Active Directory Servers List

Similar Messages

• No longer have appropriate privileges to "Active Directory" servers with Lion

  Hi:
  Our University maintains protected disk storage space that we can access from any computer in the hospital. This is an incredibly convenient and secure method for moving information in our enterprise.
  Our enterprise is somewhat Mac-averse, but under Leopard and Snow Leopard we were able to access these folders from our office Macs (all public computers are PCs). With the upgrade to Lion we now only have read access to files on these folders, whereas with Leopard and Snow Leopard we had full, i.e., read and write, access to files on these folders.
  Here’s what we do:
  Go to University VPN access webpage.
  Click “Start” next to “Network Connect” under “Client Application Sessions”
  Answer “Trust” to “Do you want to accept this certificate from the web site ‘myvpnmyuniversity.edu’ for the purpose of exchanging encrypted information? Publisher authenticity can not be verified’
  Menu Command: Go>Connect to Server>cifs//name
  Dialog: “Enter your name and password for the server “name”
  Navigate to my folder on the university’s system.
  Here’s what’s changed: in the past, using Leopard and Snow Leopard, those of us with Macs in the department now had the folder mounted on our desktops with full access. With the upgrade to Lion we only have read access: Get Info under Sharing and Permissions says “You can only read”.
  This has happened to many of us, so it’s not just an issue on my computer or network.
  Our local computer help guy, who is incredibly nice but not Mac knowledgeable, says “It is something that MAC has done that is preventing you to access our Active Directory servers”. He is aware that this is something unique to Lion, since it worked on Leopard and Snow Leopard.
  His bosses, who know more, are, enuf said, not Mac “friendly”.
  Read and write access continue to work just fine when accessing from the many PCs running XP throughout the enterprise.
  Hence we’re looking for some help here. Is there something we end users can do differently, or is there something we can share with our local friendly but not Mac knowledgeable computer help guy that he can do, to get us write access?
  Thank you!
  OS 10.7.4

  More info from one of our IT guys:
  "I know that there have been several different people looking into this.  Found several people complaining about it, but no answers.  You can sometimes get connection and be able to copy a file or save it once or twice, but usually it tells you that you can only read it."
  For me at least, it's been consistent, i.e., never any write access, just read.

• "24427 Access to Active Directory failed" error in ACS 5.1

  Hello,
  I'm working on implementing a RADIUS authentication for wireless access with the following :
  - PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),
  - AP 1252  configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),
  - ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,
  - AD domain running on Windows 2003 Server.
  My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
  All I can get running the expert troubleshoot
  Investigating failure code: 24427 Access to Active Directory failed
  Checking if Active Directory is configured
  Active Directory is configured
  Attempting connection to Active Directory
  Connection to Active Directory was successful.
  Troubleshooting completed.
  Click on Show Results Summary to view results.
  I followed this guide, at least for the ACS certificate section :
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
  Anyone has an idea where the problem may come from?
  Thanks in advance,
  Vincent

  hey there, I ran into the same issue with 5.3 and it turned out being this bug. i came across your post looking for instructions on retrieving the logs. thanks mate.
  link
  Problem: Error "24495 Active Directory servers are not available"
  Authentication starts failing with this error: 24495 Active Directory servers are not available. in the ACS 5.3 logs.
  Solution
  Check the ACSADAgent.log file through the CLI of the ACS 5.x for messages such as:Mar 11 00:06:06 xlpacs01 adclient[30401]: INFO base.bind.healing Lost connection to xxxxxxxx. Running in disconnected mode: unlatch. If you see the Running in disconnected mode: unlatch error message, this means the ACS 5.3 cannot maintain a stable connection with Active Directory. The workaround is to either switch to LDAP or downgrade the ACS to 5.2 version. Refer to Cisco bug ID CSCtx71254 (registered customers only) for more information.

