CAL for users created in AD

Is CAL license required for each users created in Active Directory ?

All users in AD need a cal, because it is assumed that all the users will be using the Active Directory to authenticate. Using any service from server needs a CAL. Also bear in mind that even devices which access the servers need CAL (Device CALS).
Reg,
Darshan

Similar Messages

  • Email notification for user created through reconciliation in OIM

    Hi..
    I have done the following configurations for email notification when user is created through reconciliation in OIM
    Configuring IT Resource     
    Name     Email Server
         Type      Mail Server
         Authentication     FALSE
         Server Name     *.*.*.*
         Username     
         Password     
    Creating email definition with the following values     
    Name     Create User Email Notification
         Type     Provisioning Related
         Language     en
         Region     US
         Object Name     Xellerate User
         Process name     Xellerate User
         From     User
         User Login     Xelsysadm
         Subject      User Created
    Add Email notification in a new process task with name Notify     
    Process definition     Xellerate User
         Task     Notify
         Disable Manual Insert     Enable
         Required for Completion     Enable
         Allow Cancellation while Pending     Enable
         Handler Name     tcComplete Task
         Assignment Rule     Default
         Target Type     User
         User     Xelsysadm
         Email name     Create User Email Notification
         Send Email     Enable
         Notification Assignee     Enable
         Email      Create User Email Notification
         Status     Completed
    Xelsysadm has a valid email id. Now when I am reconciling any user, two mail notifications are being sent. Not able to know from where these two notifications are being triggered.
    Am i suppose to make any changes in the configurations?
    Edited by: Amruta Agarwal on Sep 28, 2011 4:21 AM

    Sorry re-read your issue again. I believe there are two notifications because you have added your notify task in the process definition and OIM OOTB sends a notification when a user is recon'd. Thus remove your task or disable the OOTB notification. The property is Recon.SEND_NOTIFICATION
    HTH,
    BB
    Edited by: bbagaria on Oct 7, 2011 9:13 AM

  • Premission settings for users creating files and folder on my XServe

    I am setting up a new Xserve and we are basically using it as a file server. I have a user that logs on creates and new folder and a file. When any one else opens that file it is READ ONLY. What do I need to do to make it so when any of my users create a file or folder on the server any one of my users can have READ/WRITE permission to the files?

    Can you elaborate?  I am not aware of any m3u playlist being present but maybe there is.  I have done this many times before.  I move tons of files around in my music folder, add/delete/change, and rather than have iTunes try to figure it all out again, I just remove everything out of iTunes and add my entire folder back.  I've done it probably 50 times in the past and now, when I do it, it's creating playlists for every single folder or album or something, just as the original poster has described.  I do not like the behavior and would like to turn it off now!  I'm on Mac so iTunes Folder Watch will not work for me.  Any suggestions?

