Active Directory client not dynamically updating DNS

Similar Messages

• IDM / Active Directory  :  Attributes not geting updated

  I am trying to update attributes in my Active Directory Resource, via IDM. But, they are not getting updated.
  Before we installed the IDM system in our organization, the Active Directory's "*Department*" field contained previous (old) information.
  Now, we want to use IDM to update this information for ALL our employees.
  I used the "*Default*" syntax in the IDM User Form, as follows :
  *<Field name = 'global.department'>*
  *<Display class='Text'>*
  *<Property name='Title' value='Department'/>*
  *</Display>*
  *<Default>*
  *<s>Sales Department</s>*
  *</Default>*
  *</Field>*
  Next, I mapped this attribute to the Active Directory "*Department*" field.
  However, the new value "*Sales Department*" is not being sent to Active Directory. The old values still remain.
  When I tried to do the update directly in AD...........I simply DELETED the old value. And then, I went to IDM to update the employee's account (thereby, I tried to PUSH the new value into AD). But, it did not work. Instead, IDM displayed the following info :
  Old value :  "empty space"
  New value :  "old data"
  The new data........"*Sales Department*"..........was not being sent to AD.
  Next, I simply repeated the update process in AD. But this time, I erased the old data, and wrote "*Sales Department*". Then it worked. AD accepted the new data, and also sent it BACK to idm.
  I found this very strange
  *(a) why does AD not get updated with the new value from IDM?*
  *(b) why does AD reject the new value if the field itself (in AD) is left blank?*
  *(c) how can I UPDATE all the employees in Active directory with the new DEFAULT data : "Sales Department"*

  MichaelSt wrote:
  I want IDM to update AD (meaning, the data-flow is from IDM to AD), not the other way round.
  Using "*accounts[AD].department*" means that IDM will take its data FROM active directory. I want AD to take info FROM idmSorry but that's incorrect. The global namespace simply maps an attribute to the equivalent accounts[...].attribute name. So global.department would translate to accounts[AD].department and accounts[LDAP].department and accounts[Some Resource].department. (Incidentally, global.department would get set by the first resource IDM reads with a department attribute so it is very possible to read the attribute from AD. AD may simply not be the first one that IDM comes across.)
  Setting the individual resource value, as redindian suggested, is a perfectly valid way of pushing attributes to the resource. (Assuming of course you have the attribute marked as writable in the resource configuration.) So technically if you so desired, you could set different values for accounts[LDAP].department and accounts[AD].department and accounts[Some Resource].department which you cannot do if you use the global namespace.
  I do this all the time for some of my attributes. For example, some of my resources (usually the really old legacy ones) require an upper case email address while others require lower case addresses. I set different values for accounts[Legacy Resource].email and accounts[Newer Resource].email when I want to push the attribute down to the resource. I also avoid the global namespace like the plague. I've had so many problems with it mapping data incorrectly that it's just easier to set the individual attributes directly.
  The attributes set in the accounts[Resource] namespace is a perfectly valid way to both reference attributes on a resource as well as set them.
  As has been suggested, don't use a default but rather use an expansion.

• How to install Active Directory Client on Windows 8.1 Pro

  Hello,
  I like to install the Active Directory client on Widows 8.1 Pro.  I have tried installing RSAT (Remote Server Admin Tools for Windows 8.1, but when I run the setup program it says the Windows Update Standalone
  Installer, the update is not applicable to your computer.  I am running this Windows8.1-KB2693643-x86.msu and downloaded it from here.
  http://www.microsoft.com/en-us/download/details.aspx?id=39296
  So, how do I
  get this installed?
  Thanks
  Paul

  Hi,
  Remote Server Administration Tools for Windows 8.1 is available in the following languages: cs-CZ, de-DE, en-US, es-ES, fr-FR, hu-HU, it-IT, ja-JP, ko-KR, nl-NL, pl-PL, pt-BR, pt-PT, ru-RU, sv-SE, tr-TR, zh-CN, zh-HK, and zh-TW. If the system UI language
  of your Windows 8.1 operating system does not match any of the available RSAT languages, you must first install a Windows 8.1 Language Pack for a language that is supported by RSAT, and then try installing Remote Server Administration Tools for Windows 8.1
  again.
  Please check your system version (64 bit or 32 bit), and download the property one:
  How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  http://support.microsoft.com/kb/827218
  Kate Li
  TechNet Community Support

• Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site

  Have an existing ex2010 sp3 organization.
  Could not run ex2013cu1 setup from my newly built 2012 server, getting the error in the subject line.  I used the command line to run the AD preparation steps successfully from my 2012 DC/GC, then tried to run setup again from the new 2012 server and
  still get the same error.  The error itself in the log is pretty useless:
  [05/07/2013 01:19:13.0137] [0] **********************************************
  [05/07/2013 01:19:13.0137] [0] Starting Microsoft Exchange Server 2013 Cumulative Update 1 Setup
  [05/07/2013 01:19:13.0137] [0] **********************************************
  [05/07/2013 01:19:13.0152] [0] Local time zone: (UTC-08:00) Pacific Time (US & Canada).
  [05/07/2013 01:19:13.0152] [0] Operating system version: Microsoft Windows NT 6.2.9200.0.
  [05/07/2013 01:19:13.0152] [0] Setup version: 15.0.620.29.
  [05/07/2013 01:19:13.0152] [0] Logged on user: DOMAIN\ADMINISTRATOR.
  [05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:19:13.0168] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='sourcedir', Value='\\h1\f$\junk\installers\server\Exchange\2013cu1'.
  [05/07/2013 01:19:13.0215] [0] Command Line Parameter Name='mode', Value='Install'.
  [05/07/2013 01:19:13.0215] [0] RuntimeAssembly was started with the following command: '/sourcedir:\\SERVER\f$\junk\installers\server\Exchange\2013cu1 /mode:Install'.
  [05/07/2013 01:19:13.0215] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:19:13.0793] [0] Finished loading screen CheckForUpdatesPage.
  [05/07/2013 01:19:38.0762] [0] Finished loading screen UpdatesDownloadsPage.
  [05/07/2013 01:19:40.0496] [0] Starting file's copying...
  [05/07/2013 01:19:40.0496] [0] Setup copy files from '\\SERVER\f$\junk\installers\server\Exchange\2013cu1\Setup\ServerRoles\Common' to 'C:\Windows\Temp\ExchangeSetup'
  [05/07/2013 01:19:40.0700] [0] Finished loading screen CopyFilesPage.
  [05/07/2013 01:19:40.0840] [0] Disk space required: 1292445007 bytes.
  [05/07/2013 01:19:40.0840] [0] Disk space available: 23767240704 bytes.
  [05/07/2013 01:19:59.0762] [0] File's copying finished.
  [05/07/2013 01:19:59.0965] [0] Finished loading screen InitializingSetupPage.
  [05/07/2013 01:20:02.0934] [0] Setup is choosing the domain controller to use
  [05/07/2013 01:20:09.0325] [0] Setup is choosing a local domain controller...
  [05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. 
  See the Exchange setup log for more information on this error.
  [05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
  [05/07/2013 01:20:11.0809] [0] Setup will use the domain controller ''.
  [05/07/2013 01:20:11.0809] [0] Setup will use the global catalog ''.
  [05/07/2013 01:20:11.0825] [0] Exchange configuration container for the organization is 'CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
  [05/07/2013 01:20:11.0919] [0] Exchange organization container for the organization is 'CN=DOMAIN,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local'.
  [05/07/2013 01:20:11.0966] [0] Setup will search for an Exchange Server object for the local machine with name 'WEX1'.
  [05/07/2013 01:20:12.0028] [0] No Exchange Server with identity 'WEX1' was found.
  [05/07/2013 01:20:12.0044] [0] The following roles have been unpacked:
  [05/07/2013 01:20:12.0044] [0] The following datacenter roles are unpacked:
  [05/07/2013 01:20:12.0044] [0] The following roles are installed:
  [05/07/2013 01:20:12.0059] [0] The local server does not have any Exchange files installed.
  [05/07/2013 01:20:12.0075] [0] Server Name=WEX1
  [05/07/2013 01:20:12.0137] [0] Setup will use the path '\\SERVER\f$\junk\installers\server\Exchange\2013cu1' for installing Exchange.
  [05/07/2013 01:20:12.0137] [0] The installation mode is set to: 'Install'.
  [05/07/2013 01:20:27.0591] [0] An Exchange organization with name 'DOMAIN' was found in this forest.
  [05/07/2013 01:20:27.0591] [0] Active Directory Initialization status : 'False'.
  [05/07/2013 01:20:27.0591] [0] Schema Update Required Status : 'False'.
  [05/07/2013 01:20:27.0591] [0] Organization Configuration Update Required Status : 'False'.
  [05/07/2013 01:20:27.0591] [0] Domain Configuration Update Required Status : 'False'.
  [05/07/2013 01:20:27.0841] [0] Applying default role selection state
  [05/07/2013 01:20:27.0872] [0] Setup is determining what organization-level operations to perform.
  [05/07/2013 01:20:27.0872] [0] Because the value was specified, setup is setting the argument OrganizationName to the value DOMAIN.
  [05/07/2013 01:20:27.0872] [0] Setup will run from path 'C:\Windows\Temp\ExchangeSetup'.
  [05/07/2013 01:20:27.0888] [0] InstallModeDataHandler has 0 DataHandlers
  [05/07/2013 01:20:27.0888] [0] RootDataHandler has 1 DataHandlers
  [05/07/2013 01:20:27.0903] [0] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.  See
  the Exchange setup log for more information on this error.
  [05/07/2013 01:20:27.0935] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. 
  See the Exchange setup log for more information on this error.
  [05/07/2013 01:21:04.0154] [0] The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V15\Setup, wasn't found.
  [05/07/2013 01:21:04.0154] [0] End of Setup
  [05/07/2013 01:21:04.0154] [0] **********************************************