• Active Directory credential caching issues under OS X 10.5.5 (and 10.5.4)

  We are experiencing issues with cached credentials and login delays using the Active Directory DirectoryServices plugin under 10.5. In our case, the plugin works fine as long as the system is on one of our networks, and credential caching works when the system is disconnected. Everything is repeatable, scripted and reasonably well tested. We're pretty happy with how it's working on-site. Once a system leaves our network however, as laptops tend to do, it is not possible to log in without a massive delay. Looking into the issue, I have determined that the following contribute to the problem:
  1) There are 9 active directory servers in our "/Library/Preferences/DirectoryServices/ActiveDirectoryDynamicData.plist" file.
  2) The timeout appears to be 90 seconds, according to the string value of the LDAP Connection Timeout element in "/Library/Preferences/DirectoryServices/ActiveDirectory.plist".
  The login delay does seems to coincide with the value of 90 seconds multiplied by the number of AD servers, about 13 1/2 minutes. Changing the value of the LDAP Connection Timeout does not seem to resolve the issue, even after a reboot. Moving the ActiveDirectoryDynamicData.plist file out of the way (to prevent the system from contacting any AD servers) does not seem to resolve the issue either. I'd like the ability to force cached credentials without the AD delay. Is this possible to change this value without rebooting, or at least without patching the binaries?
  I am currently testing on a MacBook Air with 10.5.5, and the following procedure was used from the command line to configure AD (note that you'd need to replace the AD username, OU, and domain values):
  dsconfigad -a `hostname -s` -u "ad-admin-user-replaceme" -ou "OU=Whatever, OU=You, OU=Have" -domain=example.com -mobile enable -mobileconfig disable -useuncpath disable
  dscl -q localhost -create /Search SearchPolicy ds AttrTypeStandard:CSPSearchPath
  defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
  plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
  Reboot and all seems to be working for us, except when the systems leave our network.
  Note that the last command (plutil) is not strictly necessary, but the DirectoryService utility seems to write the file in xml1 format, so this makes things consistent with what Apple is doing and hopefully less likely to break anything.

  As silly as it seems to respond to one's own posts, I think I've found a solution. Using the first set of commands at the bottom of this post, I disable Active Directory authentication (and ensure that LDAPv3 is disabled as well). This seems to still allow for cached credentials to function, since AD is still in the search path. Although there is still a rather long 2 minute initial delay on the MacBook Air, it seems to work and is nowhere near 13 1/2 minutes. Interestingly enough, it seems to work with little delay on a test Powerbook G4 using the same baseline configuration with little to no delay.
  My plan is to push this out through my update mechanism as a cron job every 5 minutes, with a script that detects whether it's on one of our networks. The cron job will also be run on bootup so systems initially booted shouldn't need to suffer a 13.5 minute delay. This could be made better with a mechanism that could launch a script when the network interface came up or went down, I'll look at launchd for clues. If you have any comments feel free to reply...
  Commands executed on networks which cannot access our AD servers:
  defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Inactive"
  /usr/libexec/PlistBuddy -c "Set \"LDAP Connection\ Timeout\" 0" /Library/Preferences/DirectoryService/ActiveDirectory.plist
  Commands executed when a system is back on one of our networks:
  defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
  /usr/libexec/PlistBuddy -c "Set \"LDAP Connection\ Timeout\" 90" /Library/Preferences/DirectoryService/ActiveDirectory.plist

• Add user to Active directory using SAP ABAP

  Hi Experts,
  I am currently working on a security refractor project where we are planning on automating the user creation process in business object and Oracle Hyperion using GRC-BW.
  Our Hyperion user management is based on active directory/LDAP groups.
  So say for example - we have a new user say ABC and in GRC he select the SAP-BW role 'HYP_FINANCE_USA' then I want to write a program in BW which will see who all users are assigned to 'HYP_FINANCE_USA' role and will go an update the active directory distribution list group named 'HYP_FINANCE_USA'.
  Has anyone written a ABAP program or used standard function modules/BADI's etc to add/delete user from active directory/LDAP group ?

