AD Group Change, Can this be made User self requestable in oim?
Hi,
We have a typical requirement where in end user will be requesting for a group change in AD, on Approval he is made member of the group he requested.Can any one suggest how this can be achievable. Any pointers on this is highly appreciated.
Thanks in Advance.
Hi all,
I had this same requirement (Approval process for AD group assignment). So, I have implemented the process you have defined. It is working fine except one problem.
When I add the first OIM group(group A) to OIM user, it will fire an approval process(using Access policy) and after the approver approve it, RO ("AD Group Resource") will be granted to the user. Also, ad information will be updated through my custom code.
But, if I then try to add another OIM group(group B) to the same OIM user, OIM will just assign OIM group to this OIM User. other than that, OIM will not do anything. No approval process will be fired.
(Note: There is no error in the implementation. i.e. if I try to do this in the other way around, i.e. first add the group B and then add the group A, same result. Information regarding assignment of group B will be updated on AD and RO will be granted. But, assignment of group A would not do anything)
Please help me regarding this issue.
Regards,
Chaturanga
Similar Messages
-
Absence error "required screen changes can not be made"
Hello gurus,
I am having issue with absence IT2001,
When I create absence on today's date it is fine ,if I select previous /future date then I am getting error msg " required screen changes can not be made"
I did check the quota and basic check and everything is fine.
any help one this please?
Thanks,
RaviHi,
Check the table V_554S_O for the particular Absece type which u might wrong screen Number
Change that field to 2001..
Or it may have happened that some mandatory field has been changed / hidden by screen modification in T588M and T588N tables for IT2001.
Hope this helps. -
User self request for a RESOURCE
Hi Experts,
I am facing the problem to self request the user for AD resource and getting the below error
Exception java.lang.ClassCastException: java.lang.String was thrown in adapter "ADCS Create User". The Adapter Response was "java.lang.String" .Setting task status... "java.lang.String" does not correspond to a known Response Code. Using "UNKNOWN".
But in the admin console when user request for the AD resource through AccessPolicy/Resource Profile user can able to provisioning into the AD resource.
Thanks and regards,
SantoshHi
1) In process form i checked the auto populate and autosave option in this scenario administrator can easily provisioned into the AD resource and in the object form m populating organization filed.If i wont do this then i have to edit the the process form and save it, then only user can provisioned in to AD.
2) If i am not populate the fields then i am not getting the error which was sent in earlier post but showing pending status(without approval) and user not provisioned in AD.
3) In self request you don't populate the field, it stays null which results in the class cast exception in the provisioning code. as u said , in this case if i want to provision the user through Adminconsole and as well as user self request for Provisioning in AD Resource case a) From adminconsole user provisioned
b) User self request not working and showing status as pending.
Thanks and Regards,
Santosh -
I group apps on my iphone 4s. I sometimes invoke age restrictions and I've noticed that when I remove the age restriction the apps that were hidden do not reappear back in their groups,they end up on the main screens. Can this behavior be prevented?
I don't think so. Once an app is removed and then restored it usually isn't restored to the same position/folder it was originally.
-
Email Notification after User Self Registers in OIM
Hello there,
Can you please tell me how can send an email notification to users as soon as they register themselves in OIM using the OOTB OIM Self Registration.
Actually I am generating a unique User ID as a Post Insert in Create User Event Handler. By real question is to actually send this particular generated User ID to the user in an email - how can I do that?
Thanks.The exact scenario is an end-user directly self registers himself providing all the necessary values of User ID, First Name, Last Name, Email, Password (mandatory fields). But I want this request to be directly completed/approved. I don't want any kind of administrator intervention in creating these users in OIM such as providing approval details, etc. So I have added the remaining necessary fields on self registration page itself for users to be filled out - Organization Name, User-Type, Employee Role. The user provides all these details on OIM self registration and it directly gets created in OIM.
