Automatically create users in SharePoint based on Active Directory OU

Similar Messages

• Need to automatically add newly created user account in an existing active directory group.

  Hi All ,
  In my  environment we are having window server 2012 active directory environment.We need to have the newly created active directory user account to get added automatically to the existing active directory group after that new user account creation.
  Please tell us the possible ways to achieve this scenario.
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

  Hi,
  Can you please confirm your requirement,
  When you create a new user account in AD, based on the user's property like Department, Job or Location, the user need to be added to your specific AD groups?
  Regards,
  Gopi
  JiJi
  Technologies

• How to create two domains name in one active directory domain service .server 2012 ??

  Hi there 
  I want to try sharepoint foundation and office web apps server .
  I installed server 2012 sharepoint found 2013 sql server 2012 and create a new forest on active directory domain sevice 
  now I want to install office web apps server 2013 but when I run the setup said me can't install office web apps server on the domain name that installed sharepoint .
  how can I create second domain name on this active directory domain service to install office web apps server ?
  help me please I'm new and just want to try sharepoint and office web apps server .
  mostly I need to create MS access custom web app and I need the web place to run my access custom web app on this server and because I live in iran can't create and sign up for office 365 and sharepoint online so i'm forced to run them on my system .help
  me to complete ths server ?
  Greate Regards :
  Raha
  whit the best regard : Raha

  Hi,
  For how to Use Office Web Apps with SharePoint 2013, the below links should be what you want to refer to:
  Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431687.aspx
  Video: Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/dn455088.aspx
  How Office Web Apps work on-premises with SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431685.aspx
  In addition, for further assistance for Sharepoint, I suggest you post in the SharePoint forum.
  Regards,
  Yan Li
  Regards, Yan Li

• Can you authenticate user/password from SAP to Active Directory

  I don't want to implement SSO for ABAP because my company doesn't have the license for  "SAP NW Single Sign-On"; but we would like to authenticate our users and their passwords to active directory.  Our goal is to make sure the user/password in SAP is the same as their Active Directory user/password.  Is this possible?
  Thanks!

  This has been discussed many times, for example see SSO with LAN UserID/Password. The short answer is no, you can't synchronize passwords. You can however achieve the requirement assuming you are using Identity Management to provision users and passwords to all systems (AD, SAP, etc). In that case you will have to deal with users changing their password. Recommendation is to enable SSO. If you don't want to get licenses for NWSSO, try to look at other options (X.509 certificates, SPNEGO in AS JAVA and then issue a Logon Ticket, 3rd party solution, etc).

• Automatically create users (SU01) from organization (0105)

  In our organization, we will have the user id populated in the 0105 record.  How do I have the system automatically create the user record (SU01) from the 0105 record?  I have looked at the HRUSER transaction, but I don't understand how to run that.  Wondering if: a) other companies have done what we are trying to do, and if so, did they use HRUSER, and b) if HRUSER was used, do you have a clear step-by-step on how you use it?
  Thanks in advance!

  1) I have a client that create a subscreen for infotype 0105.
  This has a button to automatic create the user.
  2) HRUSer:
       If you have employees who do not have SAP users, first create SAP users for them and then authorize them to use SAP ESS.
       In the Set Up and Maintain ESS Users (Overview) screen, choose:
  u2022     Employees without users.
  If you choose Background, the Attributes of Users to be Created screen appears.
  If you choose Overview, the Create Users for Persons screen appears.
  u2022     Select a person and choose Create User. The Attributes of Users to be Created screen appears. Choose Execute.
       You must decide how you would like your employees to log on to SAP ESS.
       The user group ESSUSER is a fixed user attribute. It is used to distinguish between SAP ESS users and other system users, such as administrators.
       You can change user attributes in the Set up and Maintain ESS User (Start) screen. In the Attributes of Users, you can modify the Password field. The default is INIT. In the User Group field, the entry ESSUSER is fixed. You cannot change this because it is important to differentiate users authorized for SAP ESS from other users. In the Role field, the SAP role (which you have copied into your namespace) is the default.
       SAP delivers a user exit, which you can use to determine your own password routine and user name. SAP delivers user exit Exit_saplehus_001 as part of the HRESSW4 enhancement. This user exit enables you to change the name and password that the user installation tool creates for each SAP ESS user that is generated.
       Existing users keep their attributes, such as user group, password, date and decimal format and start menu. The existing setting are not overwritten.