  • NetInstall - Grey screen after logging in for user created during install

    I am creating a NetInstall of 10.8 for mass deployment in my workplace. I am currently having difficulty with a user account that was created by a script that runs in place of the Setup Assistant.
    I am trying to skip the Setup Assistant, and as such, the script touches the /var/db/.AppleSetupDone file (which doesn't exist at this point).
    This works, with the installation progressing straight on to the login screen where the user 'administrator' has been created, and is available for login.
    However, when the user logs in, they are presented with a grey screen & the mouse cursor. No dock, desktop, no finder menu bar.
    I am at a loss as to what is going wrong as this had worked perfectly fine in the developer preview.
    The script is as below: (certain sections have been removed for security purposes)
    Any pointers would be much appreciated.
    #!/bin/sh
    ############# SET VARIABLES ###################
    . /etc/rc.common
    #set primary network interface
    interface=`netstat -r -f inet | awk '/default/{print $6}' | head -1`
    #set server address for packages
    pkgserver='macimaging.blah.qld.edu.au'
    #Get default route's interface's ip address
    ip=`ifconfig $interface | grep "inet 10." | sed -e 's/^.*inet 10/10/' -e 's/ netmask.*$//'`
    #get version number of Mac OS X
    macversion=`sw_vers | awk '/^ProductVersion/{split($2, MINOR, "."); print MINOR[2]}'`
    ############# CHECK ADMIN PASSWORD ###################
    shadow=blah
    i=0
    # initialise variable
    passwd=""
    # if machine is set to automatically image
    if [ `nvram -p | grep -c reimage-key` -eq 1 ]; then
      # remove verbose boot arguments from nvram
      nvram -d boot-args
      # collect admin password
      passwd=`nvram reimage-key | awk '{print $2}' | openssl enc -aes-256-cbc -pass "pass:Aut0mat1cR31mag3" -a -d`
      # check it was successfully decrypted
      if [ $? -ne 0 ]; then
      osascript -e beep
      echo "Automatic imaging key failed. Press enter to continue."
      read
      passwd=""
      fi
      # remove key from nvram
      nvram -d reimage-key
    fi
    # if the admin password wasn't successfully collected
    if [ "$passwd" = "" ]; then
      #clear the screen
      clear
      say -v Victoria "Please enter the Administrator's password"
      while [ $i = 0 ]
      do
        echo "Please enter Administrator's password: (Note: Input is hidden)"
        #read password from stin but don't show
        stty_orig=`stty -g`
        stty -echo
        read passwd
        stty $stty_orig
        hash=`echo $passwd | shasum -a 512 | awk '{print $1}'`
        if [ $shadow = $hash ]; then
            #password is correct; continue with setup
            i=1
        else
            echo "Incorrect. Please try again"
        fi
      done
    fi
    #clear the screen
    clear
    echo "Log:"
    ############# SET EFI PASSWORD ###################
    echo "Setting EFI password"
    #to create a new EFI password, initially set it on a test machine with the GUI utility, then extract its value with: `nvram -p | awk '/security-password/{print $2}'`. Put that value in this command (also replacing our admin password) to generate hash for below: `echo "pass_from_nvram" | openssl enc -aes-256-cbc -pass "pass:ourcurrentadminpassword" -a`
    nvshadow=`echo "blah" | openssl enc -aes-256-cbc -pass "pass:$passwd" -a -d`
    nvram security-mode=command
    nvram security-password=$nvshadow
    #reset running variable for security
    nvshadow=""
    ############# GENERATE RC SHADOW FILE ###################
    #if you don't know how the following lines work, get a pillow ready for screaming into
    #the admin key (which is decrypted below) is used to decrypt publicly distributed packages to change the admin account's password (without having the password in the package in clear text)
    decypted_admin_private_key=`echo "blah" | openssl enc -aes-256-cbc -pass "pass:$passwd" -a -d`
    admin_private_key_hash=`echo "$decypted_admin_private_key" | shasum -a 512 | awk '{print $1}'`
    echo "$admin_private_key_hash $decypted_admin_private_key" >> /var/root/RC_admin_private_key
    chmod 600 /var/root/RC_admin_private_key
    #this keeps a record of the administrator password set on imaging
    RC_admin_pass_hash=`echo "$passwd" | shasum -a 512 | awk '{print $1}'`
    RC_admin_pass_encrypted=`echo "$passwd" | openssl enc -aes-256-cbc -pass "pass:$decypted_admin_private_key" -a`
    echo "$RC_admin_pass_hash $RC_admin_pass_encrypted" >> /var/root/RC_admin_shadow
    #a few security measures
    chmod 600 /var/root/RC_admin_shadow
    RC_admin_pass_encrypted=""
    decypted_admin_private_key=""
    ############# SETUP PARTITIONS ###################
    echo "Updating file system table to mount data partition on boot for user accounts"
    #Find if Home or Data partition exists (N.B. If Bootcamp is used the following awk commands need to be modified to only look for [Hh]ome and not [Dd]ata)
    partname=`diskutil list | awk '/([Hh]ome)|([Dd]ata)/{print $3}' | head -1`
