Assigned User Profile / AD groups /

I am new to SGD and trying to figuring out how to give permission to certain AD groups for certain applications.
I have two AD groups Info_Portal and Info_Survey and five applications let say App1, App2, App3 and App4. I would like App1 and App2 applications available to info_portal only and App3 and App4 available to Info_survy only.
I kind of got picture for assigne profile for applications but I am not clear how to created this new AD profile with in SGD.
Since I am new to SGD would prefer options through Admin console.
Thanks.
Habib.

Hi Matt,
Sorry, you must be wondering what happened to me. Well, I had an injury and end up taking LOA. Just came back to work.
Thank you for your suggestions. I went through the document and made required changes. I guess I missed something since I can’t login to SGD at all now.
Here is the output of:
# ./tarantella config list login-ldap login-ad login-nt login-nt-domain
login-ad: 1
login-nt-domain: orgds2.hs.uci.edu
login-nt: 0
login-ldap: not found
My krb.conf file is as follows:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = HS.UCI.EDU
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
HS.UCI.EDU = {
kdc = hs.uci.edu:88
admin_server = hs.uci.edu:749
UCI.EDU = {
kdc = kerberos.service.uci.edu:88
admin_server = kerberos.service.uci.edu:749
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
hs.uci.edu = HS.UCI.EDU
.hs.uci.edu = HS.UCI.EDU
uci.edu = UCI.EDU
.uci.edu = UCI.EDU
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
What did I miss?
Thanks again for all the help.
Habib.

Similar Messages

  • Assign User Profiles and Web Interface Transactions to Users

    Hi EM Gurus,
    Has anyone worked with not standard scenarios in SCEM?
    They are working well but I can't access them on interface web.
    In selection page (search page after logon), where choose tracking scenarios, only standard scenarios appear although I have assigned both scenarios to the user and made same configuration; Assigned and Defined Web Interface Transactions, Configured Fields for User Profiles, Defined User Profiles, Assigned User Profiles and Web Interface Transactions to Users.
    But only Standard Scenarios appear as choice of tracking scenarios that are displayed to the user as a dropdown box on the selection screen after logging on to the Web interface.
    Has anyone accessed not standard scenarios on interface web??
    Help, please!
    Thanks a lot.
    Rodrigo Freitas

    Hello Rodrigo,
    if you have assigned the scenarios to your user in transaction /SAPTRX/UCUSER you must go to the admin page and reload the profile manager.
    /admin in the URL of the WCL instead /ehsearch.
    Afterwards you should see them also in the drop-down box.
    Best regards,
    Steffen

  • Assigning User to a Group.

    Hi All,
    We have installed EP 7.0. We need to add the user "xxx" to the group "SAP_HR_LSO_DEVELOPMANAGER".
    We searched for the user "xxx" and click on modify button to edit the Assigned groups. But the Add button is disabled for the Admin.
    How to enable it ? & How to add the user to the group?
    Kindly provide your answers.
    Thank You.
    Regards,
    Eben.

    Hi,
    I hope the following links will help you,
    https://forums.sdn.sap.com/click.jspa?searchID=15809839&messageID=4604222
    Re: Add users to a group through programming
    Regards,
    Harish

  • Transaction VL10 - Assigning user profiles & scenarios to specific users

    Hi Experts
    I have define a user profile 'Z103' (a copy of 0103) and assigned it to a scenario '0103' via Logistics Execution --> Shipping --> Worklists in the Implementation Guide.
    I have also maintained paramenter Id 'LE_VL10_SZENARIO' and parameter value '0103' for the specific user via transaction 'SU3'.
    The result that i am getting for this user is a default role/profile 'Z103' which is correct and default scenario 'VL10' which i think is incorrect. I expected the default scenario for this user to be '0103'.
    Please advise if there is any missing config or master data.
    Thanks, Felix

