Adding a field of Active Directory

Similar Messages

• Why do I get general access denied trying to update my own field in Active Directory?

  I am trying to update a field pertaining to my own user object in Active Directory using ADSI and C++ app. The operating system
  is Windows Server 2012 Standard.
  I am able to read, I am able to call Put without problems, but when I call SetInfo, it returns with "General access denied". I have
  confirmed that it's my own user object I'm trying to access.
  I obtain my own FQDN like this:
  GetUserNameEx(EXTENDED_NAME_FORMAT::NameFullyQualifiedDN, pszFullyQualifiedDN, &dwFullyQualifiedDN);
  Then I use it like this:
  LPTSTR pszObj = (LPTSTR)LocalAlloc(LPTR, dwMemToAlloc);
  wcscpy_s(pszObj, dwMemToAlloc / sizeof(TCHAR), L"LDAP://");
  wcscat_s(pszObj, dwMemToAlloc / sizeof(TCHAR), pszFullyQualifiedDN);
  I bind to an object like this:
  ADsGetObject(pszObj, IID_IADs, (LPVOID*)&pObject);
  This call succeeds:
  pObject->Get(CComBSTR("Description"), &var);
  This call also succeeds:
  VariantClear(&var);
  V_BSTR(&var) = SysAllocString(L"Some new value");
  V_VT(&var) = VT_BSTR;
  hr = pObject->Put(CComBSTR("Description"), var);
  Trying to commit the above change using the following:
  pObject->SetInfo();
  This is where it fails.
  It returns E_ACCESSDENIED General access denied error.
  As you can see, that is my own user object I am trying to update. To my understanding that is supposed to work provided I am a member of Domain
  Users group. Which I am.
  What could possibly be the problem?

  The problem is that in Windows Server 2012 Domain Controller, permission to write to public (and personal,
  for that matter) properties is not granted to "SELF". The field I am trying to write to belongs to public properties. The only property set a user is able to change for himself in Windows Server 2012, by default, seems to be "Private-Information",
  which consists of ms-PKI-Credential-Roaming-Tokens,ms-PKI-RoamingTimeStamp, ms-PKI-DPAPIMasterKeys, ms-PKI-AccountCredentials
  Why on earth a user doesn't have permission to write to his own personal fields in Windows Server 2012 AD, Microsoft??!?!?!

• Adding a user in Active Directory

  Hi fellows,
  I am having a serious problem in creating a new user in active directory. i am using LDAP JNDI code. I can delete and update users attributes, but fail to create users.
  ctx.createSubcontext("newuser,full domain", attributes);
  when i specify a new user in "newuser" it gives exception invalidnameexception. I don't understand how to create a new entry within the directory structure of predefined tree. by the way, i can create users by active directory explorer but java application is giving exceptions.
  Any help will be highly appreciated.

  A DistinguishedName is of the form e.g. "cn=username, ou=Users,dc=hostname,dc=com". In other words it contains attribute names and values for each name component. Evidently your DN doesn't do that.

• How to update distinguishedName field in Active Directory?

  HI all,
  We are trying to create the Active Directory users from SAP .  But we are not able to manipulate the Distingushed Name attribute to create the users inside the right OU. We tried to pass the value of OU name to the attribute 'o' which is not affecting
  the distinguishedName attribute. kindly suggest ideas??

  You're after the Server > Directory Services forum I believe. Active Directory now covers multiple areas and the full name of the section you're interested in is Active Directory: Directory Services.
  https://social.technet.microsoft.com/Forums/en-us/home?forum=winserverDS&filter=alltypes&sort=lastpostdesc

• Adding a listener to Active directory for user creation using Java

  Hi,
  I would like to add a listener to active directory such that when a user is created to the "Users" container, I should be notified or informed. I would like to do this with Java. What should I do ?
  Regards,
  Anand Kumar D

  You should add a NamingListener or a NamespaceChangedListener.

