Use Microsoft Online Directory Services as a user authentication provider for our own SharePoint farm?

Similar Messages

• Can i use Microsoft Windows 7 Home Premium SP1 64-bit - OEM for bootcamp?

  Someone suggested to use
  Microsoft Windows 7 Home Premium SP1 64-bit - OEM for bootcamp.
  Can i use Microsoft Windows 7 Home Premium SP1 64-bit - OEM to use in bootcamp to install windows 7 on my mac book pro 13 inch?
  thank you.
  PS: i bought my macbook pro 3 weeks ago.
  Also, is there any other windows 7 installation CD that is cheaper?
  thank you.

  Yes.
  OEM just means that the Windows OS is dedicated to that computer only. If you sell, replace or throw away the computer you use it on, the Windows CD/DVD goes along with it. (According to the Licensing dialog)
  Just do a Yahoo/Google search for prices is the only way to find it cheaper. Or keep an eye on your favorite web store for sales.
  If you are in college and have an .edu e-mail account thru the college then Microsoft has it for about $30 US. And other deals also.

• Managed system configuration step 8: No Admin User Id provided for TS SID

  Hello experts,
  I face the following problem in step 8 of managed system configuration (Configure automatically, SolMan 7.1 SPS 3):
  All Activities fail (except Activate services) with the following Details message:
  No Admin User Id provided for TS <SID> (ABAP)
  Any hint?
  Thanks and best regards, Basti

  Hi Sunny,
  I don't find anything where I can provide the user information. It just uses the actual user (SOLMAN_ADMIN). Can you tell me where to provide the user for this step?
  Managed system configuration -> step 8 Configure automatically -> SSO Setup
  Thank you, Basti

• Purchased ExportPDF for one of our end using depts.  It is under my account I manage for our institution.  How does the dept get the application to download.

  Purchased ExportPDF for one of our end using depts.  It is under my account I manage for our institution.  How does the dept get the application to download.

  Hi Cassi,
  If you are ordering subscriptions for various people in your office, it would be best to sign up under their Adobe IDs, so they can log in and use the subscription with their own credentials. As for moving the current subscription, the easiest route is to cancel the current subscription (see Cancel your membership or subscription | Acrobat, Acrobat.com online services--or I can help), and then reorder as necessary.
  Best,
  Sara

• Cisco ISE User Authentication Certificates for Wired and Wirless Users (BYOD)

  Can any one tell me from where we can purchase User Authentication Certificates for Wired and Wireless Users (BYOD) for Cisco ISE. Also Confirm what certificates we required for the purpose.
  Please suggest the Website form where we can purchase and ipmort in Cisco ISE certificate Section.
  Thanks.

  Dear Mohana,
  Thanks for your reply, Can you please confirm me in regards EAP-TLS certificate, which authorities you recomend if i go to Go dadday or very Sign to buy it and then import in ISE.
  Looking forward for your reply.
  Regards,
  Muhammad Imran Shaikh
  Resident Engineer, IT Network Section - PPL
  Mobile : 0092-312-288-1010
  LinkedIn : pk.linkedin.com/pub/muhammad-imran-shaikh/10/471/b47/

• APEX_LDAP.AUTHENTICATE - using Microsoft Active Directory

  Application Express 4.1.1.00.23
  Internet Explorer - 8
  Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
  Hi very new to Apex and trying to get the authenticaqtion to work against our active directory. I have setup an authentication scheme for my application chossing the schema type as LDAP Directory...my settings are as follows:
  Host : ****
  Port : 389
  Use SSL: No SSL
  Distinguished Name (DN) String : domain\%LDAP_USER%
  Use Exact Distinguished Name (DN) : Yes
  This works perfectly and authenticates the user against active directory. The problem is when I try do the following in the database as I really want to setup a custom authentication scheme, it just does not work.
  Begin
  IF apex_ldap.authenticate(
  p_username => 'testusername',
  p_password => 'testpassword',
  p_search_base => 'domain\%LDAP_USER%',
  p_host => '*****',
  p_port => 389) THEN
  dbms_output.put_line('True');
  Else
  dbms_output.put_line('False');
  End If;
  End;
  No matter what I do this always returns false. I have created a function based on same code and created a custom authentication scheme that calls the function but I always get a false. Not sure why it works one way and not the other. Also would really appreciate if someone could help me get the code above to work or help correct it.
  I have looked through the forum and tried many different search base strings but nothing seems to work.
  Regards
  Ash

