Active Directory login soooo slow with 10.4.11 client upgrades

Similar Messages

• Exporting Active directory users to excel with conditions

  I'm trying to export AD users with selected fields out to a spreadsheet, with the condition that the employeeid field is greater than 99999.    I found a VBScript elsewhere on this site that does everything i need, even filtering on the employeeid
  field except that when it export to the spreadsheet the employeeid field comes back as if it's blank.  But i know it's not as it will do the filtering correctly.  Below is the script i've been using.   As i said it will correctly list all users
  with employeeid greated than 5 digits but it just won't export the actual employeeid field
  Dim ObjWb 
  Dim ObjExcel 
  Dim x, zz 
  Set objRoot = GetObject("LDAP://RootDSE") 
  strDNC = objRoot.Get("DefaultNamingContext") 
  Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE 
  Call ExcelSetup("Sheet1") ' Sub to make Excel Document 
  x = 1 
  Call enummembers(objDomain) 
  Sub enumMembers(objDomain) 
  On Error Resume Next 
  Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's 
  For Each objMember In objDomain ' go through the collection 
  if ObjMember.EmployeeID > 199999 Then  'if employee id greater than 199999 then add to spreadsheet (meaning physician)
  x = x +1 ' counter used to increment the cells in Excel 
  ' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code 
  ' this was done so the script could be modified easier. 
  SamAccountName = ObjMember.samAccountName 
  FirstName = objMember.GivenName 
  LastName = objMember.sn 
  EmployeeID = ojbMember.employeeID
  EmailAddr = objMember.mail 
  Addr1 = objMember.streetAddress 
  Title = ObjMember.Title 
  Department = objMember.Department
  ' Write the values to Excel, using the X counter to increment the rows. 
  objwb.Cells(x, 1).Value = EmployeeID
  objwb.Cells(x, 2).Value = SamAccountName 
  objwb.Cells(x, 3).Value = FirstName 
  objwb.Cells(x, 4).Value = LastName 
  objwb.Cells(x, 5).Value = EmailAddr
  objwb.Cells(x, 6).Value = Addr1 
  objwb.Cells(x, 7).Value = Title 
  objwb.Cells(x, 8).Value = Department 
  ' Write out the Array for the 2ndary email addresses. 
  For ll = 1 To 20 
  objwb.Cells(x,26+ll).Value = Secondary(ll) 
  Next 
  ' Blank out Variables in case the next object doesn't have a value for the property 
  EmployeeID = "-"
  SamAccountName = "-" 
  FirstName = "-" 
  LastName = "-" 
  EmailAddr = "-" 
  Addr1 = "-" 
  Title = "-" 
  Department = "-" 
  For ll = 1 To 20 
  Secondary(ll) = "" 
  Next 
  End If 
  ' If the AD enumeration runs into an OU object, call the Sub again to itinerate 
  If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then 
  enumMembers (objMember) 
  End If 
  Next 
  End Sub 
  Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row 
  Set objExcel = CreateObject("Excel.Application") 
  Set objwb = objExcel.Workbooks.Add 
  Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName) 
  Objwb.Name = "Active Directory Users" ' name the sheet 
  objwb.Activate 
  objExcel.Visible = True 
  objwb.Cells(1, 1).Value = "EmployeeID"
  objwb.Cells(1, 2).Value = "SAMAccountName"
  objwb.Cells(1, 3).Value = "FirstName" 
  objwb.Cells(1, 4).Value = "LastName"  
  objwb.Cells(1, 5).Value = "Email" 
  objwb.Cells(1, 6).Value = "Addr1" 
  objwb.Cells(1, 7).Value = "Title" 
  objwb.Cells(1, 8).Value = "Department" 
  End Sub 
  MsgBox "User dump has completed.", 64, "AD Dump" ' show that script is complete

