Any version od IDSync supports user deletion from AD to DS

Hi,
I would like to know that any version of IDSync supports deletion of users in AD to be synced with DS 5.2. We use Version - 1 2004Q3
Build - 2004.259.1055 with Win2k3 AD. if it is there how to go about implementing it in a production environment.
shaji

hi,
i don't know if this is the recommended way but we have a cron job running
where we check for deleted AD acounts:
<IDSYNC_INSTALL_PATH>/idsync resync -D cn=<LDAP_MANAGER> -w <LDAP_MANAGER_PW> -h <LDAP_SERVER_HOST> -p <LDAP_PORT> -q <IDSYNC_CONF_PW> -s <ROOT_SUFIX> -x -o Windows -i ALL_USERS
hope it helps

Similar Messages

Hey guys i just wanna ask you if you know any way how to recover pics deleted from my camera rol and photo stream, i deleted accidentally without backing it up on icloud, any ideas how i can get it back

hey guys i just wanna ask you if you know any way how to recover pics deleted from my camera rol and photo stream, i deleted accidentally without backing it up on icloud, any ideas how i can get it back

If you deleted them from both PhotoStream and the camera roll, and you don't otherwise have them backed up, they're gone.

Problem with tab access after user deleted from group

9ias version 9.2.0.1
There seems to be a problem (potential bug???) when deleting a user from a portal group. I have a portal page set up with multiple tabs. These tabs can only be accessed by users belonging to certain portal groups. When i add a user to a group, the user sees the necessary tabs when authenticated. However, if i delete this user from the group there is a problem. When the user re-logs into portal, they will see all the tabs belonging to the group they were deleted from. However, when they select this tab nothing happens and the portal goes into a state of flux (doesn't navigate). One way to resolve this is to go in as a portal admin, edit any tab and select apply. The portal then seems to refresh.
This solution isn't practical. Is this a bug? Is there a patch or another solutions??? Thanks

Hi Turloch! Thanks for your help!
Those SQL Statements were extracted from the MS Access application that we will continue to use to access the data , now on an Oracle Database.
I don't know what I can do to make this kind of statements works as it is on Access database. The first query, that I called Query1 works fine on Oracle, I just mentioned it because the 2nd Query , named Query2, use it.
I'm not able to understand why when I change the 1st. query to a "make-table" query the Query2 works as desired, but if I keep the Query1 and Query2 as it is on the MS Access Application I got the ODBC error message and the ORA-00904 error message , related (I think!) to the FieldTmp field used on the LEFT JOIN statement (AND).
As I told before, if I change the AND clause to compare to another field, as instance, field1 :
FROM Query1 LEFT JOIN Table3
ON (Table3.field1=Query1.Field2) AND
(Table3.field5 = Query1.Field1)
it works.
Please, is there anything that I can do to keep the MS Access Application unchanged?
Oracle = 8.1.6
Oracle ODBC Driver = 8.1.6.4
Oracle Migration Workbench = 1.3.1
Thanks in advance,
Elaine Viel Denadai

User deleted from EBP

Hello Experts,
Below is the scenarion: (SRM 4.0 classic)
User A created few SCs.
Before all the SCs were completed(closed), the User A got deleted from the system
Now we recreate USER A with same ID again, and assign him/her to Org. Str.
User A, now cant access earlier raised SCs by him/her.
Could anyone suggest any way by which USER A can access all his earlier SCs. Or accessing earlier SCs is not possible?
Thanks,
Dhananjay

Hi Dhananjay,
Have a look at the below threads for some pointers:
Re: User X must not be deleted ? ;-)
Re: Changing the SC creator
How to Replace GUID inside table CRMD_PARTNER
Changing the owner of a shopping cart
BTW if the carts created by this users are closed,why do you need to access them now using this same user?

Support software deleted from phone

I have updated the software on my phone but now the PC suite support software is deleted from my phone. I have tried the help>restore support software but it doesn,t do anything so i can't transfer music, applications etc. from my phone or to my phone. Please help!!!