I have made an email definition of type "provisioning related" and included the necessary UDF's in it. And I have added this email defn to the "Email Notify" task of "Xellerate User" process. I have already checked the "Assignee", "Requester", "User" option box in the "Notification" tab. So now the problem is after user creation - the administrator is receiving an email containing the UDF values but the user is not receiving that. But the user is receiving the "Self Registration" email definition email which I don't want to send.
So really speaking I want to send an email on User creation containing the UDF values - but it is not sending it. I have integrated the "Email Notify" task with "tcCompleteTask" system adapter. Am I missing anything?
Please let me know as this func. needs to be in place asap.
Thanks. -
Adding Custom HyperLink in user Self Service in OIM 11g
Hi
My task is to add a hyperlink in self service in oim 11g which can directly lead to resource form for selecting a resource for provisioning user.
Any help would be appreciated.
Regrads
Rajinder Singhare you able to view using xelsysadm? if yes. Provide the view, edit permission for each and every attribute to User's role using Authorization policy.
If can't able to view using xelsysadm. Hope, you have migrated on other server. Take export of User.xml using Unix Export Utility from dev server and import same using Import unix utility on this server
--nayan -
Photoshop flames. Can this be made into vectors.
The flame effect is what I'm trying to create. I know it's a common thing to do, but I would like this design on my van.
measurements for the panel on the van are 83" long x heigh 26" ...Around 30 characters are going to be used for the wording
I would like to use black background as the van color is white. Flames look better on the black, that's my opinion any way.
Youtube:
photoshop flames effect
http://www.youtube.com/watch?v=HdLU3SbVnrA
The above is the link to real world tutorials. This is the effect I wish to have on the side of van
I can design the flames in PS ok, but the peson who's going to do the van printing said can you do your design in vectors.
Is there any way the above can be created with vectors and not a rasterHey,
Would it not be easier to design the image in Photoshop, using a black background and then just apply the exact design to your van? You could even shape the overall image to the specific van panel then, without all the fuss!
I create a lot of large banner designs for people and pretty much follow the rules below:
6x3 Banner (feet)
-600 dpi (300dpi is ok but I like attention to detail!)
-Set canvas size to 25% of the above figure. (= 457.2mm x 228.6mm)
-Ensure everything you use in the image is high rez
-Keep the text and graphics at least 5mm+ away from the edges (bleed)
-Flatten image/save in desired format
-Email image to the printers/banner people
-Bingo!
This might not be what your looking for but you want black around the flames to make them stand out, so why not!
Hope it all goes well buddy!
Dave -
Drive connected to SATA to eSATA converter--can this be made hot-swappable?
Hey guys, I recently acquired a new SATA drive enclosure that has USB 2.0 and eSATA interfaces. It came with a PCI bracket that converts an internal SATA port to an eSATA port. So, using one of the two unused SATA ports on the Mac Pro board, I connected the bracket and have an eSATA port.
It works great! However, it only works if the drive is powered on at boot time and if I disconnect power to the drive while the machine is on, I get odd behaviour (such as Disk Utility hanging on launch).
Does anyone know if there is a way to make this behave like a FireWire or USB drive where one can safely power it off and disconnect it while the machine is still running?
Thanks!Does anyone know if there is a way to make this behave like a FireWire or USB drive where one can safely power it off and disconnect it while the machine is still running?
Yes, the Addonics 2-Port eSATAII PCI-E Controller for Mac Pro ($39.99) model ADSA3GPX1-2EM will allow you to hot swap the external SATA enclosure.
http://www.amug.org/amug-web/html/amug/reviews/articles/addonics/adsa3gpx1-2em/
If you want SMART support the FirmTek SeriTek/2SE2-E Two Port External Serial ATA PCIe Host Adapter $99.95 will do the job.
http://www.amug.org/amug-web/html/amug/reviews/articles/firmtek/2se2e/
Unfortunately, Apple built the Mac Pro without hot swap bays. At this time you will need a PCIe card to add hot swap SATA capabilities. The Addonics card adds this feature for very litttle $$$.
