AD integration, making AD groups members of OD groups

Similar Messages

• Copy global group members to local groups

  I have an AD environment with a lot of global groups, all named G-FG-groupname and I would like to move (or copy) the members of these groups to already existing domain local groups with a similar groupname but
  with another prefix which is L-RG-groupname.
  Example, in which Testn can be replaced by any name.
  Members of domain global group G-FG-Test1 have to be moved or copied to domain local group L-RG-Test1
  Members of domain global group G-FG-Test2 have to be moved or copied to domain local group L-RG-Test2
  Members of domain global group G-FG-Test3 have to be moved or copied to domain local group L-RG-Test3
  etc..
  Many thanks!

  Hi Hoffer,
  as Mike already said, use the Searchbase parameter. Here's an example how it could look like in the previous script:
  # Import Module
  Import-Module ActiveDirectory
  # Get old Groups
  $GroupsOld = Get-ADGroup -Filter { name -like "G-FG-*" } -Properties Members -SearchBase "OU=OU TestOU,DC=intra,DC=netzwerker,DC=de"
  # Then for each group do ...
  foreach ($GroupOld in $GroupsOld)
  # Get the name of the new group
  $NewName = "L-RG-" + $GroupOld.Name.SubString(5)
  # Add Group Members
  Add-ADGroupMember -Identity $NewName -Members $GroupOld.Members -ErrorAction 'SilentlyContinue'
  # Remove Members from old group
  Remove-ADGroupMember -Identity $GroupOld -Members $GroupOld.Members -Confirm:$false
  Basically, use the Distinguished name of an Organizational Unit as the searchbase parameter.
  If you want to know the Distinguished Name of a given OU, you can either use the AD Console, or use this command (change the name as necessary):
  Get-ADOrganizationalUnit -filter { name -eq "OU TestOU" } | Select -ExpandProperty DistinguishedName
  Cheers,
  Fred
  There's no place like 127.0.0.1

• Receive texts from some group members, not all group members

  Hello!
  I have an iPhone 5S and recently purchased an iMac. iMac is on OSX Yosemite and iPhone is on iOS 8.1.2
  Recently I have been involved in a few group SMS text chains and I am receiving texts from some of the group members but not all of them. I can receive texts individually from everyone in the group.
  I was recently playing around with iMessage on my new iMac and feel like I may have done something in the setup that caused this issue.
  Anyone know what's going on? I reset network settings on my phone and closed out iMessage on my computer (I also signed out of iMessage completely)

  If iMessage is turned off on both devices and you are still unable to receive their texts, it is a carrier issue, the carrier will need to resolve it.
  If iMessage is turned on on both devices and you are unable to receive their texts, it's an iMessage setup issue.

• How to specify which group members have wiki write permissions

  In the 10.5 Workgroup Manager, Basic tab, there are two drop down boxes after the checked boxes for enbabling wiki, blog, mailing lists, web calendar, et al -
  Allow [group members only | some group members | authenticated users | anyone]
  to write to these services.
  If I select "some group members" how do I actually say which group members? I see nowhere that I can specify that.
  Specifically this is in regards to the wiki.

  Unless I'm missing something, the directory.app only lets me do the same thing the Server Admin does, add people to a group and enable services to that group.
  For example I have a group called Techs, they have a mailing list and wiki.
  Some of the junior techs I only want to have read access, others write access.
  I don't see how I can specify user1 has read only access but user2 and user3 have write access.