  Hi Ash,
  Microsoft AD allows "domain\%LDAP_USER%" instead of a real distinguished name (DN), but this does not work with apex_ldap.authenticate. The authenticate function tries to create a DN from username and search base. It does not substitute the "%LDAP_USER%" pattern with the username. Based on the parameters I see in your example, it would try to authenticate with "cn=testusername,domain\%LDAP_USER%", which is clearly wrong, hence the authentication failure.
  What you could do is use another package, although it's not in the official API docs, like this (untested):
  Begin
      IF wwv_flow_custom_auth_ldap.authenticate(
             p_dn => 'domain\testusername',
             p_password => 'testpassword',
             p_ldap_host => '*****',
             p_ldap_port => 389)
      THEN
          dbms_output.put_line('True');
      Else
          dbms_output.put_line('False');
      End If;
  End;Regards,
  Christian

• Changes in Microsoft Active Directory Services into a file

  I am in need of sample code to capture changes in Active Directory services into a flat file.
  Here is my requirement:
  I would like to capture user information changes from the Active directory server into a flat file.
  For an example, When a user is newly created in Actives Directory Server, I need to Capture that user info and write into a flat file. Similarly for update and delete user in Activer Directory server, i need to capture the changes and write into a file.
  Would appreciate, if any could help me on this
  Thanks in advance
  Thanks
  Kumar

  Refer to:
  JNDI, Active Directory & Persistent Searches (part 1) http://forum.java.sun.com/thread.jspa?threadID=578338&tstart=200
  There was another topic that I posted called JNDI, Active Directory and Persistent Searches (part 2) in which I described teh LDAPNotification Control.
  It had the following URL http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 however it seems as though I have suffered another case of the forum losing my posts.

• User Authentication Reporting for each AD DS DC

  Hi.
  I am in the middle of leading a DC Reduction excercise. We are overscoped for the amount of DCs that we have for our users. An upgraded network topology has given us the opportunity to rethink AD and where we have our domain controllers.
  We may not need to build out any new hardware. We have several capable VMs in place. I'd like to be able to see how many users authenticate to each DC to see where the heavy and light points are to come up with a new design, but I cant find an easy, centralized
  way to do this. We also dont have a good reporting tool at the moment. I see some good Powershell scripts out that capture event 4624 but the scripts are memory intensive. Perfmon does a nice job of real time per-second data but I want to get a collection
  of authentication during high traffic times like the morning, or even a full day. Any suggestions? Thanks.

  As mentioned, if you have only a 'small' number of domain controllers you might be able to use perfmon and data collector sets.
  If you have a larger number then you might want to leverage powershell (it's free!) for example with the
  get-counter cmdlet. I would create a simple script that checks the relevant counters on all Doman Controllers and write to a csv in a shared location for centralized access.
  http://blogs.technet.com/b/heyscriptingguy/archive/2011/07/28/use-performance-counter-sets-and-powershell-to-ease-baselining.aspx
  http://www.powershellmagazine.com/2013/07/19/querying-performance-counters-from-powershell/
  There are so many resources available on powershell that you can find a script for collecting performance data and adjust it to your requirements.
  As for the event's you can use event forwarding for specific events that are of interest to you.
  http://blogs.technet.com/b/wincat/archive/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows.aspx
  Again, having a monitoring tool would be great, but even SCOM or other tools leverage windows performance counters, they just do it in a more logical way.
  http://mariusene.wordpress.com/

• Web Service Authentication using Microsoft Active Directory

  Hi
  Is there a way to create Oracle Java Web Services that requires authentication using Active Directory?
  Regards,
  Néstor Boscán

  If you use the SOA Suite the Oracle Web Service Manager is included in there. Using this you can add steps that will authenticate against an AD.
  cu
  Andreas

• ACS Integration with Microsoft Active Directory Services

  Hello Everyone,
  I've been tasked to design the integration of ACS with MS AD. What I want to know is the below assuming I have a software ACS or a ACS device and the protocol for authentication is Radius
  - What is the criteria for the AD to integrate with ACS software of appliance
  - Should that AD be hosted on the domain controller or not?
  - If not, on what (Domain Controller, Tree, Forest, Branch, Flower, Fruit  ) should the AD be hosted on?
  - What will I have to do to authenticate users logging into Cisco Security Manager with ACS integrated with AD?
  - Are there any other dependencies that I will have to categorically mention in my design document?
  Thanks,
  Rishi