    partdev=`diskutil list | awk '/([Hh]ome)|([Dd]ata)/{print $6}' | head -1`
    #If a Data partition exists
    if [ "$partdev" ]; then
         #Mount it on boot to /Users
         echo "LABEL=$partname      /Users   hfs     rw" > /etc/fstab
         #mount Data drive to /Users
         diskutil umount /dev/$partdev
         mount -t hfs /dev/$partdev /Users
    fi
    ############# CREATE ADMIN ACCOUNT ###################
    echo "Creating Administrator account"
    #create administrator account
    dscl . create /Users/administrator
    dscl . create /Users/administrator RealName "Administrator"
    dscl . create /Users/administrator PrimaryGroupID 20
    dscl . create /Users/administrator UniqueID 501
    dscl . create /Users/administrator NFSHomeDirectory /Users/administrator
    dscl . create /Users/administrator UserShell /bin/bash
    dscl . passwd /Users/administrator $passwd
    dscl . append /Groups/admin GroupMembership administrator
    dscl . append /Groups/_lpadmin GroupMembership administrator
    dscl . append /Groups/admin GroupMembership administrator
    dscl . create /Users/administrator picture "/Library/User Pictures/Sports/8ball.tif"
    dscl . delete /Users/administrator jpegphoto
    #reset running variable for security
    passwd=""
    ############# SET blah NETWORK LOCATION ###################
    echo "Setting up blah network location"
    networksetup -createlocation blah populate
    networksetup -switchtolocation blah
    echo ""
    ############# SET HOSTNAME ###################
    sleep 10
    dhcphostname=`host $ip | sed -e 's/^.* domain name pointer //' -e 's/\..*blah.*$//' -e 's/-wstudent$//' -e 's/-wstaff$//'`
    #while [ $? -ne 0 ]
    #do
    # sleep 5
    # dhcphostname=`host $ip | sed -e 's/^.* domain name pointer //' -e 's/\..*blah.*$//' -e 's/-wstudent$//' -e 's/-wstaff$//'`
    #done
    echo "Setting host name"
    #set host name from dhcp
    scutil --set HostName "$dhcphostname"
    scutil --set LocalHostName "$dhcphostname"
    systemsetup -setcomputername "$dhcphostname"
    ############# SET TIME ###################
    echo "Setting time zone"
    #set time zone
    systemsetup -settimezone Australia/Brisbane
    #set system's locale
    echo "Setting system's locale"
    defaults write "Apple Global Domain" AppleLocale "en_AU"
    echo "Syncing with time server"
    #sync time with local time server
    ntpdate ntp.blah.qld.edu.au
    ############# INSTALL FTP CLIENT ###################
    echo "Downloading and installing ftp client"
    curl -O ftp://$pkgserver/install/ncftp.tar.gz
    tar -xzf ncftp.tar.gz -C /usr/bin/
    rm ncftp.tar.gz
    ############# INSTALL POLICY MANAGER AND UPDATE POLICY ###################
    echo "Downloading and installing Policy Manager"
    #download and install policy manager
    echo 'get -R "pool/Policy Manager.pkg"' | ncftp $pkgserver; installer -verbose -target / -pkg "Policy Manager.pkg"
    rm -R "Policy Manager.pkg"
    echo "Downloading and installing Update Policy"
    #download and install update policy
    echo 'get -R "pool/Update Policy.pkg"' | ncftp $pkgserver; installer -verbose -target / -pkg "Update Policy.pkg"
    rm -R "Update Policy.pkg"
    ############# INSTALL MAC UPDATE COMBO ###################
    echo "Downloading and installing most recent Mac update combo package"
    #download and install the most recent combo update
    echo "get -R pool/MacOSXUpdCombo10.$macversion.Latest.pkg" | ncftp $pkgserver
    chmod -R u+x MacOSXUpdCombo10.$macversion.Latest.pkg
    installer -verbose -target / -pkg MacOSXUpdCombo10.$macversion.Latest.pkg
    rm -R MacOSXUpdCombo10.$macversion.Latest.pkg
    ############# INSTALL ADDITIONAL PACKAGES ###################
    echo "Downloading and installing additional post install packages"
    mkdir postinstall
    cd postinstall
    echo "get -R postinstall/common/*" | ncftp $pkgserver
    echo "get -R postinstall/10.$macversion/*" | ncftp $pkgserver
    chmod -R u+x *
    # save and change IFS
    OLDIFS=$IFS
    IFS=$'\n'
    # read all file names into an array
    fileArray=($(ls))
    # restore it
    IFS=$OLDIFS
    # get length of the array
    tLen=${#fileArray[@]}
    #install each package
    for (( i=0; i<${tLen}; i++ )); do
        installer -verbose -target / -pkg "${fileArray[$i]}"
    done
    cd ..
    rm -R postinstall
    ############# FINISH SETUP ASSISTANT ###################
    #load Policy Manager LaunchDaemon to run on boot
    launchctl load /Library/LaunchDaemons/au.edu.qld.blah.policymanager.plist
    #give time for policy to load
    sleep 2
    #set flag so OS X knows not to run Setup Assistant on next boot
    echo "<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">\n<plist version="1.0">\n<dict>\n <key>Address</key>\n <dict>\n <key>CountryName</key>\n <string>Australia</string>\n </dict>\n</dict>\n</plist>" > /var/db/.AppleSetupDone
    #set flag so blah Updater knows this machine's just been imaged
    echo "setup done" > /var/root/blahSetupDone
    #remove self
    rm /var/root/setup.sh
    echo "\nI will now reboot; please wait"
    say -v Victoria "I will now reboot; please wait"
    reboot

