Active Directory on VMware

I am having an argument with a co worker. Can someone please settle this;
Are Active Directory Domain Controllers
OFFICIALLY supported on VMware???
Yes???
http://www.vmware.com/files/pdf/solutions/Virtualizing-Active-Directory-Do
main-Services-on-VMware-vSphere.pdf
No???
http://support.microsoft.com/kb/888794
http://support.microsoft.com/kb/897615
http://support.microsoft.com/kb/957006
BlankMonkey

Thank you so much for the detailed reply, although this is not exactly what I was looking for.
Do we have links to the
No, it is not supported on 2008
Yes, it is supported on 2012
I understand it will run, in fact we have 4 test domains running in VM. I have even experienced the snapshot issue to my dismay. I will read over closer the bullet points so I can address them. But for this argument, I need an OFFICIaL
position. Links would be the evidence.
BlankMonkey
To answer your original question, below...
>>> "Are Active Directory Domain Controllers
OFFICIALLY supported on VMware???"
No. I agree with Hinte. You will NOT find anything from Microsoft
stating that they support DCs or any other of their server products virtualized on any third party hypervisor. It's not their product to support. That's like on Windows 2008 R2, you download the Intel NIC drivers from Dell, a Microsoft untested driver, in
order to team your NICs. Then something goes wrong with networking. You call Microsoft Support and ask to help, but they see that you have a third party driver you've downloaded and state they are not able to help you because you didn't use the built-in Intel
drivers, albeit the drivers do not offer teaming.
In Windows 2012 and newer, teaming is supported because they offer it with the built in drivers.
In KB888794 that you posted, they do mention VMware as hypervisor, but there's nothing in the KB implying or explicitly saying they support it.
But they will for their own hypervisor, and this is a pretty informative link:
Running Domain Controllers in Hyper-V
- Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Virtualization.
This topic will be updated in order to make the guidance applicable to Windows Server 2012.
http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(WS.10).aspx
Here are some links from VMware as far as their official position on DCs virtualization:
Virtualizing existing domain controllers in VMware vCenter Converter (1006996)
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006996
Windows Server 2012 VM-Generation ID Support in vSphere
http://blogs.vmware.com/apps/2013/01/windows-server-2012-vm-generation-id-support-in-vsphere.html
I hope they help provide you official VMware documentation supporting virtualized DCs.
If you want an official position from Microsoft about running virtualized DCs on VMware, a third party product, I highly doubt it.
However, I highly suggest contacting your Microsoft TAM (Technical Accounts Manager), if you have an account, for their official support on it. You also have the option to contact Microsoft Support.
I don't know the size of your organization, but if large enough, you can ask for a TAM to assist with products, purchases, discounts, and frontline support. If you don't have a TAM and would like to get started for your organization, here's the link to get
you started:
https://premier.microsoft.com/
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Similar Messages

Documentation on Active Directory Domain Rename for VMware

Aplogies if my questions are elementary. Just getting started with VMware.
We are looking to update our virtualized Active Directory domain name. I have the documentation for that, but want to make sure I have the list of articles needed to make sure the VMware is properly updated as well.
I found the following documents:
configure host to use active directory:
https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-63D22519-38CC-4A9F-AE85-97A53CB0948A.html
setting DNS configuration vmware
http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vcli.examples.doc%2Fcli_manage_networks.11.8.html
Is there anything else?
Which do I update first? The VMware info or the Active Directory.

Hi David,
Based on my experience, you’d better pay attention to the following two points:
1. After you have completed the installation of Exchange 2010, you have to create an Accepted Domain of “uvwxyz.org”.
2. If you want to use Autodiscover, you need to configure the additional settings for “uvwxyz.org”. You could refer to the article below:
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
If you have any further questions, please do not hesitate to post back.
Best regards,
Eric

AD Group membership not updating in Sharepoint Foundation when adding Active Directory group to Sharepoint group