  Hi,
  The cause is clearly described in the log:
  [05/07/2013 01:20:11.0794] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency. 
  See the Exchange setup log for more information on this error.
  [05/07/2013 01:20:11.0794] [0] [ERROR] Could not find information about the local site. This can be caused by incorrect configuration of subnets or sites or by replication latency.
  I'd suggest you check NIC settings and AD configuration.
  Hope it is helpful.
  Fiona Liao
  TechNet Community Support

• DNS entry for DC not dynamically updating (Server 2008 R2)

  Windows Server 2008 R2. I've got a single DC (I'm preparing to install the 2nd in the next few days). The host (A) record for the DC shows to be static for some reason. I changed the name of the DC recently, then brought down the Exchange server and rebooted
  and it successfully connected again. I might have entered in a static DNS entry for the new server name before renaming the server, but I'm not sure.
  I've tried to delete the static DNS record for the DC and then reload, but it continues to appear as a static entry. The mail server's DNS record still appears as a dynamic entry.
  What am I doing wrong?
  Noel Stanford Oveson
  jeremyNLSO
  MCTS, MCITP, CCENT, CNE, MCSE, CLSE
  Berlin, Germany

  Hello,
  Like Mike suggested, it is normal that it is a static record.
  However, if your DC with its new name is not updating its DNS record, check that "Register this connection' addresses in DNS" is checked on the DC's adapter and then run
  ipconfig /registerdns using an elevated prompt.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• Lync on websearch only but updates from active directory are not processed.

  Hello,
  I use "websearch only" for "addressbookavailability". This is working fine on all client.
  I have a problem with changes in active directory. When we change for example "job title" of someone then the old "job title" stays present on lync client. When i do a reset of the client of a new installation the new "job title"
  is present.
  Although we use "websearch only" for some changes it seems that the local address book of lync is still used.
  Does someone know how i can force a lync client to also query active directory for this.
  I know that the lync server updates every night but on many clients the local address book is not updated.
  Regards

  You still can force the Addressbook replication by running update-csuserdatabase and update-csadressbook. I suggest you delete the .slab files from Lync share web folder 0000000\000000 folder and then run above command. that will create brand new set of
  files. the delete the sip folder from client PC and then restart the client to force download the local copy. see if that fix your issue.
  http://thamaraw.com
  Hello,
  I'm sure this option will work. But this means that we have to do this on a regulary basis. 
  Is there no option to "force" lync client to query Active Directory all the time ? Not only for users.

• Active Directory binding not working

  Hi
  I'm trying to bind to my active directory at work.
  On tiger I used the following settings
  serverdomain.ad
  the servers name is machine
  Which worked fine.
  On leopard when I use either serverdomain.ad or machine.serverdomain.ad I get the following error message
  (loosely translated from swedish)
  An unknown combination of domain and treecollection was used. You should use a complete DNS-name for the domain and tree collection (i.e something.company.se)
  Does anyone know what I should use..the FQDN is machine.serverdomain.ad - shouldnt that work?

  The answer was dns.. my client was using the correct nameserver.
  The binding worked after that..although I'm not sure its autenticating as it should

• Please help! Ipod not dynamically updating smart playlists!

