By default, which right has a user on a "external trusted" domain ?

Similar Messages

• Cannot share documents with few users in one way trusted domain

  Hello
  I am running in a wiered issue. I setup people picker in SP 2013 foundation version to lookup the user from one way trusted domains after which I started getting all the users from that domain in my intranet. I can also share or modify the permission of
  users being administrator. However when I try to add 2 specific users as site collection administrator or try sharing a document, I get error.
  I can lookup their name but when I try changing their permission or share document with them, I get error. It's wiered because it is only with this two users. there is no difference from Active Directory point of view between these and other users. Please
  help or suggest some trouble shooting steps.
  Regards,
  Hardik Bhilota.

  Hi Hardik,
  What was the error message when sharing documents with the two users?
  Please also check the ULS log for detailed error message which is located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.
  What is the permission of the two users in SharePoint site? Can they access the site?
  Please also run the two commands below to see if the issue still occurs:
  First, on every front-end Web server on a farm run this command:
  STSADM.exe -o setapppassword -password key
  Second, on a front-end Web server run this command:
  STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv domain:DnsName,user,password -url http:// webapp
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• To Find Out In Which PC has this user logged in

  Dear All,
  Will i be able to the User dtls wtih respect to an User ID as to which PC has logged into.
  The problem is a person changed soem documents and the user is denying it .
  So i was try to find out if we can get the PC number to which he has logged in
  with rgds
  Ranjith Singh

  Hi
  From tcode you STAD can find out the machine IP address.
  Best Regards,
  GAKUMAR

• Adding user account from a trusted Domain - SCSM2012

  Hello ,
  the scenario am facing now that we have domain (A) that has SCSM 2012 management server.& Domain (B) in another forest.
  between Domain (A) and (B) there is two way transitive trust with Forest wide authentication .
  I need to add user from Domain (B) to UserRole in SCSM in domain (A) ,so I created an AD connector for Domain B
  then when i tried to add user from domain (B) to a userrole it gives the below error.
  but when i close the user role and reopen it i find this blank entry
  the Error
  Application: Edit User Role
  Application Version: 7.5.2905.0
  Severity: Error
  Message: Unable to resolve the user \ associated with the user role. Error code 0. Check your active directory configuration.
  Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException: Unable to resolve the user \ associated with the user role. Error code 0. Check your active directory configuration.
     at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
     at Microsoft.EnterpriseManagement.Common.Internal.SecurityConfigurationServiceProxy.UpsertUserRolesV2(ICollection`1 urUpdateResults, ICollection`1 urScopeUpdateResults, ICollection`1 urViewScopeUpdateResults, ICollection`1 urTaskScopeUpdateResults,
  ICollection`1 urConsoleTaskScopeUpdateResults, ICollection`1 urTemplateScopeUpdateResults, ICollection`1 urDashboardReferenceScopeUpdateResults, ICollection`1 urUserUpdateResults)
     at Microsoft.EnterpriseManagement.SecurityConfigurationManagement.UpdateUserRoles(ICollection`1 userRoles)
     at Microsoft.EnterpriseManagement.Security.UserRole.Update()
     at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.UserRoleWriteAdapter.WriteSdkObject(EnterpriseManagementGroup managementGroup, UserRole sdkObject, IDictionary`2 parameters)
     at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.SdkWriteAdapter`1.WriteSdkObject(EnterpriseManagementGroup managementGroup, IList`1 sdkObjects, IDictionary`2 parameters)
     at Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.SdkWriteAdapter`1.DoAction(DataQueryBase query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String outputCollectionName)
     at Microsoft.EnterpriseManagement.UI.DataModel.QueryQueue.StartExecuteQuery(Object sender, ConsoleJobEventArgs e)
     at Microsoft.EnterpriseManagement.ServiceManager.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)
  Would really appreciate your replies .
  Regards
  Amal Sami

  As a workaround, you can add the user by searching the user in the following format
  domain name\User name or User ID" instead of searching by "User name or User ID".
  I am not 100% sure of the technicalities involved but this way you would be able to add the user without any issue.

• Which software has the user have to download to use my js app ?

  I, I�m quite new in jws. I created an application with jws. If a user wants to use my application and doesn�t have the JRE and/or JWS installed, they have to install the JRE 1.4 ? I found an auto-install page but it downloads the JRE 1.4 and it�s 11 MB ! if a user tries to download at home with a modem it will take like 2 hours to download it !
  Which is the smallest version of jws that it can be download counting that the user doens�t have any JRE installed ?
  Thanks !

  The bad news is, they need the JRE installed (and JWS--but they come in the same [huge] download). If your target users are home folks, JWS may not be a great way to go. (Applets, anyone?--Oh, yeah, you still need a JVM--and not MS's piece o' junk!)

