CAL for users created in AD
Is CAL license required for each users created in Active Directory ?
All users in AD need a cal, because it is assumed that all the users will be using the Active Directory to authenticate. Using any service from server needs a CAL. Also bear in mind that even devices which access the servers need CAL (Device CALS).
Reg,
Darshan
Similar Messages
-
Email notification for user created through reconciliation in OIM
Hi..
I have done the following configurations for email notification when user is created through reconciliation in OIM
Configuring IT Resource
Name Email Server
Type Mail Server
Authentication FALSE
Server Name *.*.*.*
Username
Password
Creating email definition with the following values
Name Create User Email Notification
Type Provisioning Related
Language en
Region US
Object Name Xellerate User
Process name Xellerate User
From User
User Login Xelsysadm
Subject User Created
Add Email notification in a new process task with name Notify
Process definition Xellerate User
Task Notify
Disable Manual Insert Enable
Required for Completion Enable
Allow Cancellation while Pending Enable
Handler Name tcComplete Task
Assignment Rule Default
Target Type User
User Xelsysadm
Email name Create User Email Notification
Send Email Enable
Notification Assignee Enable
Email Create User Email Notification
Status Completed
Xelsysadm has a valid email id. Now when I am reconciling any user, two mail notifications are being sent. Not able to know from where these two notifications are being triggered.
Am i suppose to make any changes in the configurations?
Edited by: Amruta Agarwal on Sep 28, 2011 4:21 AMSorry re-read your issue again. I believe there are two notifications because you have added your notify task in the process definition and OIM OOTB sends a notification when a user is recon'd. Thus remove your task or disable the OOTB notification. The property is Recon.SEND_NOTIFICATION
HTH,
BB
Edited by: bbagaria on Oct 7, 2011 9:13 AM -
Premission settings for users creating files and folder on my XServe
I am setting up a new Xserve and we are basically using it as a file server. I have a user that logs on creates and new folder and a file. When any one else opens that file it is READ ONLY. What do I need to do to make it so when any of my users create a file or folder on the server any one of my users can have READ/WRITE permission to the files?
Can you elaborate? I am not aware of any m3u playlist being present but maybe there is. I have done this many times before. I move tons of files around in my music folder, add/delete/change, and rather than have iTunes try to figure it all out again, I just remove everything out of iTunes and add my entire folder back. I've done it probably 50 times in the past and now, when I do it, it's creating playlists for every single folder or album or something, just as the original poster has described. I do not like the behavior and would like to turn it off now! I'm on Mac so iTunes Folder Watch will not work for me. Any suggestions?
-
NetInstall - Grey screen after logging in for user created during install
I am creating a NetInstall of 10.8 for mass deployment in my workplace. I am currently having difficulty with a user account that was created by a script that runs in place of the Setup Assistant.
I am trying to skip the Setup Assistant, and as such, the script touches the /var/db/.AppleSetupDone file (which doesn't exist at this point).
This works, with the installation progressing straight on to the login screen where the user 'administrator' has been created, and is available for login.
However, when the user logs in, they are presented with a grey screen & the mouse cursor. No dock, desktop, no finder menu bar.
I am at a loss as to what is going wrong as this had worked perfectly fine in the developer preview.
The script is as below: (certain sections have been removed for security purposes)
Any pointers would be much appreciated.
#!/bin/sh
############# SET VARIABLES ###################
. /etc/rc.common
#set primary network interface
interface=`netstat -r -f inet | awk '/default/{print $6}' | head -1`
#set server address for packages
pkgserver='macimaging.blah.qld.edu.au'
#Get default route's interface's ip address
ip=`ifconfig $interface | grep "inet 10." | sed -e 's/^.*inet 10/10/' -e 's/ netmask.*$//'`
#get version number of Mac OS X
macversion=`sw_vers | awk '/^ProductVersion/{split($2, MINOR, "."); print MINOR[2]}'`
############# CHECK ADMIN PASSWORD ###################
shadow=blah
i=0
# initialise variable
passwd=""
# if machine is set to automatically image
if [ `nvram -p | grep -c reimage-key` -eq 1 ]; then
# remove verbose boot arguments from nvram
nvram -d boot-args
# collect admin password
passwd=`nvram reimage-key | awk '{print $2}' | openssl enc -aes-256-cbc -pass "pass:Aut0mat1cR31mag3" -a -d`
# check it was successfully decrypted
if [ $? -ne 0 ]; then
osascript -e beep
echo "Automatic imaging key failed. Press enter to continue."