Hi rash101
What phone model is this and are you using PC Suite v6.86?
Happy to have helped forum in a small way with a Support Ratio = 37.0

User deletion from OIM

hi guys.. I have the following doubts.. kindly help me out
1)Is it true that no actual deletion of any user record takes place in OIM and they are just disabled.If that is the case suppose any new joinee joins an organization wit the same name as that of an employee who has left wont there be any conflict between the two records?
2)We all know that recon is possible from AD to OIM.Now if sur name of an employee is changed in SAP(trusted authoritative source), how is this change reflected about in AD provided provisioning has already taken place?

Hi,
There are a lot of tables associated with users that would need to be touched to delete an ex-employee, as that means that you need to delete all tasks associated with that employee (ie requests, provisioning processes, reconciliation data, etc).
Deleting employees might also affect the audit trails of other things. Let's say, for example, that someone submitted a request for 3 employees. One leaves the company, but 2 stay on for 10 more years. If you try to delete the first employee, the request's audit record becomes invalid. You need to keep that employee's key around.
To improve the performance of the database, it is best to look at other data that should be archived (as opposed to employees), like reconciliation data (I believe that can be archived now with the new 9.0.3 database tuning examples), User Audit data, and perhaps old processes that are no longer necessary. BTW, the biggest tables are always the RCD/E (recon tables), SCH (task table), and the UPA (user audit) tables.
Deborah

Do any versions of FF support the use of Lenovo's ThinkVantage Password Manager s/w and fingerprint scanner?

Lenovo Edge 15" laptop running Windows 7 (64 bit) and using Thinkvantage Password Manager Ver 3.20.0330 and TouchStrip Fingerprint Sensor (UPEK).
The password manager is to set to restrict logins to websites to fingerprint but when logging into websites I am not given the option to use the fingerprint reader -(the login info stored in the P/W manager is entered and login takes place). I have seen elsewhere that FF 3.6 has problems supporting this combination and wonder if any earlier versions of FF would be suitable or if FF 4 is likely to support it.
Any help would be appreciated

Kent1968
I would recommend, if you have it set, to go to a restore point before you uninstalled the password manager version that did not give you a problem and not use the new version until this bug is resolved.
If the fingerprint light is not showing up, then it is probably not limited to you and I hope Lenovo checks it out.
Too bad the newer version seems to load slowly - I will check it out as well.
jEdgar

Any news about book support? (either from adobe or 3th party)

So far I have only made 2 books using lightroom and the software from my publisher!
And the books have turned out very nice, BUT the workflow has been hell! :(
So when you see something like this:
http://www.apple.com/aperture/tutorials/#publishoutput-book
You just want to cry, trust me if I was not forced to use windows, I would probably buy aperture just to make books ... lol
but someone PLEASE tell me that adobe or someone else is working on a way to do this in lightroom ??? :)

See Ian's note on Books here:
http://www.computer-darkroom.com/lightroom_2_beta/lr-2_2.htm
Specifically:
"Print quality from Lightroom has always been highly regarded, but the absence of: Soft Proofing, Output Sharpening, Print to File, Print Packages and Books meant that some users had to look elsewhere when preparing their work for print. With the release of Lr2beta we have good news and bad news. The bad news is that Soft Proofing and Books are not included, and it's highly unlikely that either will be included in the final version. Whether the inclusion of the others is sufficient to offset user disappointment is another matter."
As Jeff was saying in the Aperture thread... Apple wants you to buy a Mac so you can use something as nice as Aperture ;-)

Checking delete datafile's log from oracle i.e. deleted from root user.

