AD - import users and check AD group membership

Similar Messages

• Shared Calendars / Room Lists and automatically forcing them to users based on Security Group Membership

  Good morning all,
  I need some help achieving the following in our Exchange 2013 Environment.  First off, we have Exchange 2013, but all our clients have Outlook 2010.
  Here's what I would like to be able to do:
  1) create/manage public calendars / rooms in exchange 2013
  2) force these shared public calendars / rooms to users' calendars who are members of particular security groups
  3) give edit permissions / "booking" permissions for the shared calendars so select users are able to make changes to the shared calendars, as well as accept/deny requests to "book" shared room calendars
  Any one got any resources they can give to point me in the right direction?
  I have already created two mailbox room resources, and have them set up in a room list in AD.  But need to know the above as far as creating a shared calendar for events, and forcing these calendars / room lists out to users based on security group
  membership.
  I don't want my users to have to know how to add a shared calendar...that would be a nightmare explaining.  I just want it to show up.
  Any help on this is greatly appreciated, thank you!

  1) I recommend using Room Mailboxes for resource calendars because it just works better.
  2) This is a standard feature of a Room Mailbox.
  3) You're pretty specific here, but I think this is also more or less available with a Room Mailbox combined with folder rights.
  I don't know any way to just make them "show up".  You'll have to teach them.  Well written instructions can work wonders.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• How to import user and group at EPM11.1.2?

  I found a similar topic on this at User & Groups Issue
  But sounds like there is big change a tEPM11.1.2, I didn't find CSSImportExport utility at all.
  Could anyone tell me how to import users and groups from flat file at this version?
  Thanks
  Tony

  You can only use LCM from 11.1.2, it is not really that different format from the CSSImportExport utility.
  I find the best way is to set up a few users and provisioning and then use LCM to export, then you get a good feel to the format of the file.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Remove Users and Members of Groups with DIP

  We are using the DIP connector to map between NONLDAP(oracle DB) and OID. We are using a profile to create and update users. We have another profile that will create any new groups. We are currently working on a third profile that will populate the groups with their members. These profiles look at views in our oracle DB to determine when they were last updated.
  We have been successful at creating and updating users and creating new groups. I have not found any documentation to remove a user or remove a member from a group. Is there a way in the mapping file or the configuration file to tell OID that a user needs to be deleted or a member needs to be deleted from a group?
  Has anyone had any experience with this?

  If your question is whether you can use the DIP DB connector
  to synchronize group and group memberships, then yes
  you can.
  Keep in mind though, that the DB connector will do a full
  refresh of the group memberships (and not incremental)
  We are using the DIP connector to map between
  NONLDAP(oracle DB) and OID. We are using a profile
  to create and update users. We have another profile
  that will create any new groups. We are currently
  working on a third profile that will populate the
  groups with their members. These profiles look at
  views in our oracle DB to determine when they were
  last updated.
  We have been successful at creating and updating
  users and creating new groups. I have not found any
  documentation to remove a user or remove a member
  from a group. Is there a way in the mapping file or
  the configuration file to tell OID that a user needs
  to be deleted or a member needs to be deleted from a
  group?
  Has anyone had any experience with this?

• Importing user and group database from 2.6 to 4.0

  Hi,
  I need to import the user and groups from version 2.6 ACS to version 4.0. The 2.6 online documentation talks of using the CSUtils to create a .txt back up of the users and group. But I cannot see how to import that into 4.0. Has anyone done this. Any info would be appreciated,
  cheers,

  Hi Darran,
  I looked at what I had imported using the instructions you had supplied me and it looked fine, all users and group, tacacs privelege levels had been imported. I modified a router on our network to point at the ACS 4.0. on testing it looks like the passwords hadn't been copied across successfully. Logins are failing with 'invalid CS password' in the failed authentication log. If I changed the password manually it was fine.
  Have you seen that before?
  Thanks for your help on this.
  Rgds,
  Russell.

• Import user and group from dump.txt to ACS Solution Engine 3.3

  I have export the user and group using the CSUtil -d on my acs v2.6. But ACS Solution Engine 3.3 does not have the CSUtil command to import the user and group database. Can anyone advise me?

  I'm trying to do the same thing with no luck so far.
  Documentation seems to indicate you can do this using RDBMS Synchronization but we haven't got it to work yet.
  I read the doco as saying you create a csv and place it on an FTP server and ACS will read from that file. When we've tried, it rights its own file with a different extension and says it can't find the one we place in that same directory.