Have fun! -
I was trying to create my own Apple ID, when I recvd the verify email it said "Dear (my husbands name) you have entered (my email address)
as your contact email address for your apple ID." But i did not want change anything on his. Did I delete his apple ID?Funds cannot be transferred from one Apple ID account to another.
Try here > Rescue email address and how to reset Apple ID security questions
If that doesn't help, contact Apple for assistance with your security questions > Contacting Apple for support and service -
User Self Registration in OIM 11.1.1.3
Hi all,
Iam trying to register user using self registration process,the request is sent to admin(xelsysadm), i tried to accept request in admin(xelsysadm account) but the request status is showing as "Request Failed".And showing error as
IAM-2050014:An error occurred while initiating approvals for request oracle.iam.platform.workflowservice.exception.IAMWorkflowException: Tasklist mapping failed for workflowdefinition:
Error:default/DefaultRequestApproval!1.0 due to unable to process due to null. The corresponding error message is {1}.
Can any help to solve the issue.
Thanks & Regards,
Satish
Edited by: satish on Sep 8, 2010 3:58 PM
Edited by: satish on Sep 11, 2010 7:16 PMDid you set the organization, before approving the Task. The Approver needs to specify an OIM organization in which to create a user.
Regards,
Sanjay Sadarangani -
Hi,
Have you ever come across this problem before.
Changes to the state or options of DB SUSDB can't be made at this time. DB Is in single-user mode and a user is currently connected to it.
It's preventing the post WSUS installation task from completing.
I opted to use the WID Database option and it created the SUSDB.
How can I resolve it?
Thanksthis sounds similar to some issues that occurred when KB2720211 was first release (the update does put the DB into single-user mode, to perform some tasks, then switches it back into multi-user mode. sometimes, that switch-back was not performed, and the
DB was left in single-user mode).
You can refer to this thread, the steps are buried in there.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/531d576b-eeaf-40dc-9057-b3adbde6186f/kb2720211-debacle-is-this-acceptable-microsoft-quality?forum=winserverwsus
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
HT202233 If I made the mobile account for a network user, can this user unlock the FileVault2-disk?
My Mac is connected to Microsoft Active Directory. Every time I schould unlock the disk with the local admin, then login as network user.
If I made the mobile account for a network user, can this user unlock the FileVault2-disk?
Thanks.Yes, but the FileVault password won't be updated automatically if the login password changes.
-
Can I change the Home Folder of users with Group Policy (or in another centralized way)?
I know how to change the Home folder of users from AD Users & Computers -> their Properties -> Profile tab. But this is not very practical when one has users spread across many OUs, and with users being added and removed often.
So I am wondering whether there is a way to do the same with a GPO. The closest thing I found was Folder Redirection, with which I can change the location of particular profile folders for each user, but not the location of the whole profile.
Is there a way to redirect the entire location of users in a centralized way, using a GPO or some other mean?I would recommend reading that about the management of roaming profiles: http://technet.microsoft.com/en-us/library/cc784961(v=ws.10).aspx
You can involve the use of Powershell scripts for the management of roaming profiles:
http://social.technet.microsoft.com/wiki/contents/articles/12460.powershell-automate-roaming-profile-folder-permissions.aspx
http://gallery.technet.microsoft.com/scriptcenter/Check-if-an-AD-user-has-a-45ed5d1c
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Group Admin can add user to group but can't update user account in SAM SDK
Hi
I have created a user X and Group Y, and I have assigned the created Group Y Admin Role to user X and made user X a member of Group Y.
Now User X can create users but can't see them when doing a search.
Also if using the SDK this user attempt to add a user he created as a member of Group Y the LDAP return an error that user X dosen't have enough permissions to update the membership attribute of the new user account that he created.
Funny enough looking in the LDAP, the user is actually added as a member of the Group.
So the Group was updated correctly but the suer account is not.
Does anybody now a fix for this issue or is it fixed in any patches to SAM 7.1Hi,
Did the issue happen only for you or for multiple users?
Please login on other well worked Lync client from other computer with your Lync account to test the issue.
Please also use another well worked Lync account login your Lync client and test the issue.