• Adding Custom Attributes in Activie Directory

  hi 
  i've a requirement of getting few user properties from Active Directory into the user profile,for example i need the following properties.
  user image
  user birthday
  user employee number
  these properties are not available in the active directory,so how can i add these into the active directory and secondly how can i insert image of the user into the active directory property for image

  There are two ways here.
  First:
  You can ask your AD administrator to create an attribute for you so that you can use it.
  Second:
  You can use the thumbnailPhoto attribute for Images
  You can use Employee ID for employee number
  You can use roomnumber for Birthday. Birthday attribute is not present in AD. So, we would have to use some other attribute which matches. So, i would personally request you to create a new attribute inside AD for the same. For this please follow
  this URL.
  Thank You, Pallav S. Srivastav ----- If this helped you resolve your issue, please mark it Answered.

• Update distinguishedName field in Active Directory?

  HI all,
  We are trying to create the Active Directory users from SAP .  But we are not able to manipulate the Distingushed Name attribute to create the users inside the right OU. We tried to pass the value of OU name to the attribute 'o' which is not affecting
  the distinguishedName attribute. kindly suggest ideas??

  > As of now We are pointing the Base entry to The "Users" Folder.
  What's the "base entry"?
  > But the requirement is to create the users
  > in their particular OU.
  Then why don't you do so? I fail to understand what you're actually
  doing, maybe some lines of sample code can explain.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Problem adding some user or active directory group to sharepoint 2010 group

  Hi All
  I have a problem in a specific site collection in a web Application (but not on other site collection in that webApp).
  whenever I add a user like some system account to a sharepoint group or create a new sharepoint group or add an ActiveDirectory group to a sharepoint group I get an error and the user / group are not added :
  System.Runtime.InteropServices.COMException: [Work Email Address] - [Wrong Email Format]    at Microsoft.SharePoint.Library.SPRequestInternalClass.EnsureUserExists(String bstrUrl, String bstrLogin, String bstrEmail, String bstrName, String
  bstrNotes, String bstrMobilePhone, Int32 lFlags, Boolean bIsRole, Boolean bSendEmail, Boolean bForceAdd, Byte[]& ppsaSystemId, Boolean bImportDeleted, Int32& plUserId)     at Microsoft.SharePoint.Library.SPRequest.EnsureUserExists(String
  bstrUrl, String bstrLogin, String bstrEmail, String bstrName, String bstrNotes, String bstrMobilePhone, Int32 lFlags, Boolean bIsRole, Boolean bSendEmail, Boolean bForceAdd, Byte[]& ppsaSystemId, Boolean bImportDeleted, Int32& plUserId)
  when I add a regular user - all goes well.
  10x for any help
  Shlomy

  Hi Shlomy,
  i was thinking, perhaps there is an application that use this checking method on your specific site collection, and perhaps it is using a hard-coded command to request it, but seems it got some issue.
  as the other site collections, may not have the issue, so perhaps other site collections don't have this application, and you may check that as lead investigation process.
  you may try to capture fiddler tool, it may come in handy on tracing the http requests.
  http://fiddler2.com/
  usually when i trace the application, i would like to create new site, and add the webpart or application one by one, then i may know which application/webpart that have the issue.
  as other regular user may not have the issue, perhaps its because system account is by design to not have an email address properties, so when the application/webpart request for it, it become failure.
  Regards,
  Aries
  Microsoft Online Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Active Directory cn field not updated from sap HR using ldap.

