Business Objects XI 3.0 connecting to domains from different forest
Hi All,
Does anyone know if BOE XI 3.0 support AD authenication with multiple AD domains which reside in different forrests?
I found other post which mention we are now supporting it in XI 3.0 SP1 but I couldn't find any document on it.
Thanks,
Bobby
3.1 or 3.0 SP1 both support multiple forests. There are rules, there must be a transitive full two way trust between the forests.
i.e. in order to map groups the CMS needs to query the remote forest so the remote forest(s) must trust the local one.
In order for remote users to login to the local forest they must trust the remote one(s)
The changes were made in the AD plugin (basically we query multiple global catalogs and lookup objects by DN as opposed to SID) So there is no configuration needed in BO.
Regards,
Tim
Similar Messages
-
Issuing certificates for user and clients from different forest/domain
Hello,
at first I would like to say that I have made some researches on this forum and in the Internet overall.
I have AD Forest with ~10 sites all over the Europe, DFL and FFL is 2008 R2, right now we are migrating site by site from old domain (samba) to AD.
Last time I have deployed PKI based on offline root CA and 2 Enterprise acting as 2-node Failover Cluster.
Everything in my AD Forest is OK, I mean, autoenrollment works perfect for users and computers from my forest,
now I need to deploy a certificate (for test) to one web-based pbx server in samba domain, there are no trusts etc. Samba domain as well as AD Forest are working on the same network, with routeable subnets in each site, so there is no problem with connectivity,
What are possible way to achieve this goal? I mean to issue cert to client from different forest, so that this client is able to validate it, validate certificate chain and renew it when needed?
I have Installed and Configured CE Web Service and CE Policy Web Service. Now I have configured Enrollment Policies on my virtual machine (being part of different domain), I selected username/password authentication, I am able to request certificate, I can
see all templates which I should see, but when I try to enroll I got an error:
(translated from my language)A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider
My root CA cert is added to trusted publishers for computer and user node as well.
What could be wrong? If you have any ideas or questions, please share or ask.
Thank you in advance.Everything is clear, I have Certificate Enrollment Web Services installed and configured,
problem is what i get from certutil - TCAInfo
================================================================
CA Name: COMPANY-HATADCS002-ISSUING-CA
Machine Name: COMPANYClustGenSvc
DS Location: CN=COMPANY-HATADCS002-ISSUING-CA,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=COMPANY,DC=COM
Cert DN: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
CA Registry Validity Period: 2 Years -- 2016-03-04 12:20
NotAfter: 2019-02-14 12:44
Connecting to COMPANYClustGenSvc\COMPANY-HATADCS002-ISSUING-CA ...
Server "COMPANY-HATADCS002-ISSUING-CA" ICertRequest2 interface is alive (1078ms)
Enterprise Subordinate CA
dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_NT_AUTH
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 18 Days, 4 Minutes, 1 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 18 Days, 4 Minutes, 1 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=HATADCS001-COMPANY-ROOT-CA
NotBefore: 2014-02-14 12:34
NotAfter: 2019-02-14 12:44
Subject: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
Serial: 618f3506000000000002
Template: SubCA
9e1bea4ffa648e5fe3e9f8c4be3c604c49af04e9
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL 02:
Issuer: CN=HATADCS001-COMPANY-ROOT-CA
ThisUpdate: 2014-02-14 12:16
NextUpdate: 2024-02-15 00:36
d7bafb666702565cae940a389eaffef9c919f07a
Issuance[0] = 1.2.3.4.1455.67.89.5
CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=HATADCS001-COMPANY-ROOT-CA
NotBefore: 2014-02-14 11:55
NotAfter: 2024-02-14 12:05
Subject: CN=HATADCS001-COMPANY-ROOT-CA
Serial: 18517ac8a4695aa74ec0c61b475426a8
b19b85e0e145da17fc673dfe251b0e2a3aeb05e9
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Issuance[0] = 1.2.3.4.1455.67.89.5
Exclude leaf cert:
5b309c67a8b47c50966088a4d701c8526072c9ac
Full chain:
413b91896ba541d252fc9801437dcfbb21d37d91
Issuer: CN=HATADCS001-COMPANY-ROOT-CA
NotBefore: 2014-02-14 12:34
NotAfter: 2019-02-14 12:44
Subject: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
Serial: 618f3506000000000002
Template: SubCA
9e1bea4ffa648e5fe3e9f8c4be3c604c49af04e9
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)
Supported Certificate Templates:
Cert Type[0]: COMPANYOnlineResponder (COMPANY Online Responder) -- No Access!