• SID only shows up when adding a domain user account from an external trusted domain

  This is sort of an interesting situation which may wind up being more of a network port not being open.
  There are two Windows 2008 R2 domains, AlphaCo and BravoCo, that have an external one-way trust setup between them where AlphaCo trusts BravoCo. The member servers on the AlphaCo domain have BravoCo users added to it's local groups. The problem is on one
  of the member servers (SRV-05) on the AlphaCo domain. When any user from the BravoCo domain is added to the local Administrators group it will show up when doing a search with the "friendly name" but when you click on "Apply" and/or "OK"
  it changes to the SID. This only happens on the SRV-05 server. The other member servers on the AlphaCo domain (SRV-01, 02, 03, 04, 06) are not having this issue.
  Any idea what may be causing this user identity crisis and what could be done to resolve it?

  There are no other differences between SRV-05 and the other members servers on the AlphaCo
  domain (SRV-01, 02, 03, 04, 06). I did download and run the PortQryUI tool to check the status of port 135 on SRV-05
  and the other servers which came back with the same results. I also checked the
  AlphaCo domain
  security settings (Computer Configuration->Windows Settings->Security Settings->Local Policies->Security Options) Network access: Allow anonymous SID/Name translation which was disabled. But I do not believe this is the cause since
  it would impact the other servers (SRV-01, 02, 03, 04, 06) in the domain.

• Can OS X 10.9 Authenticate An Active Directory User From A Different Trusted Forest

  I am able to authenticate with an AD account from a different trusted domain in the same forest as the domain the client is bound to on OS X 10.9. An AD account from a trusted domain in a separate forest cannot authenticate on the same client. The same AD account from the same external trusted domain in the same external forest can authenticate to a Windows 7 client bound to the same domain as the Mac client. It seems that OS X is incapable of cross forest authentication. It seems as though the directory services search path only includes the forest of the domain the client is bound to. Windows clients seem to be able to handle the referral process to a different forest, but a Mac client does not. Am I correct in this assumption? Has anyone accomplished cross forest authentication on an OS X client? If so, how? If not, what is the reason this can't be done?

  Well, I’ve made some encouraging progress.
  I’ve managed to log on!
  I deleted /var/db/.AppleSetupDone while booted into the recovery volume. I then created a new local admin user and, after a much longer than usual delay, got through the account creation stuff and arrived at last in the Finder, which was sluggish as heck.
  Checked user accounts, and according to system prefs they’re all there. Fired up Activity monitor and found that opendirectoryd was consuming 365%-405% CPU.
  I unbound the system from our Active Directory domain, not really expecting it to work but it did. cpu load dropped to nothing.
  I rebooted, was able to log in as the original local admin user (woohoo! Progress!)
  Re-bound it to AD and boom CPU shot right back up.
  I unbound it again and am currently backing up the drive with CCC (conversation with professor yesterday “Time Machine? What’s Time Machine?”)
  If CCC dies, I’ll run DW on the original, but I’m now pretty sure my issue is a borked opendirectory database.
  Plan going forward:
  I’ll nuke&pave the iMac, restore the apps, but NOT users and computer settings from the CCC during the re-install, create a new local admin, re-bind to AD see what happens.
  If it doesn’t go nutz again, I’ll have him log on so it creates the local directory, copy over his original user directory from the backup drive, make it his actual home on the disk again and in theory he should be ok.
  It’s amazing how often just laying my problem out in public makes my brain think of new things to try :-)
  I don't know if this is directly applicable to an OpenDirectory-bound system rather than Active Directory, but it might work for you.

• Cannot set admin right to my user root account has STANDARD RIGHTS!

  I had this common problem, my account turned to standard.
  I followed the instructions here.
  I changed the root password from the install DVD, restarted.
  logged in as "root", but the root user has standard rights as well!!
  therefore I cannot change the rights of my user...
  any suggestions?

