at the moment, I haven't found an example.
  SV

  Hello SV,
  The MailItem class provides the
  SendUsingAccount property which allows to set an Account object
  that represents the account under which the MailItem is
  to be sent. Here is what MSDN states:
  The SendUsingAccount property can be used to specify the account
  that should be used to send the MailItem when the Send method
  is called.
  Sub SendUsingAccount()
  Dim oAccount As Outlook.account
  For Each oAccount In Application.Session.Accounts
  If oAccount.AccountType = olPop3 Then
  Dim oMail As Outlook.MailItem
  Set oMail = Application.CreateItem(olMailItem)
  oMail.Subject = "Sent using POP3 Account"
  oMail.Recipients.Add ("[email protected]")
  oMail.Recipients.ResolveAll
  oMail.SendUsingAccount = oAccount
  oMail.Send
  End If
  Next
  End Sub

• How can I remove computers from my itunes account when I no longer have the computers?

  How can I remove computers from my itunes account when I no longer have the computers?

  De-authorise all, then authorise the one you still have.

• Can you still download from UK i tunes when you are traveling abroad - I have UK i-tunes, but going to study in Europe, but still want to use my UK account?

  can you still download from UK i tunes when you are traveling abroad - I have UK i-tunes, but going to study in Europe, but still want to use my UK account?

  You can ONLY buy from the itunes store of your country of residence ( proven by the valid billing address on your credit card) and ONLY while inside the borders of that country.

• PS script to disable users / Audit and remove Groups / Hide from GAL have bits but need to put it together

  Hi All
  I am trying to get a script together to run against a specific OU (our disabled Users OU) to make the process of leavers more automated.
  I am trying to achieve the 4 main outcomes below
  1. Disable User account 
  2. Hide from GAL
  3. Export users group membership to a file based on SamAccountName
  4. Remove users from all groups except domain users
  I have some parts of this working from other peoples scripts i have found on the web but need to tie it all together which is proving to be beyond my basic scripting ability
  Below is what i have so far, this does disable users / hide from GAL and remove groups however as stated i would really like it to export the group membership to a file before removing them so i have a record should a mistake be made.
  $users= get-aduser -Filter {(Enabled -eq "True")} -SearchBase "ou=Disabled Accounts,dc=test2k8,dc=local"
  Function RemoveMemberships
  param([string]$SAMAccountName)
  $user = Get-ADUser $SAMAccountName -properties memberof
  $userGroups = $user.memberof
  $userGroups | %{get-adgroup $_ | Remove-ADGroupMember -confirm:$false -member $SAMAccountName}
  $userGroups = $null
  $users | %{RemoveMemberships $_.SAMAccountName}
  ForEach ($user in $users)
  set-aduser -identity $user.sAMAccountName -Enabled $false -replace @{msExchHideFromAddressLists=$true}
  exit
  If there is anyone here that can help i would be very grateful
  Many Thanks
  Nick

  Try this:
  $Users = get-aduser -Filter {(Enabled -eq "True")} -SearchBase "ou=DisabledAccounts,dc=test2k8,dc=local"
  Function Remove-GroupMembership
  [CmdletBinding()]
  param
  [parameter(ValueFromPipeline=$true)]
  $Identity
  process
  if ($Identity -is [string] -or !$Identity.memberof)
  $Identity = Get-ADUser $Identity -properties memberof
  Write-Verbose -message $Identity.samAccountname
  foreach ($Group in $Identity.memberof)
  Write-Verbose $Group
  Remove-ADGroupMember $Group -confirm:$false -member $Identity
  $Users | Remove-GroupMembership -verbose 4> c:\users\mmcnabb\desktop\groups.txt
  forEach ($User in $Users)
  set-aduser -identity $user.sAMAccountName -Enabled $false -replace @{msExchHideFromAddressLists=$true}
  It uses the verbose stream to redirect the groups out to a text file of your choice. Please note this is untested so please use with caution.