    mattn wrote:
    (1) You cannot run the installer program while booted into your primary partition; you must boot into the DVD. Restart the computer while holding down the C key until the DVD boots.
    This isn't true. The retail Snow Leopard DVD is designed to start the install procedure while started up normally. When you do this, after performing some checks on the target partition it writes some pre-install files to it before restarting automatically from the DVD. This speeds up the install procedure.
    (2) You cannot install Snow Leopard on this computer from a DVD that came with another computer; you must use, as it were, a free-standing commercial Snow Leopard installer DVD.
    The exception is, as Xian Rinpoche correctly surmised, a Mac model released after the currently available retail Snow Leopard DVD became available. The newest Macs require a later version of the OS than what is included on the retail DVD, which is why it won't work with the new i5 & i7 models. (See Don't install a version of Mac OS X earlier than that which came with your Mac for more about this.)
    As a general rule, use either the installer that came with the Mac on its grey system discs or a retail disc released after that Mac model was released. You can also refer to this handy chart of the OS version that ships with each Mac model.

  • Can't create blogs for users created in LDAP directory

    I have an LDAP directory set up on an Open Directory Master and use it for user management. I want to allow users to create blogs off of the main web site. However, when I try to create a blog, it won't authenticate to any of the LDAP users, only the local user (of which the administrator account for the server is the only one).
    LDAP directory users can access their personal websites, though (http://mydomain/~user).
    Does anyone have any ideas how I can get the blog portion of the web site to allow my LDAP users to create a blog?
    Thanks.

    Sorry, I should have mentioned I am using Leopard Server (10.5.5).

  • Problem with import statement for user created classe

    I recently downloaded J2sdk1.4.0_03 before that I had jdk1.3 and never had this problem.All the files other than named package I import for my
    application does not compile.But when I commented that out it work just fine.
    any help is appreciated

    thanks
    It makes sense not to import non-packaged class.
    My other problem is with JDBC ODBC.I have a Dell system with Windows XP.
    I registered my User Data Source to ODBC with MS Text driver(.txt , csv).When the code reaches at the .executeUpdate(CREAT TABLE CUSTOMERS)
    it throws an exception
    sQLException 3:java.sql.SQLException: [Microsoft][ODBC Text Driver] Cannot modify the design of table 'CUSTOMERS'. It is in a read-only database.
    Do I really need to change the attribues or some thing else.
    How can I chane the attributes of the database.Never had problem with windows 98.