  Would you post your code? I have yet to see any working jndi code to add a user to AD. Thanks.

• Windows 8.1 Enterprise joined to Active Directory, shows email login

  In Windows 7, I knew how to set the login default domain to Active Directory via the registry. That setting does not seem to have the same effect in Windows 8.1 Enterprise.
  I have a tablet joined successfully, and can login without any errors. The only problem I have is when it boots up, or someone logs out, the login screen defaults to the MS Live email login. We do not use that in our Domain, and I want to either disable
  that option, or set it to connect to our Active Directory servers as the first option.
  I have looked in Local Group Policy, the Registry, etc. and have not found anything that refers to that. Is it something simple that I am just overlooking?
  AKChappy

  I believe the group policy you are looking for is called "Accounts: Block Microsoft Accounts"
  You can find it here: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
  More info:
  http://technet.microsoft.com/en-us/library/jj966262.aspx 

• Adding Active Directory: sErverError

  Hello,
  I've been using active directory with leopard for a couple months without issue. Recently I found that the Directory Utility was telling me that the AD server was 'not responding'.
  So I removed it and tried to add it again. When I try to add it I receive the following error:
  'Unable to add the domain. An unexpected error of type - 14910 (eServerError) occurred.'
  Has anyone seen this before? Since it is in fact contacting the sever (there is a different error if it can't see the server at all) then it leads me to believe that something is wrong on the AD server side. However, I'm still not convinced of that for the following reasons:
  1. Things that have changed on the AD server and network: None.
  2. OS X networking seems to be a little on the fragile side. I almost always have to fiddle around to get things working again after doing something crazy like switching back and forth between wireless and wired connections a few times.
  3. There was something else that was pertinent but I've been interrupted here in my office at least 4 times since I started writing this and now I can't remember.
  Anyway, I'm just wondering if anyone else has dealt with this. .
  Thanks,
  -Travis

  I ran into the same error in my initial setup of some new machines at work and was able to resolve taking the following steps.
  1) Check current time on all Active Directory servers to ensure they're consistent with one another.
  2) Fix any discrepancies between the Active Directory server times and your Apple machines.
  3) Go into the Directory Utility application and select Services at the top.
  4) Open the Active Directory Configuration, enter the appropriate Active Directory information, and attempt to rebind the machine.
  I believe the issue of that error, -14910, is based on the kerberos' strict timestamp checking.

• Active Directory error message "the following object is not from a domain listed in the Select location forestB\username

  Hello Community
      "forestA" is my forest it is a Windows 2008 Server Enterprise Edition
  domain controller using Active Directory and the UI.
      In my forest ("forestA") trust relationship I created a "One-Way, Out-going"
  forest trust with Forest-Wide authentication so that a different forest user(s) or
  group(s) with a different admin in a forest named “forestB” can access the resources in my “forestA”
      But also forestB needs to create a "One-way, Incoming" forest trust so that
  I can either add the user(s) or group(s) from “forestB” into to a "Global Security - Group"
  in my "forestA" or I can
   add user(s)  as  "domain user(s)" from “forestB” into my "forestA".
      The problem is that when I right click  the global group in my forestA  and then
  properties, when I click "Members" and then the "Add" button when I type
  "forestB\username" I get an error message from Active Directory stating:
      "the following object is not from a domain listed in the Select location
  dialog box, and is therefore not valid: forestB\username".
      Am I doing something wrong when creating the one-way trust in my
  “forestA” or is the one-way trust being created wrong by the other domain admin in the other “forestB”?
      Or could I possibly need to select "Change Domain" or "Change Domain Controller"
  before adding the users or Groups to my forestA from forestB?
      That is why I am asking
   how do you add an Active Directory user from one forest into another forest?
      Thank you
      Shabeaut