I have Sharepoint Foundation installed with the latest CU updates. It is running on a VMware box (Windows Server 2008 R2 Standard) with its backend on a SQL Server 2008 R2 vmware box. The farm account is a domain user and has been given all appropriate
replication rights, etc to active directory.
Everything seems to be working fine except for security integrated with AD groups. When I go to edit permissions I can add individual AD users just fine and remove them just fine and their access is taken away right away or given to them right away.
I can also find AD groups in the people picker and add them to the site. When I add new groups to AD, they are found immediately within Sharepoint, and when I delete groups from AD, they are taken out of the people picker right away. Now comes
the weird part. When I add an AD group to the site, all users currently within that AD group are given access to the Sharepoint Site. This works for the first time only. Now when I add or remove users from the AD groups, it does not update
in SharePoint. For example, I have an AD testuser1 in the AD Group "All Users". testuser1 does not have access to SharePoint. So I add the AD group to the Sharepoint group "Visitors". testuser1 now has read access to the sharepoint
site. Now, I remove testuser1 from the AD group, but testuser 1 still has access to the site even though he is not part of the AD group, nor does he have any individual permissions to the site. Now, I add testuser2 to the ad group. testuser2
does not have access to the site, even though he is part of the ad group.
It seems that the only time AD group security is working for me is when I first initially add the AD group to the site. From then on, it's like sharepoint is caching the members of the group and not updating any new adds or deletes from the groups.
Any ideas? I am lost on where to go from here as I have tried everything from clearing cache files, rebooting servers, iisresets....

I think I have at least cornered the problem, but am not 100% sure yet that it is the correct answer. I think it could be 1 of the following 2 scenarios.
Scenario 1: We have 3 web applications setup on our web server ports 80 - Our sharepoint Web app, 2020 - Our My Site Web App, 2040 - Our Search Web app. We are using host headers (http://sharepoint.***.com) instead of a server name. So
we setup our access mappings (Central Admin -> Application Management -> Configure Alternate access mappings) to use the host header (http://sharepoint.***.com) as the default mapping and the server name as the intranet access mapping. By
setting the default access mapping to host headers, i noticed that Sharepoint automatically assumes that all web apps are on port 80. You can see this by going to (Central Admin -> Manage Web Applications). The port listed all 3 web apps on
port 80. So I think when I was doing a profile sync and using mysites, it was messing with my AD security because of this. What I did was the following. I went to Central Admin -> Manage Service Applications -> [Name of your user profile
service] -> Setup my sites. I made sure that my preferred search center had the correct port number on it (mine originally had no port number), that my my site host had a port (again no port number originally), as well as the personal site location.
I then saved this.
Scenario 2: Our user profile sync had 2 BDC connections that were corrupt and throwing errors. I rebuilt the connections, remapped them to the proper user profile property.
I did both of these scenarios above around the same time. I then restarted all my servers, and at last the AD Group security is now functioning appropriately. I have done multiple IIS resets and server restarts. The issue has only reappeared
once. After restarting the machine again, we were back to the AD groups functioning correctly. Because we had the issue reappear once after doing the above, I still do not feel 100% sure that either one of the above corrected the issue completely.
As long as we are up and running currently, I am moving on to other tasks with this project. My only concern that it will break again and I will have to revisit it is when we restart the servers....which is never fun. I will update as I find
a "true" answer to this issue.... Let me know if any of the above helped you or if you find something I may not have thought of.

I have windows server 2012 R2 and install active directory

My question is I install active directory in windows server 2012 R2 and create Group Policy. ( These set-up is only for test)
Have not registered domain only install active directory to test.
So the problem is when I created Group policy for my user and put software restriction policy but its affected to my administrator accounts too, No when I open VMware (install Virtual Machine windows XP) and start os then its shows you can not user this
software as you restricted from installing software (Something like that don't know exact Error). I could not start installed Virtual Machine.
Please give me a solution for this.
This is the setup for a test use only so their not big environment connect with my pc.
Thanks in advance.
Regards,
Krunal

Hi,
The following article is talking about creating and managing Group Policy on a Windows Server 2012:
http://www.thomas-krenn.com/en/wiki/Creating_and_managing_a_Group_Policy_on_a_Windows_2012_Server
As Darren Blanchard mentioned, if you want to apply the GPO, you could link it to an OU that contain the computer or user.
Group Policy Overview
http://technet.microsoft.com/en-us/library/hh831791.aspx
Please feel free to let us know if you need further assistance.
Regards.
Vivian Wang

Creating Active directory

Hi Geeks,
i need to develope an interface which is run every day and will send SAP HR data to Microsoft Active directory. It will handle 3 scenarios
1. create new accounts in Active directory for all new hires on the current date ( ie the date on which the interface is run).
2.De-activate the accounts for terminated employees on tht day
3. Update the LDAP account with any change in the PA data of the employee
using the Fm module
SPLDAP_RECEIVE_ATTRIBUTES
Regards,
Sudhakar Yadav