Cert Type[1]: COMPANYWebServer(SSL) (COMPANY WebServer (SSL))
Cert Type[2]: COMPANYUser(Autoenrollment) (COMPANY User (Autoenrollment))
Cert Type[3]: COMPANYKeyRecoveryAgents (COMPANY Key Recovery Agents)
Cert Type[4]: COMPANYEnrollmentAgent(Computer) (COMPANY Enrollment Agent (Computer))
Cert Type[5]: COMPANYEnrollmentAgent (COMPANY Enrollment Agent)
Cert Type[6]: COMPANYComputer(Autoenrollment) (COMPANY Computer (Autoenrollment)) -- No Access!
Validated Cert Types: 7
================================================================
COMPANYClustGenSvc\COMPANY-HATADCS002-ISSUING-CA:
Enterprise Subordinate CA
A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)
Online
CertUtil: -TCAInfo command completed successfully.
please put some light on it because it's driving me crazy :/
Thanks in advance
one remark: certutil -tcainfo performed on CA directly is 100% OK, no errors regarding
"A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)" -
AD Migration from one domain to another domain between different Forest.
Dear Team,
We have a domain named "test.gov.in" .Now we want migrate all the users,computers,groups,GP ....etc in to our new domain "abc.net".Operating system of the source DC and destination Dc is same (Windows 2003 32 bit)..
Pls provide me the steps to migrate one domain to another domain between different forest
Thanks
AnuragWould agree with Christoffer and migrate using ADFS but before you can do this you will need to set up a trust between the two domains. Once this has been accomplished then you can run ADMT.
http://technet.microsoft.com/en-us/library/cc740018(v=WS.10).aspx
Downloading ADMT is a free tool from Microsoft
http://www.microsoft.com/en-us/download/details.aspx?id=8377
ADMT Guide
http://www.microsoft.com/en-us/download/details.aspx?id=19188
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights.
I think you mean ADMT and not ADFS :)
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
Lync 2010 server and UM role on different domains in different forests
Hello
I have a Lync 2010 environment running on domain A, with exchange 2010 UM also running in Domain A. We are in the process of migrating users and mailboxes from domain A to domain B. Once we reach our enterprise voice users with exchange UM enabled
we will need to install the exchange UM role on the exchange server in Domain B.
There is a 2-way trust relationship between domain A and domain B.
All the users from are running Lync on a PC located in Domain B, using Lync credentials from Domain A.
Are there any issues running Lync 2010 and Exchange UM from different domains in different forests? Is it as simple as creating a new UM DialPlan and UM IP Gateway to the domain A Lync FQDN?
ThanksHi,
Each UM forest must be configured to trust the forest in which Lync Server is deployed, and the forest in which Lync Server 2013 is deployed must be configured to trust each UM forest. If Exchange UM is installed in multiple forests, the Exchange
Server integration steps must be performed for each UM forest or you’ll have to specify the Lync Server domain.
Here is a link about for UM of Lync server 2013 but similar for Lync server 2010:
http://technet.microsoft.com/en-us/library/jj966276(v=exchg.150).aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Business Objects XI 3.1 Connection to Oracle 10
I am new to the world of Business Objects and In Universe Designer, when I try to create an Oracle OCI connection, I get the following error:
CS:DBDriver failed to load : C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\dataAccess\ConnectionServer\dbd_oci.dll (The specified module could not be found).
The path for windows environment variable is :
C:\oracle\product\10.2.0\client_1\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\HP OpenView\bin;C:\Program Files\HP OpenView\bin\OpC;C:\Program Files\HP OpenView\bin\;C:\Program Files\HP OpenView\lib\
Also, when I try to use cscheck on server to check connection, nothing happens - is there any setting I have to make to get this working. I have used SQLPLUS to connect to the database successfully.
Any help or pointers appreciatedHi Michelle,
Please restart the connection server and try again. In case Oracle client was installed after installing BOE, restart of Connection server might be required. You can also verify if all the Orcale libraries are indeed inside the Oracle/bin. When you install Oracle instant clinet there will be no bin. the binaries will be present C:\oracle\product\10.2.0\client_1\. Please try these two option.
