Active directory security audit software
Can someone recommend a good security audit tool for Active Directory? We have found several accounts with inappropraite permissions and I am looking for a comprehensive toolkit that allows both a spot audit and a platform for ongoing notifications for business
rule matches.
I am running an AD 2003 domain at the 2000 functional level. Single forest and domain.
Thanks.
Hi,
I would look at the ACS feature of Operations MAnager 2007 R2:
http://technet.microsoft.com/en-us/library/bb381258.aspx
This works in conjunction with the audit policies configured for the
domain and the domain controllers to centralize security related events.
See also,
Auditing Security Events
http://technet.microsoft.com/en-us/library/cc776394%28WS.10%29.aspx
Auditing Policy
http://technet.microsoft.com/en-us/library/cc779526%28WS.10%29.aspx
-- Mike Burr
Similar Messages
-
Account locked out events are not getting in active directory security event logs
Account locked out events are not getting in active directory security event logs for some users. I can see that the user is locked and when i tried to find out the event in sec log at DC but couldnt able to find. It is only happening for some users.
not for the all users.In addition.
Check the ADDS Audit.
Active Directory Services Audit - Document references
Regards~Biswajit
Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
MY BLOG
Domain Controllers inventory-Quest Powershell
Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
Generate a Report for installed Hotfix for Bulk Servers -
Hi, can anyone help me troubleshoot the following please:
Active Directory Security Group Discovery Agent reported warnings for 524 object(s). DDRs were generated for 0 object(s) that had warning(s) while reading non-critical properties. DDRs were not generated for 524 object(s) that had warnings while reading
critical properties.
Possible cause: OU name or Security Group name may contain at least a Unicode character which has conversion problem between Unicode and your system ANSI locale(e.g. Korean characters in English System Locale). The site server might not have access to
some properties of this object. The container specified might not have the properties available.
Solution: Please verify the Active Directory schema for properties that are not replicated or locked. Refer to the discovery logs for more information.
Does the error relate to 524 security groups? There are several invalid search paths listed in adsgdis.log, are these related?
Thanks,
DaleYou'll have to examine the log to determine exactly which objects its referring to. Although this is in the context of group discovery, group discovery still creates DDRs for computer objects within those groups so it could be either groups or computers.
This is not a search path issue though as it's clear that the discovery process found 524 different objects, but as stated, it could not properly read criticial properties of those objects and thus did not create DDRs for them.
As mentioned, reading the log in detail will list the objects individually and the reason it could not create a DDR for it.
Jason | http://blog.configmgrftw.com -
Unable to expand Roles n policies after enabling Active directory security
I am running weblogic 10.3 on Linux and integrated console security with Microsoft AD.
Below error occurs when I tried to expand roles and policies.
Please help.
Message: weblogic.management.utils.NotFoundException: [Security:090311]Failed to set resource expression
Stack Trace: com.bea.console.exceptions.ManagementException: weblogic.management.utils.NotFoundException: [Security:090311]Failed to set resource expression at com.bea.console.actions.security.roles.RoleTableAction.createRoleNode(RoleTableAction.java:678) at com.bea.console.actions.security.roles.RoleTableAction.expandGlobalRolesNode(RoleTableAction.java:208) at com.bea.console.actions.security.roles.RoleTableAction.expandNode(RoleTableAction.java:193) at com.bea.console.actions.security.roles.RoleTableAction.execute(RoleTableAction.java:102) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116) at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:255) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158) at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199) at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686) at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266) at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107) at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292) at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739) at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146) at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395) at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361) at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208) at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162) at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388) at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258) at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211) at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196) at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:54) at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3496) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(Unknown Source) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2180) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2086) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Caused by: weblogic.management.utils.NotFoundException: [Security:090311]Failed to set resource expression at com.bea.security.providers.xacml.entitlement.RoleManager.getRole(RoleManager.java:134) at weblogic.security.providers.xacml.authorization.XACMLRoleMapperImpl.getRoleExpression(XACMLRoleMapperImpl.java:499) at