Hello,
For general services I use a service specific account within AD. This was before SSO and I use the same after SSO. SSO is used by only two services that I know about at the moment (Inventory Service and perhaps vCloud). However, there are many other service accounts that should be created. You want one account per service and I use AD for this, this way I can create a service account group and give it the appropriate roles and privileges. FOr example I have service accounts for:
VMware View
XenDesktop
vCops
HPSIM
Solarwinds
VMTurbo
NetApp
etc.
One service, one service account, each with either a general role or custom role depending on access requirements to vCenter.
For SSO, I to am waiting on general information, but I set mine up fairly basically to cover only those resources that make use of SSO. Since the vast majority of items do not use SSO, the rule still applies. Once SSO is supported by more than one or two tools, you still need to maintain that separation.
So I say yes, tie SSO to AD and do everything in one place, unfortunately, that is not very clear, or at least was not to me and these SSO issues are either beng fixed, documented, or both.
Best regards,
Edward L. Haletky aka Texiwill

Creating Active Directory Accounts for vSphere 5.1 Services

To set up the management pieces of vSphere, I need to have an account or accounts created in Active Directory. I need to determine how many to create and what permissions they need.
In Single Sign on Server, I need to choose an account that vCenter server will use when it connects to SSO. I can use the default admin@system-domain. Or I can add an account that is configured in Active Directory. Or, I can also use an active directory group instead of an individual user. What is the best way to do this and if I use an AD account, what permissions does it need at the domain level and at the local level on the Single Sign on Server? (I'm using multisite mode, so I can't use local accounts)
In SQL Server, I need to choose an account to use for the SQL server service. Should this account be an active directory account or a local user account? If so, what permissions should be assigned to the account in Active Directory and what permissions should be assigned to it on the local machine? What AD group, if any should it be a part of? What local permissions does it need?
In vCenter Server, I need to choose an account to run the "vCenter Server Service" in. Is it best to use the default "system" account or to use an account from Active Directory, or a local account?
I'm trying to get a big picture of an AD account/group strategy to use that covers the main management pieces of vSphere - vCenter Server, Single Sign on, Inventory Service, Web Client Services.
For example, create one group called "vSphere Services", then create separate accounts for each management piece, and assign them specific permissions on specific systems. Or create separate groups for each management piece and assign permissions to the groups. Is it better to consolidate some of these user names or split them out? Any experiences / suggestions welcome. Thanks.

Hello,
For general services I use a service specific account within AD. This was before SSO and I use the same after SSO. SSO is used by only two services that I know about at the moment (Inventory Service and perhaps vCloud). However, there are many other service accounts that should be created. You want one account per service and I use AD for this, this way I can create a service account group and give it the appropriate roles and privileges. FOr example I have service accounts for:
VMware View
XenDesktop
vCops
HPSIM
Solarwinds
VMTurbo
NetApp
etc.
One service, one service account, each with either a general role or custom role depending on access requirements to vCenter.
For SSO, I to am waiting on general information, but I set mine up fairly basically to cover only those resources that make use of SSO. Since the vast majority of items do not use SSO, the rule still applies. Once SSO is supported by more than one or two tools, you still need to maintain that separation.
So I say yes, tie SSO to AD and do everything in one place, unfortunately, that is not very clear, or at least was not to me and these SSO issues are either beng fixed, documented, or both.
Best regards,
Edward L. Haletky aka Texiwill