  Hi,
  Apologies if this is in the wrong forum area.
  I am using the LDAP facility to create and modify Active Directory records from sap HR. Initially, the name field cn that was coming across into AD was in the format of the logical system and employee number, eg, RD4CLNT22000000711.
  I then implemented the BADI HRLDAP_ATTRIBUTES which then changed this name field cn in the active directory listing to the format; surname, forename.
  It works fine when I create a new user, however the problem comes when I update the persons name in the sap hr module. The data that comes across into Active Directory shows the change to the persons surname sn, forename and displayname fields is there but the cn field is still showing as the previous name.
  In short, when a new user is created, the cn field in active directory is correct
  (surname, forename) but when the employee’s name is modified, that change is not brought across to the cn field even though the surname, forename and displayname fields are updated correctlyon AD.
  We are on release 4.70.
  Anyway, if anyone could help I would be very grateful.
  Thanks
  David

  Hi
  The problem it is causing us is that the cn field is incorrect and does not mirror the change in sap HR, therefore the Active Directory entry for the employee is not totally accurate.
  When an employee changes their name in SAP HR - usually their surname, we would then want to update the employee’s active directory account to show this change and this includes the cn field also. At the moment the firstname, lastname fields do get updated with the change so we would want the cn field to show this as well otherwise the cn field would be incorrect and not match up with the employee's AD firstname & lastname fields.
  Dave

• Create a User account in active directory from SharePoint online 2013 list data

  Hello,
  I am trying to create a SharePoint list through which i can create a user account into active directory, 
  1 - HR is sending the detail in the email body to a Specific email address  ([email protected]) like below..
  First Name: XYZ
  Last Name: ABC
  Address: ABC 123
  Designation: Analyst
  Employee ID: 10492
  and so on 
  2 - I need to pickup every new email data of the above section into sharepoint list (in Column)
  First Name        Last Name       Address         Designation   Employee ID   
  3 - I want to create a event receiver through which i can go ahead and find the new data in the list and then create a user in the active directory,
  I tried very hard and since i dont have much experience in coding part,  any help will be highly appreciated
  Thank you 
  Aman 

  1- Configure Incoming Email Setting at your SharePoint Farm -
  https://technet.microsoft.com/en-us/library/cc262947.aspx
  http://blogs.technet.com/b/harmeetw/archive/2012/12/29/sharepoint-2013-configure-incoming-emails-with-exchange-server-2013.aspx
  2- Configure your Sharepoint List Incoming e-mail settings for [email protected] - ListSetting-Communications->Incoming e-mail settings. -
  https://support.office.com/en-in/article/Enable-and-configure-e-mail-support-for-a-list-or-library-dcaf44a0-1d9b-451a-84c7-6c52e7db908e
  3- Write an Incoming Email Receiver , and Add you Email Body Parsing Code (retrive value of fields , firstname , lastname etc) in
  EmailReceived() method. also add the code for adding new user in Active Directory
  http://blogs.msdn.com/b/tejasr/archive/2010/03/06/event-handler-code-to-add-incoming-emails-with-subject-discussion-id-as-replies.aspx
  https://pholpar.wordpress.com/2010/01/13/creating-a-simple-email-receiver-for-a-document-library/
  4-  Active Directory Code Help -
  http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
  http://www.codeproject.com/Tips/534718/Add-User-to-Active-Directory
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• Active Directory not replicating from SBS 2003 to Server 2008 R2 Standard