  I have quite a complex system of smart playlists on my 4G color ipod but I can't get any of them to update dynamically away from the computer. I have a total of 6 and here are their preferences:
  SPL 1:
  match ALL
  1) My rating is in the range 4-5 stars
  2) Last played is not in the last 1 day
  3) Last skipped is not in the last 1 day
  4) Playcount is less than 5
  limit to 100 by most recently added
  SPL 2:
  match ALL
  1) My rating is in the range 0-3 stars
  2) Last played is not in the last 1 day
  3) Last skipped is not in the last 1 day
  4) Playcount is less than 4
  limit to 55 songs by most recently added
  SPL 3:
  match ALL
  1) My rating is in the range 3-5 stars
  2) Last played is not in the last 1 day
  3) Last skipped is not in the last 1 day
  4) Playcount is greater than 5
  limit to 30 songs by random
  SPL 4:
  match ALL
  1) Last played is not in the last 1 day
  2, 3, 4) Playlist is not SPL 1, SPL 2, or SPL 3
  limit to 15 songs by random
  Unwanted:
  match ANY
  1) Time is greater than 15 minutes
  2) Genre is Comedy
  The active playlist that I use to listen to:
  match ANY
  1-4) Playlist is SPL 1, SPL 2, SPL 3, or SPL 4
  5) Playlist is not Unwanted
  So here's the problem. When I sync with my computer, the playlists work great, everything updates as expected and I get a pretty diverse playlist every time I sync which I want. The problem is that while I'm listening to my music on the ipod away from the computer, my playlists don't dynamically update. After I listen to a song, the song's supposed to remove itself from the playlist which doesn't happen, as well as when I skip songs. Even when I rate songs that aren't rated they don't appear in any playlist. This is really frustrating and I can't find a solution anywhere and yes, I do have Live Updating selected. I also have "Match only checked items" selected on all playlists as well. If anyone has any ideas for how to fix this, I would love to know. Thanks!

  I was searching this forum and found someone who says that 4th gen ipods have problems live updating smart playlists if the criteria "last skipped" is on the playlist. I took this off of all of my playlists but they still don't work. Then I tried making a playlist that is just "rating is equal to 5 stars" and it WORKS!!! But that doesn't help me out much for my other playlists so maybe it's some other criteria that's causing the problem. Any ideas?

• HTTPS, DNS and dynamically updating DNS records

  Hello to you all, if you are able to help with a DNS problem that I'm having then please accept my thanks and appreciation in advance.
  First some background information, I recently  moved my server from my studio to my house where a new purpose built studio will soon be erected. At my old studio any requests for myurl.com came in via the IP (whether that be http, https, ftp etc) from the domain registrar and the router would send the request to the relevant port number whether that be 80 for http or 443 for https etc and all was well as this location had a fixed IP address. Unfortunately at my new location whilst I have a much faster connection I do not have a fixed IP. To get around this I have the following set up (not ideal for a business I know but perfectly OK for home hosting); I set up two psuedo nameservers at no-ip.com (ns1myurl.com and ns2myurl.com) which tracks the changes in my IP address and updates its records accordingly, my registrar then sends any requests to these 'nameservers' and no-ip then forwards it on to my server. So far so good.
  The problem arises once the requests get to my server, whilst I have DNS set up, I can only recieve requests from a straight request to the server ie myurl.com will display the site without any problem, but if I then put a www in front of that or try to access the https part of my site (which is set up as a seperate site on the same server) then the server throws an error. I have tried to put an alias (CNAME) into the zone but it does not want to resolve the request. I have searched around but to no avail, I am totally new to DNS so am currently on a steep learning curve and fumbling around in the dark.
  The first thing that I need to get working is the request to be resolved correctly and then (and this is where the real fun starts!) is to dynamically update the IP in the DNS records as the IP changes. I will probably have to get help in on this as I understand that this requires BIND of which I know nothing about, first though I'd like to get the pages to be served up correctly. Advice, hints, tips or links to tutorials all greatly appreciated. Full set up listed below.
  Many thanks, David.
  Xserve PPC G5 running 10.5.8 unlimited set up as standalone OD master
  Xraid
  APC UPS
  CradlePoint MBR1200 Gateway router which acts as the DHCP
  http://myurl.com and https://myurl.com set up as 2 seperate sites and located on the Xraid
  Current DNS setup:
  Primary Zone name: myurl.com with nameservers ns1myurl.no-ip.info and ns2myurl.no-ip.info and allow zone transfers in checked
  Then
  Name
  Type
  Value
  myurl.com
  Primary Zone
          ns1myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          ns2myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          myurl.com.
          Machine
  12.34.56.78 (external IP)
          www.myurl.com.
          Alias
  myurl.com.
  With the reverse zone looking thus with allow zone transfers being checked
  Name
  Type
  Value
  56.34.12.in-addr.arpa.
  Reverse Zone
          12.34.56.78
          Reverse mapping
          myurl.com.