  Hello Denis Cooper
      That is the end result.
      What I was trying  to do was that I was trying to
   bring in the user(s) and group(s) from “forestB”  into
  my “forestA”  Global group.
      Later on I was going to add the user(s) or Global groups(s) that I brought into my dc in my forestA
   into the domain local groups  on my member servers in my forestA.
      So since the error message is:
  "the following object is not from a domain listed in the Select location dialog box, and is therefore not valid: forestB\username".
  Does your response
   mean only Global group(s) from forestB not domain user(s) from forestB have
   to been added to domain local groups in forestA?
  Or is it also possible to add Global group(s) from “forestB” to Global group(s) in my “forestA” and if so
  how without getting the above error message?
  Thank you
      Shabeaut

• Cfldap to get 2 level of subordinates list from active directory

  <CFLDAP SERVER="ldap.com" PORT="333" START="O=COM,C=AN" SCOPE="SUBTREE"
  NAME="qryLevel1" ACTION="QUERY" ATTRIBUTES="cn, uid, alias"
  FILTER="(&(manager=cn=TestName,ou=employee,o=COM,c=an)(objectclass=olPerson))" MAXROWS="999999" TIMEOUT="90000">
  By using the above code, I am able to get subordinates for User(TestName), But I need the list of subordinate of all the subordinates also without loop please as it is taking long time to execute.
  please assist me on this??

  Create a "global catalog" on the 2nd domain contoller, will fix this problem. 
  To create a new global catalog:
  On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services .
  In the console tree, double-click Sites , and then double-click <var>sitename</var> .
  Double-click Servers , click your domain controller, right-click NTDS Settings , and then click Properties .
  On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server.
  Restart the domain controller.

• How to populate drop down list in infopath 2010 with form Active Directory resources.

  I want to populate drop down list in infopath 2010 with Active directory resources.
  Kindly let me know how to do this.

  Actually I posted an alternative approach, whoops. This is the Web service way, but both will work;
  http://blog.mangroveweb.com/pre-populating-an-infopath-from-with-mysql-data-using-a-net-web-service/using-sharepoints-getuserprofilebyname-web-service-to-retrieve-ad-account-information/
  w: http://www.the-north.com/sharepoint | t: @JMcAllisterCH | YouTube: http://www.youtube.com/user/JamieMcAllisterMVP

• How to populate active directory users in to drop down list items dynamically in Share point 2010 ?

  Hi My self Arun in my current project i have a task on that active directory user  need to automatically populate in share point list drop down  please help me.  is that any out of box feature in share point 2010 ?   
  Thanking You 
  Arun 

  Arun,
  If you plan to implement the "Querying the Active Directory" based on my code snippet,
  and if you do not have permission [your account must be the part of domain admin] to do so,
  Then still you can do it in least effort through code,
  string usersInXml = SPContext.Current.Web.AllUsers.Xml;your xml string look like this.
  <Users><User ID="2" Sid="" Name="Administrator"
  LoginName="i:0#.w|murugesan\administrator" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1" Sid="" Name="Murugesa Pandian" LoginName="i:0#.w|murugesan\murugesan" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1073741823" Sid="S-1-0-0" Name="System Account" LoginName="SHAREPOINT\system" Email="" Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0" /></Users>
  You can user Linq to XML to filter the "LoginName,Name and Email and then populate your drop down list.
  * User must be logged into the site at least once.
  Murugesa Pandian.,MCTS|App.Devleopment|Configure

• How to populate a sharepoint 2010 list from the active directory. How to populate a sharepoint 2010 list with all sharepoint user profiles

  How to populate a sharepoint 2010 from the active directory.
  I want a list of all the computers in the active directory,
  another one with all users.
  I want also to populate a sharepoint 2010 list from the sharepoint user profiles.
  Thanks
  sz