  In ACS v5.x, there is a screen for integrating the ACS with AD. 
       (Users and Identity Stores > External Identity Stores > Active Directory)
  Just enter the local domain name (domain.com) and a valid AD administrator account username and password, and the ACS will connect to the domain.  This allows you to use existing AD credentials to login and administer your network devices. 
  Tying the ACS to AD really only takes one screen and less than a minute, but you will still have to tell the ACS which AD groups get which permissions (for example, read-only or read-write access), and you will have to setup a search sequence (Users and Identity Stores > Identity Store Sequences) to tell ACS to first look at AD for credentials, then check the local ACS user database for valid accounts.  The permissions part is still fairly quick, and it only takes me about 45 minutes to build an ACS from scratch including all AD integration and custom RADIUS attributes for some of our devices. 
  The authentication would occur like this:
  User SSH/telnet/console to device
  Device contacts ACS using TACACS or RADIUS
  User receives login prompt and enters AD credentials
  Devices sends credentials to ACS
  ACS validates credentials in AD
  ACS sends authentication OK message to Device
  Device logs user in.
  Command Authorization looks something like this:
  User enters a command
  Device sends command authorization request to ACS
  ACS looks at which AD group the user belongs to and looks up permissions configured in ACS for that group
  Based on the permissions you have assigned, ACS either sends an allow or deny message to the Device
  Device allows or denies the user command.
  Criteria:  We use an ACS 5.2 virtual machine and have had it work perfectly with Server 2003 and Server 2008.
  AD is hosted on our local domain controller (Bonus:  no planting of flowers required!)
  Dependencies: 
  Issue:  The Device looks to ACS.  ACS looks to AD.  If AD fails, users cannot use their AD credentials to login.
            Device ---> ACS ---> AD
  Solution:  Configure the Device to look at ACS first, then a local table if ACS is not available.  Also, configure the ACS to look at AD first, then a local ACS account list if AD is not available.  (You can configure local user accounts on the Device and in the ACS) 
            Device ---> ACS ---> AD
            Device ---> ACS ---> AD ---> ACS local
            Device ---> ACS ---> AD ---> ACS local ---> Device local
  The new version of Cisco ACS is UNIX-based, and you can download a free trial to load up and try before you buy.  It is far FAR superior to the old ACS v3.3 that we had for years.
  I hope this helps for your design document!
  --Chris

• What is the fastest way to remove blacklisted IP from Exchange Online Protection Services?

  Hello,
  We have recently added new ISP and unfortunately, if we try to send an email to any customer who is using Microsoft Online Protection Services the email is bouncing back indicating that our new IP is blacklisted by Microsoft. In order to remove, we have
  to send an email to
  [email protected]
  Is there any telephone number I can reach their support?
  Thanks,

  I have probably bad news, this e-mail is only valid option to delist currently without direct support contract with Microsoft (when using Office 365 or so).
  Sent e-mail to this contact and also check mxtoolbox.com if your ISP is also not blocked somewhere else and why.

• "Security policy error" while setting up "Microsoft Exchange Hosted Services" Exchange Account (corporate user)