• Automatically create user private library

  Hi,,
  I would like to know if it is possible to automatically create the Private Library in '/<domain>/Users/User-<letter>/' when provisioning a user or if the only possibility is to check the box 'Private Library' at the first user connection to Content Services ?
  Was it possible to automatically create the Private Folder in the previous OCS version ?
  Thanks for your response.

  Hi Don,
  I try the sample 1525014 - Sample C# .NET UFL and Localization Formula function. Register it with VS .NET by run install batch file. I can see DotNetSampleClassTestStringLength (name) and DotNetSampleClassTestTranslate (text, sourceLocale, destinationLocale ) under Additional Functions\Com and .NET UFLs (u212com.dll)
  When I did my UFL. It didn't success. I have
  1. Assigning a Strong-Name Key to the Class Library
  2. Adding the Assembly to the Global Assembly Cache
  3. Register UFL with VS .NET (using regasm)
  It success to adding the assembly to the Global Assembly Cache and register with VS.NET. What is my wrong
  Thank
  Chaiwat

• DBMS_LDAP adding user to security group on Active Directory

  Hi forum members,
  I am accessing and manipulating Active Directory using the DBMS_LDAP package and its API's.
  My initial code is to add a new entry in our MUsers group.After establishing the session and binding it , I supply the required credentials and the user , ex: 366944 is created successfully in the MUsers group which is a global users group.
  My package then calls another function to now add the same user to the MGroups group and under that the Researcher security group.
  When I do a search on the "Researcher" group this is the result : (I have deleted a few irrelevant entries)
  ATTIBUTE_NAME: objectClass = top
  ATTIBUTE_NAME: objectClass = group
  ATTIBUTE_NAME: cn = Researcher
  ATTIBUTE_NAME: member = CN=3,OU=MUsers,DC=xxx,DC=yyy
  ATTIBUTE_NAME: member = CN=2,OU=MUsers,DC=xxx,DC=yyy
  ATTIBUTE_NAME: member = CN=1,OU=MUsers,DC=xxx,DC=yyy
  ATTIBUTE_NAME: distinguishedName =
  CN=Researcher,OU=MGroups,DC=xxx,DC=yyy
  ATTIBUTE_NAME: instanceType = 4
  ATTIBUTE_NAME: whenCreated = 20100315150614.0Z
  ATTIBUTE_NAME: whenChanged = 20100322172413.0Z
  ATTIBUTE_NAME: uSNCreated = 97190
  ATTIBUTE_NAME: uSNChanged = 102960
  ATTIBUTE_NAME: name = Researcher
  ATTIBUTE_NAME: objectGUID = ?P??|F?
  ?Q?'
  ATTIBUTE_NAME: objectSid =
  ATTIBUTE_NAME: sAMAccountName = $1B1000-EVVA2O0MRRBE
  ATTIBUTE_NAME: sAMAccountType = 268435456
  ATTIBUTE_NAME: groupType = -2147483646
  ATTIBUTE_NAME: objectCategory =
  CN=Group,CN=Schema,CN=Configuration,DC=xxx,DC=yyy
  My add_in_group function is : (I am hardcoding certain values for simplicity)
  FUNCTION add_in_group
  (ldap_session dbms_ldap.SESSION
  RETURN PLS_INTEGER
  IS
  lv_vals dbms_ldap.string_collection;
  lv_array dbms_ldap.mod_array;
  ln_retval PLS_INTEGER;
  l_group VARCHAR2(256);
  BEGIN
  -- Initialize the varray for the modify command
  lv_array := dbms_ldap.create_mod_array(10);
  IF lv_array = NULL THEN
  dbms_output.put_line('Error add_in_group: lv_array not initialized.');
  NULL;
  END IF;
  dbms_output.put_line ('lv_array successfully initialized');
  -- Populate the varray
  lv_vals(1) := 'CN=366944,OU=MUsers,DC=xxx,DC=yyy';
  dbms_ldap.populate_mod_array(lv_array,DBMS_LDAP.MOD_ADD,'member',lv_vals);
  --Populate the object class variables
  lv_vals(1) := 'group';
  BEGIN
  DBMS_LDAP.populate_mod_array(lv_array,DBMS_LDAP.MOD_ADD,'objectclass',lv_vals);
  EXCEPTION
  WHEN OTHERS THEN
  DBMS_OUTPUT.PUT_LINE('Populating object classes failed');
  END;
  --BEGIN
  -- Group Modification
  l_group := 'cn=Researcher,OU=Mgroups,DC=xxx,DC=yyy';
  BEGIN
  ln_retval := dbms_ldap.modify_s(ldap_session, l_group, lv_array);
  --EXCEPTION
  --WHEN OTHERS THEN
  --dbms_output.put_line ('Error in modify_s ');
  END;
  -- Free the varray
  dbms_ldap.free_mod_array(lv_array);
  RETURN ln_retval;
  EXCEPTION
  WHEN OTHERS THEN
  dbms_output.put_line('add_in_group : '|| SQLCODE||' '||SQLERRM);
  RETURN -1 ;
  END add_in_group;
  My error is :
  ORA-31202: DBMS_LDAP: LDAP client/server error: Already exists. 00000562:
  UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0
  The error descriptions reads like this :
  Indicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists.
  In this case , I am using the modify_s operation.I am supplying the credentials of the researcher group and trying to set the 'member' attribute as the user already existing in a diff group(MUsers).
  The researcher group already has 3 uers , namely ,1,2 and 3 as members . These users are also part of MUsers group.
  Hence I am not trying to rename any entry to the name of an entry that already exists.
  Any help on this would be appreciated.