  While
  the contacts list is usually filled out for contacts that are outside the company, there are times when you would use a contacts list to store internal and external resources.  Wouldn’t it be nice if you didn’t have to re-type your internal contacts’
  information that are already in the system?  Now you can with a little InfoPath customization on the contacts list. 
  Here’s our plan:
  Create the contacts list, and open in InfoPath
  Create a data connection to the User Profile web service
  Customize the form adding some text, a people picker and a button
  Create InfoPath rules that will populate the contact fields from the user fields in the User Profile store
  Let’s get going!  Before we begin, make sure you have InfoPath 2010 installed locally on your computer.  I also want to give credit Laura
  Rogers and Darvish Shadravan’s book Using
  Microsoft InfoPath 2010 with Microsoft SharePoint 2010 Step by Step.  I know it looks like a lot of steps, but it’s easy once you get the hang of it.
  So obviously we need a contacts list.  If you don’t already have one, go to the SharePoint site where it will live, and create a contacts list.
  From the list, click the List tab on the ribbon, then click Customize form:
  So now we have our form open in InfoPath 2010.  Let’s add our elements to the form. 
  Above all the fields, let’s add some text instructing users what to do with the the field we’re about to add (.e.g To enter an existing user’s information, choose the user below).
  Insert a people picker control by clicking the Person/Group Picker control in the Controls section of the ribbon.  This will add a column to the contacts list called group.
  Below the people picker, insert a button control from the same section of the ribbon as above.  With the button still highlighted, click the Control Tools|Properties tab on the ribbon. 
  Then in the Label box, change the text to something more appropriate to our task (e.g. Click here to load user data!).
  You can drag the button control a little larger to account for the text.
  We should end up with something like this:
  Before we can populate the fields with user data, we need to create a connection to the User Profile Service.
  Add a data connection to the User Profile Service
  Click the Data tab on the ribbon, and click the option From Web Service, and From SOAP Web Service.
  For the location, enter the URL of your SharePoint site in the following format – http://<site url>/_vti_bin/UserProfileService.asmx?WSDL.  Click Next.
  Note - for the URL, it can be any SharePoint site URL, not just to the site where your list is.
  For the operation, choose GetUserProfileByName.  Click Next.
  Click Next on the next two screens.
  On the final screen, uncheck the box for “Automatically retrieve data when form is opened”. This is because we are going to retrieve the data when the button is clicked, also for performance reasons.
  Now we need to wire up the actions on our button to populate the fields with the information for the user in the people picker control.
  Tell the form to read the user from the people picker control
  Click the Home tab on the ribbon.
  Click the button control we created, and under the Rules section of the ribbon, click Manage Rules. Notice the pane appear on the far right.
  In the Rules pane, click New –> Action. Change the name to something like “Query and load user data”.
  Leave the condition to default (none – rule runs when button is clicked).
  Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
  For Field, click the button on the right to load the select a field dialog.  Click the Show advanced view on the bottom.  At the top, click the drop down and choose the GetUserProfileByName
  (Secondary) option.  Expand myFields and queryFields to the last option and highlightAccountName.  Click ok. 
  For Value, click the formula icon. On the formula screen, click the Insert Field or Group button. Again click the show advanced view link, but this time leave the data
  connection as Main. Expand dataFields, then mySharePointListItem_RW.  At the bottom you should see a folder called group (the people picker control we just added to the form).  Expand this, then pc:Person,
  and highlightAccountId.  Click Ok twice to get back to the Rules pane.
  If we didn’t do this and just queried the user profile service, it would load the data of the currently logged in user.  So we need to tell the form what user to load the data for.  We take the AccountID field from the people
  picker control and inject into the AccountName query field of the User Profile Service data connection. 
  Load the user profile service information for the chosen user
  Click the Add button next to “Run these actions:”, and choose Query for data.
  In the popup, for Data connection, click the one we created earlier – GetUserProfileByName and clickOk.
  We’re closing in on our goal.  Let’s see our progress.  We should see something like this:
  Now that we have the user’s data read into the form, we can populate the fields in the contact form.  The number of steps to complete will depend on how many fields you want to populate.  We need to add an action step for
  each field.  I’ll show you one example and then you will just repeat the steps for the other fields.  Let’s update the Job Title field.
  Populate the contact form fields with existing user’s data
  Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
  For Field, click the button on the right to load the select a field dialog.  Highlight the field Job Title.
  For Value, click the formula icon. On the formula screen, click the Insert Field or Group button.  Click the Show advanced view on the bottom. At the top, click the
  drop down and choose theGetUserProfileByName (Secondary) option.  Expand the fields all the way down until you see the Value field.  Highlight it but don’t click ok, but click the Filter
  Data button, then Add. 
  For the first dropdown that says Value, choose Select a field or group.   The value field will be highlighted, but click the field Name field
  under PropertyData.  Click Ok. 
  In the blank field after “is equal to”, click in the box and choose Type text.  Then type the text Title. 
  Click ok until you get back to the Manage Rules pane.  The last previous screen will look like this.
  We’re going to update common fields that are in the user’s profile, and likely from Active Directory.  You can update fields like first and last name, company, mobile and work phone number, etc.  For the other fields, the
  steps are the same except the Field you choose to update from the form, and the very last step where you enter the text will change.  Here’s what the rules look like when we’re done:
  We’re all done, good work!  You can preview the form and try it now.  Click Ctrl+Shift+B to preview the form.  Once you’re satisfied, you can publish the form back to the library.  Click File –> Quick
  Publish.  Once it’s done, you will get confirmation:
  Now open your form in SharePoint.  From the contact list, click Add new item.  Type in a name, and click the button and watch the magic happen!