Windows 2000/Active Directory - Gateway on none domain controller

I have been trying to configure a Gateway to run on a non member server and have it point to a domain. All attempts to work of the remote machine have failed and wonder what I am doing wrong. Here is an out line of what I have done:
Environment
All machines are Windows 2003 running in VMWare instances.
Machine 1: Gateway machine. IDM is installed but not running. Server name = USTRSDLMS009VM1, member of the workgroup IDM
Machine 2: AD machine, Gateway installed. IDM is installed but not running. Server Name = USTRSDLMS009VM2. Domain Name = IdMTestAd.IdMTest.com.
Machine 3: IDM is installed and running. Servername = USTRSDLMS009VM3 member of the workgroup IDM
Basic Tests:
All machines can ping each other by both computer name and ip address.
Easy step first
Connect to IDM on Machine 3 (IDM server) configure the Windows 2000/Active Directory RA to point to the Gateway on Machine 2 (AD server). All works perfect. Server is identified with IP address.
Remote server test
Connect to IDM on Machine 3 (IDM server) configure the Windows 2000/Active Directory RA to point to the Gateway on Machine 2 (Gateway machine). This does not work. Configuration of Resource Parameters is as follows:
Host: Configured using both IP or ServerName
TCP Port: 9278
User: Administrator
container: cn=users,dc=idmtestad,dc=idmlab,dc=com
LDAP HostName, DomainName, IP or Servername of Server 1 (standalone gateway server). This is the setting that should allow me to use a remote machine. NOTE: I have done tons of tests and they all indicate that this field is not working.
I get the following error message when I try and connect:
Test connection failed for resource(s):
AD-VM2DirectConnect: Error opening object 'LDAP://cn=users,dc=idmtestad,dc=idmlab,dc=com': ADsOpenObject(): 0X8007054B: , , The specified domain either does not exist or could not be contacted.
I have also tested connecting to the LDAP using an LDAP browser with the same credentials from the standalone gateway machine. Worked fine.
The following is the Gateway Trace log from the standalone gateway machine. I will post it as a seperate item in the thread (a little cleaner I think). But the basic error section is:
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,7352): buildBindOptions bind flag = 0x1
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5182): Error opening object 'LDAP://cn=users,dc=idmtestad,dc=idmlab,dc=com': ADsOpenObject(): 0X8007054B: , , The specified domain either does not exist or could not be contacted.