• SharePoint 2013 Workflow (SPD 2013) fails for Active Directory Group members

  Hi
  I have a SharePoint 2013 site called "Team Meetings". There are a number of lists and an InfoPath form library.
  The site's SharePoint Group "Team Meeting Members" has two Active Directory groups (All Club Managers and All Club Police) as members. Those two AD groups contain all the people that I want to have  access to the library and list, except for
  a few additional folk who I have made individual members. 
  My PROBLEM:
  I  have created a SharePoint 2013 Workflow using SPD 2013 associated with the  Form Library. Workflow is set to start on new or modified item. The first action is to write to history list, then determine the status (Submitted or Pending) of
  the form and go to different Stages depending on that status.
  The workflow works perfectly for any user who has been added directly to the SharePoint group (Team Meetings Members) BUT FAILS at the very first action for anyone who is a member of one of the AD groups. I know the Workflow is fine because I've tested it
  with numerous people who are direct members of the SharePoint Group, but whenever a person who is a member of the AD group tries it the Workflow just fails.
  Here's a print of the info from the Workflow Status page (I don't have access to server logs):
  RequestorId: 4494760f-92ff-2e8c-90d2-cc7df0e6baa4. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPRequestGuid":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"request-id":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
  RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Mon, 10 Mar 2014 01:31:42 GMT"],"Server":["Microsoft-IIS\/8.0"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]}
  The HTTP response content could not be read. 'Error while copying content to a stream.'. at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance
  instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor 
  Members of the SharePoint Group "Team Meetings Members" have Contribute Access to both the form library and another list that the workflow writes to as well as the Workflow History list (which in SP 2013 uses the credentials of the
  user who started the workflow, unlike 2010 which used System Account).
  All members of the Team Meetings Members group, whether they are individual members or part of one of the AD groups, have no problems opening and saving forms etc. It's just the Workflow that doesn't like them...
  I am stumped. I've spent many hours searching for a reason for this. There are about 200 people in the two AD groups so I really don't want to have to add them all individually - especially when these groups are managed in AD for a whole bunch of other reasons
  and using the AD groups means I'll basically never have to worry about modifying the SharePoint access permissions.
  Does anyone have any ideas why this is happening and what I can try to fix it?
  Mark

  Hi Lars,
  I'm afraid not so far but we are trying a few things today so I will post back with results.
  First thing we are doing is making the AD Group universal because one of our (external provider) gurus remembers seeing something about that. He also sent me a link to a post where they were talking about earlier
  versions but having similar issues and their solution was to make sure the app pool account has sufficient permissions in AD::
  http://social.msdn.microsoft.com/Forums/sharepoint/en-US/27a547da-5cc0-49d7-8056-6eb40b4c3242/failed-to-start-workflow-access-is-denied-exception-from-hresult-0x80070005-eaccessdenied
  This part of that thread looks interesting but we haven't checked it yet as were trying the universal setting first:
  "If the users participating in the workflows have been added to the SharePoint site via Active Directory groups, SharePoint has to update the user’s security token periodically by connecting to
  the domain controller. By default, the token times out every 24 hours. But if the application pool account did not have the right permissions on the domain controller to update the user’s token, user will keep getting the access denied error. The error was
  intermittent because when the user browsed to any page other than the workflow form, the token was getting updated successfully.
  You can try to fix it through granting the application pool account the appropriate permission by adding the account to the group “Windows Authorization Access Group” in Active Directory."
  I'll update when we try these ideas. If you have any luck please do the same.
  Mark
  (sorry about formatting - using my phone....)
  Mark

• Controlling which email address is used for group members?

  Howdy Folks,
  Is there a way to control which email address is used for contacts that you have put into a group in Address Book?
  For example, say John Smith is a member of an Address Book group I have created. John's Address Book entry contains two email addresses for him, one for work and one for home.
  When I send an email to the group I want to have it sent to John's work email address.
  I have experimented by editing the entry and making sure the desired address is the first one listed for the individual in question, but that doesn't do the trick.
  Thanks in advance for any tips!
  --gordon
  15" PowerBook   Mac OS X (10.4.6)  

  Launch Address Book, choose Help > Address Book Help and type "group addresses" in the search box. Read the article titled "Selecting which addresses to use for members of a group". Does that solve your problem?

• Do any new cisco versions support auto-adding team members back to group chat?

  each day I create a team group chat (9.2.6 or lower)
  a. if someone falls out of the team chat  (switches buildings, goes to a meeting, reboots etc)
  b. they fall out of the team chat
  c. users have to ask me to add them back to the team chat or I have to add all team members in the group every few hours.
  It would be great if it was more of a chat room like feature where anyone in that group can come/go as needed. Do any versions support this feature?
  If not I would like to pass this on as a suggestion. I believe lync supported this feature.

  and persistent group chat looks like it works with cisco jabber 9.7+?
  any advice on how I would submit a request internally for persistent chat?
  a. what is required (what is the name of the app, database stuff I have read about)
  b. which version of Jabber is recommended
  I would like it integrated with Cisco jabber and not a separate chat utility. Also is there a different place to place a "wishlist" request? Thanks!