Hope this helps
Thanks
-Anup- -
Active Directory : Replication Issue - "Disconnected" sub-domain from the Forest
Hello everyone,
I'm managing a multi-domain forest (with 7 sub-domain). All are working fine except for one. Throught repadmin (Repadmin /replsum /bysrc /bydest /sort:delta), I noticed I got both domain controllers of a subdomain (there are only 2 DCs in that
subdomain), who hadn't replicated with the rest of the forest for more than 60 days.
According to my research, it's usually recommended to Depromote and repromote the problematic DC to avoid the issue of lingering objects. In this case, it's both DC of a sub-domain. Of course, on the others DCs in the forest, I got the event
ID 2012 "it has been too long since this machine last replicated with the named source machine....".
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
to a value of 1.
As I understand it, this may cause lingering objects to appear (they can be removed with repadmin /removelingeringobjects command with the DSA GUID, naming context, etc..). So far, I haven't used that registry key yet because of the associated risks.
I didn't noticed any other issue so far. Users in the problematic sub-domain are fine, and the problematic sub-domain seems to be able to pull replication data from the others DCs in the forests. (at least, I'm not getting any error in the A.D. Sites
and Services)
I added two new DCs for the affected sub-domains, so the number of DCs for that domain went from 2 to 4 DCs. The two old DCs that hadn't replicated for 60 days are windows Server 2003 and the two new DCs are Server 2008 R2.
Unfortunately (and I was half expecting this, but did it anyway since I must eventually replace the old DCs), that didn't solve my issue, since the rest of the forest "doesn't see" the two new DCs of the sub-domain. By that, I mean that I
cannot add an Active Directory Domain Services Connection in Sites & Services console (from a DC in another domain of the forest or even the root domain). I see all the DCs, including the two old DCs that are server 2003, but not the new ones.
I believe it's because the others DCs doesn't pull/replicate the information from the old DCs anymore, so they aren't "aware" of the two new DCs for that problematic sub-domain.
I was wondering what is the best course of action. Is it worthwhilte to use the registry key force replication with the old DCs ? (and hopefully, the new DCs will get their AD Services connection/replication vector created, so I can depromote
the old DCs.
Since the Old DCs from the problematic sub-domain seems to be able to pull the replication from the rest of the forest, does the risk of Lingering object isn't that great ?
Or is it too risky and I must create a new sub-domain and migrate one way or another the users ? (which would be time-consuming)
Thanks in advance,
AdamThanks for the reply. One of the link had another link to a good article about the use of repadmin :
So, I ran the command "repadmin /removinglingerobjects " on one of the problematic DCs ().
For clarity purpose, let's say I used the domain :
domain = main domain
subdomain = the domain whose DC are problematic (all of them).
AnotherSubDomain = Just another subdomain I used as a "reference" DC to cleanup the appropriate partition.
Command (the DSA guid is from a DC "clean" in another domain)
repadmin /removelingeringobjects adrec01.mysubdomain.domain.ca C4081E00-921A-480D-9FDE-C4C34F96E7AC dc=ANOTHERsubdomain,dc=domain,dc=ca /advisory_mode
I got the following message in the event viewer :
Active Directory Domain Services has completed the verification of lingering objects on the local domain controller in advisory mode. All objects on this domain controller have had their existence verified on the following source domain controller.
Source domain controller:
c4081e00-921a-480d-9fde-c4c34f96e7ac._msdcs.mydomain.ca
Number of objects examined and verified:
0
Objects that have been deleted and garbage collected on the source domain controller yet still exist on this domain controller have been listed in past event log entries. To permanently delete the lingering objects, restart this procedure without using the
advisory mode option.
How should I interpret the message "number of objects examined and verified 0". Does it mean it just didn't find any object to compare ? (which would be odd IMHO) Or there is another problem ?
Thanks in advance,
Adam -
Separating a child domain from a forest/parent domain
Our infrastructure is currently as follows:
There are two domains which I will call "apple.local" and "banana.local". The domain "apple.local" is the parent/forest which is at a Windows 2003 Functional Level. The domain "banana.local" is a child domain of "apple.local"
which is at a Windows 2008 Functional Level. This unusual arrangement was the result of a merger.
Recent business changes have meant that the domain "banana.local" needs to become the forest and "apple.local" needs to be permanently retired. I have been searching as to whether this is possible but the general consensus is "no".
However, many of the discussions are several years old and I am interested in whether anything has changed with recent updates.