    Hello Felix,
    The default parameter id LE_VL10_SZENARIO  .  
    Your settings:  
    LE_VL10_SZENARIO  =  '0103'  
    In transaction, VL10CUV  scenario '0103'  =  'Z103'
    Now if you run the VL10 transaction, by default the system takes the scenario '0103' automatically and determines the user role based on the assignment to the scenario in transaction VL10CUV.
    Yes, you are right the system shows the user role 'Z103' correctly but shows VL10 as scenario. This is because of the default parameter id used in SU3.  There is no mistake, and the program is hardcoded like that.
    You can see below the program details:
    You can see where the assignment takes place here:
    Main program     SAPLV50R_PRE
    Source code of   LV50R_PREF04
    PROFIL_DATA_COMPLETE
    Determine szenario name
      PERFORM szenario_determine USING    if_szenario
                                 CHANGING cx_list_profil-szenario.
    Kind regards,
    ALV Ramana

  • Sharepoint 2013 assign users to a group

    In a test sharepoint 2013 sandbox area that is setup for myself and runs in the cloud,  I am working with 3 test accounts.
    I would like to know how to assign these 3 test accounts to the same group.
    I would think I need this in a site mailbox.
    I am asking this question since this is my first project using sharepoint and no one else in my company is using sharepoint yet.
    Thus can you do the following:
    1. I would like to know how to assign these 3 test accounts to the same group hopefully in a site mailbox.
    2. How would I access this group when I am assigning the task using 'start a process'?

    you can achieve this using server side object model which fetches the data from server as below link:
    http://sharepoint.stackexchange.com/questions/104465/create-sharepoint-group-and-assign-permission-sharepoint-online
    http://www.c-sharpcorner.com/UploadFile/sagarp/programmatically-how-to-add-assign-user-to-a-user-group-in/
    you can achieve the same using client side object model which hits server only once using execute query method as below:
    http://www.c-sharpcorner.com/Blogs/8244/add-user-to-the-group-in-sharepoint-2010-using-client-object.aspx
    try this link for second question hope it wiil be useful:
    http://community.spiceworks.com/how_to/show/66248-restrict-a-sharepoint-task-to-its-assigned-user-group
    Please mark as answer if you find it useful else vote for it if it is close to answer..happy sharepointing

  • Please help with assigning user to a group in AD using dbms_ldap

    Dear gurus of Apex and LDAP!
    Please help me a bit.
    I managed to create any user in AD from Apex using dbms_ldap package and set many of his attributes. But I cannot set that my user belongs to specific group, let's say MY_GROUP. I guess the name of attribute for group is 'member' or 'memberOf', so I tried them both in the same way as I've done for other attributes:
    v_vals(1) := 'MY_GROUP';
    DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'member', v_vals);
    I've got LDAP client/server error: CONSTRAINT violation. 000020B5: AtrErr: DSID-031516FC, #1: 0: 000020B5:
    DSID-031516FC, problem 1005 (CONSTRAINT_ATT_TYPE), DATA 0, Att 1f (MEMBER)
    v_vals(1) := 'MY_GROUP';
    DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'memberOf', v_vals);
    I've got LDAP client/server error: DSA IS unwilling TO perform. 0000209A: SvcErr: DSID-031A0929, problem 5003 (WILL_NOT_PERFORM), DATA 0
    After that I've tried to extend group name to string, which is shown in LDAP browser for attribute 'memberOf' (when I've added it manualy):
    v_vals(1) := 'CN=MY_GROUP,OU=GROUPS,OU=Allianz,DC=allianz,DC=com';
    DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'member', v_vals);
    I've got LDAP client/server error: OBJECT CLASS violation. 0000207D: UpdErr: DSID-03150913, problem 6002 (OBJ_CLASS_VIOLATION), DATA 0
    v_vals(1) := 'CN=MY_GROUP,OU=GROUPS,OU=Allianz,DC=allianz,DC=com';
    DBMS_LDAP.populate_mod_array(v_array, DBMS_LDAP.MOD_ADD, 'memberOf', v_vals);
    LDAP client/server error: DSA IS unwilling TO perform. 0000209A: SvcErr: DSID-031A0929, problem 5003 (WILL_NOT_PERFORM), DATA 0
    I've also tried some other variants (without 'CN=' and without 'OU=GROUPS,OU=Allianz'), but still no success.
    Search of this forum and even google didn't help either :(
    Please, help me to find the correct syntax for it or tell me if it's not possible.
    Thanx in advance,
    Vladimir