read
passwd=""
fi
# remove key from nvram
nvram -d reimage-key
fi
# if the admin password wasn't successfully collected
if [ "$passwd" = "" ]; then
#clear the screen
clear
say -v Victoria "Please enter the Administrator's password"
while [ $i = 0 ]
do
echo "Please enter Administrator's password: (Note: Input is hidden)"
#read password from stin but don't show
stty_orig=`stty -g`
stty -echo
read passwd
stty $stty_orig
hash=`echo $passwd | shasum -a 512 | awk '{print $1}'`
if [ $shadow = $hash ]; then
#password is correct; continue with setup
i=1
else
echo "Incorrect. Please try again"
fi
done
fi
#clear the screen
clear
echo "Log:"
############# SET EFI PASSWORD ###################
echo "Setting EFI password"
#to create a new EFI password, initially set it on a test machine with the GUI utility, then extract its value with: `nvram -p | awk '/security-password/{print $2}'`. Put that value in this command (also replacing our admin password) to generate hash for below: `echo "pass_from_nvram" | openssl enc -aes-256-cbc -pass "pass:ourcurrentadminpassword" -a`
nvshadow=`echo "blah" | openssl enc -aes-256-cbc -pass "pass:$passwd" -a -d`
nvram security-mode=command
nvram security-password=$nvshadow
#reset running variable for security
nvshadow=""
############# GENERATE RC SHADOW FILE ###################
#if you don't know how the following lines work, get a pillow ready for screaming into
#the admin key (which is decrypted below) is used to decrypt publicly distributed packages to change the admin account's password (without having the password in the package in clear text)
decypted_admin_private_key=`echo "blah" | openssl enc -aes-256-cbc -pass "pass:$passwd" -a -d`
admin_private_key_hash=`echo "$decypted_admin_private_key" | shasum -a 512 | awk '{print $1}'`
echo "$admin_private_key_hash $decypted_admin_private_key" >> /var/root/RC_admin_private_key
chmod 600 /var/root/RC_admin_private_key
#this keeps a record of the administrator password set on imaging
RC_admin_pass_hash=`echo "$passwd" | shasum -a 512 | awk '{print $1}'`
RC_admin_pass_encrypted=`echo "$passwd" | openssl enc -aes-256-cbc -pass "pass:$decypted_admin_private_key" -a`
echo "$RC_admin_pass_hash $RC_admin_pass_encrypted" >> /var/root/RC_admin_shadow
#a few security measures
chmod 600 /var/root/RC_admin_shadow
RC_admin_pass_encrypted=""
decypted_admin_private_key=""
############# SETUP PARTITIONS ###################
echo "Updating file system table to mount data partition on boot for user accounts"
#Find if Home or Data partition exists (N.B. If Bootcamp is used the following awk commands need to be modified to only look for [Hh]ome and not [Dd]ata)
partname=`diskutil list | awk '/([Hh]ome)|([Dd]ata)/{print $3}' | head -1`
partdev=`diskutil list | awk '/([Hh]ome)|([Dd]ata)/{print $6}' | head -1`
#If a Data partition exists
if [ "$partdev" ]; then
#Mount it on boot to /Users
echo "LABEL=$partname /Users hfs rw" > /etc/fstab
#mount Data drive to /Users
diskutil umount /dev/$partdev
mount -t hfs /dev/$partdev /Users
fi
############# CREATE ADMIN ACCOUNT ###################
echo "Creating Administrator account"
#create administrator account
dscl . create /Users/administrator
dscl . create /Users/administrator RealName "Administrator"
dscl . create /Users/administrator PrimaryGroupID 20
dscl . create /Users/administrator UniqueID 501
dscl . create /Users/administrator NFSHomeDirectory /Users/administrator
dscl . create /Users/administrator UserShell /bin/bash
dscl . passwd /Users/administrator $passwd
dscl . append /Groups/admin GroupMembership administrator
dscl . append /Groups/_lpadmin GroupMembership administrator
dscl . append /Groups/admin GroupMembership administrator
dscl . create /Users/administrator picture "/Library/User Pictures/Sports/8ball.tif"
dscl . delete /Users/administrator jpegphoto
#reset running variable for security
passwd=""
############# SET blah NETWORK LOCATION ###################
echo "Setting up blah network location"
networksetup -createlocation blah populate
networksetup -switchtolocation blah
echo ""
############# SET HOSTNAME ###################
sleep 10
dhcphostname=`host $ip | sed -e 's/^.* domain name pointer //' -e 's/\..*blah.*$//' -e 's/-wstudent$//' -e 's/-wstaff$//'`
#while [ $? -ne 0 ]
#do
# sleep 5
# dhcphostname=`host $ip | sed -e 's/^.* domain name pointer //' -e 's/\..*blah.*$//' -e 's/-wstudent$//' -e 's/-wstaff$//'`
#done
echo "Setting host name"
#set host name from dhcp
scutil --set HostName "$dhcphostname"
scutil --set LocalHostName "$dhcphostname"
systemsetup -setcomputername "$dhcphostname"
############# SET TIME ###################