The GW Log file from the stand alone GW server.
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/logging/WSTrace.cpp,146): trace active, level: 4, file: c:\gwtrace\gwtrace.txt, maxSize: 3500 KB
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/logging/WSTrace.cpp,201): Trace file set to 'c:\gwtrace\gwtrace.txt'
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,116): Enter: reply
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,74): Enter: sendBuffer
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,88): Sending buffer:
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <?xml version='1.0' encoding='UTF-16'?>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Response>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Result status='ok'>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <ResultItem type='message' status='ok'>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Message>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Text>Trace level set to 4</Text>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Message>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </ResultItem>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <ResultItem type='message' status='ok'>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Message>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Text>Trace file maximum size set to 3500</Text>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Message>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </ResultItem>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <ResultItem type='message' status='ok'>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Message>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Text>Trace file set to 'c:\gwtrace\gwtrace.txt'</Text>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Message>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </ResultItem>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Result>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Response>
02/28/2006 13.14.33.765000 [2540] (../../../../src/wps/agent/connect/RASecureConnection.cpp,110): SendPrivate: count: 1100 pad: 8
02/28/2006 13.14.33.781000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,103): Exit: sendBuffer
02/28/2006 13.14.33.781000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,124): Exit: reply
02/28/2006 13.14.33.781000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,558): Exit: ProcessCommand
02/28/2006 13.14.33.781000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,695): Exit: handleRequest
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 6564 bytes
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/connect/RASecureConnection.cpp,260): ReceivePrivate: count: 6542, 6560 wrapped up rawlength 6558
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/connect/RASecureConnection.cpp,269): Rightbefore decrypt:
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/connect/RASecureConnection.cpp,34): KEY:[e8 92 1c 9c 05 78 d7 a0 d3 62 32 f8 46 0a 0d 3d 64 05 6a bd fe a9 34 57 ]
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/connect/RAEncryptor.cpp,67): RAEncryptor::Decrypt3DES: input length (6552) moded to 819
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/connect/RASecureConnection.cpp,110): SendPrivate: count: 0 pad: 4
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,563): Enter: handleRequest
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,583): Received buffer:
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <?xml version='1.0' encoding='UTF-16'?>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Request encrypted='true'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <cmd>test config</cmd>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Resource name='AD-VM2DirectConnect' class='com.waveset.adapter.ADSIResourceAdapter'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attributes>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='ADSI Search Page Size' type='string' value='1000'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Container' type='string' value='cn=users,dc=idmtestad,dc=idmlab,dc=com'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Create Home Directory' type='string' value='1'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Display Name Attribute' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Encryption Type' type='string' value='None'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Global Catalog Server' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Host' type='string' value='130.175.204.29'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Input Form' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='LDAP Hostname' type='string' value='130.175.204.38'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Log File Path' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Log Level' type='string' value='2'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Maximum Age Length' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Maximum Age Unit' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Maximum Archives' type='string' value='3'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Maximum Log File Size' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Object Class' type='string' value='User'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Poll Every' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Polling Start Date' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Polling Start Time' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Post-Poll Workflow' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Pre-Poll Workflow' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Proxy Administrator' type='string' value='Configurator'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Scheduling Interval' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Search Subdomains' type='boolean' value='false'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='TCP Port' type='string' value='9278'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='Update search filter' type='string' value='(objectCategory=person)'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='User Provides Password On Change' type='string' value='0'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='When reset, ignore past changes' type='string' value='1'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='activeSyncConfigMode' type='string' value='basic'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='activeSyncPostProcessForm' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='blockCount' type='string' value='100'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='confirmationRule' type='string' value='CONFIRMATION_RULE_NONE'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='connectionLimit' type='string' value='10'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='correlationRule' type='string' value='CORRELATION_RULE_NONE'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='createUnmatched' type='string' value='true'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='deleteRule' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='parameterizedInputForm' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='password' type='encrypted' value='H7fYWJq3kBs='/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='populateGlobal' type='string' value='false'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='processRule' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='resolveProcessRule' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='searchContext' type='string'>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attribute>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='useInputForm' type='boolean' value='true'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Attribute name='user' type='string' value='Administrator'/>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Attributes>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Resource>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Request>
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,632): command='test config'
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,463): Enter: ProcessCommand
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2403): Enter: testConfiguration
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2411): Enter: doCheck
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5090): Enter: openObject - 2
02/28/2006 13.16.42.125000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4666): Enter: login(wstring**,EncyptedData**,wstring**,WavesetResult&)
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4648): Enter: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4659): Login: 1
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4660): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4669): Login: 1
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4670): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5104): ADsGetObject for LDAP://cn=users,dc=idmtestad,dc=idmlab,dc=com
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/connect/RAEncryptor.cpp,67): RAEncryptor::Decrypt3DES: input length (8) moded to 1
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5118): ADsGetObject
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
02/28/2006 13.16.42.140000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,7352): buildBindOptions bind flag = 0x1
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5182): Error opening object 'LDAP://cn=users,dc=idmtestad,dc=idmlab,dc=com': ADsOpenObject(): 0X8007054B: , , The specified domain either does not exist or could not be contacted.
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5190): Exit: openObject - 2
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,116): Enter: reply
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,74): Enter: sendBuffer
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,88): Sending buffer:
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <?xml version='1.0' encoding='UTF-16'?>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Response>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Result status='error'>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <ResultItem type='message' status='error'>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Message>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): <Text>Error opening object 'LDAP://cn=users,dc=idmtestad,dc=idmlab,dc=com': ADsOpenObject(): 0X8007054B: , , The specified domain either does not exist or could not be contacted.
</Text>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Message>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </ResultItem>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Result>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,66): </Response>
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/connect/RASecureConnection.cpp,110): SendPrivate: count: 810 pad: 2
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,103): Exit: sendBuffer
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,124): Exit: reply
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2438): Exit: doCheck
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2407): Exit: testConfiguration
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,558): Exit: ProcessCommand
02/28/2006 13.16.44.437000 [2540] (../../../../src/wps/agent/object/RequestHandler.cpp,695): Exit: handleRequest

ACS 5.1 with Windows Active Directory

Hi All,
I installed ACS 5.1 in vmware server successfully. I have problem while intergrating cisco acs with microsoft Windows 2008 active directory. I already verfied all the related parameters like Domain name, user rights to join in AD, DNS name resolve and IP-Address.
But, I can able to add any system into my domain without any issues and this is not happening in Cisco ACS 5.1 version.While testing the Active Directory - Test connection it prompts with error message " Can not resolve network address".
Please help me from this issue.
Regards
Mani

Hi
Have you setup the correct DNS servers and domain name in the ACS and also do you have an entry in the DNS for the ACS server?
Dave

Windows Server 2008 R2-Active Directory

Hi ,
I cloned a machine using VMware VSphere 5.1 and did not use sysprep during cloning. The original source machine disappeared from Windows Active Directory. Is there anyway to get the object back ? I also deleted the cloned Virtual machine .
Thanks in advance.
Pro1962
India1947

You can use my script here: https://gallery.technet.microsoft.com/scriptcenter/Remove-Inactive-user-2caf199a
All you need to change is
(objectCategory=person)(objectClass=user)
by
(objectCategory=computer)
and add a comment at the beginning of the command Remove-ADUser.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Registering an Oracle 10g R2 database in Active Directory