  Thanks for the reply Camelot, that part though I had already figured out. I now have this working, all I did was change the external IP to the internal one of the server with resolves with the .local machine name and all is working just fine (for now!). As long as I have primary zones set for each site and any alias or services set up on them then everything works well.. The real test will be when my ISP changes the IP, whilst my tests have proved successful the proof will be when they update the address.
  Thanks anyway. David.

• Active Directory users not made member of Local Network group

  Hi all,
  I've just done a clean install from 10.6 Server to 10.8.4.
  The issue I seem to be having is a mismatch between what Groups in Server.app is reporting as members (who happen to be users or groups from our Active Directory domains) of a Local Network group and what dseditgroup reports as members of the same network.
  The Setup:
  In Groups in Server.app under Local Network Group I have created a group call "AccessServer"
  Members in that group are:
       - AD-Domain User Group (so should be all users in the domain)
       - MacOS X "netaccounts" group (again, should capture all users that connect through the network I've used this in the past/10.6 very handy)
       - AD User 1
       - AD User 2
       - AD User 3
  The Server is bound to the AD Domain, All-Domains is not selected and a Search Path is added for each Domain needed and set at the top of the search order.
  The Behaviour:
  AD User 1 can access AFP and other services as expected.
  AD User 2 and 3 cannot.
  Another user within AD-Domain User Group or netaccounts can access AFP and other services as expected
  Yet other users within AD-Domain User Group or netaccounts cannot
  Furthermore: 
  If I REMOVE AD User 1 (a working user) *and* the AD Domain Group and netaccounts Group.  I can still login with that account!
  Diagnosis:
  I tried checking group membership with dseditgroup, the results match the behaviour, not the setup.
  >dseditgroup -o checkmember -m ADUser1 accessserver
  yes ADUser1 is a member of accessserver
  >dseditgroup -o checkmember -m ADUser2 accessserver
  no ADUser2 is NOT member of accessserver
  >dseditgroup -o checkmember -m ADDomainUser/netacc accessserver
  yes ADDomainUser/netacc is a member of accessserver
  >dseditgroup -o checkmember -m n accessserver
  no ADUser2 is NOT member of accessserver
  When non-member users try to connect I get a message in the logs of (IP/DNS values anonymized):
  2013-06-25 3:04:36.794 PM sshd[5217]: error: PAM: authentication error for illegal user ----- from ----.mala.bc.ca via x.x.
  I get the same results even after removing the user from the Groups screen!
  Failed Solutions
  - As we are a large AD I've tried specifying specific Active Direcotry servers that might better be able to find the users in question and authenticate.
  - I've let the system just sit, in hopes delayed replication would solve the problem overnight.
  - I've deleted and recreated the groups.

  Upon further investigation we have discovered:
  a) the main behaviour that is causing the problem is best described as AD users that are added to a Local or Network OS X group... either individually or through a Domain group.... are not actually recognized as members of that OS X group even though the GUI or CLI tool have added them and acknowledge them as being in the list.
  b)  This is NOT limited only to MacOS X Server 10.8.  The same behaviour is occuring on a long-running 10.6 server as well.
  c) The problem remains whether we nest AD groups to capture a large bunch of users, or add users individually.  If the user is part of the mysteriously denied set, how they are added to the OD or local group is irrelevant, including if added from the command line.
  d) Which users are allowed and which are not is unclear and appears generally random.  We have found 3 'classes' of users:    
            1 - those that are successfully becoming members every time.
            2 - those that are intermittent members.  Members on one server or another, or in one case even go from being reported as a member (by dseditgroup), to not being a member, to being a member again within the span of only a minute or two.
            3 - those that are never successfully admitted as a member.
  So the problem is both Apple's and Windows in that:
  Apple: Is allowing a group and/or user to be added and implying then membership in the group even though that membership is not being honoured in some way and there is no feedback or communication of that fact aside from generic 'denied' or 'illegal user' errors.
  Windows:  Is passing along membership through its groups and users, but not completely, for reasons that are, at this point, a mystery.
  Really hoping people have some ideas on this.  This system of nested groups or individual user access is something we have of course being using for many years.  So this is a major setback.