As an added "bonus", a single Exchange 2010 SP3 server is present and - just to complicate things further - is a member of the child domain "banana.local". Mailboxes (shared and user) and DGs from both domains are present. Access to shared
mailboxes is granted using a mixture of users and security groups from both domains.
Is the best way forward to simply create a new domain on a fresh server? What would be the most straight-forward solution with minimal impact to the users and - in particular - the Exchange platform?
I am in a position to purchase new servers, software and licenses as required to meet the ultimate goal and - within reason - additional expenditure is not an obstacle. We also have the option to create new IP ranges if required.
Any ideas and/or suggestions welcomed!Is the best way forward to simply create a new domain on a fresh server? What would be the most straight-forward solution with minimal impact to the users and - in particular - the Exchange platform?
It is not possible to detach a child domain from its parent. One of the things you can do is to create your domain and establish trusts between them and migrate resources from old domain to the new domain. Note that computer account migration will take some
time. For exchange part you can ask in Exchange forums but the one thing you can do is to Cross-Forest mailbox move after you set up the new forest.
Exchange 2010 Cross-Forest Mailbox Moves
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
Error when connecting to MDM from different lan
Hi,
I got "Image Server Login Error" when connecting with client to server from different LAN, server is up, and i can connect to it when i in the same LAN. Ports 20003, 20004, 20005 for MDM server discovering and repository port 2345 is accessible through router. Running SP2 5.5.24.06.
Rem: it's not a port problem, when port 2345 is closed i got "WinSock error on connect"
PS: When I used MDM SP1 i connected to him properly in the same case.Hi Dmitry,
If your repository is set to port 2345, then 4 subsequent ports should be openned also, i.e. 2346-2349.
Regards, Lev -
Integration of ACS with two different Domain in different forest
Hi
We have two Domain Controllers in two different forests. One forest is X.IN and other is Y. In X.IN forest we have a tree called PPP.IN.
Is it possible to integrate ACS with both PPP.IN and Y? Please confirm ASAP.
Thanks
RiteshIt is possible in ACS 4.2 to do machine and user authentication over cross forest trusts. See Resolved Caveats here:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html
HTH
Jeremy -
Business Objects Dashboard and Webi Connectivity
Hi All,
I am on BI 4.0 Sp6 and would like to create a BO Dashboard based on Webi Instance. What is the best approach to do the same.
1. I want the BO Dashboard data to be visible on Ipad ( hence no data source connections)
2. In case of live office , how does the refresh mechanism work
3. Does add on tools like XWIS help in mitigating the issue
Would like to hear best practices around the same.
Thanks
VijayHi Vijay,
I am on BI 4.0 Sp6 and would like to create a BO Dashboard based on Webi Instance. What is the best approach to do the same.
If you are using LO connection, then its not mobile supported connections & struggled a lot to make it stabilize. but still its a good connection to view the data in dashboard design time.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b02e31fb-3568-2e10-e78f-92412c3c0a96?quicklink=index&…
Take look at the below links for the up's & down for BIWS Connection.
Xcelsius and Business Intelligence Web Services (BIWS)
Xcelsius and Business Intelligence Web Services (BIWS)- Part 2
http://everythingxcelsius.com/topics/web-intelligence
How to create Xcelsius Dashboard based of BI Web Service ( BIWS )
I want the BO Dashboard data to be visible on Ipad ( hence no data source connections)
If you are looking for a connection which is specific to mobile supported, then look into the below links.
You can get all aspect of information which is necessary to create a dashboard.
How to Configure and Access Dashboards from IPad
Dashboards currently support only data manager connections defined using Query Browser as Live Data connections and QaaWS and Flash variable connections support is planned in BI 4.1
In case of live office , how does the refresh mechanism work
Refresh can be done webi side by scheduling the report in repository or you can keep a refresh button in dashboard to refresh the data. I hope automatic refresh is not possible here.
Does add on tools like XWIS help in mitigating the issue
I have no idea regarding this,
Hope this helps. -
Business objects universe designer remote connectivity
Hi,
I am trying to access BO universe designer remotely. The ports 8080 and 6400 have been opened on the BO server remotely.
I am able to acess infoView and CMC on port 8080, however while accessing universe desinger on port 6400 using the system as <server>:6400 , username, password and authentication as Enterprise.
I get the error "Canot access repository (USR0013). [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Transport error: Communication failure.(FWM 00001)
(hr=#0x80042a01)"
Please respond if you've faced similar problem and the resolution.