• Active Directory domain migration with Exchange 2010, System Center 2012 R2 and File Servers

  Greeting dear colleagues!
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  I have a single domain with Forest/Domain level 2003 and two DC (2008 R2 and 2012 R2). My domain contains Exchange 2010 Organization, some System Center components (SCCM, SCOM, SCSM) and File Servers with mapped "My Documents" user folders. Domain
  has about 1500 users/computers.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption? Maybe someone has already done something like that before? Please, write that here, i promise that i won't ask for instruction from you,
  maybe only some small questions :)
  Now I'm studying ADMT manual for sure.
  Thanks in advance, 
  Dmitriy Titov
  С уважением, Дмитрий Титов

  Hi Dmitriy,
  I got a task to migrate existing Active Directory domain to a new froest and a brand new domain.
  How do u think, is it realy possible to migrate such a domain to a new one with minimum downtime and user interruption?
  As far as I know, during inter-forest migration, user and group objects are cloned rather than migrated, which means they can still access resources in the source forest, they can even access resources after the migration is completed. You can ask users
  to switch domain as soon as the new domain is ready.
  Therefore, there shouldn’t be a huge downtime/interruption.
  More information for you:
  ADMT Guide: Migrating and Restructuring Active Directory Domains
  https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Create a User account in active directory from SharePoint online 2013 list data

  Hello,
  I am trying to create a SharePoint list through which i can create a user account into active directory, 
  1 - HR is sending the detail in the email body to a Specific email address  ([email protected]) like below..
  First Name: XYZ
  Last Name: ABC
  Address: ABC 123
  Designation: Analyst
  Employee ID: 10492
  and so on 
  2 - I need to pickup every new email data of the above section into sharepoint list (in Column)
  First Name        Last Name       Address         Designation   Employee ID   
  3 - I want to create a event receiver through which i can go ahead and find the new data in the list and then create a user in the active directory,
  I tried very hard and since i dont have much experience in coding part,  any help will be highly appreciated
  Thank you 
  Aman 