  Here is a test version
  Set xl = CreateObject("Excel.Application")
  xl.Visible = True
  Set wb = xl.Workbooks.Add()
  Set sheet = wb.Worksheets("sheet1")
  sheet.Name = "Active Directory Users"
  i = 1
  With sheet
  .Cells(i, 1).Value = "EmployeeID"
  .Cells(i, 2).Value = "SAMAccountName"
  .Cells(i, 3).Value = "FirstName"
  .Cells(i, 4).Value = "LastName"
  .Cells(i, 5).Value = "Email"
  .Cells(i, 6).Value = "Addr1"
  .Cells(i, 7).Value = "Title"
  .Cells(i, 8).Value = "Department"
  End With
  Set users = GetADUsers()
  While Not users.EOF
  i = i + 1
  With sheet
  .Cells(i, 1).Value = users("employeeID")
  .Cells(i, 2).Value = users("samAccountName")
  .Cells(i, 3).Value = users("GivenName")
  .Cells(i, 4).Value = users("sn")
  .Cells(i, 5).Value = users("mail")
  .Cells(i, 6).Value = users("streetAddress")
  .Cells(i, 7).Value = users("Title")
  .Cells(i, 8).Value = users("Department")
  End With
  users.MoveNext
  Wend
  Function GetADUsers()
  Set rootDSE = GetObject("LDAP://RootDSE")
  base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
  filt = "(&(objectClass=user)(objectCategory=Person))"
  attr = "employeeid,SAMAccountName,mail,GivenName,sn,streetAddress,Title,Department"
  scope = "subtree"
  Set conn = CreateObject("ADODB.Connection")
  conn.Provider = "ADsDSOObject"
  conn.Open "Active Directory Provider"
  Set cmd = CreateObject("ADODB.Command")
  Set cmd.ActiveConnection = conn
  cmd.CommandText = base & ";" & filt & ";" & attr & ";" & scope
  Set GetADUsers = cmd.Execute()
  End Function
  ¯\_(ツ)_/¯

• Hello all...is there a way to activate(on startup) /deactivate(on logoff) CS6 Suite using a script, Active Directory Login Script or central Management Tool?

  hello all...is there a way to activate(on startup) /deactivate(on logoff) CS6 Suite using a script, Active Directory Login Script or central Management Tool?

  The long answer is: No. this is Adobe's secret sauce and you cannot manage it using other tools.
  Mylenium

• Can't log in to Profile Manager or My Devices with Active Directory logins

  I have an OSX Lion 10.7.4 Server set up with Profile Manager and it is joined to AD.
  I am able to see AD groups in the Profile Manager groups section.
  I can also see and add AD users and groups using the server app.
  I have enabled the "Can Enable Remote Management" check box for Domain Users through Profile Manager. I have also added Domain Admins to the Workgroup group in the Server app. I'm not sure that I want or need either of these options, but they were suggestions to try.
  I am not able to log on to the Profile Manager or My Devices pages with AD logins.
  I found these directions about nested groups in Workgroup Manager http://krypted.com/iphone/integrating-mac-os-x-lion-servers-profile-manager-with -active-directory/ but I don't have a com.apple.access_devicemanagement local group or any groups like are shown in the picture.
  Any ideas what I'm missing?
  Cheers,
  Ian

  I found the two pieces I was missing:
  1) Install the Lion Server Admin Tools
  Launch the Server Admin App
  Click on the server name in the left pane
  Click on the Access button in the upper part of the window
  Click on Profile Manager
  Either manually add specific groups to the list or if you're feeling brave choose the "Allow all users and groups" radio button
  2) Run the command line steps on this page to change the authentication to plain text to support AD authentication:
  http://support.apple.com/kb/HT4837
  Voila!

• Active Directory logins from Windows to Final Cut Server

  While I did manage to solve my main problem with Integrating AD with Final Cut Server at this one site.... It turns out that there a typo in the kerberos config file. Ooops. Now logins in from Mac OS using AD credentials works well. Unfortunately, I am still seeing some minor issues, like certain groups in AD not being able to login, and for some reason the Windows users can't login (only the Macs using AD credentials). Any seeing anything like this? Of course I enabled certain groups in Final Cut Server pref pane to match certain AD groups, but in the end only the BuiltIn groups worked, not the Domain Users, Domain Admin groups. Strange. And not sure why Windows users can't login. Same domain. Fun times.

  It seems like I read the inital Kb article wrong. The Windows clients get the krb5.ini file, not the Domain Controller. LOL. Thanks to drew for pointing that out to me.
  http://support.apple.com/kb/HT3688
  In order for Active Directory bound Windows Final Cut Server client systems to successfully authenticate to Final Cut Server, you must create a custom Kerberos configuration file on the Windows client system.