Thanks in advance.
Raman1. you tray to connect with host name then try IP if not solved.
2. you should open some or all ports of bottom:
AA Alert & Notification Server 4601
AA Analytics Server 4602
AA Dashboard Server 4603
AA Individual Profiler Server 4604
AA Metric Aggregation Server 4605
AA Predictive Analytic Server 4606
AA Repository Management Server 4607
AA Set Analyzer Server 4608
AA Statistical Process Server 4609
Connection Server 4610
Crystal Reports Cache Server 4611
Crystal Reports Job Server 4612
Crystal Reports Page Server 4613
Desktop Intelligence Cache Server 4614
Desktop Intelligence Job Server 4615
Desktop Intelligence Report Server 4616
Destination Job Server 4617
Event Server 4618
Input File Repository Server 4619
List of Values Job Server 4620
Output File Repository Server 4621
Program Job Server 4622
Report Application Server 4623
Web Intelligence Job Server 4624
Web Intelligence Report Server 4625
we tryed thees and its ok.
regards. -
Hello,
I used to have a separated branch office with its own application/db standalone server, and about 15 users locally configured on that server...
Recently we implemented a Microwave connection (25 Mbps) between the main and branch office, joined the server of the branch office as a member server of the main office domain and add users' accounts to the domain. So now remote users have there logon
and credentials from the DC in the main office but still work on there application/db member server located on the branch office.
The problem in this design is that when the connection occasionally goes down, users can't work on their application although there server is located on their same LAN, because they can't gain the necessary credentials from the DC/GC on the main site!!!
Would you please suggest any solution for this problem... do I have to make a local DC in the branch office, or create Child domain, or what?
PS.. I'm working on Windows 2003 domain
Thank you allGreetings!
If you are not running low on budget and bandwidth is not a concern, consider implementing an additional domain controller in your branch office and make it as global catalog.
Regards.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
CONNECT BY - Start from different levels
Hello again,
It's me again with a hierarchical query on which I'm stuck...
I think, the easiest way to understand my issue is to get an example:
DROP TABLE my_organisations;
CREATE TABLE my_organisations
org_id NUMBER(10),
org_name VARCHAR2(100),
parent_org_id NUMBER(10),
is_modified NUMBER(1)
INSERT INTO my_organisations VALUES(1, 'Top organisation', null, 0);
-- first department
INSERT INTO my_organisations VALUES(362, 'HR', 1, 0);
INSERT INTO my_organisations VALUES(11, 'Recruitment', 362, 0);
INSERT INTO my_organisations VALUES(119, 'Local Recruiment', 11, 1);
INSERT INTO my_organisations VALUES(192, 'Remote recruitment', 11, 0);
-- second department
INSERT INTO my_organisations VALUES(1000, 'SALES', 1, 0);
INSERT INTO my_organisations VALUES(1101, 'Local Sales', 1000, 0);
INSERT INTO my_organisations VALUES(1102, 'Remote Sales', 1000, 0);
INSERT INTO my_organisations VALUES(9452, 'Brazilian Sales', 1102, 1);
INSERT INTO my_organisations VALUES(9992, 'Mexican Sales', 1102, 1);
INSERT INTO my_organisations VALUES(9110, 'Japanese Sales', 1102, 0);
INSERT INTO my_organisations VALUES(1103, 'Lost', 11, 0);
-- thirst department
INSERT INTO my_organisations VALUES(333, 'IT', 1, 0);
INSERT INTO my_organisations VALUES(444, 'Helpdesk', 333, 0);
INSERT INTO my_organisations VALUES(555, 'Hardware', 444, 0);
INSERT INTO my_organisations VALUES(666, 'Software', 444, 0);
INSERT INTO my_organisations VALUES(777, 'Microsoft', 666, 0);
INSERT INTO my_organisations VALUES(778, 'Linux', 666, 0);
INSERT INTO my_organisations VALUES(788, 'MAC OS', 666, 0);
INSERT INTO my_organisations VALUES(888, 'Windows', 777, 0);
INSERT INTO my_organisations VALUES(999, 'XP', 888, 1);
INSERT INTO my_organisations VALUES(1111, 'MAC', 555, 0);
COMMIT;I have a hierarchical structure store in the my_organisations table. The parent child relation is made using parent_org_id. As you can see in my table definition, I have a flag is modified. That flag can be set at any level in the hierarchy.