weblogic.security.providers.xacml.authorization.XACMLRoleMapperMBeanImpl.getRoleExpression(XACMLRoleMapperMBeanImpl.java:389) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:447) at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:445) at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443) at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor$10$1.run(AuthenticatedSubjectInterceptor.java:582) at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor$10.run(AuthenticatedSubjectInterceptor.java:580) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363) at weblogic.management.mbeanservers.internal.AuthenticatedSubjectInterceptor.invoke(AuthenticatedSubjectInterceptor.java:573) at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:307) at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426) at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72) at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264) at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366) at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788) at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source) at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174) at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222) at javax.management.remote.rmi.RMIConnectionImpl_1030_WLStub.invoke(Unknown Source) at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978) at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544) at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380) at $Proxy70.getRoleExpression(Unknown Source) at com.bea.console.actions.security.roles.RoleTableAction.createRoleNode(RoleTableAction.java:671) ... 81 more<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd">
<name>ABC</name>
<domain-version>10.0.1.0</domain-version>
<security-configuration>
<name>ABC</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
<sec:name>MYSECURITY</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:host>ad.win.XYZ.com</wls:host>
<wls:port>3210</wls:port>
<wls:user-name-attribute>SamAccountName</wls:user-name-attribute>
<wls:principal>CN=ABC (APPLICATION),OU=Service Accounts,OU=Infrastructure Solutions,OU=USPC,DC=americas,DC=win,DC=xyz,DC=com</wls:principal>
<wls:user-base-dn>DC=americas,DC=win,DC=xyz,DC=com</wls:user-base-dn>
<wls:credential-encrypted>{3DES}3gr1b24C1+ZescfrcJGfTA==</wls:credential-encrypted>
<wls:user-from-name-filter>(&(SamAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:cache-size>3200</wls:cache-size>
<wls:group-base-dn>DC=americas,DC=win,DC=xyz,DC=com</wls:group-base-dn>
<wls:bind-anonymously-on-referrals>true</wls:bind-anonymously-on-referrals>
<wls:all-groups-filter>(objectclass=group)</wls:all-groups-filter>
<wls:group-membership-searching>limited</wls:group-membership-searching>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}Da9bWdtd5q7ah0l1OlmgTprs5EsrhL0siPsTNKzMDOasnQwrpgSVnAKFIdM3O/CjsXOzrq2fBACcbtup4aQCbNpjynWFUDB1</credential-encrypted>
<node-manager-username>system</node-manager-username>
<node-manager-password-encrypted>{3DES}IwjibsnAdGEU/pYi+0n1bg==</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<rotation-type>byTime</rotation-type>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25000</listen-port>
<server-debug>
<debug-scope>
<name>default</name>
<enabled>true</enabled>
</debug-scope>
<debug-scope>
<name>weblogic</name>
<enabled>true</enabled>
</debug-scope>
</server-debug>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server1</name>
<ssl>
<enabled>false</enabled>
</ssl>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25010</listen-port>
<listen-port-enabled>true</listen-port-enabled>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
<java-compiler>javac</java-compiler>
<client-cert-proxy-enabled>false</client-cert-proxy-enabled>
</server>
<server>
<name>ABC_server2</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25020</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server4</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25040</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server5</name>
<ssl>
<enabled>false</enabled>
</ssl>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<machine xsi:nil="true"></machine>
<listen-port>25050</listen-port>
<cluster xsi:nil="true"></cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
</server>
<server>
<name>ABC_server6</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25060</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server7</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25070</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server8</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25080</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server10</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25100</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server9</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25090</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address></listen-address>
</server>
<server>
<name>ABC_server3</name>
<log>
<file-name>logs/AdminServer.log</file-name>
<number-of-files-limited>true</number-of-files-limited>
<file-count>7</file-count>
<file-time-span>24</file-time-span>
<rotation-time>00:00</rotation-time>
<rotate-log-on-startup>true</rotate-log-on-startup>
<logger-severity>Info</logger-severity>
<log-file-severity>Info</log-file-severity>
<stdout-severity>Info</stdout-severity>
<domain-log-broadcast-severity>Notice</domain-log-broadcast-severity>
<memory-buffer-severity>Trace</memory-buffer-severity>
<log4j-logging-enabled>false</log4j-logging-enabled>
<redirect-stdout-to-server-log-enabled>true</redirect-stdout-to-server-log-enabled>
<domain-log-broadcaster-buffer-size>1</domain-log-broadcaster-buffer-size>
</log>
<listen-port>25030</listen-port>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<server-debug>
<debug-scope>
<name>default</name>
<enabled>true</enabled>
</debug-scope>
<debug-scope>
<name>weblogic</name>
<enabled>true</enabled>
</debug-scope>
</server-debug>