  I have an old SBS 2003 server and am migrating to a 2008 R2 server. I followed this guide:
  http://demazter.wordpress.com/2010/04/29/migrate-small-business-server-2003-to-exchange-2010-and-windows-2008-r2/
  I followed the guide (except the exchange stuff, because they are moving from exchange to Google apps for business) and everything went fine.
  I removed the sbs from Domain controller status (dcpromo'ed it out) and everything seemed to go fine.  I haven't turned off the old server yet, because they are still using it for a couple of other unrelated applications.
  After I did this I added new computers to active directory, but they only showed up on the active directory on the old sbs (I think something went wrong when I too the old sbs out of domain controller status).
  I ran dcdiag on the new server and this is the result:
              Time Generated: 01/10/2014   14:57:56
              Event String:
              The SiSRaid4 service failed to start due to the following error:
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 01/10/2014   14:57:56
              Event String:
              The stexstor service failed to start due to the following error:
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 01/10/2014   14:57:56
              Event String:
              The vhdmp service failed to start due to the following error:
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 01/10/2014   14:57:56
              Event String:
              The vsmraid service failed to start due to the following error:
           A warning event occurred.  EventID: 0x8000001D
              Time Generated: 01/10/2014   14:58:00
              Event String:
              The Key Distribution Center (KDC) cannot find a suitable certificate
   to use for smart card logons, or the KDC certificate could not be verified. Sma
  rt card logon may not function correctly if this problem is not resolved. To cor
  rect this problem, either verify the existing KDC certificate using certutil.exe
   or enroll for a new KDC certificate.
           An error event occurred.  EventID: 0x0000164A
              Time Generated: 01/10/2014   14:58:20
              Event String:
              The Netlogon service could not create server share C:\Windows\SYSVOL
  \sysvol\PIIKANIPW.local\SCRIPTS.  The following error occurred:
           An error event occurred.  EventID: 0xC0001B58
              Time Generated: 01/10/2014   14:58:21
              Event String:
              The Qntm3520 service failed to start due to the following error:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   14:58:36
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           A warning event occurred.  EventID: 0x00002724
              Time Generated: 01/10/2014   14:58:40
              Event String:
              This computer has at least one dynamically assigned IPv6 address.For
   reliable DHCPv6 server operation, you should use only static IPv6 addresses.
           A warning event occurred.  EventID: 0x800013B8
              Time Generated: 01/10/2014   14:58:49
              Event String:
              The application '/tmsWebAgent' belonging to site '1' has an invalid
  AppPoolId 'Classic .NET AppPool' set.  Therefore, the application will be ignore
  d.
           A warning event occurred.  EventID: 0x80003BC4
              Time Generated: 01/10/2014   15:01:53
              Event String:
              SSL Certificate Settings deleted for Port : 0.0.0.0:50106 .
           A warning event occurred.  EventID: 0x80003BC5
              Time Generated: 01/10/2014   15:01:53
              Event String:
              SSL Certificate Settings created by an admin process for Port : 0.0.
  0.0:50106 .
           An error event occurred.  EventID: 0xC0001B7A
              Time Generated: 01/10/2014   15:01:59
              Event String:
              The TMS Print Agent service terminated unexpectedly.  It has done th
  is 1 time(s).
           A warning event occurred.  EventID: 0x0000000C
              Time Generated: 01/10/2014   15:02:00
              Event String:
              Time Provider NtpClient: This machine is configured to use the domai
  n hierarchy to determine its time source, but it is the AD PDC emulator for the
  domain at the root of the forest, so there is no machine above it in the domain
  hierarchy to use as a time source. It is recommended that you either configure a
   reliable time service in the root domain, or manually configure the AD PDC to s
  ynchronize with an external time source. Otherwise, this machine will function a
  s the authoritative time source in the domain hierarchy. If an external time sou
  rce is not configured or used for this computer, you may choose to disable the N
  tpClient.
           An error event occurred.  EventID: 0x0000165B
              Time Generated: 01/10/2014   15:02:34
              Event String:
              The session setup from computer 'PK-PC1' failed because the se
  curity database does not contain a trust account 'PK-PC1$' referenced by t
  he specified computer.
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:03:37
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           A warning event occurred.  EventID: 0x000727AA
              Time Generated: 01/10/2014   15:04:01
              Event String:
              The WinRM service failed to create the following SPNs: WSMAN/PKDC01.
  PIIKANIPW.local; WSMAN/PKDC01.
           A warning event occurred.  EventID: 0x80003BC4
              Time Generated: 01/10/2014   15:06:54
              Event String:
              SSL Certificate Settings deleted for Port : 0.0.0.0:50106 .
           A warning event occurred.  EventID: 0x80003BC5
              Time Generated: 01/10/2014   15:06:54
              Event String:
              SSL Certificate Settings created by an admin process for Port : 0.0.
  0.0:50106 .
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:08:37
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           An error event occurred.  EventID: 0x000016AD
              Time Generated: 01/10/2014   15:13:21
              Event String:
              The session setup from the computer PK-PC1 failed to authentic
  ate. The following error occurred:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:13:38
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:18:39
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:20:28
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           An error event occurred.  EventID: 0x00000457
              Time Generated: 01/10/2014   15:20:33
              Event String:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:23:39
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:28:40
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:33:41
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved. This issue may be
   transient and could be caused by one or more of the following:
           An error event occurred.  EventID: 0x00000422
              Time Generated: 01/10/2014   15:38:41
              Event String:
              The processing of Group Policy failed. Windows attempted to read the
   file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
  -00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
  licy settings may not be applied until this event is resolved.
           ......................... PKDC01 failed test SystemLog
        Starting test: VerifyReferences
           ......................... PKDC01 passed test VerifyReferences
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test
           CrossRefValidation
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test
           CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : PIIKANIPW
        Starting test: CheckSDRefDom
           ......................... PIIKANIPW passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... PIIKANIPW passed test CrossRefValidation
     Running enterprise tests on : PIIKANIPW.local
        Starting test: LocatorCheck
           ......................... PIIKANIPW.local passed test LocatorCheck
        Starting test: Intersite
           ......................... PIIKANIPW.local passed test Intersite
  I also noticed that the SYSvol share on the new server is empty and the NETLOGON share doesn't exist.
  Please help! Thanks.