Can any body help me finding the log for checking any trace for datafiles that are deleted from root user in hp-ux server ( and the sys log has alredy been modified by root user ).
So is there is any way to check through database or server level to check the trace of deleted datafiles files log.

user13390258 wrote:
Thanks, In our project we are using finace 7 application and as it does't support hot backup so we are doing cold backup of database. Through HP RSM software. And we do not have RMAN backup also. Actually i am not geeting proof to show that file has been deleted from ROOT user.I don't know what a "finace 7" application is, but your assertion that it doesn't support a hot backup makes no sense. A backup of the database, and how it is accomplished, should be of no concern to the app.
As for your statement "we don not have RMAN backup also" ... well, it looks like now you are seeing the cost of that decision. One would hope that once you get through this crisis you would take it upon yourself to institute proper database backups, because - as the dBA - your first and most important job is to insure the security of the database. I never depend on any backup scheme anyone else claims to have in place. If they want to do something they claim will backup the database, fine. But I know that when the excrement hits the ventilation system, it's MY butt on the line to recover the database, so I am d*** well going to be taking rman backups.

Question on LDAP integration & user deletion

In the "Administration Console Help" Document it states:
"You cannot invite user accounts that are mastered in an LDAP-based user directory; these accounts are created automatically when you synchronize the LDAP directory."
Does this mean that after configuring a LDAP Realm, the users specified by the filter should be automatically pulled into OnTrack? I do not see ldap users when executing a blank search from the admin console. At this point, I also cannot log into OnTrack using a valid LDAP user. I was trying to see if OnTrack worked similar to UCM where the OnTrack user acct would be created once the user logs into the application.
What I can do is go to "Create User" and enter the email address for a valid ldap user. then I see that user in the full search. that user can also log in successfully.
I wanted to know what the expected behavior was: is there expected to be a required 'registry' of ldap users into ontrack before they can auth into the app? Is there some sync process that needs to be run to pull in the ldap users?
Also, is there any current best practice of user deletion? I see in the admin console that there is a note that states: "Note: User deletion is not supported."
As always, thanks for the info!
Thanks,
-ryan
Ryan Sullivan | ECMconsultant
http://www.ecmconsultant.net/

Ryan,
It sounds like you figured this out.
There is NOT an explicit sync of users from LDAP into On Track. The On Track user object is created when the LDAP user first logs in (or when added to a Conversation by another user). After that point, the user will be visible in the admin console. (Note, however, that from the client, you can search for an LDAP user and add them to a Conversation's membership even if that user has not yet logged in to On Track. It does this by searching for the user in the LDAP directory, as well as in On Track's known users. This is a great way to "invite" other people in the organization to participate in On Track.
As for your other questions:
- The recommended way to "delete" a user is to mark the user "Disabled" in On Track. This will prevent that user from logging in and from showing up as a valid user in the client.
- Once a user "[email protected]" exists, it should not be possible to create another "[email protected]" user, even if the first one is disabled, and regardless of which realm those users are in.
--Dan

Not deleting e-mails from BB when deleted from Inbox

Hi there -
I have one person with this issue out of 90+ on the server running just fine. I have a BB Curve 8310 (running version 4.5.0.110) which is not deleting any e-mails after the user deletes them from his outlook 2003 client. The reconciliation setting is set to Delete on Mailbox and handheld with mailbox wins for conflicts. The service provider is AT&T.
Does anyone have any idea as to why this is happening or what I can look at? As I said he is the only one with this issue and the BES server is running BlackBerry Manager version is 4.1. {Yeah I know this is old and I'm looking into how to upgrade the version.}
Any ideas or hints will be greatly appreciated.

Hello laydeedi and welcome to the forums.
Have you tested this using OWA?
Are tasks and memo's syncing properly?
Have a look at the below KB and run the test from OWA, not from the Outlook 2003 client.
KB15838
Title:
How to verify that wireless email reconciliation is working
correctly
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15838&sliceId=1&docTy...
Let me know the results!
SR
-SR
Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

How to change user password from default realm programaticaly

Hello,
I would like to know if there are any ways to change a users password from a file
realm through java classes ie . programaticaly.