echo "Setting time zone"
#set time zone
systemsetup -settimezone Australia/Brisbane
#set system's locale
echo "Setting system's locale"
defaults write "Apple Global Domain" AppleLocale "en_AU"
echo "Syncing with time server"
#sync time with local time server
ntpdate ntp.blah.qld.edu.au
############# INSTALL FTP CLIENT ###################
echo "Downloading and installing ftp client"
curl -O ftp://$pkgserver/install/ncftp.tar.gz
tar -xzf ncftp.tar.gz -C /usr/bin/
rm ncftp.tar.gz
############# INSTALL POLICY MANAGER AND UPDATE POLICY ###################
echo "Downloading and installing Policy Manager"
#download and install policy manager
echo 'get -R "pool/Policy Manager.pkg"' | ncftp $pkgserver; installer -verbose -target / -pkg "Policy Manager.pkg"
rm -R "Policy Manager.pkg"
echo "Downloading and installing Update Policy"
#download and install update policy
echo 'get -R "pool/Update Policy.pkg"' | ncftp $pkgserver; installer -verbose -target / -pkg "Update Policy.pkg"
rm -R "Update Policy.pkg"
############# INSTALL MAC UPDATE COMBO ###################
echo "Downloading and installing most recent Mac update combo package"
#download and install the most recent combo update
echo "get -R pool/MacOSXUpdCombo10.$macversion.Latest.pkg" | ncftp $pkgserver
chmod -R u+x MacOSXUpdCombo10.$macversion.Latest.pkg
installer -verbose -target / -pkg MacOSXUpdCombo10.$macversion.Latest.pkg
rm -R MacOSXUpdCombo10.$macversion.Latest.pkg
############# INSTALL ADDITIONAL PACKAGES ###################
echo "Downloading and installing additional post install packages"
mkdir postinstall
cd postinstall
echo "get -R postinstall/common/*" | ncftp $pkgserver
echo "get -R postinstall/10.$macversion/*" | ncftp $pkgserver
chmod -R u+x *
# save and change IFS
OLDIFS=$IFS
IFS=$'\n'
# read all file names into an array
fileArray=($(ls))
# restore it
IFS=$OLDIFS
# get length of the array
tLen=${#fileArray[@]}
#install each package
for (( i=0; i<${tLen}; i++ )); do
installer -verbose -target / -pkg "${fileArray[$i]}"
done
cd ..
rm -R postinstall
############# FINISH SETUP ASSISTANT ###################
#load Policy Manager LaunchDaemon to run on boot
launchctl load /Library/LaunchDaemons/au.edu.qld.blah.policymanager.plist
#give time for policy to load
sleep 2
#set flag so OS X knows not to run Setup Assistant on next boot
echo "<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">\n<plist version="1.0">\n<dict>\n <key>Address</key>\n <dict>\n <key>CountryName</key>\n <string>Australia</string>\n </dict>\n</dict>\n</plist>" > /var/db/.AppleSetupDone
#set flag so blah Updater knows this machine's just been imaged
echo "setup done" > /var/root/blahSetupDone
#remove self
rm /var/root/setup.sh
echo "\nI will now reboot; please wait"
say -v Victoria "I will now reboot; please wait"
rebootmattn wrote:
(1) You cannot run the installer program while booted into your primary partition; you must boot into the DVD. Restart the computer while holding down the C key until the DVD boots.
This isn't true. The retail Snow Leopard DVD is designed to start the install procedure while started up normally. When you do this, after performing some checks on the target partition it writes some pre-install files to it before restarting automatically from the DVD. This speeds up the install procedure.
(2) You cannot install Snow Leopard on this computer from a DVD that came with another computer; you must use, as it were, a free-standing commercial Snow Leopard installer DVD.
The exception is, as Xian Rinpoche correctly surmised, a Mac model released after the currently available retail Snow Leopard DVD became available. The newest Macs require a later version of the OS than what is included on the retail DVD, which is why it won't work with the new i5 & i7 models. (See Don't install a version of Mac OS X earlier than that which came with your Mac for more about this.)
As a general rule, use either the installer that came with the Mac on its grey system discs or a retail disc released after that Mac model was released. You can also refer to this handy chart of the OS version that ships with each Mac model. -
Can't create blogs for users created in LDAP directory
I have an LDAP directory set up on an Open Directory Master and use it for user management. I want to allow users to create blogs off of the main web site. However, when I try to create a blog, it won't authenticate to any of the LDAP users, only the local user (of which the administrator account for the server is the only one).
LDAP directory users can access their personal websites, though (http://mydomain/~user).