    Vladimir ,
    firstly the attributes member and memberOf are special attributes in AD having a set of predefined values. Hence an error will be thrown if you try to assign them values like 'MY_GROUP'. There are two basic solutions to this problem : Either you define an OU in your AD which will act as your 'MY_GROUP'. This is a quick fix solution and is not robust at all. The other solution is to add your own property in the tree , something like 'roleCode', you can then assign it any value you want.
    But the problem now is, AD does not allow addition of new attributes in the structure. You have to use ADAM in for this and you can specify a common linking mechanism between AD and ADAM now such as email address can act as the link between both the directories.
    Hope this helps
    Shantanu

  • Trying to assign User to ADS-Group

    Hi,
    i'm trying to assign a User to an ADS group using the script "sap_getGroupDN".
    Unfortunately the mskey given to that method is the mskey from the user and not from the group.
    Any suggestions or ideas?
    How managed you that case?
    Kind regards,
    Achim Heinekamp
    CONET Solutions GmbH

    Hi folks,
    it seems I'm having a very similar problem to Achim, although the sympton is a little different. When I run the task to assign a role (1 AS ABAP, 1 AS Java and 1 AD OU) on the task AssignUserToADSGroupI get an error message that reads:
    PrivDN: !ERROR:No such attribute
    I've assigned the privelege to the role, and it seems to recognize that and create the user, however...the groups don't get assigned.
    The full output s below:
    <?xml version="1.0" encoding="UTF-8"?>
    <mx:EMSLOG xmlns:mx="http://www.maxware.com/EMS">
    <mx:GENERAL>
    <mx:DATE>21.07.2009 20:57:41</mx:DATE>
    <mx:VERSION>DSE.JAR version: 7.10.02.0 Built: 01.07.2009 15:49:23 (c) Copyright 2008 SAP AG. All rights reserved.</mx:VERSION>
    <mx:MACHINE>clklabvm3-disp01</mx:MACHINE>
    <mx:JOBID>045EB0C2-E35B-4AD7-8D0A-84B51594EAAF</mx:JOBID>
    <mx:WORKAREA>C:/Program Files (x86)/SAP/IdM/Identity Center/Jobs/045EB0C2-E35B-4AD7-8D0A-84B51594EAAF</mx:WORKAREA>
    <mx:JOB>jdbc:sqlserver://clklabvm3\idm:1988;responseBuffering=full;encrypt=false;databaseName=mxmc_db;selectMethod=direct;trustServerCertificate=false;lastUpdateCount=true; - MACHINE:clklabvm3-disp01</mx:JOB>
    <mx:PRODUCT>Provisioning</mx:PRODUCT>
    <mx:CUSTOMER>SAP customer : f9c1c5cd66189d133765ac44ea6c127a</mx:CUSTOMER>
    <mx:TIMEUSED>5</mx:TIMEUSED>
    <mx:NERRORS>0</mx:NERRORS>
    <mx:NWARNINGS>3</mx:NWARNINGS>
    <mx:NENTRIES adds="3" mods="0" dels="0" noops="0" markdels="0">3</mx:NENTRIES>
    </mx:GENERAL>
    <mx:PASSES>
    <mx:PASS name="Job Initialization" title="Messages that occurred before the job was loaded" type="init" seq="0">
    <mx:MESSAGES>
    <WARNING seq="1">
    <mx:TEXT>Failed loading JDBC Driver class com.microsoft.jdbc.sqlserver.SQLServerDriver</mx:TEXT>
    <mx:TEXT>java.lang.ClassNotFoundException: com.microsoft.jdbc.sqlserver.SQLServerDriver</mx:TEXT>