• 10.4.x and Active Directory Logins - mobile accounts

  Managing 10.4.x workstations and trying to get AD logins to work using OS X AD plugin set to "create mobile home" and "Force local home directory".
  AD user accounts get stuck at the login window. The user name and password field are greyed out and the computer sits like that for a long time. Computer responds when pressing the power button to restart, shutdown, sleep, or cancel.
  Console reads: automount 174: can't mount server name .... invalid argument (22) over and over
  tried setting automount in /etc/hostconfig to NO and that just keeps returning the "unable to login as user .... afp/smb error"
  If the AD plug in is cofigured with out the "create mobile home" and "force local home directory" checked, the AD user can log in with a true network home directory.
  Seems like the login doesn't work when it's set to create a mobile home and mount the users network folder in the dock.
  Clients are Mac 10.4.9 + / WIndows/Active Directory 2003 / OS 10.4 server for management purposes.
  any ideas?

  my apologies.... posted this question in the wrong forum. will repost.

• Active Directory logins - mobile accounts

  Managing 10.4.x workstations and trying to get AD logins to work using OS X AD plugin set to "create mobile home" and "Force local home directory".
  AD user accounts get stuck at the login window. The user name and password field are greyed out and the computer sits like that for a long time. Computer responds when pressing the power button to restart, shutdown, sleep, or cancel.
  Console reads: automount 174: can't mount server name .... invalid argument (22) over and over
  tried setting automount in /etc/hostconfig to NO and that just keeps returning the "unable to login as user .... afp/smb error"
  If the AD plug in is cofigured with out the "create mobile home" and "force local home directory" checked, the AD user can log in with a true network home directory.
  Seems like the login doesn't work when it's set to create a mobile home and mount the users network folder in the dock.
  Clients are Mac 10.4.9 + / WIndows/Active Directory 2003 / OS 10.4 server for management purposes.
  any ideas?

  my apologies.... posted this question in the wrong forum. will repost.

• Mac OS X 10.5 Clients - Active Directory Login - Password Policy

  Hi,
  I wonder if anyone can help me or give me some pointers.
  I have a client who has a number of Mac OS X 10.5 Leopard clients who sign-in and authenticate with a Window's Active Directory server which has a password policy to prompt users to change their login password every 30 days.
  Today is the day they are required to change their login password and they do get message that says something like "0 days to change your password" but are not getting the subsequent dialogue box that allows them to change their password.
  Any ideas?

  OOPs, missed which one we were talking about, sorry.
  Does it boot to Single User Mode, CMD+s keys at bootup, if so try...
  /sbin/fsck -fy
  Repeat until it shows no errors fixed.
  (Space between fsck AND -fy important).
  Resolve startup issues and perform disk maintenance with Disk Utility and fsck...
  http://docs.info.apple.com/article.html?artnum=106214

• Using the Active Directory login information by UNIX

  We have 3 servers in our organisation: W2K + Exchange - members of one DOMAIN and Sun server with Solaris 8. All our clients have their login and password for the DOMAIN and the according the security policy they have to change their password periodically. Only a part of our clients have their login on the Solaris (they work using X-Terminal from their PC ).
  My question is how can I receive and update automatically the login information on UNIX(Solaris) after updating on the Active Directory . Or how can I use the login information of the Active directory by Solaris

  Are the configuration reports with the 0.0.0.0 being printed directly from the printer?  A 0.0.0.0 address indicates the printer is not actually on the network (or at least not getting DHCP information from the router).  The Print and Scan Doctor should not have been able to print to it unless it happened to be connected by a USB cable as well.
  What brand and model is the router?
  Is the wireless light a solid blue light or a flashing blue light?
  You mentioned an Active Directory Domain Services error message.  Outside of corporate networks, this is not an error message you should get.  I suspect there might be a deeper software issue at fault.  Please provide the exact steps you are using to add the printer to generate that error message.
  ↙-----------How do I give Kudos?| How do I mark a post as Solved? ----------------↓

• Active Directory login problem

  I have my MacBook Pro bound to the domain. It has a computer account viewable in the Active Directory.
  However, after this I then expected to be able to enter my domain credentials at the OS LoginWindow instead of logging on using a local account but it wont work......anyone know what may be the problem here ?
  Thanks in advance

  I have the same problem when i try to login using the AD domain account the screen just jumps around as if you have entered teh wrong password.