Hi Gurus!
I'm testing with Oracle 10g R2 and Windows 2003 Server (german version). I have the following configuration:
Computer 1:
OS: Windows 2003 Server SP 2
Status: Domain Controller (DNS and AD is correctly setup by the server configuration wizard)
Oracle Client Administration tools are installed.
Computer 2:
OS: Windows 2003 Server SP 2
Status: Domainclient (DNS resolution of the DC works perfectly)
Oracle database 10g R2 is installed with Advanced Security Option
I did the steps to create the Oracle schema and Oracle context in Active Directory as mentioned in Claus Jandausch's Book "Oracle 10g Release 2 für Windows und .NET". I could do this steps without any errors. After that I configured ldap.ora and sqlnet.ora on Computer 2 like this:
ldap.ora
DEFAULT_ADMIN_CONTEXT = "dc=oracle,dc=de"
DIRECTORY_SERVER_TYPE = ADsqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (NTS)
NAMES.DIRECTORY_PATH = (LDAP)In the next step I've created a Net Servicename with Netmanager in the Oracle Context. Creation and resolution of this Net Servicename (tnsping) could be done flawlessly. But now I've come to the sticking point where I want to register my database in Active Directory. I also did as Claus Jandausch said in his book. I've opened the database configuration assistant and tried to do the registration but DBCA hangs at 7 % and an TNS-04405 pops up that tells me: Datenbankeintrag kann in Directory Service nicht erstellt werden. TNS-04405 Allgemeiner Fehler (Databaseentry could not be created in Directory Service. TNS-04405 Common Error).
Because this only a testing environment I've tried to give the Dom Admin full access to the complete Domain Context and Configuration Context but event that did not the trick.
Does anyone know what hooks, bugs or other things could be within Oracle or AD that prevent me from registering my database?
I'm looking forward to you posts and I appreciate your help.
yours sincerely
Florian W.

Before you can install RAC, you need disk storage that is configured to be used by two or more computers at the same time.
The difficulty in RAC installation is getting that storage correct.
If you are doing this for a real environment, you will need to ensure you have the right KIND of storage. If you are doing this to play around (learn, evaluate, prototype) you can get away with a simulation of that storage.
Assuming a serious implementation, the options are:
- NetApp filer using their special implementation of NFS;
- shareable iSCSI (the shareable part is not often found - available from NetApp as well);
- SANs that permit multiple accesses to the raw LVM;
- cluster file systems, such as Veritas CFS.
For play-around implementations, you could also use;
- two computers, using configurable firewire or scsi controllers, attached to firewire or scsi drives;
- VMWare, as described by Howard at http://www.dizwell.com;
- NetApp simulator (if you have a valid NetApp license already).
Of these options, I personally lean toward the NetApp NFS as it is the least expensive of the production-worthy options. NetApp sells the FAS250 with 1TB disk at a reasonable price.

SharePoint Foundation Active Directory Problem

Hey,
I have a problem with the Active Directory connection to SharePoint Foundation.
My Situation looks like this:
I'm working on a kind of project controlling plattform. Each of our customers has its own site. Also each customer has an account in our Active Directory. For the administrative part, we have a list which contains some infos of the customer, the url to its
site and the contact person.
I wrote an import-script which creates a site and a new item in the list. To put the contact person in the list-item, I use a code-snippet like this:
try
user = web.EnsureUser(loginName);
catch (Exception ex)
throw new Exception("LoginName " + loginName + " not found");
Now the problem is, that the try/catch block fails too often which means: SharePoint doesn't know the loginNames of some of our customers.
Why does SharePoint not know maybe 1/5 of all our customers? All of them have an account in our active directory, none of them ever logged in the SharePoint (at the time they even doesn't know, that they have a SharePoint site for this project).
I searched the internet for the problem but all I found where questions related to the synchronization of ad-properties to SharePoint Foundation. But I don't want to sync the phone-number or something like that - I want SharePoint only to know all the loginNames
of our customers, not only 1/5 of them.
How do I achive this, what am I doing wrong?
Thank you!

web.EnsureUser has nothing to do with the UPS at all. This has nothing to do with synchronisation (it does have a role but it's a maintenance one and nothing to do with authentication.
The simplest answer is that the login names are being entered wrongly. Having said that there are a few areas you can look at to try to identify the problem:
Does it fail repeatedly for the same username? Can you add that user to the site manually using a people picker control and if so will the script work afterwards? Are there any trends in the user accounts that SharePoint cannot find?