  I'm a corporate user with a very large company that is using Microsoft Hosted Exchange services actually hosted by Microsoft employees at their facilities.  I called Palm support and they were clueless and zero help.  The lady pointed me to some Palm KB article that I had already read and only remotely had anything to do with my problem.  I see nothing on this error message in the forums and google searches. Sprint has even replaced my palm pre due to other reasons and the same error occurs after I configure the exchange account. I'm also seeing the error when I configure my account on my wifes brand new pixi. Both our pre and pixi already have exchange accounts successfully configured on our phones that are hosted by sherweb. The sherweb exchange accounts work without issue. I have tried configuring this microsoft hosted exchange account 5-6 times with the same result. It accepts my configuration information and adds it to the list of available email accounts in the pre. However, it keeps popping up this message stating "Security policy error: "Exchange... Tap for details" (with a yellow exclamation mark). Then it says "Security Policy Error" The account Exchange (first part of my email address) is disabled because security policies cannot be set." "Leave it disabled" or "Remove Account". I know something is working because it enforced a Password or Pin policy on to my phone which is not required unless this account has been added. I can also see it in the "Mobile Devices" section of web outlook when I login. This is the place in web outlook where you can see the last time the device synced, where you can remote wipe the phone etc. If anyone has any idea how to resolve my issue please post. Any ideas? I'm fresh out of ideas on this problem and very frustrated with Palm Developers. Just another example of poor development and testing practices by Palm. I hope they correct this issue on subsequent releases but I am only marginally optimistic that they will ever get this exchange mail support to the level necessary to support large corporations. What I do know is that my Microsoft Hosted Exchange account works fine on a Windows Mobile phone and a iPhone 3GS (confirmed by other coworks who have configured their phones using our exchange services). As a result, I have no choice but to blame Palm for this problem instead of Microsoft. Palm please fully support microsoft exchange mail users!!!!
  Post relates to: Pre p100eww (Sprint)
  This question was solved.
  View Solution.

  From my understanding of EAS and PDA devices, if the server as a policy to enforce and the device cannot provide that policy then the server will not allow the device to connect. The KB I gave you has a listing of what policies the devices supports, if your server supports more than that then it could deny the connection. As for what the iPhone does and does not do we cannot answer that due to we are not iPhone.
  I did find an article that may explain a little better for PDA and exchange: http://www.infoworld.com/d/mobilize/how-avoid-smartphone-exchange-policy-lie-004

• How to use online backup services with a Mac.

  I want to use an online backup service but each one I check out is unable to backup at least one of my key files and perhaps others that I havent tested yet.
  I use an old palm pda and a current version of the palm desktop for mac. I'm quite happy with it and have tons of info on it.
  But the online backup services store the files on an IBM server and when I restore it to my Macbook I get a Unix. exe file that I cannot use. I cant even import it or open it on a pc (which would be an acceptable solution in case of an emergency).
  I really need a good backup solution for all my Mac files.
  I've spoke to Apple, Palm and the techs at the online backup services and no one has a solution.
  Any ideas would be appreciated.

  You are very welcome. I don't think you can do scheduled updates. Apparently what happens is that the update happens whenever anything is changed on the desktop iDisk. No you don't have to recreate the desktop iDisk ever. That is, you can leave it on your desktop continuously. I trashed mine because I don't like to have things working in the background if I don't currently need them. On the other hand if I changed many things in a day, then I'd leave it on the desktop continuously.
  If you check out all the MobileMe features, then you might decide that you like it. Your Dock mail program mirrors exactly what is on the MobileMe online mail program. I have to admit that the online program is very slow. But, the on Dock program more than makes up for the deficiency. Back to Mac is a cool feature. And, the online photo album feature is very easy and works well, except that it doesn't seem able to handle animated gifs.
  Message was edited by: donv (The Ghost)

• Using message-style web service by a Microsoft client

  Does anyone have a sample Microsoft client using message-style web service? BEA
  does not provide one. I found MS client does not receive messages published between
  2 calls to method "receive", while the sample Java client ConsumerClient.java
  does.
  ConsumerClient.java is like:
  while(true){
  Object result = method.invoke(null);
  sleep(20000); // not in sample, added for my test
  System.out.println(result);
  My VBScript code is like:
  Set SC = CreateObject("MSSOAP.SoapClient")
  SC.mssoapinit "http://localhost:7001/msg/Receiver/Receiver.wsdl", "", "", ""
  While TRUE
  Res = SC.receive
  WScript.echo "Res = " & Res     
  Res = ""
  ' do something that takes 20 seconds
  Wend
  I added 20 seconds between calls so I can publish a message between 2 calls. I
  found the Java client receives the message but the VBScript client doesn't. Has
  anyone else observed this?