  Hi,
  I tried the same code that you have mentioned and did some changes as follows and now able to add members to a group.
  remove the section that contains the following commands, then it will work
  h5. lv_vals(1) := 'group';
  h5. DBMS_LDAP.populate_mod_array(lv_array,DBMS_LDAP.MOD_ADD,'objectclass',lv_vals);
  Thanks & Best Regards,
  Indika

• Recon and provisioning of user-defined object class ICF Active Directory

  I have followed the documentation instructions for reconciliation of a user-defined object class in the ICF Active Directory connector. I am using OIM 11gR2 with the ICF Active Directory 11.1.1.5 connector patched to 11.1.1.5.0A. The procedure states to create the new object class in AD and then change the objectClass value in the Lookup.Configuration.ActiveDirectory lookup. In my case I am using the existing ObjectClass of contact, rather than a new object class. Just for completeness I am using a clone of the AD User Resource Object which I call AD User Contact and so my lookup name is Lookup.Configuration.ActiveDirCon.
  When I changed the ObjectClass from User to Contact, and ran the Active DirCon User Target Recon scheduled job, with Object Type also = contact. The first issue I noticed was that the connector wanted a different set of lookups, which is not in the documentation. It is looking for a lookup in my Configuration lookup where code key=contact Configuration Lookup (which I should have expected since there are code keys for User, Group, and organizationalUnit). I added a line to the lookup where code key=contact Configuration Lookup and the Decode=Lookup.ActiveDirCon.CM.Configuration and then I created a new lookup by that name, assigning the 5 values to be the Lookup.ActiveDirCon.UM.xxx lookups. I did not see any need to create a new set of Lookup.ActiveDirCon.CM.xxx lookups with the exact same values.
  I re-ran the scheduled job and it ran successfully, but did not generate any Recon Events, even though I had objects in the OU and I have that same OU in the Lookup.ActiveDirCon.OrganizationalUnits lookup (from the Org Lookup Recon). Everything looks good but getting no results. Looked at the log file from the ConnectorServer and it is building the query properly and executing it properly with the correct syntax, getting no errors, but the SearchAndReturnObjects method is returning zero results.
  Looking to see if anyone has successfully reconciled in user-defined or other non-User objectClass objects from Active Directory, and if so, can you provide Lookup configuration and Connector Server information so I can troubleshoot.
  I resolved this issue by changing the recon lookups to a blank lookup called Lookup.ActiveDirCon.CM.ReconAttrMap and only added in the parameters that are used by a Contact object. Only populate the ReconAttrMap with parameters that exist for the custom object.
  Edited by: Keith Smith AptecLLC on Mar 27, 2013 6:31 AM