  • "Password has expired" for user created via UME API

    Hi,
    I have written a service that processes new user accounts and uses the UME API to create them. The code works fine on my local Sneak Preview installation of EP6 SP16, allowing the created users to logon and forcing them to change their password on first login.
    When I try and run this code on EP6 SP14 it completes without generating any exceptions but when I try and login I get the message "Password has expired" and cannot login or change the users password.
    Does anyone know why?
    I have the following UME settings for both servers:
    ume.logon.security_policy.password_change_allowed = TRUE
    ume.logon.security_policy.password_change_required = TRUE
    ume.logon.security_policy.password_expire_days = 99999
    The SP14 server also uses LDAP to authenticate users primarily  and has the following setting:
    ume.persistence.data_source_configuration = dataSourceConfiguration_ads_deep_readonly_db.xml
    There are some other UME configuration differences but none that seem relevant to this problem.
    Can anyone suggest what the problem might be?
    Cheers,
    Steve Archer

    The Xp machine is fine acessing the mb
    its the macbook that is having a problem accessing the xp machine coz it says that the password has expired
    but there is no password for the user on the xp machine that i am trying to access from my mb
    so that would be:
    xp to mb = fine all working
    mb to xp = password expired even though no password required for the xp user

  • Getting error message for "user created how tos"  CS3

    I tried to create some new How Tos in CS3 and recieved the following error message when I try to open it:
    "The Adobe Help application could not load a URL because the specified file could not be found. You may need to re-install the application and the help component."
    If I access one of the ones created with CS2 it opens (I dragged them over from CS2, I have since removed CS2 from this computer, it's still on my laptop) I haven't tried creating them and importing them to this computer).
    I'm using Microsoft Office Word 2003 to save the How Tos as html files, and notepad to edit Add_001.howto file.
    Since I gotten this error, I reloaded CS3 Design Standard, it didn't fix the problem. Also I have ensured that the Add_001.howto file points to the right location (C:\Program Files\Adobe\Adobe Photoshop CS3\Help\additional how to content)and is in the right format:
    "John Shaws CS3" "47. A GLOSSARY OF IMAGING TERMS" 47.html (works).
    "Noise Ninja" "The Thirty Second Guide to Noise Ninja" Noise Ninja 001.html (doesn't work)
    The only thing new on the computer is a brand spanking new EVGA NVidia Geforce 9500GT PCI express(512 mb ddr2 dual DVI output) with the latest drivers. It replaced NVidia GeForce 6600GS and Matrox Millenium video cards (the Matrox). The new video card does not include some program that allows it to run MS-DOS programs, but I don't feel that is causing the problem.
    System Info:
    Photoshop CS3 10.0.1
    Computer: Gateway DX310X with Gateway FPD1975W and FPD1730 monitors
    Windows XP Media Center Edition, Service Pack 3
    Intel Pentium D proccessor
    1GB internal memory
    168GB of free space on hard drive.
    I hope I have given you suffiecient information to give me some possible solutions.
    Thanks
    Rick

    Mylenium
    Thanks for the assist.
    It isn't a Windows Indexing Service problem.
    It is an operator problem. As you pointed out the long name and spacing are the issue here.
    I changed the the Add_001.howto file from:
    "Noise Ninja" "The Thirty Second Guide to Noise Ninja" Noise Ninja 001.html
    to:
    "Noise Ninja" "The Thirty Second Guide to Noise Ninja" NN001.html
    I changed the file in the Additional How To Content folder, to match.
    And it works now.
    Now that I know what was wrong with my file names, I'll be able to get the various plugin help files/documents into Photoshop so I won't have to get out of it to get help on them.
    Thanks
    Rick

  • What happened to the maximum length option for user-created variables?

    In previous versions, I got a field to specify the maximum size when adding a new variable. In Captivate 7 this feature seems to be really well hidden, and I can't find it. It seems to me that I must still be able to expand this from the default of 15 characters, because you can still have a text entry box of more than 15 characters and bind its value to a user-defined variable. But mine are being truncated. Any help would be appreciated.