  Hi,
  Do you currently have any relevant errors in your System or Application logs? 
  Seems like the replication is not successfully.
  An SBS server shouldn't shut down upon detecting the existence of another DC as that's a fully supported scenario.
  Regards.
  Vivian Wang

• GRC CUP how to pull manager from Global directory or Active directory

  Hi,
  how can i pull manager from global directory or active directory as approver.We are designing dual control approval process.First manager from global directory can approve then role owner.In workflow stages i can only see approvers information has to be entered manaually in CAD.Also i am looking when requestor requesting request,it should automatically fetch manager information on the request page,once user id selected.
  Thanks
  Mushu

  Dear Mushu,
  Two things you need to do
  1.) Maintain the Manager's Field in Active Directory and do mapping in CUP>Configuration>Field Mapping-->LDAP Mapping
  2.) Keep LDAP as authentication system so that whenever a User has to log into the CUP he will do using his network id and his manager is automatically pulled from Active Directory.
  Then in the workflow you can keep the approver determinator as Manager by which the request will routed to the appropriate manager. Hope that helps.
  Edited by: celestemay17 on Dec 8, 2010 12:05 PM

• Active Directory Disabled

  Hello,
  I just installed Windows Server 2012. After adding the DNS and Active Directory Features/Roles to the server, I noticed that Active Directory Services is not running, but it is disabled. When I try to start the service, I receive the error - The Active Directory
  Domain Services service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.
  Any ideas of what could cause this?

  Hi,
  Please ensure that the Active Directory domain services are run under Local System account, you can find the account information from the Log On tab.
  After adding the DNS and Active Directory Features/Roles to the server, I noticed that Active Directory Services is not running, but it is disabled
  As Seb mentioned, did you promote the server to be Domain Controller after installation? If not, there should be a yellow warning sign in Server Manager as below.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Creating custom fields for manual entry and fields that gather data from Active Directory

  So I am no SQL developer but I am being asked to do this.. I've spent the last few days researching but cannot find anything related to my particular situation.
  I have made a copy of the following report to add or modify a few columns:
   Hardware 01A - Summary of computers in a specific collection
  So I have 2 questions:
  How do I create a field that will search the "Managed By" tab in the Computer Properties window in Active Directory.
  How do I create a field that can be manually updated for example: "Date Deployed" or "Deployed By: Analyst"
  I understand I need edit this in SQL report builder and think I know how to create the columns. I believe all I am really asking is.. What are the SQL statements I need to write in order to get this to work?
  I'm sure it's not as cut and dry as I hope it to be so I will be standing by to try to answer any further information that you will want to know.
  thanks!