• Update users in Active Directory form SQL query update

  I need to update the fields in the
  Active Directory 2003 users from a
  SQL Server 2003 query. Any idea plissss???

  This is an powershell example to create AD users from SQL Server.
  The Powershell cmdlet Set-ADUser will update the AD User fields.
  $SQLText = "SELECT e.BusinessEntityID, p.Title, p.FirstName, p.MiddleName, p.LastName, p.Suffix, "+
  "e.JobTitle, d.Name AS Department, d.GroupName, edh.StartDate, e.LoginID"+
  " FROM HumanResources.Employee AS e"+
  " INNER JOIN Person.Person AS p ON p.BusinessEntityID = e.BusinessEntityID"+
  " INNER JOIN HumanResources.EmployeeDepartmentHistory AS edh ON e.BusinessEntityID = edh.BusinessEntityID"+
  " INNER JOIN HumanResources.Department AS d ON edh.DepartmentID = d.DepartmentID"+
  " WHERE (edh.EndDate IS NULL)"+
  " AND (p.FirstName ='Brian')"
  $SqlCon = New-Object System.Data.SqlClient.SqlConnection
  $SqlCon.ConnectionString = "Server=localhost;Database=AdventureWorks2012;Trusted_Connection=yes;;"
  $SqlCon.Open()
  $SqlCmd = New-Object System.Data.SqlClient.SqlCommand
  $SqlCmd.Connection = $SqlCon
  $SqlCmd = $SqlCon.CreateCommand()
  $SQLCmd.CommandText = $SQLText
  $Result = $SQLCmd.ExecuteReader()
  $Table = New-Object System.Data.DataTable
  $table.Load($Result)
  $SqlCon.Close()
  $Password = "P@assword1"
  foreach($Item in $Table)
  $newUserID=@{
  Name=$item.FirstName+$Item.LastName
  Description="This is a test of a bulk user add"
  GivenName=$item.FirstName
  Surname=$item.LastName
  DisplayName=$item.FirstName+" "+$Item.LastName
  UserPrincipalName="$($item.FirstName+"."+$Item.LastName)@corp.contoso.com"
  EmployeeID=$item.BusinessEntityID
  ScriptPath='login.cmd'
  Company="Contoso"
  Department=$Item.Department
  EmailAddress="$($item.FirstName+"."+$Item.LastName)@corp.contoso.com"
  Title=$Item.JobTitle
  $TargetOU="OU="+$item.Department+",DC=corp,DC=contoso,DC=com"
  Try{
  $newUserID
  New-ADUser @newUserID -Path $TargetOU -ErrorAction Stop -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Passthru
  Enable-ADAccount -Identity $newUserID.Name
  Set-ADUser -Identity $newUserID.Name -ChangePasswordAtLogon $true
  Write-Host "UserID $($newUserID.Name) created!" -ForegroundColor green
  Catch{
  Write-Host "There was a problem creating UserID $($item.UserID). The account was not created!" -ForegroundColor Red

• Active Directory plugin not correctly creating users home directories

  Is there a trick to getting the Active Directory plugin in 10.4.7 to correctly create home directories for AD users? It is creating them with the root owning everything in it, and this is unacceptable.
  Our setup: We have a Active Directory network (Windows Server 2003 SP1 as DCs), and are trying to integrate some of our Mac clients to user AD single-sign logins. We are not using OS X Server at all.
  We do not user any sort of network home directories, as our users always use the same computers.
  We just want a user to have a local home directory created when they log on for the first time. Unfortunately, the directories are being created with the wrong permissions.
  One thing that may be the problem: the UID that are assigned to the AD users on the Mac clients are very high (> 60000000000). There is an error in the log that a UID that high cannot be added to the lastlog db, so that may be another symptom of the problem.
  Is there a way to fix this wihout changing anything on the domain?

  Is there a trick to getting the Active Directory plugin in 10.4.7 to correctly create home directories for AD users? It is creating them with the root owning everything in it, and this is unacceptable.
  Our setup: We have a Active Directory network (Windows Server 2003 SP1 as DCs), and are trying to integrate some of our Mac clients to user AD single-sign logins. We are not using OS X Server at all.
  We do not user any sort of network home directories, as our users always use the same computers.
  We just want a user to have a local home directory created when they log on for the first time. Unfortunately, the directories are being created with the wrong permissions.
  One thing that may be the problem: the UID that are assigned to the AD users on the Mac clients are very high (> 60000000000). There is an error in the log that a UID that high cannot be added to the lastlog db, so that may be another symptom of the problem.
  Is there a way to fix this wihout changing anything on the domain?