<listen-address></listen-address>
</server>
<embedded-ldap>
<name>ABC</name>
<credential-encrypted>{3DES}RhnPr+8XsDxhU8rgpPiikqpyeP74wxX/T2mnALX9oFI=</credential-encrypted>
</embedded-ldap>
<configuration-version>10.0.1.0</configuration-version>
<configuration-audit-type>logaudit</configuration-audit-type>
<app-deployment>
<name>ABC25090</name>
<target>ABC_server9</target>
<module-type>ear</module-type>
<source-path>/home/arajpoot/working/default-app/dist/ABC.9.5.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25080</name>
<target>ABC_server8</target>
<module-type>ear</module-type>
<source-path>/home/aherleka/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25030</name>
<target>ABC_server3</target>
<module-type>ear</module-type>
<source-path>/home/rprajapa/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25060</name>
<target></target>
<module-type>ear</module-type>
<source-path>/home/xyin/working/default-app/dist/ABC.10.1.0.ear</source-path>
<sub-deployment>
<name>/</name>
<target></target>
</sub-deployment>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<app-deployment>
<name>ABC25010</name>
<target>ABC_server1</target>
<module-type>ear</module-type>
<source-path>/home/payadav/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC25050</name>
<target>ABC_server5</target>
<module-type>ear</module-type>
<source-path>/home/nchanda1/working/default-app/dist/ABC.10.0.3.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8070</name>
<target>ABC_server7</target>
<module-type>ear</module-type>
<source-path>/home/irakshit/working/default-app/dist/ABC.10.1.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8020</name>
<target>ABC_server2</target>
<module-type>ear</module-type>
<source-path>/home/wchou/working/default-app/ABC.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8100</name>
<target>ABC_server10</target>
<module-type>ear</module-type>
<source-path>/home/amulik/working/default-app/dist/ABC.9.5.0.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<app-deployment>
<name>ABC8040</name>
<target>ABC_server4</target>
<module-type>ear</module-type>
<source-path>/home/nchanda1/working/default-app/dist/ABC.10.0.3.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
<jdbc-system-resource>
<name>ABCCDWDataSource</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCCDWDataSource-2021-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCCDWDataSource_coper</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCCDWDataSource_coper-9655-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCOracleDS</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCOracleDS-5997-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCReportDataSource</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCReportDataSource-6033-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABC_NEON_DATASOURCE</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABC_NEON_DATASOURCE-9653-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCRDRDS</name>
<target>ABC_server9,ABC_server8,ABC_server3,ABC_server1,ABC_server5,ABC_server7,ABC_server2,ABC_server10,ABC_server4,ABC_server6</target>
<descriptor-file-name>jdbc/ABCRDRDS-5401-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCtest</name>
<target>ABC_server6</target>
<descriptor-file-name>jdbc/ABCtest-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<jdbc-system-resource>
<name>ABCreport</name>
<target>ABC_server6</target>
<descriptor-file-name>jdbc/ABCreport-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
</domain> -
User account is removed from a Active directory security group (server 2008 R2) after a day
Hello !
i add many times a user in a AD security group, but the user is removed automatically after a day. What i don't understand is that other users have been added to the same group but they are still in the group (there is no problem with their accounts).
To add this user that is always removed after a day (or a period), i use the member of tab in the account properties.
Right click on the user account -> properties-> member of -> add -> groupName->ok
Thank you for your help !!Greetings!
Similar thread here which was answered before:
Auditing Acitve Directory group
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
How to make clone of active directory security group
Hi
i am having one Security group in AD, i want to make copy or clone of that group with same members in different name in AD.
Anybody help me out...Hi Vino1985,
Just do it with ds-tools.
dsquery group -samid %SamidOfYourReferenceGroup% | dsget group -members | dsmod group %distinguishedNameOfYourNewGroup% -addmbr -c
This should work as
"dsquery group -samid " will return the distinguished name of your reference group and pipe it to dsget group
"dsget group -members" will return all distinguished-names of the members and pipe it to dsmod group
"dsmod group -addmbr" will all DN's to the membership-attribute of the new group the switch "-c" will continue on errors.
best regards
Switch
MCITP Enterprise Administrator
MCSA Windows Server 2012
MCTS Windows 7 Configuration
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. -
Using Active Directory - either Secure or Distribution Groups
Reviewing the security documentation for UCM 10g R3, it appears that we should only map to Active Directory Secure Groups and not Distribution Groups, perhaps even if they are marked "secure"? Does anyone know if this is a technical limitation or a best practice? Our organization has processes in place to prevent ad-hoc updates to Distribution lists and I'd like to map UCM using this group type in AD because SQL statements can keep the membership list current in a Distribution Group.
dll is not a good candidate for the Agent, this has to be an application(exe), and the server onces it identifies the PCs should push this Agent to those PCs and the Application should have the logic to Phone home etc...