• Active Directory - SharePoint Replication Problem with User Information

  Hi, we have a implementation of SharePoint 2010 stand alone server, when we start to work in this server, we add the users from Active Directory services implemented in our company. This users had information like the email and department. When i add one
  user to SharePoint, sharepoint import all information user.
  The problem is when i change the email information from the user in Active Directory, this information didnt replicate to SharePoint.  The user have the new email In Active Directory and the old email in SharePoint.
  How can i replicate new one all information from the user to SharePoint?
  I hope someone can help me..
  thanks. 

  Standalone installations of SharePoint do not support the User Profile Sync Service. You'll want to use a farm installation for that functionality.
  Are you using SharePoint Foundation, Standard, or Enterprise? The UPSS only comes with Standard and Enterprise.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Active Directory Trusted Recon ends with NullPointerException

  Hi,
  I have installed  OIM 11.1.2.2.0 and AD connector version: ActiveDirectory 11.1.1.6.0. when i run "Active Directory Group Lookup Recon", I can see the groups created in "Lookup.ActiveDirectory.Groups". But when I tried to do "Active Directory User Trusted Recon" OIM given below error. I attached ITResource and Scheduler configurations.
  Any help is greatly appreciated.
  [2015-04-29T21:20:40.816+05:30] [oim_server1] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] Failed to communicate with any of configured Access Server, ensure that it is up and running.
  [2015-04-29T21:20:40.863+05:30] [oim_server1] [NOTIFICATION] [] [oracle.iam.features.scheduler.agentry.operations] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: eefe7b19b2a021e0:6c7958f0:14d05d5c757:-8000-000000000000009d,0] [APP: oim#11.1.2.0.0] [DSID: 0000Ko5qWtjFW7WFLz6UOA1LGFhL000004] [[
  java.lang.NullPointerException
    at java.io.ByteArrayInputStream.<init>(ByteArrayInputStream.java:89)
    at oracle.iam.scheduler.vo.JobHistory.getExceptionObject(JobHistory.java:123)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.prepare(LookupActor.java:1277)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.refresh(LookupActor.java:3069)
    at oracle.iam.features.scheduler.agentry.operations.LookupActor.receiveEvent(LookupActor.java:3056)
    at oracle.iam.consoles.faces.mvc.canonic.Model.handleIntent(Model.java:975)
    at oracle.iam.consoles.faces.mvc.canonic.Controller.doHandleIntent(Controller.java:533)
    at oracle.iam.consoles.faces.mvc.canonic.Controller.doSelectAction(Controller.java:204)
    at oracle.iam.consoles.faces.event.NavigationListener.processAction(NavigationListener.java:99)
    at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)
    at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:748)
    at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:104)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:93)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:371)
    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:97)
    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:98)
    at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
    at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:957)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:427)
    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207)
    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:112)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
    at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
    at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

  I believe suddenly after running use cases related with target recon, you are trying to run trusted recon.
  Make sure you update the following value in IT Resource whenever u run it for trusted recon:
  Configuration Lookup
  This parameter holds the name of the lookup definition that stores configuration information used during reconciliation and provisioning.
  If you have configured your target system as a target resource, then enterLookup.Configuration.ActiveDirectory.
  If you have configured your target system as a trusted source, then enterLookup.Configuration.ActiveDirectory.Trusted.
  Default value: Lookup.Configuration.ActiveDirectory
  http://docs.oracle.com/cd/E22999_01/doc.111/e20347/deploy.htm#BABGFCFE
  ~J

• Re: Active Directory Login to Windows 2000 Server

  Continuing http://discussions.apple.com/thread.jspa?threadID=1277356&tstart=0
  So we were able to bind the Mac to the Active Directory Domain once the PC admins created an ID for the computer in their "forest". However the user doesn't have access to all the directories that she does from her PC.
  The AD admin keeps saying the we need to "Map to the share" - Yes, he's from the past!
  So the user on the PC side belongs to a groups called "torcomreg" that seems to give her access from the PC. She can access every other area except for the "Departments" share. (we can see Departments and open it - but we see nothing inside).
  Does anyone know how to use "Mappings" and what does "Map UID to attribute:" mean? Are we supposed to enter a UID for this user, or the ID of the shared attribute? How do we get this person access to the directory or the group membership - I'm convinced that this needs to be done on the AD server - but I don't know the verbiage that the admin needs from us.
  Thanks in advance - taking over the enterprise on Mac at a time - literally in this case.