• VTP (revision numbers) and one client not getting updates

  Hello.
  Somewhere along the line one of our switches (3750x) got messed up. Once they were finally configured about 6 months ago we never touched them again.
  I noticed yesterday when I created a new vlan it was not getting populated to one of our switches. For some reason I did not notice that the domain name on the switch not receiving updates was not our domain.
  So I switched the domain on this switch to the correct domain and it still does not show any updates and also has a revision # of 7.
  So on this switch I then unplugged all trunk ports and did "vtp mode transparent". I then switched it back to "vtp mode client vlan".
  It still showed revision 7.
  So I tried "vtp domain bogus" and "vtp mode transparent" and then did "vtp domain mydomain" and "vtp mode client vlan".
  It still showed revision 7.
  So I tried "vtp domain bogus" and "vtp mode transparent vlan" and then did "vtp domain mydomain" and "vtp mode client vlan".
  It still showed revision 7.
  I am at a loss as to how to fix this problem other than rebuilding the switch. I have a vtp server at revision 10 and two other switches also at revision 10 that are getting updates from the vtp server. Only one switch is not.  Please note that this one switch that is not working at some point did since it has all the vlans we created on our initial installation.
  -- Thanks
  // GOOD switch
  GOODSWITCH#show vtp status
  VTP Version capable             : 1 to 3
  VTP version running             : 3
  VTP Domain Name                 : mydomain
  VTP Pruning Mode                : Disabled
  VTP Traps Generation            : Disabled
  Device ID                       : 7426.acad.de00
  Feature VLAN:
  VTP Operating Mode                : Client
  Number of existing VLANs          : 15
  Number of existing extended VLANs : 6
  Maximum VLANs supported locally   : 1005
  Configuration Revision            : 10
  Primary ID                        : b838.61aa.5880
  Primary Description               : lab-desk
  MD5 digest                        : 0xB8 0x3E 0x2C 0xB7 0x85 0xB5 0x5D 0xA6
                                      0x4A 0x4E 0xFC 0x5E 0x5A 0xA1 0xAF 0xCC
  Feature MST:
  VTP Operating Mode                : Transparent
  Feature UNKNOWN:
  VTP Operating Mode                : Transparent
  // BAD switch
  BADSWITCH#show vtp status
  VTP Version capable             : 1 to 3
  VTP version running             : 3
  VTP Domain Name                 : mydomain
  VTP Pruning Mode                : Disabled
  VTP Traps Generation            : Disabled
  Device ID                       : 7426.acad.ee80
  Feature VLAN:
  VTP Operating Mode                : Client
  Number of existing VLANs          : 12
  Number of existing extended VLANs : 6
  Maximum VLANs supported locally   : 1005
  Configuration Revision            : 7
  Primary ID                        : b000.b4b0.f200
  Primary Description               : lab-desk
  MD5 digest                        : 0x7A 0x5C 0x2E 0x05 0xF2 0x80 0x6F 0x2F
                                      0x4E 0xE1 0x34 0x07 0x01 0x7F 0xB9 0x2B
  Feature MST:
  VTP Operating Mode                : Transparent
  Feature UNKNOWN:
  VTP Operating Mode                : Transparent