  Oracle Support answered this question via SR

• Checking to see whether a user exists in a Windows Active Directory

  I have a little java applet that has to run through a large list of users, and for one of its tasks, it has to check to see whether that user exists. Mostly this is the same as running with local users, with the one exception that I can't just check to see if a home directory exists.
  Right now I am checking the return code from "net user <username>", but executing this program for every potential user is extremely slow.
  Are any java facilities to deal with users on the local system? If not, does anyone else have any suggestions?
  Also, a note for any responses- I'm using java to get around the lack of any easy way to set up a good scripting environment on Windows. I have a completed tool, and I don't want to rewrite it.

  <sarcasm>
  I seem to remember this service - what's it called? Ah, Google. Yes.
  </sarcasm>
  Try http://www.google.com/search?q=java+active+directory+query

• How to create users with i18n characters in SunONE directory server?

  Was trying to create users and groups with i18n characters in SunONE directory server
  1. Started LDAP console using -l option
  2. Chaged the Locale to Japanese
  3. Entered few japanese character as username (meaning internationalization user name)
  4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
  5. to overcome with #4, for now, I typed english chars as the password
  6. Click OK to save the above username/pwd
  7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
  Has anyone ever created i18n user names in SunONE Directory Provider? Please help...

  Hi LostLad,
  Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
  Thanks in advance..

• Create users for teradata in ADAM / Acitve Directory

  Hi
  I was wondering if you could help me with the ability to create a user in AD / Adam? I am trying to write the powershell code to create users for Teradata connectivity. the manual process is to use adsiedit and create the users through groupof names class.
  This is what I have that is NOT working and was looking where to go from here.
  $dom=[ADSI]"LDAP://OU=Users,OU=dev,OU=tdev,dc=acme,dc=com"
  $obj = $dom.Create('GroupOfNames', 'CN=ASmith')
  $obj.SetInfo()
  any help would be greatly appreciated.
  Thank you
  John R Remillard 

  Hello,
  You should ask in the
  Windows PowerShell forum.
  Karl
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
  My Blog: Unlock PowerShell
  My Book:
  Windows PowerShell 2.0 Bible
  My E-mail: -join ('6F6C646B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

• Getting a user's primary group from Active Directory

  I'm coding a java web app that should authenticate a user to Active Directory and return his primary group.
  Using JNDI apis I realized the first part (authentication) and functions well but still having problems with the second part (getting the user's primary group).
  Is there somebody who knows/gets some codes for getting this info from Active Directory using java?
  Thanks a lot.
  Regards.
  John.

  I'm coding a java web app that should authenticate a user to Active Directory and return his primary group.
  Using JNDI apis I realized the first part (authentication) and functions well but still having problems with the second part (getting the user's primary group).
  Is there somebody who knows/gets some codes for getting this info from Active Directory using java?
  Thanks a lot.
  Regards.
  John.

• Users in new OU in Active Directory have to enter credentials when accessing SharePoint Foundation 2013