    Sorry, think you are bit confused. There was never a way to specify the maximum size of a variable when created, because that maximum size is 256. There is still a way to specify the length of a variable when inserting it in a text container (caption or shape) and it is in exactly the same location in CP7: when you insert the variable with the X button in the formatting accordion, in the dialog box. Previously maximum number of displayed characters was set at 15, now it is 50. If you have made a typo and talks about CP8 that same X is in Properties panel, Style tab, Character region:

  • Licence types for users creating and executing BW reports

    Hi Friends,
    Will users who are writing queries attract a full professional licence or a limited professional licence.
    Will users who are only executing queries need an ERP employee licence, limited professional or full professional licence?
    Thanks,
    Ramesh

    Hi,
    User who are executing the reports, they will have execute authorisation of the query only. They dont require full authorisation.
    Developer who created the query they will have full authorisation of the query.
    I am not getting what are you talking about License.Can you explain ??

  • Forgot password for users for whom challenge questions are not set

    Hi,
    I have a scenario here where initially the environment property for force setting challenge questions during first login was not set to true.
    But it has been set to true later. But for users created prior setting this property to true, the forgot password link is taking to a page to answer challenge questions which obviously is not working.
    Is there anyway to handle this scenario without doing ADF customization? For example say, to force all previous users also to set challenge questions for whom the challenge questions are not set.

    Hi, In your scenario, since user has forgotten his/her password and he has not set his answers to questions, so the only option left is calling Help Desk. Help desk guys should educate end users that go to OIM->My Information -> Set Security Questions. This is the only easy way I can think of.
    HTH,
    ~Abhishek

  • User Created RDP bookmarks on ASA

    How to configure ASA for user created bookmarks for RDP and VNC connections to their respective resources?

    hi,
    are you referring to RDP and VNC plug-ins for clientless SSL VPN?
    AFAIK, you can create bookmarks for HTTP/HTTPS, CIFS and FTP only.

  • How to create report for user in terminal licens

    Dear Sir,
    how to take report for terminal server license, I have windows 2008 r2, I am trying to create a report for cal per user license
    it is disable.
    windows 2008 r2
    workgroup
    citrix 6.5
    thanks
    saud alam
    saudalam

    Hi,
    Thank you for posting in Windows Server Forum.
    Agree with words of TP, to create per user CAL report server must be domain joined. You cannot create report in workgroup mode. Please check beneath article for guide.
    Track the Issuance of Remote Desktop Services Per User Client Access Licenses
    http://technet.microsoft.com/en-us/library/cc754625.aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • How to get the user created at and modified at properties for a site collection using powershell

    Hi guys, I Know how to get the list of users of a site collection by Get-SPUser cmdlet but hte problem is that this cmdlet doesnt give me the user Created at and modifed at properties 
    can any one tell me how to get these values via powershell???? 
    ps: ignore the 2013 screenshot.. i just want a way to get those values .. if you provide me solution in either 2010 or 2013 , i will crack the other..
    plz guys help me ...

    Get the User Information list and then get the user from that list
    $web = Get-SPWeb "siteUrl"
    $userInfoList = $web.SiteUserInfoList
    $userItem = $userInfoList.Items[0]; #0 here is just for demonstration. You take the user you want here or loop through all users.
    $created = $userItem["Created"]
    $modified = $userItem["Modified"]

  • How to get the user created when I prepare for the BD Identity Manager

    Hi I have a query, I need to get a backup database Identity Manager 9.1, I have a problem I do not remember user created to perform the backup, how can you know that I created when I made the installation of Identity Manager, or how can I find

    Hi,
    You can do this trick:
    1) Go to "Deployment Manager" in the Web Console, and open the EXPORT applet
    2) Export the User Defined Fields from the USR form. You don't need any dependence for this.
    3) Open the generated XML with a text editor.
    3) Search for the <SDK_SCHEMA> tag
    This tag contains the OIM schema name, wich shoud be your OIM database user.
    Hope it helps,

Maybe you are looking for