  Wow, it looks like you went for the deluxe bugs package.
  ..."now I'm the adminstrator. but this didn't change the fact, that folder I'm creating ( doesn't matter where ) have "read only" rights for the admin. system has read write....
  You hadn't mentioned that before, but actually that sounds like a completely different problem, one that can be caused by using "repair permissions" on a 10.5 volume while booted from a 10.4 (or earlier) disk - this might also include having used "DiskWarrior" to repair permissions (something the manufacturer advises against). Unfortunately, Apple is in the process of revising how "repair permissions" works, and the new method in 10.5 doesn't appear to be fully implemented. As a result, it does not fix this problem, which is purely a permissions issue. If this is indeed the problem, the most straightforward way to get back to a normal system is to reinstall - an "archive and install" while preserving network and user settings should be sufficient for this particular issue. If you are comfortable with the command line, it may be possible to change permissions manually - it would be necessary to attempt a permissions "repair" or "verify" under Leopard, and to record and carefully analyze the messages to determine what needs to be fixed, and how.
  The "Finder" crashes are due to another bug - the GUI crashes when there are files or folders with a group ID that doesn't correspond to a group record in "DirectoryService". There are various strategies to use as workarounds: if all of the problem files have the same group ID, it is probably fastest just to create a group record for that group. If there are a number of different groups involved, doing a batch change of group from the command line might be easier. To get an ideal of what groups are involved, the following command can be used to display the various factors regulating access to a particular file or folder - try using it to survey a selection of different items exhibiting the problem:<pre>
  ls -elO /path/to/item</pre>
  Copying the items to an external drive, then copying them back to a folder that does not display "(unknown)" in "Get Info" might be another strategy (but note that there have been some reports of data loss copying large amounts of data - even after the 10.5.1 update, and even copying instead of moving). Ultimately, these are just workarounds and Apple really needs to fix this sooner than later - it's getting stupid.
  But actually, considering all of the different issues you are experiencing, backing up the data to an external drive (and verifying the integrity of the backup), then performing a full "erase and install" might be the one stop solution. I'm not sure about the best strategy for reimporting the data once that is done since I have never used the Apple tools and do not know how they handle ownership and permissions (what is perserved, etc.) - hopefully someone else will be able to fill in those details.
  So you were bitten by the "Get Info" crash bug, a second issue caused directly by following what turned out to be bad advice in an official kb article, and had a permissions problem that couldn't be resolved using the tool that is supposed to deal with permissions problem. I'd call that a Leopard beta hat trick.

• OfficeJet 4630 Defaults to Network Fax when user has selected Network Printer Instead on WIN XP

  Hi, just installed the OJ4630 and selected the "Network Printer" as the default.  When choosing to print an MS Word document in "My Documents" the "Network Printer" correctly appears as the default.  But when choosing to print a picture in "My Pictures" the "Network Fax" becomes the default, which is an error.  Please advise, thanks!

  Hi 
  Thanks for reporting the issue. Here is the way to fix it.
  Go to windows->Control panel-> Printers and devices
  Right click on the 4630 Fax Printer, select the option Set as default printer and you'll see two choices there: one is printer driver and other one is fax driver.   You choose print driver to set as default.
  Done
  Hope it will help you.
  happy Printing!!!
  Click on the "Thumbs up"button on the left to say "Thanks"
  Please mark the post that solves your problem as "Accepted Solution"
  (Although I am employed by HP, I am speaking for myself and not for HP)

• PP: Default BOM base quantity by user ID

  Hi Experts,
  We want to default BOM base quantity by user ID when they create new BOM by CS01.
  We set a new parameter ID for BOM base quantity similar as SAP standard parameter ID for BOM usage, and assigned new parameter ID to BOM base quantity data element BASMN.
  User could change their own data from the default parameter ID tab to fill the default BOM Base quantity.
  However, it is still required to add the parameter ID into the programs which is created BOM to achieve the final result.
  Anyone has the same requirement? Please suggest.
  Thanks.

  Hi Qiuyan,
  header quantity is defaulted reading TCS03, if it's always the same you can change it in view V_TCS03_V. Otherwise I suggest an enhancement IN LCSDIFHX FORM TCS03_LESEN.
  Regards,
  Edgar

• Controlling the default language for new business users

  Hi everyone,
  If this has been answered elsewhere, my apologies for asking again.
  My company is currently in the initial implementation of ByDesign (1405). I just migrated our employees into ByD using the migration tool. This went fine, and also created (inactive) Business Users for each employee.
  One small issue I have, is that for each Business User created, ByD picked a "Default Language" based on the country where the user's organization unit is based (so Dutch for users assigned to an entity in the Netherlands, Danish for users assigned to a unit in Denmark, etc...).
  This despite the fact that the only language we have configured in ByD during scoping is English. In fact, when you edit the default language on the business user record, the drop down only offers English as a choice.
  Since this is our test environment, this is not a big deal, but I would like to prevent this once I migrate user to our production environment.
  So: how do I make sure that the Default Language on each Business User created when creating an Employee is English? (I would rather not have to fix this manually for a large number of users).
  Thanks!
  Eelco

  It applies to selected text. It is part of the text's style.
  So if you want a document to be by default a particular language, make a template in which all the text and all the styles in the styles drawer are set to what you want.
  Peter

• Mandatory filter which value depends on user choice

  I've just start my experience with SAP BO, and I have big problem to solve. Iu2019m using Universe Designer and I need a mandatory filter, which can have one of two values. The value of filter depends on user choice. Filter should have default value. Eg. when user choose "internal view" filter will add expression tabe.column = 'X' to a query, when user choose "external view" filter will add expression table.column = 'Y'. The main problem is that chosen value should be remembered in report. So user cannot be prompted every time to choose a value. Does anyone has any idea how to solve this problem? The best solution would be when one filter could reference to another. Or to use internal report variable, but I think there is no such thing. Thanks for any advice.