• SAML 2.0 and AD Security Group Membership

  In ADFS 2.0, as a part of the token, I can pass the AD
  security groups the user is in. Does SAP SSO have the ability to send and
  receive SAML 2.0 tokens with AD security group membership?

  Hi Jeff,
  SAP SAML 2.0 Identity Provider is able to include any group (or role) assignment of the user (available in the NetWeaver AS Java UME) as SAML Attribute in the generated SAML 2.0 Assertion.
  These group assignments of the user can be local (maintained in local UME database) or remote ones if the UME is configured with other Data Source.
  So in order to be able send the AD group assignments of the user you need to change the NetWeaver UME Data Source to your AD. More information how to do that you can find at this page: Identity Management - SAP Library.
  Then in your Identity Provider you can configured so called "Authorization-Based Assertion Attributes" in the "Identity Federation" tab of your trusted Service Provider configuration. An example with such attributes is provided at this page: Configuring Identity Federation with Transient Users - Identity Provider for SAP Single Sign-On and SAP Identity Managem… (although the page is for Transient federation these attributes are supported for all supported NameID formats).
  Regarding the receiving part:
  In SAP SAML 2.0 Service Provider of NetWeaver AS Java received SAML 2.0 Attribute can be either assigned to any UME attribute of the authenticated user, or to be used in rules that assign specific role(s) or group(s) to the user. For more details see these pages: Configuring Federation Type Persistent Users (Advanced) - User Authentication and Single Sign-On - SAP Library and Configuring Federation Type Virtual Users - User Authentication and Single Sign-On - SAP Library
  Regards,
  Stefan

• OBPM + WCI query to determine users and their assigned groups

  I am running OBPM 10.3.1 and WCI 10.1.3, without LDAP configuration. I would like a query that I can run directly from the OBPM Directory schema or plumtree schema that would let me see all the user's login IDs, assigned groups, and display names. I have tried a few different queries, butthey do not give me what I want exactly.

  Yeah, I had that one for roles, but for groups there was another set of tables... assiggrppart or something.... but that doesn't have hardly anything in it. Is there a different table that has the group assignments? from the admin side, we use BPM to add roles to groups, then use WCI to create users and assign them WCI groups. That gets recognized by the BPM directory automagically. Its not in any table that begins "FUEGO_ASSIG".

• MaxL command to import users and security in eas

  Hello,
  I would like to know if there is a command that allows Maxl export and then import the list of users native EAS and filters.
  In summary, I have a few applicationsversion 9 essbase to 11.1.2.2, via migration wizard. my essbase 11 is in standalone mode with SSO configuration to MSAD external authentication. In version 9 essbase security is mounted on the shared services.
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.
  Thank you in advance
  Edited by: 851398 on 25 sept. 2012 09:20

  851398 wrote:
  My question is, if I take my file essbase.sec version 9 and the copy in version 11, to get my native users and security filters. Will I lose my config sso?.It is probably not adviserable trying to copy your essbase.sec between versions or environments,
  You could look at the advanced security manager as an alternative solution to extracting the information, it is free and definitely worth a go - http://www.appliedolap.com/free-tools/advanced-security-manager
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Can't import users and group backup

  I exported the list of user names and groups prior re-installing 10.6 server.
  Now when I try to import the backup, I get the error:
  "The following users could not be imported because each of their first short names contains an invalid character (such as a period.)"
  followed by the list of my users.
  According to Apple's user creation documentation, the following characters are allowed:
  "For the first short user name, use only these characters. Subsequent short names can contain any Roman character.
  * a through z
  * A through Z
  * 0 through 9
  * _ (underscore)
  * - (hyphen)
  . (period)"
  Is that a bug? is there a way around it ?
  Thanks

  I am also encountering the same problem. Can anyone assist?? I had to demote my OD due to a DNS change and lost 200+ accounts unless we can find a solution.
  Thanks for anyones suggestions.

• Create User and Add to Group in a single call using ActiveADAPTER

  Hi Folks, I can successfully create a user in a specific OU and I can subsequently add the user to a Group within another OU using two sequential calls with ActiveADAPTER's one-way send functionality.  Has anyone successfully done this in a single call
  or am I limited because that would require two Directives statements?
  Thanks!