• Script Help - Adding Users from AD Group to Computer Object Attribute

  Environment:
  Computer Objects have the following name convention - USERNAME-INV#-PC.  An example is TEST1-54321-D.  There is a GPO in place that adds any user populated under the managedBy attribute in a computer object to the administrators group for that computer
  object.
  Scenario:
  Create "Local PC Admin" group
  When user TEST1 gets added to the "Local PC Admin" group, a powershell script that runs on an hourly scheduled task goes out and finds any computer object (that is not a server) that has TEST1 in its name.  For example, TEST1-54321-D for desktop
  and TEST1-98765-L for laptop.
  It then adds the user to the managedBy attribute of the computer object and appends the text "added as local admin on <currentdate>" to the computerobject description.
  If TEST2 is added to the group later, the script should see that TEST1 has already been added and only add TEST2 to the managedBy attribute to the appropriate computer as well as the "added as local admin on <currentdate>".
  Still thinking how this can be automated when a user is removed from the "Local PC Admin" group.
  Can somebody please find holes in this scenario or suggest a better method to approach this?

  Security nightmare?  How so?  Regular domain users cannot modify the "managedBy"  computer object attribute.
  The "Local PC Admin" group would be a ADUC security group.  The Help Desk and Network Admins would be the only ones that can either add users to the group or directly modify the "managedBy" computer object attribute.
  The Group Policy that runs against the desktops/laptops looks to see if the managedBy attribute of the computer object is populated.  If so, it adds that user as a local admin to their workstation/laptop and removes any other user/group not specified
  and given local admin rights.  This would only be done for a handful of users (those in the Local PC Admin group) that need admin access ; in other words, the attribute would only be populated for a few computer objects and not the entire organization.
   If it is not populated, it does nothing and leaves the default admins on it. 
  More info on how the GPO works here: http://fbinotto.blogspot.com/2014/01/making-user-object-set-in-managedby.html

• How to retrieve all users in a specific group

  Hi,
  I am using SunOne directory server. Can someone please post a sample code that illustrates how to fetch all the list of users in a particular group.
  1) Let's say I want to find all the users in a group called "marketing". The root context is dc=mycompany,dc=com This group can be anywhere below this root context. Only information I am told is the name of the group - "marketing". How will I get all the users in this group?
  2) For each user that is retrieved from the group marketing, how will I find out the user's DN?
  Thanks for the help,
  - Satish

  Do it like this...
  String searchBase = "ou=marketing";
  StringBuffer filter = new StringBuffer();
  filter.append("(|");
  if (organizationName != null && !organizationName.trim().equals("")) {
       filter.append("(");
       filter.append(ou);
       filter.append("=");
       filter.append("marketing");
       filter.append(")");
  SearchControls constraints = new SearchControls();
  constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
  constraints.setCountLimit(200); // How many users should be found
  constraints.setTimeLimit(100000); // how much time should this search wait
  // Get a initial context and set it to the ctx object
  ctx.search(searchBase, filter.toString(), constraints);

• Why two different users from same login group not able to access the database object(stored procedure)?

  I have SQL login group as "SC_NT\group_name" in server. There are multiple users using this login group to access database objects. User "A" can able to access db object(stored_procedure_1) from .net application. But when user "B"
  tried to access same db object(stored_procedure_1), its showing like
  Error: The EXECUTE permission was denied on the object 'stored_procedure_1', database 'test',schema 'dbo'. 
  Both the users are using windows authentication for access the objects. Could you suggest me the way to resolve this?
  Venkat

  Thanks for your response
  Erland Sommarskog....
  my stored procedure "stored_procedure_1"
  does not has any granted permissions to execute. But still user A
  able to execute the sp from UI, where user B not able to do it.  If any permission provided for a particular object, then only it will display in the above query whatever u have given.  
  Any other possibilities??
  Venkat G

• Shared Services 11.1.2 Unable to remove assigned user from a security group

  In Shared Services 11.1.2 - trying to remove a user from the assigned users list of a security group. Initially, I am able to remove the user and the assigned users total decreases by one - but when I relaunch the group properties - this user is still in there? The change does not hold. Any suggestions would be appreciated - thanks,
  Paul

  Hello Paul,
  Not sure if this is related to yours, but it might be worth having a look at the following articles on Oracle support --
  External users in EPM Shared Services (e.g. MSAD users) cannot be removed from Native groups if they have multiple IDs in the external user directory. [ID 1526569.1]
  Users from External User Directories Cannot be Removed from Native Groups [ID 1272309.1]
  Thanks,
  hyperionEPM
  Please mark answers as correct or helpful for others to find them easily.