  It should be solved by using an @prompt in the mandatory filter.
  eg. table.column = @Prompt('Select internal or external','A',{'internal view','external view'},Mono,Constrained,Persistent)

• Rights to general users

  When I grant manage rights to PUBLIC user, they can change everything for others and for themselves. By default the setting is set to 'Others'. Can I change that to 'Myself' by default. In which tables this information is stored.. Is there any API availabe for this.
  null

  *crickets*
  and this ladies and gentlemen, is why Apple loses in the business world.

• How do I set the default welcome page for PUBLIC user

  gurus,
  i'm using -
  Oracle 9i Database
  Oracle 9ias Portal Release 2
  QUESTION => how do I set the default welcome page for the PUBLIC user.
  i did the following to achieve this -
  1. logged into portal
  2. clicked on builder
  3. clicked on administer tab
  4. selected PUBLIC user in the Portal User Profile portlet
  5. went to the preferences tab
  6. in the default home page selected a custom page group
  7. logged out of portal
  8. open a new browsere session
  9. type the portal URL and i get the login page ....??
  i'm unable to understand this behavior ... shouldn't i be getting the page group that i set for the PUBLIC user in step 6 above ....
  the second QUESTION is => when the user logs out he/she should see the PUBLIC page set in step 6 above ... but, instead the user sees a page that is as follows -
  Partner Application Name Logout Status [Logout Status]
  Oracle Portal (portal) logout status
  The SSO Server (orasso) checkmark
  buzz.resva.trw.com:7778 checkmark
  infrastructure.happy.resva.trw.com checkmark
  portal1.buzz.resva.trw.com checkmark
  portal2.sylvester.resva.trw.com checkmark
  sylvester.resva.trw.com:7778 checkmark
  so, how can i set the default page for the PUBLIC user and also a page when he user logs out.
  ideas anyone ....?
  thanx a bunch.
  hero

  Hi,
  The sequence of operation you are doing to set the home page for public users is correct. You are getting the login screen as the "custom page group" selected as "home page" has not been granted to public.
  Also, while logging-out, it is normal behaviour to get the screen where it shows the list of partner applications from where user has been logged-out. When you click on "Return" button, you will get to the "home page" set above.
  Hope it clarifies the things.
  Regards,
  Ved

• I have never had to enter a password to access mail. However, recently, I keep being asked for password on my ****** address. Only on my macbook. (which, btw, has a version number the drop down doesn't offer as a choice. I had to putt 9.4)

  I have never had to enter a password to access mail.
  However, recently, I keep being asked for password on my ***** address.
  Only on my macbook. (which, btw, has a version number your drop down doesn't offer as a choice. I had to putt 9.4)
  When I look up the account the "password" is a long string of gobbledygook. Something I would never do.
  But when I attempt to use that pw I still can't get in.
  I have no trouble accessing that email account on my mac mini. Just on the macbook.
  <Edited by Host>

  Maiko,
  I'm confess I'm still trying to get a handle on your problem. You do a fantastic job of describing it ... but I'm just trying to picture it accurately in my head.
  I think, were I in your shoes, I'd begin by looking at what the debug page has to say for the specific destination in which you're interested in fixing. In other words, I'm not clear on where, exactly, this destination points ...
  Destination illinois.edu.1945806043
  Is that your site, or the division within your site that you want to fix? "Normally", you do not need to specify a site handle to get to your site within your transfer CGI ... if you say "uillinois.edu", it's enough to transfer your users to iTunes U ... but every site still has a handle, and you could, if you wanted to, actually specify it in your transfer CGI. For example, this:
  Destination uic.edu.1139051993
  is for my entire site ... it's my site handle. Whereas this:
  Destination uic.edu.1991288441
  is for a division within my site ... but it's impossible to tell the difference between "site" and "division" from just the handle (I mean, if I didn't say "this is a site" and "this is a division", there'd be no way for you to know). So when I look at your creds and permissions on your debug page, I can't quite tell if they give you download access for your site, or for the specific division you want to fix. If you could open the debug page with your division as destination (or confirm that that's what we're looking at), it'd rule out some things.