• Can not add members to a Group as Group Administrator

  Hi,
  My collegue has created a Group 'WE_PM_group' and added me to that Group with role 'Group Administrator'.
  But when I connect to the 'Create Group Or Add New Members' tool, then after SSO and acknowledging the 'read and understood Beehive Online Guidelines', it does not show the 'WE_PM_group' (it shows no Groups) and I can only Create a group.
  My question : how can I add members to the Group that my collegue created and for which I am Group Administrator ?
  Note : When I connect to the BeehiveOnline Administration Tool, I indeed see my e-mail address within the Group 'WE_PM_group' and with the correct role (Group Administrator)
  Thanks for your help,
  Peter

  If you go to the APEX app and have any group - like your Administrator - you will have a list of group - each of them is a hyperlink. Click on the group and the Group settings will be displayed - one of the fields is the Manager email. Get him/her to puit your email in that field, separated by a comma, and you are good to go.
  Phil

• How can I not reveal group members' email addresses when sending a group message?

  I want to send a group message without revealing, as a courtesy, the email addresses of everyone in my group to all members of the group. How can I mask the other recipients? --Gary

  Use BCC instead of TO. That is what that feature is for.
  Blind Carbon Copy

• How can I set up an SMS group so that all group members can dial a group number and have a text sent out to all members of the group

  How can I set up an SMS group so that all group members can dial a group number and have a text sent out to all members of the group
  This would be an SMS group similar to an email listserv but running on the SMS network
  I have seen private individuals offering this service
  It seems strange to me that no internet site like Apple, Yahoo or Google offers this as a free service much as the email group services are free services.
  Steve

  I think the app GroupMe might do what you want. You might also try contacting your carrier. My carrier offered some fancy group texting service for a while but they never really advertised it so, unless you asked, you never would have known. But, GroupMe is available in the app store. There are lots of other apps that also do group texting but it seems to be the one that gets recommended the most.

• How can I query all the members of a group using querbuilder?  I cannot find any related properties

  How can I query all the members of a group using querbuilder?  I cannot find any related properties describing members under /home/groups/s/sample_group in jcr repository.

  Hi,
  FieldPoint Explorer is no longer used to configure FieldPoint systems. However, I do not think that the configuring your system in FieldPoint Explorer is causing the error.
  FieldPoint systems are now setup in Measurement and Automation Explorer (MAX).  Information on setting up FieldPoint systems in MAX can be found in the MAX help under: Installed Products>> FieldPoint. Also, I recommend upgrading to the latest FieldPoint driver and version of MAX.  The FieldPoint VI's will be slightly different when you upgrade, so there is a good chance that this will eliminate the error.
  Regards,
  Hal L.

• How to show logged-in Line Group Members in a Hunt Pilot (CUCM V7.1.3)

  I have configured a Hunt Pilot with a Hunt List which points to a Line Group with some DNs as Line Group Members. Additionally i gave the affected Users the option to log-in or log-out from the Hunt Pilot by configuring the "Hunt Group Logout" Button in the corresponding Phone Button Template.
  Is there a way to find out who is logged-in or logged-out from the Hunt Pilot?