    </WARNING>
    <WARNING seq="2">
    <mx:TEXT>Failed loading JDBC Driver class com.sap.dbtech.jdbc.DriverSapDB</mx:TEXT>
    <mx:TEXT>java.lang.ClassNotFoundException: com.sap.dbtech.jdbc.DriverSapDB</mx:TEXT>
    </WARNING>
    <WARNING seq="3">
    <mx:TEXT>Failed loading JDBC Driver class org.gjt.mm.mysql.Driver</mx:TEXT>
    <mx:TEXT>java.lang.ClassNotFoundException: org.gjt.mm.mysql.Driver</mx:TEXT>
    </WARNING>
    <WARNING seq="4">
    <mx:TEXT>Failed loading JDBC Driver class oracle.jdbc.driver.OracleDriver</mx:TEXT>
    <mx:TEXT>java.lang.ClassNotFoundException: oracle.jdbc.driver.OracleDriver</mx:TEXT>
    </WARNING>
    <WARNING seq="5">
    <mx:TEXT>Failed loading JDBC Driver class COM.ibm.db2.jdbc.app.DB2Driver</mx:TEXT>
    <mx:TEXT>java.lang.ClassNotFoundException: COM.ibm.db2.jdbc.app.DB2Driver</mx:TEXT>
    </WARNING>
    <WARNING seq="6">
    <mx:TEXT>Failed loading JDBC Driver class COM.ibm.db2.jcc.DB2Driver</mx:TEXT>
    <mx:TEXT>java.lang.ClassNotFoundException: COM.ibm.db2.jcc.DB2Driver</mx:TEXT>
    </WARNING>
    <WARNING seq="7">
    <mx:TEXT>Failed loading JDBC Driver class COM.ibm.db2.jdbc.net.DB2Driver</mx:TEXT>
    <mx:TEXT>java.lang.ClassNotFoundException: COM.ibm.db2.jdbc.net.DB2Driver</mx:TEXT>
    </WARNING>
    </mx:MESSAGES>
    </mx:PASS>
    <mx:PASS name="6D5485D1-2CF6-4E5B-9972-7141CB9051EA" title="AssignUserToADSGroup" type="ToLDIF" seq="1">
    <mx:MESSAGES>
    <mx:WARNING seq="1">
    <mx:TEXT>PrivDN: !ERROR:No such attribute</mx:TEXT>
    <mx:ENTRY/>
    </mx:WARNING>
    <mx:WARNING seq="2">
    <mx:TEXT>PrivDN: !ERROR:No such attribute</mx:TEXT>
    <mx:ENTRY/>
    </mx:WARNING>
    <mx:WARNING seq="3">
    <mx:TEXT>PrivDN: !ERROR:No such attribute</mx:TEXT>
    <mx:ENTRY/>
    </mx:WARNING>
    </mx:MESSAGES>
    <mx:DELTA>0</mx:DELTA>
    <mx:TIMEUSED>2</mx:TIMEUSED>
    <mx:NENTRIES adds="3" mods="0" dels="0" noops="0" markdels="0">3</mx:NENTRIES>
    <mx:NERRORS>0</mx:NERRORS>
    <mx:NWARNINGS>3</mx:NWARNINGS>
    </mx:PASS>
    </mx:PASSES>
    </mx:EMSLOG>

  • Problems with assigning user to Purchase Group

    Hi all!
    I'm trying to set-up standard workflow WS 20000397 - Handling invoices blocked due to price.
    Somehow I left something out as nothing is sent to my inbox when a invoice is blocked.
    It starts fine but it can't find and agent when I check the log.
    I've created an org. structure with a company, that has one organizational unit under it.
    To this I've assigned a position and thereafter a user to this with my user ID.
    Then I've created an assignment in PFOM whera I assigned SO T024 001 (Purch. Group 1) to my newly created Position.
    I have found Purch group 001 using F4 so no mispellings could be the case.
    In the container I can see that it has found the correct purchasing group (001) with my created position (the S-code for the position is even shown as an agent in the container)
    Any suggestions would be appreciated.
    Regards,
    //Roland
    Edited by: Roland Persson-Aglert on Dec 4, 2008 5:03 PM