I would like to have a statement that returns all the modified organisations with all their hierarchy (ascendants and descendants). Is this possible without having to write PL/SQL procedure?
I have no idea how to start. If I have a SELECT ... CONNECT BY... START WITH is_modified = 1, I only have the modified nodes and then I can get ascending nodes. But I have no idea how I can get the whole hierarchy of a node...
Can anyone help ?? (Im using 10g)
Thanks,Hi,
Stew Ashton wrote:
Adding a few details to Frank's idea, just to get things sorted reasonably:To really get things sorted correctly, I think you'll have to do yet another CONNECT BY, on the result set of the UNION:
WITH universe AS
SELECT * -- Get modified nodes and descendants
FROM my_organisations
START WITH is_modified = 1
CONNECT BY parent_org_id = PRIOR org_id
UNION
SELECT * -- Get ancestors of modified nodes
FROM my_organisations
START WITH is_modified = 1
CONNECT BY PRIOR parent_org_id = org_id
SELECT org_id
, LPAD ( ' '
, 2 * (LEVEL - 1)
) || org_name AS org_name
, parent_org_id
, is_modified
, LEVEL
FROM universe
START WITH parent_org_id IS NULL
CONNECT BY parent_org_id = PRIOR org_id
;Output:
ORG_ID ORG_NAME PARENT_ORG_ID IS_MODIFIED LEVEL
1 Top organisation 0 1
333 IT 1 0 2
444 Helpdesk 333 0 3
666 Software 444 0 4
777 Microsoft 666 0 5
888 Windows 777 0 6
999 XP 888 1 7
362 HR 1 0 2
11 Recruitment 362 0 3
119 Local Recruiment 11 1 4
1000 SALES 1 0 2
1102 Remote Sales 1000 0 3
9452 Brazilian Sales 1102 1 4
9992 Mexican Sales 1102 1 4 -
Migrate Users from a child domain to a root domain in different forest
Hello,
it supported to migrate users from child source doman to target root domain?
I established a trust, but i don't see child domain at ADMT installed on target domain DC. Source root domain is visibleYou should not be needed to establish a trust as all domains within the same forest already trust each other - are you sure those domains belong to the same forest? You can find out using the following command:
nltest /DOMAIN_TRUSTS
If ADMT dosen't show a partiuclar domain in the dropdown list, you can/have to type the domain name manually.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
Connect Business Objects to SAS Data Set?
Has anyone ever been able to use a SAS data set as a data source for Business Objects?
I've connected to a SAS datastore in Business Objects Data Services, and it's straightforward.
What you need is to set SAS up as an ODBC server.
This can be done in 2 ways:
- Using the SAS/SHARE product on any server that is accessible from BOBJ. This is quite pricey, so maybe you should only consider this if you have a SAS/SHARE license already, or your project can pay for it.
- Using an ordinary running SAS session on the same server.
You also need to install an ODBC driver on your BOBJ server, in order to access your SAS ODBC server.
You can read about SAS ODBC on SAS Institutes website. Start here:
http://support.sas.com/documentation/cdl/en/odbcdref/63284/HTML/default/viewer.htm#p0pqrmjmkckqugn1099ywy9o8myj.htm
Maybe you are looking for
-
Hi, I am trying to create a PO, using IDocs, in the SAP system. The IDoc will come from a non-SAP system - hence, this is an inbound interface. Can someone please tell me which Message Type / IDoc Type I should use? As well, I need to create Characte
-
Div shifting down page in live view
I'm trying to create a website for a project I'm doing.I'm having a problem in live view where I the div with the id "imageholder" keeps shifting down the page. It looks fine in the editor but the browser and live view not so much. I want it to line
-
Wired 802.1X with ISE | Some computers cannot be authenticated
Hi, We have a customer which is using ISE with 802.1X in order to authenticate computers. All the computers have their own certificate and most of them can be authenticated fine! The issue is that some computers cannot be authenticated. The port conf
-
User Exit for Purchase Requisition Number Range
Dear Experts, I searched on sdn, i got M06B0003 &M06B0004 this 2 user exit for PR Number range. I have activated both User exits but while creating PR is not getting effect of that user exit. I have checked by putting Break-point in respective user e
-
Hello, I have written captions to my pictures (a few thousand of them) that I want to share with my "Windows" friends. Apparently the captions are not embedded when I export the files ("File" menu). How can I share my photos WITH captions? /Lennart