You can disable your Lync account from Lync Server Control Panel and clear all SIP related information from AD, then re-enable your Lync account from Lync Server Control Panel to have a try.
Here is a similar case may help you:
http://social.technet.microsoft.com/Forums/lync/en-US/09032674-3927-4898-8f93-f3e6f3eab540/lync-2013-cannot-add-remove-or-move-contacts-or-groups-at-this-time?forum=lyncprofile
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
How can I give an user the right to change passwords
I'm still absolute server beginner, so I have to ask here.
How can I give users the right to change passwords or to view calendars?
I didn't find it, yet.
I've found an option to change rights, when I click on the user with two fingers (right mouse button). But all options in this menue are grey.Hi Holger,
These are two fundamentally different issues. I'll try to address them each. For both you will need to have OpenDirectory set up (see the Users Next Steps list in the Server app). Once that is done. Additionally you will need the Server Admin Tools 10.7. Once you have them installed, you can specify the OpenDirectory password requirements for users
User Passwords in OpenDirectory
On the server, open Server Admin app.
Connect to you server, then click on the OpenDirectory service.
Click on the Settings icon.
Click on the Policies tab.
Click on the Passwords sub-tab, and you can set all the criteria for password requirements here.
Resetting Passwords
Users must log in as network users on the client computer.
Once logged in, to change the password, open System Preferences.
Click on Users & Groups.
The user icon will be a silhouette with stars in the background. This means it is a network user. Click on the Password tab at the top.
Click the Change Password ... button to change the password.
Calendars in iCal are much like RSS feeds: users need to subscribe to them, like we discussed in our other posting. Network users will automatically be given a network iCal calendar, and will be automatically subscribed to it. However, if you want to automatically add subscribed calendars to network user's accounts, you will need to use ProfileManager.
On the server, open Server app.
Click on the Profile Manager menu item.
Make sure that iCal service is running (green indicator next to it). Click on the "Include configuration for services: ...". Make sure the iCal icon is listed there.
Click the "Sign configuration profiles" checkbox.
Turn Profile Manager on.
Once Profile Manager has loaded (the gear at the bottom right will no longer be spinning), go ahead and click the Open Profile Manager link.
Log into Profile Manager as your directory admin user.
Click on the Groups menu item to give all users of a specific group access to the wiki calendar. This is best if you have a wiki for a group and want to share that calendar. Use the Everyone group to add this calendar for all users.
Click on Users to give access to only specific users.
Edit the profile for the group(s) or user(s) you selected by highlighting that group and clicking the edit button.
Scroll down and select the CalDav item on the left.
Click configure. Here you will need to enter the specific details for that callendar based on the subscription details you get when subscribing to the calendar via the wiki.
After all that you still need to configure each client computer to be set up for profile management, which really is a topic of its own. I recommend the following tutorials:
Installing OS X Lion Server
OS X Lion Server Administration Tool Tour
Setting Up Profile Manager on OS X Lion Server
Using Profile Manager on OS X Lion Server
Hope this helps, good luck!
~Mike
Maybe you are looking for
-
Location services don't work even though they are on
My location services do not work even though they are switched on. When I ask Siri something that requires my location it tells me to turn on location services and Siri but they are already on.
-
Firefox Won't Open a New Window
I'm setting up my new iMac and installed Firefox as my internet browser. If I close all the browser windows, it won't open another window even by clicking on File>New Window or using keyboard shortcuts. I have to close the program entirely and reopen
-
My ipad and my wife's ipad are setup under the same Apple ID. How do I change that?
We want to be able to manage our own log ins and apps. What is the best way to separate (associate an email for her) them so that my wife can manage her own log in and password? Thanks! Chris
-
Fustrating equality problem, pls help
Hello ppl. Im here with a rather silly but fustrating problem... I have a conditional like this: String host = request.getRemoteHost(); if(host != "localhost"){ // code... Im the localhost and the value of host is localhost but java thinks otherwise,
-
HT1725 How to verify your apple I'd
How to verify your apple I'd ?