  You can write an applescript to mount the appropriate shares, then compile the script as an executable.
  Make executable script a login item for the user.
  It's been a long time since I wrote the script, so I can't recall the exact syntax, but it goes to the effect of
  tell application "finder"
  begin tell
  mount "smb://server/share"
  end tell
  repeat for each share.

• Active Directory Access and Synchronization with R/3

  Dear All,
  What I have understood till now about users being maintained in Active Directory is: there are no Roles in Active Directory, users are to be assigned to Groups in the Active Directory.
  My requirement is: I have to maintain the users in Active Directory, and ensure they are in sync with my BW system CUA.
  First question is: Can we maintain users and roles in CUA?
  If I want to synchronize between Active Directory and CUA, do I always need the EP to play a part? If not, what are my alternatives?
  My second requirement is: I have to get the users and roles ( partly from Active Directory  via LDAP Connector, and partly from BW CUA ), the challenge being, I am getting users from the Active Directory, how will I determine the role it is assigned to in CUA?
  I will have the group of the user from Active Directory, where and how do I determine what is the role assigned to this user?
  Please suggest.
  Regards,
  Prosenjit.

  Prosenjit,
  My apologies, I didnt really understand your scenario.
  For your query -- I have to fetch the users from AD, check their roles, and display some relevant data.
  You create the role in portal as assign it to the group (group can be anything either AD Groups, CUA Roles which would be groups on the portal or simple portal groups). Now the role will display the reports as links in the TLN and Detail level navigation however it would only be the authorizations which control what data will be visible to the end user.
  Syncronization between AD - ABAP (CUA) would allow you to sync the user details between both the data sources roles dont come into the pitcure as far as I know and have seen (might be wrong also)
  How will I conclude to which role the user is entitles in the BW side, just by getting the group?
  I suppose you must have developed and then published reports on the portal. You will have to create a user - report matrix and then assign users to approproate groups.
  Do clarify the requirement in further detail if this doesnt solve your issue.

• Login intermittently slow with ZCM agent AND Novell client

  We continue to struggle with intermittently slow logins in our environment. In testing, we noticed that logins are very fast (10-20 seconds) when only the Novell Client is installed, and very fast (~10 seconds) when only the ZCM agent is installed. However, when they are both installed, logins slow down, sometimes to 1.5 minutes or longer.
  We have checked DNS and rDNS, and they are both configured properly. SLP is working properly as demonstrated by the fast logins when only the client is installed. We use LDAP for user lookup, and it also works very fast to resolve user names (~ 1 second).
  We are using ZCM 10.3.1, and the client is fully patched as well (both Novell Client 2 and 4.91)
  Are there any specific settings (for the ZCM agent or the client itself) that might address this issue?

  My apologies, I told you to remove the wrong thing.
  I should have said NMAS instead of CASA.
  I am just so used to saying CASA when talking about ZCM.
  In regards to NMAS, you could simply rename "NWSSO.DLL" as a test.
  If NMAS is installed which is tested by the existence of this DLL, then
  a certain NMAS call is always made, which in some cases can take a long
  time.
  On 11/9/2010 12:06 PM, dshofkom33 wrote:
  >
  > craig_wilson;2042688 Wrote:
  >> Try removing CASA from the device and see if that makes a difference.
  >> A TID will be out on the issue soon.
  >>
  >> On 10/5/2010 4:36 PM, kjhurni wrote:
  >>>
  >>> Hmm, I will have to try that. I've only observed that with ZCM
  >>> installed (with Novell Client 4.91 SP5 on XP) that the login time
  >> goes
  >>> from about 12-15 seconds to about 50-70 seconds.
  >>>
  >>> But I've not tried "just" the ZCM agent.
  >>>
  >>>
  >>
  >>
  >> --
  >> Craig Wilson - MCNE, MCSE, CCNA
  >> Novell Knowledge Partner
  >>
  >> Novell does not officially monitor these forums.
  >>
  >> Suggestions/Opinions/Statements made by me are solely my own.
  >> These thoughts may not be shared by either Novell or any rational
  >> human.
  >
  > I removed CASA and now I cannot sign into ZCM. I get the "unable to
  > login to network because the login credentials are incorrect" Windows
  > Security Message. Any ideas?
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.