Thank you for the support.
After looking at the code, I noticed RealmManager is not documented in the BEA
Javadocs. Am I missing something or is it not documented. Lot of other methods
also not documented. Do you have the latest Javadocs?
Thanks
John
"Tom Moreau" <[email protected]> wrote:
>
See message #4589 - it posts the code magic needed
to change the password. The caller doesn't have to
be aware of which realm is being used - that's taken
care of for you.
-Tom
"John M" <[email protected]> wrote:
Hello,
I would like to know if there are any ways to change a users passwordfrom
a file
realm through java classes ie . programaticaly.

Does Bridge 5.1 support RAW files from Nikon D600 ?

Does Bridge version 5.1 support RAW files from Nikon D600 ? latest available Camera Raw plugin 6.7 does not seem to recognize NEF fileds from D600

Yes, as long as you update your camera raw plug-in (ACR) to version 8.3 using Help / Updates… in the PSE Editor.

Users showing up in corporate directory that were deleted from LDAP/AD still

Has anyone seen this before?
CUCM 9.1.1a (9.1.1.20000) LDAP integrated with one directory.
There are a few users not listed in the end user directory anymore in CUCM, but on the phone corp directory and in Jabber you see these users still. The directory URL is pointing to the CUCM server and we have tried both servers in the cluster. They are not in the User Management -> End user list in CUCM at all any longer.
If we add a test user, they show up in the directory and when we delete the test user they go inactive and go away after 2-3 days when garbage collection job clears them out and the test user is no longer in the directory.
The users are no longer in LDAP anymore either. Is there a way to purge/refresh the CUCM directory? Not finding much in bug search tool yet.
If we remove the LDAP Directory and add it back think that may clear up something?

Same here...I found this solution for older version, but haven't had a chance to try it yet
Problem
A user is deleted from Active Directory but still appears in Cisco Unified Communications Manger as inactive and stays there in a delete pending state. This issue occurs in a Cisco Unified Communications Manager cluster synchronized with the Active Directory .
Solution
Complete these steps in order to resolve this issue.
Choose Cisco Unified Serviceability> Tools> Control Centre - Feature Services
Choose the IP Address of the publisher.
Restart the Cisco DirSync service.
If this procedure does not resolve the issue, complete these steps:
Garbage Collection can cause this issue, so check the logs to determine if it is invoked.
Make sure that the Dirsync service is active.
Check the DirectoryPluginConfig table in the Cisco Unified Communications Manager database to see if there is an entry with pkid 54c43f99-a561-4f3a-868d-26a5547445d9.
Note: The output of the run sql select * from DirectoryPluginConfig command confirms whether the Garbage Collector pkid is present in the DirectoryPluginConfig table when the DirSync service starts.
If the pkid is not present, open a case with the TAC Service Request Tool (registered customers only) and provide a remote support account so that TAC can update the DirectoryPluginConfig table to fix the Garbage Collection row.
Restart the DirSync service.

How to restrict the user(Schema) from deleting the data from a table

Hi All,
I have scenario here.
I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
Below is the example.
I have created a table employee in abc schema which has two values.
EMPLOYEE
ABC
XYZ
In the above scenario the abc user can only fire select query on the EMPLOYEE table.
SELECT * FROM EMPLOYEE;
He should not be able to use any other DML commands on that table.
If he uses then Insufficient privileges error should be thrown.
Can anyone please help me out on this.

Hi,
kumar0828 wrote:
Hi Frank,
Thanks for the reply.
Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
See the forum FAQ {message:id=9360002}
The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
USER != 'ABC'
OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
SELECT *
FROM    table_x
;what actually runs is:
SELECT *
FROM    table_x
WHERE   USER != 'ABC'
OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
;If you want to prevent any user from deleting rows, then the policy function can return just this string
0 = 1Then, if somone says
DELETE employee
;what actually gets run is
DELETE employee
WHERE   0 = 1
;No error will be raised, but no rows will be deleted.
Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

Any version od IDSync supports user deletion from AD to DS

Similar Messages

Maybe you are looking for