-
Hi,
We are using Windows active directory to manage our users. Another company has configured the same for us.
Currently we don't have permissions to create a new user. They have given us one account and by using that account, we are able to create new groups in AD, add users to the groups, etc. We would like to get the logs for each user removal or addition to the
AD groups. How do we enable the same. We would like to know who and when each user is getting added to the AD groups. Please help us in this.Hi Kewpin,
To enable the complete details on user account account changes including group membership, you need enable the following audit settings,
1. Open GPMC console, click Start --> Administrative Tools --> Group Policy Management.
2. Right click the Default Domain Controllers Policy, and then click Edit.
3. Navigate to Audit Policy node, “Computer Configuration/ Policies/ Windows Settings/ Security Settings/ Local Policies/ Audit Policy”.
4. Now enable the Success auditing for - Audit Account Management and Audit Directory Service Access.
5. Execute the command “GPUPDATE /FORCE” in the Domain Controller to force apply the GPO settings.
For Windows Server 2008 R2 and later versions, additional configuration is required in “Advanced Audit Policy Configuration” section in Default Domain Controller Policy.
For additional auditing configuration of,
1. AD Changes
Go to the node DS Access (Computer Configuration/Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Audit Policies/DS Access.)
Enable Success auditing for the following settings
- Audit Directory Service Changes
2. Account Management
Go to the node Account Management (Computer Configuration/Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Audit Policies/Account Management.)
Enable Success auditing for the following settings
- Audit User Account Management
- Audit Security Group Management
- Audit Distribution Group Management
Once you have enabled the above audit settings, you can set an auditing SACL for the AD object.
Checkout the below screenshot for setting the auditing SACL,
Checkout the below link on Security Event id list for auditing AD changes,
http://www.morgantechspace.com/2013/08/active-directory-change-audit-events.html
Regards,
Gopi
JiJi Technologies -
ECM 10GR3 and Active Directory
Hi all,
Somebody can give me some explanation how Active Directory works on ECM?
My ECM is installed over an Linux machine.
On ECMs Admin Server>Internet Configuration i enabled the option Use Microsoft Security > Active Directory Security
On login page the button Microsoft Login appear.
How can i configurate ECM to work with my AD struture now?
Any material for reading can help.
Best regards
Danielaha... Well i needed a few days figuring out how to configure my ecm for an AD.
The thing is.... Your ECM is installed on a linux server so you can't configure the AD as an AD. You will have to add an LDAP provider instead. You also need an extra component witch adds a special class for the provider so you can add the AD as an LDAP. Just look at the topics, you will find one from me about ldap.
edit: here is the topic:Using ldap for user auth.
Message was edited by:
Passero -
Account Unknown on Active Directory
How can I delete Account Unknown on Active Directory? is there a tool or script for deleting 1000 Account Unknown on Active Directory?
Generally, Account Unknown may appear if the system cannot find the account SID which was recorded in ACL of an object in local system or AD database. This issue may occur if user accounts were deleted or the Account Unknown belongs to other system(dual
boot configuration). This is reason that we recommend granting permission on resources to the Domain Local security group instead of individual users. It will be much easier for management and will not generate orphaned SID because user group is stabler.
If you don’t have another system on the same computer or Domain Trust, we can delete the unknown accounts safely.
However, It would be suggested to create a delegation report using the following command before deleting unknown accounts. I will help check them.
for /f "delims=" %x in ('dsquery OU "OU=HR,DC=d1,DC=com"') do acldiag %x > %x.txt
Please refer to this earlier discussed thread that is based on same concern :
http://social.technet.microsoft.com/Forums/windowsserver/en-US/d3d6b211-7c31-4ebc-aff6-489d60fd9910/active-directory-security-permissions-account-unknown?forum=winserverDS
Since, there is a number of unknown accounts that is required to be deleted, you may try this
AD cleaner tool that can be helpful to accomplish this task in quick attempt.