  Hi,
  We have a SharePoint farm consisting of one web front end server and one database server, running SharePoint Foundation 2013.  This farm has been up and running for over a year and uses AD for authentication, and SharePoint groups for authorization.
  The problem we are seeing is when we create a new Organizational Unit in AD, and add users under this new OU they are prompted for their credentials when trying to access SharePoint.  We've done the below tests to narrow the issue down:
  1) New user (xxx) in new OU (111) logs into Windows PC and tries to access SharePoint via IE 10 -- they are prompted for their credentials. They are required to enter their username as 'domain\username' to be able to log in successfully to SharePoint.
  2) Existing user (yyy), in existing OU (222) logs into same Windows PC and tries to access SharePoint via IE 10 -- they are NOT prompted for their credentials and get into SharePoint successfully.
  3) Existing user (yyy) is moved into new OU (111), logs into same Windows PC and tries to access SharePoint via IE 10 -- they are prompted for credentials and need to use 'domain\username' to log in to SharePoint
  4) Existing user (yyy) is moved out of new OU (111) and back into their old OU (222), logs into same Windows PC and tries to access SharePoint via IE 10 -- they are prompted for credentials and need to use 'domain\username' to log in to SharePoint
  Note: both the new OU (111) and old OU (222) are within the same parent OU.
  1 & 2 combined tell me that it's not a PC or IE issue. We've also tried 1 & 2 on multiple PCs so that would eliminate a profile issue as well.
  To me it seems that SharePoint doesn't know that the new OU is in our domain, so it doesn't think the users within the new OU are in our domain, which is why they have to supply the domain with their username when logging in...but I'm not exactly an expert
  when it comes to AD so this is just a guess on my part.
  As a long shot, what I thought may fix it would be by syncing AD with SharePoint by using User Profile Synchronization, but it's not offered as part of SharePoint Foundation, so I used this nice solution at CodePlex (https://foundationsync.codeplex.com/),
  but that did not fix it.
  Does anyone have any ideas on how to fix this?  Or what the issue may be?
  Thanks,
  Shaun

  Hi Christopher,
  Thanks for the reply.
  I feel very stupid right now -- I did look at this before posting this question to the forum, but it seems I didn't look far enough. 
  We have a GPO that enters our domain into the 'Local intranet' of IE.  Our SharePoint site's URL is "http://sharepoint.ourdomain.com" and we've got "*.ourdomain.com" under Local intranet sites.  But, I also found the FQDN "sharepoint.ourdomain.com"
  under 'Trusted sites' and that seems to confuse SharePoint because once I moved the FQDN to Local intranet, and removed it from Trusted Sites, the user is now not prompted for their credentials when going into SharePoint.
  Thanks for your reply in making me take a second look.
  EDIT: We've just removed the FQDN from Local intranet, so all we have is "*.ourdomain.com" under Local intranet and it works as well.
  Regards,
  Shaun

• Create users in Organizations based on a db field.

  So I've got a data source with somewhere around 12,000 accounts that I need to pull into the Identity Manager, and for various reasons, they'll need to be split into different organizations.
  I'm making a copy of the default Tabbed User Form, and trying to determine the target Organization in my copy. I thought I'd be able to use XPRESS to do it, but the Identity Manager keeps complaining at me if I try and import the form.
  The XPRESS code I'm trying looks like this:
  <MemberObjectGroups>
      <Expansion>
        <switch>
       <ref>employeeType</ref>
       <case>
         <s>STAFF</s>
         <ObjectRef type='ObjectGroup' id='#ID#Organization:Staff' name='Staff'/>
       </case>
       <case>
         <s>STUDENT</s>
         <ObjectRef type='ObjectGroup' id='#ID#Organization:Students' name='Students'/>
       </case>
       <case>
         <s>FACULTY</s>
         <ObjectRef type='ObjectGroup' id='#ID#Organization:Faculty' name='Faculty'/>
       </case>
        </switch>
      </Expansion>
    </MemberObjectGroups>That gives me the following error:
  com.waveset.util.XmlParseException: XML Error: 92:24: The content of element type "MemberObjectGroups" must match "(ObjectRef)*".
  I've tried several variations on the above code, but I'm obviously missing something important.

  What your example would do (if it worked) is set the organization that controls the form.
  What you want to do is set the organization that controls the user you are creating via the form.
  eg:
  <Field name='waveset.organization'>
    <Expansion>
       blah blah blah
    </Expansion>
  </Field>

• Automatically assign admin rights in OS X based on Active Directory

  Hi Hello
  all is write in my question, i want when one users log of Mac book laptop is automatically admin of laptop
  have you a solution ?
  Thanks

  Use the dseditgroup tool to add the ActiveDirectory user to the "admin" group of the Local OpenDirectory node.
  http://managingosx.wordpress.com/2010/01/14/add-a-user-to-the-admin-group-via-co mmand-line-3-0/