  Some thoughts:
  Operations against AD are single action natively, because LDAP is I'd assume.  The adapter likely follows that pattern.
  Support for multiple operations would be noticable in the schemas either by a high level repeating structure or something like composite operations.
  What does their support say? 
  [email protected]

• Getting firstnames and surnames from group membership in AD

  Morning guys..
  I am trying to get a list of the firstname and surnames that are currently in a group on ad.
  I am currently using the following command but I want to tidy it up a bit.
  At the moment I am getting a table with a load of stuff I don't want or need, what pipelining command can I use to only show the first and last names of the accounts?
  This is the command I have so far..
   get-adgroupmember "EXT_Information_Exchange_MODIFY" | format-table | format-wide
  Many Thanks!

  I'd suggest you use the following command:
  get-adgroupmember EXT_Information_Exchange_MODIFY | Get-ADUSer | Select GivenName, SurName
  But this will give you errors where the member is not a user. Therefore this command is better (it filters the pipeline to only user objects):
  get-adgroupmember EXT_Information_Exchange_MODIFY | ? { $_.ObjectClass -eq "user" } | Get-ADUSer | Select GivenName, SurName
  Then you can add your Format-Table commands etc.

• Best strategy to import users and their content

  Hello,
  Just seting up a Mac mini / Mountain Lion server. I have 2 iMacs, 2 Macbook Pros + may be others in the future. This is a first time server setup. The iMacs are connected to the server through Powerline Ethernet adapters.
  1. What would be the best strategy to move user accounts AND their content (i.e Home folders) to the server so both management of the users as well centralized user data management is made easier?
  2. Has anyone had experience (good or bad!) with mobile Home folders and syncing? If setup, is the sync automatic or does a user have any control over the sync?
  Any sharing of experience and input is much appreciated. Thanks!

  Yes, that was my concern too. I had read about the troubles here and there. But most of all how could this be coming from Apple out of all the places? Apple is known for such mottos as "it just works", "it's reliable" and such other good things ;o)
  But once you create new, equivalent user accounts on the server, you'd still need to copy the contents of the accouns from their original locations (from other computers). Wondering if I'd still run into permissions issues.
  Thanks

• LDAP Realm: One Directory to Users and One for Groups?

  Hi,
  I'm trying to use LDAP for authentication of users accessing WLS.510
  do all the users to be authenticated have to be in a single sub-directory?
  We were hoping to let WLS look in several sub-directories for users.
  i.e. store users of customer A in directory /ourcompany/custA/endusers
  and store users of customer B in diectory /ourcompany/custB/endusers
  is this possible?
  Cheers, Patrick.

  I don't think so.
  I've tried to put multiple 'directories' for my users, it doesn't
  work.
  This is how I put in ldaprealm.properties (I use ';' to seperate the
  DNs because we cannot use ',' and ';' is kinda standard way to
  seperate 2 entries, just like CLASSPATH)
  weblogic.security.ldaprealm.userDN=o=LatitudeWeb.com,ou=People;o=LatitudeWeb.com,ou=Customers
  Have you found a way to do so?
  On Wed, 11 Oct 2000 11:52:11 +0100, "Patrick Farley"
  <[email protected]> wrote:
  Hi,
  I'm trying to use LDAP for authentication of users accessing WLS.510
  do all the users to be authenticated have to be in a single sub-directory?
  We were hoping to let WLS look in several sub-directories for users.
  i.e. store users of customer A in directory /ourcompany/custA/endusers
  and store users of customer B in diectory /ourcompany/custB/endusers
  is this possible?best regards,
  Lawrence Law

• LDAP- When importing a Group it goes into Security Users and not Groups.

  Hello,
  I created a new LDAP Server
  cn=GroupBI,OU=Groups,OU=Systems,OU=Milan,OU=Italy,OU=Countries,DC=u,DC=a,DC=g
  Connection Test was ok.
  The problem is on importing members of my group, on Security Import window instead of having the group drop-down list populated I have the user drop-down list populated with "GroupBI".
  If I import this group (considered as a user by BI) it goes into Security > Users and not Security > Groups.
  This does not make sense.
  I'm sure this "GroupBI" is a group and not a user and the atribute type used is sAMAccountname
  Any help?
  Cheers

  Let me tell how we did Authentication using LDAP
  I havent imported any groups or users once the LDAP is set up and connection was successfull. I simply created the session variables USER DISPLAYNAME EMAIL and mapped to LDAP Variables uid, displayname, mail.
  Authentication is done in this way by mapping the OBIEE variables to LDAP variables instead of importing the groups.
  Now for Authorization I created the groups populated using some db tables and captured the group name and loglevel and applied filters on the group in the rpd for data level and permissions on the group in webcat for object level.
  So just for Authentication purposes I think we can authenticate with out really importing groups as long as you map OB variables to LDAP
  hope it helps
  Prash