  Output from the switch NOT getting updates.
  // we have three trunk lines
  TenGigabitEthernet1/1/1
  TenGigabitEthernet1/1/2
  TenGigabitEthernet2/1/1
  // #show interfaces trunk
  Port        Mode             Encapsulation  Status        Native vlan
  Te1/1/1     on               802.1q         trunking      1
  Te1/1/2     on               802.1q         trunking      1
  Gi2/0/31    auto             n-802.1q       trunking      1
  Gi2/0/46    auto             n-802.1q       trunking      1
  Te2/1/1     on               802.1q         trunking      1
  Port        Vlans allowed on trunk
  Te1/1/1     1-4094
  Te1/1/2     1-4094
  Gi2/0/31    1-4094
  Gi2/0/46    1-4094
  Te2/1/1     1-4094
  Port        Vlans allowed and active in management domain
  Te1/1/1     1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Te1/1/2     1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Gi2/0/31    1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Gi2/0/46    1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Te2/1/1     1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Port        Vlans in spanning tree forwarding state and not pruned
  Te1/1/1     1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Te1/1/2     1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Gi2/0/31    6,12,100,125-126,129,1032,1096,1128,1160,1192,1224
  Gi2/0/46    1,6,12,100,125-127,129,1032,1096,1128,1160,1192,1224
  Te2/1/1     none
  show spanning-tree interface TenGigabitEthernet1/1/1
  Vlan                Role Sts Cost      Prio.Nbr Type
  VLAN0001            Root FWD 2         128.53   P2p
  VLAN0006            Root FWD 2         128.53   P2p
  VLAN0012            Root FWD 2         128.53   P2p
  VLAN0100            Root FWD 2         128.53   P2p
  VLAN0125            Root FWD 2         128.53   P2p
  VLAN0126            Root FWD 2         128.53   P2p
  VLAN0127            Root FWD 2         128.53   P2p
  VLAN0129            Root FWD 2         128.53   P2p
  VLAN1032            Root FWD 2         128.53   P2p
  VLAN1096            Root FWD 2         128.53   P2p
  VLAN1128            Root FWD 2         128.53   P2p
  VLAN1160            Root FWD 2         128.53   P2p
  VLAN1192            Root FWD 2         128.53   P2p
  VLAN1224            Root FWD 2         128.53   P2p
  show spanning-tree interface TenGigabitEthernet1/1/2
  Vlan                Role Sts Cost      Prio.Nbr Type
  VLAN0001            Desg FWD 2         128.54   P2p
  VLAN0006            Desg FWD 2         128.54   P2p
  VLAN0012            Desg FWD 2         128.54   P2p
  VLAN0100            Desg FWD 2         128.54   P2p
  VLAN0125            Desg FWD 2         128.54   P2p
  VLAN0126            Desg FWD 2         128.54   P2p
  VLAN0127            Desg FWD 2         128.54   P2p
  VLAN0129            Desg FWD 2         128.54   P2p
  VLAN1032            Desg FWD 2         128.54   P2p
  VLAN1096            Desg FWD 2         128.54   P2p
  VLAN1128            Desg FWD 2         128.54   P2p
  VLAN1160            Desg FWD 2         128.54   P2p
  VLAN1192            Desg FWD 2         128.54   P2p
  VLAN1224            Desg FWD 2         128.54   P2p
  show spanning-tree interface TenGigabitEthernet2/1/1
  Vlan                Role Sts Cost      Prio.Nbr Type
  VLAN0001            Altn BLK 2         128.109  P2p
  VLAN0006            Altn BLK 2         128.109  P2p
  VLAN0012            Altn BLK 2         128.109  P2p
  VLAN0100            Altn BLK 2         128.109  P2p
  VLAN0125            Altn BLK 2         128.109  P2p
  VLAN0126            Altn BLK 2         128.109  P2p
  VLAN0127            Altn BLK 2         128.109  P2p
  VLAN0129            Altn BLK 2         128.109  P2p
  VLAN1032            Altn BLK 2         128.109  P2p
  VLAN1096            Altn BLK 2         128.109  P2p
  VLAN1128            Altn BLK 2         128.109  P2p
  VLAN1160            Altn BLK 2         128.109  P2p
  VLAN1192            Altn BLK 2         128.109  P2p
  VLAN1224            Altn BLK 2         128.109  P2p

• "Domain Users" group in Active Directory does not belong to any Group Membership in LC

  Active Directory user belonging to "Domain Users" group does not belong to any Group Membership in LC, why does it not belong to "Domain Users" group?
  Any way to correct this issue, without changing group membership on AD side?
  If Active Directory user is member of "Domain Admins" or "Users" then these show same group membership in LC.
  Thanks.

  If you want to use the Domain Users group for the purpose of representing all the users then you can use the "All principals in domain xxx" group which is created by UM.
  Coming back to Domain Users group. For determining group membership in AD UM uses "member" attribute of the group object. "Domain Users" group is treated differently by AD. It is the default primary group for all the users and normally members of the primary group are not specified using the member attribute.So when we sync the data from AD "Domain Users" membership does not get completed.

• Playlists not dynamically updating.

  I have a playlist on my iphone's music library set up to dynamically update to include the 30 most recently played songs.
  However the playlist does not update until I sync the iPhone with a computer.
  What's the deal?

  No one?
  Seriously?