    Hi!
    I'll paste the message below, I although found out that I had checked wrong TS, so I checked TS20000661 in PFTC and is set to "General forwarding allowed".
    No agents found for this task -> long text
    Message no. WO590
    Diagnosis
    The system could not establish any agents for the task underlying this work item.
    The key of the task is: TS20000661
    The key of the work item is: 000000404120
    System Response
    The system cannot assign work item 000000404120 to any agents - the work item does not appear in anyone's Business Workplace.
    Procedure
    Assign possible agents to task TS20000661 or declare the task as a general task.
    Refer to your workflow system administrator.
    //Roland

  • Two issues in assign of profile and  group

    in FTREXT_ASSIGN, there is Z001 profile and Z003 BP group, may I know in SPRO, where can we find the definition of those Z001 and Z003?
    I maintain profile and BP group for one business partner, I only add profile to product type 901/buy transaction, after save and come back, I realized
    I forget product type 902, 903, but in in FTREXTASSIGN, I find I can't add more product type, there is no "+" button at the right panel, how to add profile to additional product type for that BP?

    we don't have authorization issue,
    I'm saying:  I forget product type 902, 903, but in in FTREXTASSIGN,
    once it has been maintained, you can't add more product type
    there is no "+" button at the right panel, how to add profile to additional product type for that BP?

  • Assigning Users to Groups on LDAP thru EP

    Hi,
    I have configured EP6 SP7 with multiple LDAP(MS-ADS)servers. I can read/write the groups and users to LDAP through EP. But i cannot assign the users to groups through Enterprise Portal. Also if i assign users to a group in LDAP on LDAP server itself, these assignments does not show up in the portal. do i have to configure my dataSourceConfiguration_multiLDAP_db.xml file? if so then which parameter?
    Please advise.
    regards,
    Hassan

    Dear Hassan,
    Need a clarification. If users are assigned to a group in LDAP, Can you see the same thing reflecting in portal?
    I have configured LDAP as UME and I am able to see a group of LDAP appearing in Portal. But when I see the list of users assigned to this group, its empty.
    Any clues or suggestions.
    Regards,
    Sreeram

  • How to use UME API to assign user to group ?

    Hi all:
        I would like to write one jsp/ webservice to assign user to one group . Is there some example code ?
        the function can have 2 import parameter, userid, groupid, after the function is executed, the user and group is assigned
        Thanks a lot.

    Hi,
    Code is IGroupFactory     grpfact               = UMFactory.getGroupFactory();
              IUserFactory     userfact          = UMFactory.getUserFactory();
              IGroup               group               = grpfact.getGroup("GRUP.PRIVATE_DATASOURCE.un:Leave Pilot");
              IGroupFactory     grpFact               = UMFactory.getGroupFactory();
              int                nUserListSize     = strUsersList.length;
              for(int i=0;i<nUserListSize;i++)
                     IUser objUser = userfact.getUserByLogonID(strUsersList<i>);
                     grpFact.addUserToGroup(objUser.getUniqueID(),group.getUniqueID());

  • Bulk move users from one group to another in XI 3.1

    Hi all,
    I have a group that contains approximately 20,000 users. I now need to move around 7,500 of these users into a different group.
    How can I do this programatically in bulk as I don't want to go through and manually change the groups of 7,500 users?
    Thanks,
    Chris

    Hi Christian,
    Assuming you would need to move users from one group to another and remove them from the previous group, you could use the attached java code.
    To run the code, you would need to save it as .jsp file and paste it inside AdminTools application context.
    The pre-requisite to run this code is to create a Text file with all the 7500 user names in it. The text file should contain one user per line
    (example:
    User1
    User2
    User3
    You can get this information from query builder by running the below query
    Select top 20000 si_name from ci_systemobjects where si_kind='user'
    Initially do it for 2-3 users to text the results.
    You would need to edit the jsp and modify these three lines
    1.
                    * Assign user to a group
                   //Query for the group ID
                   boQuery = "Select SI_ID From CI_SYSTEMOBJECTS Where SI_KIND='UserGroup' And SI_Name='UserGroup name'";
    Above in SI_NAME, you would need to provide the usergroup name you want your users to be added to.
    2.
    if (boUserInfoObject.getGroups().remove(Group Id from which it has to be removed)) {
                            out.print("User removed from group successfully. ");
    Above you would need to provide the id of the group you want the users to be removed from(i.e the current group from where you want them to be moved).
    3.
    * Path to file containing User names.
    final String USER_FILE_PATH = "<Path of txt file from which list of users will be imported>";
    Above you need to specify the path of the text file which contains all the user names.
    Incase you require further assistance on SDKs, raise your concerns in the below space
    http://scn.sap.com/community/bi-platform/java-sdk
    Thanks,
    Prithvi