  Hi Kevin,
  Thanks for your feedback.
  Header support is planed for the next major release.
  regards,
  -manoj
  Kevin Jiang wrote:
  Hi Manoj,
  Can you use SOAP header to pass session id accross instead of HTTP header? MS
  SOAP toolkit 2.0 support access to SOAP header.
  My app needs to use topic instead of queue. But as I said earlier, I can use MS
  XML toolkit to access HTTP header. So I have a work around.
  Thanks for all your responses with regard to this question!
  Kevin
  manoj cheenath <[email protected]> wrote:
  Hum! i thought you were not able to receive message at all. now
  i understood the problem. yes we are using http header to pass
  session id accross, in the case of web service client who wants
  to subscribe to JMS topics. I cant think of any other way to do
  this. if you have any suggestions, i very much like to hear it.
  for your application is it possible to use queues instead of topics?
  we do not use http session information in the case of JMS queues.
  -manoj
  Kevin Jiang wrote:
  Hi Manoj,
  Your sample code is basically same as mine. It would also lose messagespublished
  between calls to "receive" method.
  I figured out what's going on. Undocumented by BEA, the web servicesends JMS
  session ID in HTTP header along with first message. When client makessubsequent
  calls to "receive", this ID must be sent back. I found this by usinga SOAP trace
  tool.
  Unfortunately, MS SOAP toolkit doesn't support access to HTTP header.So one has
  to use MS XML toolkit to use message-style web service, when writingMS clients.
  manoj cheenath <[email protected]> wrote:
  an example of using message style web services with
  ms soap toolkit is attached. let me know if this works
  for you.
  regards,
  -manoj
  Kevin Jiang wrote:
  Hi Manoj,
  I just changed anyType to string and the problem still happens.
  Thanks,
  Kevin
  manoj cheenath <[email protected]> wrote:
  I have not tryed message style web services with MS soap toolkit.
  I think the problem is because the WSDL for the message style
  web service use xsd:anyType as the return type and MS soap is
  not able to understand it. can you pls modify the xsd:anyType to
  xsd:string (or someother base type) in the WSDL.
  SC.mssoapinit can load wsdl stored as a local file. so it should
  be easy to make this change.
  regards,
  -manoj
  Kevin Jiang wrote:
  Does anyone have a sample Microsoft client using message-style
  web
  service? BEA
  does not provide one. I found MS client does not receive messages
  published
  between
  2 calls to method "receive", while the sample Java client ConsumerClient.java
  does.
  ConsumerClient.java is like:
  while(true){
  Object result = method.invoke(null);
  sleep(20000); // not in sample, added for my test
  System.out.println(result);
  My VBScript code is like:
  Set SC = CreateObject("MSSOAP.SoapClient")
  SC.mssoapinit "http://localhost:7001/msg/Receiver/Receiver.wsdl",
  While TRUE
  Res = SC.receive
  WScript.echo "Res = " & Res
  Res = ""
  ' do something that takes 20 seconds
  Wend
  I added 20 seconds between calls so I can publish a message between2 calls. I
  found the Java client receives the message but the VBScript clientdoesn't. Has
  anyone else observed this?

• Internal vs. external directory services best practices

  Hello everyone,
  We have two distinct directory services here where I work, one that supports 'internal' needs, and one that is used for external clients, the people who use our web-facing applications. We are limited by the separation of the directory services. E.g., our internal users cannot use the external directory service to look up email addresses.
  I have been asked to look into design options and best practises. Is it common to have distinct services like this? Or are those external users usually part of the same service as the internal users? Is my online banking account information in the same directory service (assuming it is in a directory service at all) as the employees at my bank? Does it make sense to run separate services like this? What are some alternatives?
  Part of the integration problem is AD vs. Sun Directory Server. The external service is in Sun Directory Server and predates AD. The AD service is obviously here for the Windows environment. Some organizations I have worked with in the past used Sun LDAP as the authoritative source of data, and synced in one way or another into AD.
  Any feedback is appreciated,
  Mark

  No, what I am looking for is architectural input regarding the use of AD and a separate LDAP server. In my case I am talking about AD and the SJS Directory Server, but this would apply to any environment that has AD plus some other LDAP server.
  I need to be able to reasonably answer the general question: Why should we keep the SJS Directory Server, when we could just put all our LDAP data into AD?
  I also need to answer the more specific question: Given our LDAP data is external users only (customer, partners), does it make sense to keep them there? Again, why not just put these "external" entities into AD?
  I'm not trying to figure out how to get AD and LDAP to work together. I'm trying to figure out why I have two directories, and why I should or should not keep two directories. I've found nothing online dealing with what should be a very common scenario.
  Mark