  Before you can accomplish this you need:
  "Managed by" -attribute has to be added to your Active Directory System Discovery, more on this here: http://technet.microsoft.com/en-us/library/bb693618.aspx
  For "Date Deployed", I'd use a custom Tattoo script in your task sequence to "Tattoo" the installation info in the registry, after that I'd configure the Hardware Inventory to pick that from the registry, more on this here: http://ccmexec.com/2012/08/script-to-tattoo-the-client-registry-during-osd/
  and here: http://www.petervanderwoude.nl/post/reporting-about-the-all-the-different-os-deployment-versions-with-configmgr-2012/
  After those prerequisites, you can start working with SQL reports. More info here: http://myitforum.com/myitforumwp/2012/10/29/sccm-2012-reporting-for-dummies-creating-your-own-ssrs-reports/

• UME connected to Active Directory. How to change what fields are available

  I have successfully changed my UME to point to Active Directory. I'll describe process further on in post. My issue now is how to modify what AD fields will be available in UME and what UME fields they'll be 'mapped' to.
  I'll try to describe the process I've gone through so far:
  1) Download the 'dataSourceConfiguration_ads_readonly_db.xml' file from Config Tool
  2) Renamed file and added the following:
      a) in <responsibleFor><principal type="user"> <nameSpaces><nameSpace name="com.sap.security.core.usermanagement"><attributes> section I added a <attribute name="xxx"/> tag for each new field I wanted. 'xxx' is, of course, the name of the field
      b) in <attributeMapping><principals><principal type="user"> <nameSpaces><nameSpace name="com.sap.security.core.usermanagement"><attributes> section I added a <attribute name="xxx"><physicalAttribute name="yyy"/></attribute> tag for each new field I wanted. 'xxx' is, of course, the name of the field in UME and 'yyy' is the field in the LDAP
  Then I uploaded the new file into Config Tool and switched the "Data source configuration file" selection to that new file. Saved the change and restarted the engine.
  When I ran some test code I was getting information back from the user's AD entry. For example, I tested the email field. This is a field that is not maintained in the UME but I got the correct value back so I knew it was getting it from AD.
  Then I wanted to see if I could get one of the new fields. When I ran my test code the user.getXxx() method call returend null.
  Since I knew that getting the e-mail worked I thought I'd change the mapping for the email UME field to point to the 'yyy' field in AD. I did this by making this change:
  <b>FROM:</b>
  <attribute name="email">
      <physicalAttribute name="mail"/>
    </attribute>
  <b>TO:</b>
    <attribute name="email">
      <physicalAttribute name="yyy"/>
    </attribute>
  I then uploaded that new xml file and switched to it in Config Tool. Then I restarted the engine.
  However, when I ran my test code (see below for snippet) it still shows the email value instead of the value of field 'yyy'.
  Any help would be GREATLY appreciated.
  <b>Web Dynpro code snippet:</b>
  String input = "smith";
  IUserFactory userFactory = UMFactory.getUserFactory();
  try {
    IUserSearchFilter searchFilter = userFactory.getUserSearchFilter();
    searchFilter.setLastName(input, ISearchAttribute.LIKE_OPERATOR, false);
    ISearchResult searchResult = userFactory.searchUsers(searchFilter);
    while (searchResult.hasNext()) {
      String userID = (String)searchResult.next();
      IUser user = userFactory.getUser(userID);
      String email = user.getEmail();
  } catch (UMException e1) {
    //error handling

  Update. I uploaded the wrong file the 2nd time. When I changed the XML file to 'bind' theAD field to the 'email' UME field, my code did return the AD value when I did
  user.getEmail();
  However, I'm still not able to get the AD field bound to any other UME field that wasn't part of the default XML file.
  Is there something else I need to do besides adding the tags I described in my original entry?
  Thanks