  • Unable to see Active Directory Groups in the User Profile Database after Profile Import

    ***Major Update - I have finally been able to get the direct attention of the folks responsible for the User Profile Service on the SharePoint Product Team.  Long story short, they have reproduced the error and identified as an actual mistake
    that needs to be fixed, so it is now officially in the bug pipeline and will be fixed.  The current estimate is some time in the summer.  They will keep me updated with timeframes, which I am allowed to share as time goes on.
    SharePoint Server 2010 Enterprise RTM. W2K8R2 w/multi-server setup:
    AD/DNS
    SQL 2008
    WFE
    APP
    Claims Mode Web App only using Windows Integrated Auth
    So, this was never a problem in 2007, and I didn't even realize it was a problem in 2010 until I started to build a solution that utilized my blog article:
    InfoPath - User Roles in Browser-Enabled Forms Using AD Groups.  I went to utilize the same web method of the same web service, but I noticed that no data was showing up at all.  Typically,
    the GetUserMembership/GetCommonMembership methods return the specified user's memberships: AD Security Groups, AD Distribution Lists, and SharePoint Sites (not SharePoint Groups, though).
    My user profile sync is working.  All AD users are pulled in with the proper profile data.
    "Users and Groups" is selected in the Synchronization Entities section of my Sync Settings.
    Security groups are working for permissions and audience targeting.  Confirmed my users are affected properly by the use of Security Groups.
    My query to the GetUserMemberships web method (and GetCommonMemberships) is running (not failing), but it's not returning anything even though my user is in some Security Groups and has explicit membership to multiple sites.
    The GetUserProfileByName method of the same UserProfileService.asmx web service
    returns all the regular profile data like expected, so the web service works and my profile database is populated
    Basically, I'm not seeing my AD groups or any membership data populated in the profile database.  I did use MIISCLIENT.exe to see what I could find, and here is what I saw:
    Using the Metaverse Search, I searched for the "person" type and saw all of the users in my profile sync connection (single OU)
    Using the same tool, I searched for the "group" type and saw nothing, but the message said 4 items were retrieved
    I realized that the only column showing was displayName, and they were blank, so I added other columns to be sure
    objectGUID, objectType, distinguishedName all showed values, and I could now see all the Security Groups from the OU where I'm doing my profile sync
    My "person" objects all have displayNames showing but none of the groups do.  In SharePoint, the GetUserMemberships method relies on displayName and accountName, but neither are coming through the profile import
    So, it does seem like the groups are coming in with the profile import, but I can't see them.  I also can't verify that the groups are being associated with my users in the profile database, because doing a query to the membership methods returns nothing...not
    even blank rows.
    ***Edit:  New information!  Regular AD Distribution Lists _do_ work properly.  I just never bothered testing them until folks on my blog notified me.  DLs come through the profile sync, are visible in the profile database, and show up
    when using the GetUserMemberships method.
    ***Edit: Ok, now we're getting somewhere.  I checked my last profile sync with the MIISCLIENT, and this is what I found:
    Here are the properties of my Distribution List:
    Here are the properties of my Security Group:
    Notice that the groupType value of the DL is a normal integer (2), but the groupType value of the SG is some crazy negative number.  Both types are still lacking DisplayNames for some reason, but when I retrieve the DL via GetUserMemberships, it DOES
    show the proper DisplayName despite nothing showing in the MIISCLIENT.
    SharePoint Architect || Microsoft MVP ||
    My Blog