Error while creating a user in Active Directory.

Hi Guys,
I am creating a custom connector for AD and Exchnage , I am able to create user in AD using my Java Code... but i am also getting below error, I want to finish the operation smoothly.... Please find below error logs.
13:51:15,635 ERROR [STDERR] Data AccessException:
13:51:15,636 ERROR [STDERR] com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_AD_CHILD_GRP_NAME from UD_AD_CHILD where UD_AD_CHILD_KEY = Description: ORA-00936: missing expression
SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.insertResponseMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.updateSchItem(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeProcessAdapter(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeAdapter(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpCREATEADUSER.implementation(adpCREATEADUSER.java:85)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy758.setProcessFormData(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy803.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
Thanks,
Hemant

at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited.

OIM 9.1.0 Integration with Active Directory 2008 R2

Hi,
My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
Any guidance is really appreciated.
Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
Is this a working and supported scenario by OIM v9.1.0 ?

I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
-Bikash

Laptop (Running Windows 8.1) no longer able to print and now see message Active Directory Domain Services is not available

Have a very recent Lenovo Ideapad Laptop running Windows 8.1. Connected via USB port to HP LaserJet Pro CM1415 frw Color MFP Printer. Was able to print fine nearly 2 weeks ago, but something recently happened - either a new windows or office 2013 update
or perhaps I blew away a certain file by mistake. I can see the printer installed but cannot print to it from anything (Word, Notepad, IE, Firefox etc.). The one thing to note is that usually when I plug or unplug a USB related device, Windows 8.1 recognizes
this and makes a certain chime noise, but with the printer USB cable it never makes that noise - making me think that it never fully recognizes the printer. Also when I select the printer (from within the control panel) and right click for properties (via
admin rights) It never lets me fully connect to it.
I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc. Its really annoying because this printer was working fine nearly 2
weeks ago. Looking for any advice now. Thanks.
-Chris

Hi Chris,
à
I have tried all the usual remedies - remove, install all drivers, reinstall printer, Windows update, start/stop print spooler and all other printer related services, etc.
I noticed that you had reinstalled the printer. Just a confirmation, when un-install this printer, please check
if this printer still exist in registry. For more details, please refer to following KB.
Registry entries for printing
If printer entry still exist in registry, please delete that printer entry and re-install this printer again,
then check if this issue still exists. (Please backup registry entries before operating registry. It will help us to avoid unexpected issue.)
àand now see
message Active Directory Domain Services is not available
By the way, would you please let me know where/when get this
Active Directory Domain Services is not available error message? Or provide a screenshot of it?
(Please hide all protected or private information) Please check if all services are running correctly on the computer. Meanwhile, please refer to following article and check if can help you.
Printer
Problem: Active Directory Domain Services is currently unavailable – Why does windows say no printers are installed?
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu

Active Directory accounts no longer connect to Server

I administrate a small office network.
We have a Windows 2000 Server with active directory and a Windows 2003 Storage Server Appliance. (From Iomega)
After upgrading to 10.4.8 (it seems), our Mac integrated to the Active Directory has had problems connecting to the storage server.
When attempt to connect to smb://storage (the 2003 server appliance) we get a Error code -36 -- could not be read or written.
This only happens when logged into an AD account. Local accounts on the machine access the server as normal.
Also of note, the AD accounts have no problems accessing shares on the 2000 server.
Any ideas why this is only effecting AD accounts and a solution?

There are a couple of things you can check...
1. Check to make sure that the SMB signing option is disabled for the Windows 2003 Storage appliance. This can be done in the local group policy on the Server.
2. If it is a storage appliance, you should be able to run Microsoft's Services for Macintosh. This would give you AFP on the file server - a potential way to eliminate the need for using SMB on the Macs.
3. Use a 3rd party software on the Windows 2003 Storace Server called ExtremeZ-IP by Group Logic. It is a full featured AFP/IP file server for Windows (replacing SFM). We have an HP DL380 NAS device on our network (running Windows 2003 Storage Edition) that has 1.5 TB of storage for our MAc users. We use ExtremeZ-IP... I have nothing bu great things to say for it...

Active Directory on VMware

Similar Messages

Maybe you are looking for