  1- Configure Incoming Email Setting at your SharePoint Farm -
  https://technet.microsoft.com/en-us/library/cc262947.aspx
  http://blogs.technet.com/b/harmeetw/archive/2012/12/29/sharepoint-2013-configure-incoming-emails-with-exchange-server-2013.aspx
  2- Configure your Sharepoint List Incoming e-mail settings for [email protected] - ListSetting-Communications->Incoming e-mail settings. -
  https://support.office.com/en-in/article/Enable-and-configure-e-mail-support-for-a-list-or-library-dcaf44a0-1d9b-451a-84c7-6c52e7db908e
  3- Write an Incoming Email Receiver , and Add you Email Body Parsing Code (retrive value of fields , firstname , lastname etc) in
  EmailReceived() method. also add the code for adding new user in Active Directory
  http://blogs.msdn.com/b/tejasr/archive/2010/03/06/event-handler-code-to-add-incoming-emails-with-subject-discussion-id-as-replies.aspx
  https://pholpar.wordpress.com/2010/01/13/creating-a-simple-email-receiver-for-a-document-library/
  4-  Active Directory Code Help -
  http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
  http://www.codeproject.com/Tips/534718/Add-User-to-Active-Directory
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• How to get the list of Group set in each Users in MS Active Directory

  Hi. I would like to know if you know how to get the set group of each user in Active Directory?
  We have this sample code
  String INITCTX ="com.sun.jndi.ldap.LdapCtxFactory";
  //String MY_HOST = "ldap://myserver/ou=dev,dc=test,dc=com,dc=ph";
  String MY_HOST ="ldap://myserver.dev.test.com.ph:389/dc=dev,dc=test,dc=com,dc=ph";
  String strUsername,strPassword;
  try
       strUsername = Request.getParameter("username").toLowerCase().trim();
       strPassword = Request.getParameter("password").toLowerCase().trim();
       Hashtable env = new Hashtable();
       env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
       env.put(Context.PROVIDER_URL, MY_HOST);
       env.put(Context.SECURITY_AUTHENTICATION, "simple");
       env.put(Context.SECURITY_PRINCIPAL,strUsername+"@dev.lst.com.ph");
       env.put(Context.SECURITY_CREDENTIALS, strPassword);
  After validating the User Name and Password the next task is to Retrieve the group list of the User.

  Nope I want the log-in user to retrieve its Group where he is belong. I have this following code
  strUsername = Request.getParameter("username").toLowerCase().trim()+"@dev.test.com.ph";
  strPassword = Request.getParameter("password").toLowerCase().trim();
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
  env.put(Context.PROVIDER_URL, MY_HOST);
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL,strUsername);
  env.put(Context.SECURITY_CREDENTIALS, strPassword);
  // enable tracing
  env.put("com.sun.naming.ldap.trace.ber", System.err);
  // Create the initial context
  DirContext initCtx = new InitialDirContext(env);
  // Get the target context
  DirContext targetCtx = (DirContext)initCtx.lookup("");
  SearchControls constraints = new SearchControls();
  constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
  // Perform the search on the target context
  NamingEnumeration enum = targetCtx.search("","(userPrincipalName="+strUsername+")",constraints);
  javax.naming.directory.Attributes attrs;
  NameClassPair item;
  String[] attrIds = new String[]{"MemberOf"};
  // For each answer found, get its "Groups" attribute
  // If relative, resolve it relative to the target context
  // If not relative, resolve it relative to the initial context
  while (enum.hasMore()) {
  item = (NameClassPair)enum.next();
  Out.println(item);
  attrs = targetCtx.getAttributes(item.getName(), attrIds);
  Out.println(attrs + "<br>");
       initCtx.close();
  It returns all this string :
  {memberof=memberOf: CN=CMCanadaRD,OU=Groups / Teams,DC=dev,DC=test,DC=com,DC=ph, CN=iMngrCanadaRW,OU=Groups / Teams,DC=dev,DC=test,DC=com,DC=ph, CN=Domain Users,CN=Users,DC=dev,DC=test,DC=com,DC=ph, CN=Backup Operators,CN=Builtin,DC=dev,DC=test,DC=com,DC=ph, CN=Administrators,CN=Builtin,DC=dev,DC=test,DC=com,DC=ph}
  How can i retrieve the Group named CMCanadaRW and CMCanadaRD on the Attribute?
  Thanks