Carlo -
Snow Leopard and Windows 2003 Active Directory Binding Issues
Ok I have a new imac 27" with snow leopard (completely patched).
I am attempting to join it to an active directory domain.
First the prequel:
* I have opened full traffic to and from the machine and our domain controllers
* I have enabled full logging on the firewall and there are no blocked packets
* I have used wireshark to watch the traffic on the mac and there appear to be no anomalies (packets being sent out but not getting a response, dns requests that aren't answered, etc)
* I have enabled full KDC logging on the domain controller in question and there are no errors in any of the event logs on either domain controller.
* The domain admin account in question has Enterprise, Schema and Domain Admin rights
* I have tried it both with and without an existing computer account and with every conceivable combination of caps and no caps on domain name, user and computer names.
I am getting the following error at the very end of the process:
"Unable to add server. Credential operation failed because an invalid parameter was provided (5102)"
I enabled debugging on Directory Services and will post a log in a reply.
Anyone have any ideas? I have been banging my head on this for a week with no luck.Here is the log with the Active Directory: entries grepped... the full log is far too large to reply to here, if you think you need it let me know and I can email it to you it is 548kb
obviously machine names, usernames and ip addresses have been munged.
2011-02-09 12:13:32 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:36 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:41 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:46 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 1 - Searching for Forest/Domain information
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 2 - Finding nearest Domain controllers
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 3 - Verifying credentials
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Attempting Replica connect to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: CheckWithSelect - good socket to host dc3.subdomain.domain.tld. from poll and verified LDAP
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Established connection to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:vyvyIt4
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:vyvyIt4
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Processing Site Search with found IP
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: No site name available
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating Mappings from inSchema.........
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated schema for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Configuration naming context = cn=Partitions,CN=Configuration,DC=subdomain,DC=domain,DC=tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Top domain set as <cn=subdomain,cn=partitions,cn=configuration,dc=subdomain,dc=domain,dc=tld>
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating domain hierarchy cache
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating policies from domain subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated policies for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - Searching for existing computer
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing Computer search for Ethernet address - 10:9a:dd:56:1b:1d
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - no mapping for Ethernet MAC address
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 5 - Bind/Join computer to domain
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Looking for existing Record of machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: KerberosID Found for account CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld - MACHINENAME$
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Existing record found @ CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld with [email protected].
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Setting Computer Password FAILED for existing record......
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Computer password change date is 2011-02-04 18:21:01 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Schtldled computer password change every 1209600 seconds - starting 2011-02-09 12:13:50 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x00000001026AA000\] - Active Directory: Failed to changed computer password in Active Directory domain
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:51 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
Message was edited by: aelana -
Ironport don´t send request to Active Directory
Hi,
We need to configure an exception to allow the network 10.0.53.0/24 not require validation in Ironport WSA. however users of this network must pass through all content filters appropriate according to their AD group.
NOTE: I need that Ironport don´t send request to Active Directory, when users to network 10.0.53.0/24 need go to internet.
regards,
Yerko.That is correct. This is not possible.
Correct me if I am wrong. It sounds like you do not want Authentication, but still would like to control them using the AD group.
You might want to look into using the Context Directory Agent. With a Context Directory Agent, the agent will scan the Active Directory security logs for logon events. It will build a User-to-IP mapping table. When the users in the 10.0.53.0/24 network access the internet, they will not need to authenticate. The WSA will query the Context Directory Agent and see who is on the IP address. If there is a user, then AD groups can be used. If there is no user, then the user will be a Guest.
The Context Directory Agent runs on CentOS. It will need to be hosted on a dedicated machine, or a virtual machine. The required disk space is 120gb.
-Vance -
Doing Active Directory System Discovery security roles
Hi Experts
I am assigning users who have specific roles in SCCM2012 (Reporting, application management etc) , they are not assigned with permissions which is the same as Full Administrator or Operation Manager.
The team would like to run Active Directory System Discovery on the Primary Site server to detect the computer objects found in the AD once they have joined the new computers to the domain, they are unable to perform RUN on the Active Directory System Discovery
as the option is not available to them. Possible to advise, which additional security roles should I assign to them so that the RUN command can appear?? They are unable to do this with the current permission as listed below, RUN is not listed when they right
click on Active Directory System Discovery, unlike the Full Administrator:
Application Administrator
Application Author
Application Deployment Manager
Operating System Deployment Manager
Read-only Analyst
Remote Tools Operator
Software Update ManagerHi,
You could create a Custom role and modify the rights.