    Hello Clayton,
    I have same problem with SP 2010 and now I am testing SP 2013 and seems that the problem still.aa
    Probably I have some configuration problem, but all seems work, except this.
    SharePoint 2013 has no improvements on this. Until seeing this thread, I thought it was an issue within my farm configuration or AD Service account for User Profile Sync. And I've dug far and wide for any other possible settings which would prevent users
    from populating in the site people-picker. This might be flagged as off-topic, but I'll beg differ. How can I expect SharePoint to retrieve AD Users and Groups for accuracy in the sites which rely on this server??? Frustrating. I've spent hours and days on
    this! I have 3 SP2013 farms with multiple clients (different OU's/containers and security groups). Testing in a separate QA DEV farm with the same config. NO luck yet!
    This is where I'm at with it (posted this as a question recently on SharePoint Stack Exchange):
    "Help.... Please.... Users from AD groups are not populating in the site people picker. I've set up a SharePoint 2013 site collection permissions group with only AD groups in it, no users added directly. Whether or not I give this SharePoint group permissions
    to the site content, I still get none of the AD users showing up in the people picker. I have done the iisreset after adding the groups.
    I've checked all of the people picker properties in stsadm to be sure there are no constraints in effect on the web app or site collections.  User profiles are synching and I've tried both AD import and User Profile Sync.  The AD groups are security
    groups, though not email-enabled.  The AD service account has all the special permissions. My web app is claims based. My app pool runs with Network Service account.  No policies in place to restrict users, checked CA and the site collection settings.
    What am I missing? I've read in multiple places that this is a supported/working config. So why can't I get these users to populate in people picker for things like Assigned To in a tasks list, or attendees of an event? "
    There is some pretty good insight here, but no real hope:
    User profile
    synchronization: importing users and security groups in SharePoint 2010
    Other Properties that I checked, before realizing this was an issue with the Profile Import...
    stsadm -o getproperty -pn siteuseraccountdirectorypath -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-activedirectorysearchtimeout -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-distributionlistsearchdomains -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-nowindowsaccountsfornonwindowsauthenticationmode -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-onlysearchwithinsitecollection -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-searchadcustomfilter -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-searchadcustomquery -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-searchadforests -url https://URL
    stsadm -o getproperty -propertyname peoplepicker-serviceaccountdirectorypaths -url https://URL
    Hope we find a better answer, as it IS very misleading. User Profile Import specifies Users, or Users and Groups. Nothing is said about Containers or Distribution Groups, worse yet there lacks any clear disclosure about how "Groups" will not
    actually import if they are a Global Security Group and the users contained within them exclusively will NOT be included in your profiles,
    nor in any compiled Audiences. Which was another BIG bummer!
    I'm hoping to see future improvements on the Group imports.

  • How to create groups and assign users thru program

    Hi,
    I am planning to create groups by program and assign users to them based on some condition.Once users are assigned to those groups we need to change the Language value for those users in User profile
    We are using Central User Administration.
    Please let me know the solution
    Thanks
    Bala Duvvuri

    probably you can use this code to create a group
    IGroupFactory groupFact = UMFactory.getGroupFactory();  
    IGroup group = groupFact.newGroup(wdContext.currentContextElement().getGroup()); 
       group.commit();
    for this required com.sap.security.api.jar

  • Rellease code assignment to the users profile

    Hi Experts,
    I have created Release strategy with the three release codes.
    How to assign these three relase codes to the respective users profile.
    Kindly explain ASAP.
    Thanks in advance
    Regards
    KRK

    Hi,
    PL take help of Basis person and ask him to create role -
    Add release Tcode in roles e.g. ME28, ME29N,
    And give authorisations in below objects -
    M_BEST_BSA <OBJ> Document Type in Purchase Order
    M_BEST_EKG <OBJ> Purchasing Group in Purchase Order
    M_BEST_EKO <OBJ> Purchasing Organization in Purchase Order
    M_BEST_WRK <OBJ> Plant in Purchase Order
    M_EINK_FRG <OBJ> Release Code and Group (Purchasing) - In this object give Release code and release grp authorisations.
    Then attach the role to user.
    regards,
    Rakesh

Maybe you are looking for