  Hi Bill,
  thanks for your very interesting hint .
  I run the query you posted and actually got the following output. But the displayed linegroups are only a subset from my configured 79 linegroups . Is there a possibility to display all linegroups with all corresponding DNs and can i display this information for only one linegroup?
  When i know the queery that satisfy my claims, i will write a small web application that uses the AXL-SOAP API.
  Regards, Robert
  admin:run sql select lg.name as LineGroup,n.dnorpattern,dhd.hlog from linegroup as lg inner join linegroupnumplanmap as lgmap on lgmap.fklinegroup=lg.pkid inner join numplan as n on lgmap.fknumplan = n.pkid inner join devicenumplanmap as dmap on dmap.fknumplan = n.pkid inner join device as d on dmap.fkdevice=d.pkid inner join devicehlogdynamic as dhd on dhd.fkdevice=d.pkid order by lg.name
  linegroup                      dnorpattern     hlog
  ============================== =============== ====
  LG_A-Ulr4_Augsburg_9965077_235 \+498215075234  f
  LG_A-Ulr4_Augsburg_9965077_235 \+498215075209  f
  LG_A-Ulr4_Augsburg_9965077_235 \+498215075224  f
  LG_A-Ulr4_Augsburg_9965077_235 \+498215075226  f
  LG_A-Ulr4_Augsburg_9965077_235 \+498215075227  f
  LG_A-Ulr4_Augsburg_9965079_300 \+498215075327  f
  LG_A-Ulr4_Augsburg_9965079_300 \+498215075306  f
  LG_AB-Fried17_9965006          \+496021391713  f
  LG_AB-Fried17_9965006          \+496021391714  f
  LG_AB-Fried17_9965006          \+496021391721  f
  LG_AB-Fried17_9965006          \+496021391727  f
  LG_AM-Mar9_9965004             \+499621474921  f
  LG_BT-Sch9_9965010             \+4992189423    f
  LG_DD-Fet29_9965014            \+493514459055  t
  LG_HO-Bah1_9965020             \+4992818194122 f
  LG_KE-Moz31_9965024            \+498315215110  f
  LG_LA-Dre11_9965025            \+498714308419  f
  LG_LA-Dre12_9965026            \+498719239113  f
  LG_Mue-Sta41_9965029           \+498631386227  f
  LG_N-KOEN11_9965034            \+4991124039112 f
  LG_N-KOEN11_9965034            \+4991124039142 f
  LG_N-KOEN11_9965034            \+4991124039110 f
  LG_N-Ste6_9965057_400          \+499112428403  f
  LG_N-Ste6_9965058_450          \+499112428455  f
  LG_NES-Sie2_9965008            \+499771610413  f
  LG_NES-Sie2_9965008            \+499771610421  f
  LG_NM-Bah12_9965030            \+499181293312  f
  LG_PA-Kle13_9965035            \+498519594109  f
  LG_PA-Kle13_9965035            \+498519594113  f
  LG_PAN-Drb12_9965036           \+498561961225  t
  LG_PAN-Drb12_9965036           \+498561961224  f
  LG_R-Her2_9965068_400          \+499413783414  f
  LG_TS-Bah26_9965040            \+498619887312  f
  LG_Voicemail                   997005          t
  LG_Voicemail                   997006          t
  LG_Voicemail                   997007          t
  LG_Voicemail                   997008          t
  LG_Voicemail                   997009          t
  LG_Voicemail                   997010          t
  LG_Voicemail                   997011          t
  LG_Voicemail                   997012          t
  LG_Voicemail                   997013          t
  LG_Voicemail                   997014          t
  LG_Voicemail                   997015          t
  LG_Voicemail                   997016          t
  LG_Voicemail                   997017          t
  LG_Voicemail                   997018          t
  LG_Voicemail                   997019          t
  LG_Voicemail                   997020          t
  LG_Voicemail                   997021          t
  LG_Voicemail                   997022          t
  LG_Voicemail                   997023          t
  LG_Voicemail                   997024          t
  LG_Voicemail                   997025          t
  LG_Voicemail                   997026          t
  LG_Voicemail                   997027          t
  LG_Voicemail                   997028          t
  LG_WEN-Buer16_9965041          \+499614820413  t
  LG_WEN-Buer16_9965041          \+499614820415  f
  LG_WM-Puet35_9965042           \+49881922927   f
  admin:

• How to edit members of a group in Address Book?

  I need to add and delete members of a group in my Address Book. There seems to be no Edit function, though, and although I managed to type in a new name, when I opened the group, the new name had disappeared (and the old, deleted names reappeared).
  Underlying that problem - and the real problem that drives me to write you - is that there is apparently no HELP function that would contain lot of How-To-Do-Directions. Having that would improve the program significantly.

  Hi jnewcomer,
  I believe this to be a Thunderbird Question. I will move ya over to that component.

• How to bulk add group members in Open Directory

  So the workgroup manager interface is ghey. The + sign to add group members drag&drops users one at a time. I need to bulk add group members.
  I tried ldapadd to add all the users quickly and that doesn't seem to work. The ldap group record now has all the users populated, under the multivalued attribute memberUid), but workgroup manager doesn't see the bulk group members.
  Any idea how to do this?

  Use tcsh SHELL builtin command 'foreach' to accomplish this:
  $ tcsh
  $ which foreach
  foreach: shell built-in command.
  $ foreach user (`cat users.txt`)
  foreach? echo adding $user to group
  foreach? /usr/bin/dscl -u diradmin -P [passwd] /LDAPv3/127.0.0.1 append /Groups/yourgroup GroupMembership $user
  foreach? end

• How to add members in REDO group in RAC

  Hi All
  I need to know the syntax to add members in redolog group in RAC database. Currently i have 4 groups (2 belonging to each thread) and one member in each group. I want to multiplex.
  Thanks in advance

  Check out:
  http://www.lc.leidenuniv.nl/awcourse/oracle/rac.920/a96600/mancrea.htm