Administration workspace >Security >Security Roles >Select a Built-in role >Click Copy on the ribbon.
Otherwise, Role-based Administration Modeling and Auditing Tool helps administrators to model and audit RBA configurations.
http://www.microsoft.com/en-us/download/details.aspx?id=36213
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Directory Security Strange Permissions Issues (Windows Server 2003 running Active Directory)
I have a user that all of a sudden was not able to open 70% of her files located on a file server, Windows Server 2003 running Active Directory, from her laptop. The same user can access all the same files from a different machine, logging on with the same
credentials. Just looking for a point in the right direction and a possible theory as what could cause this problem, an why all of a sudden. I did go back through the logs but nothing sticks out. For the most part the logs on the server and the laptop are
pretty clean.
Both machines are Latitude E5420s running Windows 7 Enterprise Service Pack 1. Both machines are 64bit and connect to the network via hard-wire, not wireless.
Thanks in advanced.
GrajekI would recommend proceeding that way:
Check that your DCs are in a healthy state and AD replication is fine: It might be that the user is member of security groups and the membership is not getting replicated properly which can cause this random behavior. You can use
dcdiag and repadmin for checks and you can refer to my recommendations here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
Make sure that the file server is reachable from the user client computer. Start with
ping and nslookup. Also, you need to make sure that the traffic between the client and the server is not blocked or filtered. You might want to temporary disable security software for testing
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Web service security with active directory
Hi,
i want to protect my webservice by using active directory for authentication.
(i am using jdeveloper 10.1.3.1 and bundled OC4J)
i follow the document web service developer guide (section External LDAP Security Providers) and set up the LDAP security provider...
in the OC4J web admin security page...i have press the 'test ldap authorization'
button to CONFIRM the ldap connection is correctly set.
but when i call the web service, deployed in that OC4J container,
operation fail with the following message :
javax.xml.rpc.soap.SOAPFaultException: UnsupportedCallbackException: oracle.security.jazn.callback.IdentityCallback@19f410 not available to gather authentication information from the user
at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
at test.proxy.ws1.runtime.MyWebService1SoapHttp_Stub.getUserNameYY(MyWebService1SoapHttp_Stub.java:134)
at test.proxy.ws1.MyWebService1SoapHttpPortClient.getUserNameYY(MyWebService1SoapHttpPortClient.java:50)
at test.proxy.ws1.MyWebService1SoapHttpPortClient.main(MyWebService1SoapHttpPortClient.java:33)
could anybody help me?
thank you very muchactually i use the default setting provided by oracle's configuration
wizard for active directory
User:
LDAP User Name Attribute: sAMAccountName
LDAP User Object Class : inetOrgPersion
User Search Scope: subtree
User Search Base: dc=xxx, dc=com
Groups:
LDAP Group Name Attribute: cn
LDAP Group Object Class: group
LDAP Group Member Attribute: member
Group Search Scope: subtree
Group Membership Search Scope: direct
Group Search Base: dc=xxx, dc=com
using the same user, user searchbase, i can search the AD using other
tools.
could anybody help me ?
thank yous.
Maybe you are looking for
-
Delivery Schedule Number or Delivery Plan Number field
Hi, In MM which field refers to Delivery Schedule number (or Delivery Plan number) Advance Thanks Aadarsh
-
Every time I click the "back" button, Firefox reloads the previous page I was on. How do I disable the reload and have Firefox display the cached/prior page version? The whole point of going "back" is to see what we were just looking at.. I don't wan
-
Hi I'am having a little trouble with my site I would like to know what is the normal flash dimension(properties) size for a flash page that covers the whole browser withou any scrollers on the side or bottom. My page seems to be too big and I've trie
-
I have just got an iPad and I want the music to be transferred through my iPod touch using iCloud but I didn't get the music from iTunes so I don't think it will let me do it. Do you have any tips that could help me?
-
I was wondering if anyone can take a look at my blog entry about polymorphism and JSF. http://www.evolutionnext.com/blog/2005/03/07/1110236621000.html I would like to see what input any of you may have.