Does anyone have any ideas how I can get the blog portion of the web site to allow my LDAP users to create a blog?
Thanks.Sorry, I should have mentioned I am using Leopard Server (10.5.5).
-
Problem with import statement for user created classe
I recently downloaded J2sdk1.4.0_03 before that I had jdk1.3 and never had this problem.All the files other than named package I import for my
application does not compile.But when I commented that out it work just fine.
any help is appreciatedthanks
It makes sense not to import non-packaged class.
My other problem is with JDBC ODBC.I have a Dell system with Windows XP.
I registered my User Data Source to ODBC with MS Text driver(.txt , csv).When the code reaches at the .executeUpdate(CREAT TABLE CUSTOMERS)
it throws an exception
sQLException 3:java.sql.SQLException: [Microsoft][ODBC Text Driver] Cannot modify the design of table 'CUSTOMERS'. It is in a read-only database.
Do I really need to change the attribues or some thing else.
How can I chane the attributes of the database.Never had problem with windows 98. -
"Password has expired" for user created via UME API
Hi,
I have written a service that processes new user accounts and uses the UME API to create them. The code works fine on my local Sneak Preview installation of EP6 SP16, allowing the created users to logon and forcing them to change their password on first login.
When I try and run this code on EP6 SP14 it completes without generating any exceptions but when I try and login I get the message "Password has expired" and cannot login or change the users password.
Does anyone know why?
I have the following UME settings for both servers:
ume.logon.security_policy.password_change_allowed = TRUE
ume.logon.security_policy.password_change_required = TRUE
ume.logon.security_policy.password_expire_days = 99999
The SP14 server also uses LDAP to authenticate users primarily and has the following setting:
ume.persistence.data_source_configuration = dataSourceConfiguration_ads_deep_readonly_db.xml
There are some other UME configuration differences but none that seem relevant to this problem.
Can anyone suggest what the problem might be?
Cheers,
Steve ArcherThe Xp machine is fine acessing the mb
its the macbook that is having a problem accessing the xp machine coz it says that the password has expired
but there is no password for the user on the xp machine that i am trying to access from my mb
so that would be:
xp to mb = fine all working
mb to xp = password expired even though no password required for the xp user -
Getting error message for "user created how tos" CS3
I tried to create some new How Tos in CS3 and recieved the following error message when I try to open it:
"The Adobe Help application could not load a URL because the specified file could not be found. You may need to re-install the application and the help component."
If I access one of the ones created with CS2 it opens (I dragged them over from CS2, I have since removed CS2 from this computer, it's still on my laptop) I haven't tried creating them and importing them to this computer).
I'm using Microsoft Office Word 2003 to save the How Tos as html files, and notepad to edit Add_001.howto file.
Since I gotten this error, I reloaded CS3 Design Standard, it didn't fix the problem. Also I have ensured that the Add_001.howto file points to the right location (C:\Program Files\Adobe\Adobe Photoshop CS3\Help\additional how to content)and is in the right format:
"John Shaws CS3" "47. A GLOSSARY OF IMAGING TERMS" 47.html (works).
"Noise Ninja" "The Thirty Second Guide to Noise Ninja" Noise Ninja 001.html (doesn't work)
The only thing new on the computer is a brand spanking new EVGA NVidia Geforce 9500GT PCI express(512 mb ddr2 dual DVI output) with the latest drivers. It replaced NVidia GeForce 6600GS and Matrox Millenium video cards (the Matrox). The new video card does not include some program that allows it to run MS-DOS programs, but I don't feel that is causing the problem.
System Info:
Photoshop CS3 10.0.1
Computer: Gateway DX310X with Gateway FPD1975W and FPD1730 monitors
Windows XP Media Center Edition, Service Pack 3
Intel Pentium D proccessor
1GB internal memory
168GB of free space on hard drive.
I hope I have given you suffiecient information to give me some possible solutions.
Thanks
RickMylenium
Thanks for the assist.
It isn't a Windows Indexing Service problem.
It is an operator problem. As you pointed out the long name and spacing are the issue here.
I changed the the Add_001.howto file from:
"Noise Ninja" "The Thirty Second Guide to Noise Ninja" Noise Ninja 001.html
to:
"Noise Ninja" "The Thirty Second Guide to Noise Ninja" NN001.html
I changed the file in the Additional How To Content folder, to match.
And it works now.
Now that I know what was wrong with my file names, I'll be able to get the various plugin help files/documents into Photoshop so I won't have to get out of it to get help on them.
Thanks
Rick -
What happened to the maximum length option for user-created variables?
In previous versions, I got a field to specify the maximum size when adding a new variable. In Captivate 7 this feature seems to be really well hidden, and I can't find it. It seems to me that I must still be able to expand this from the default of 15 characters, because you can still have a text entry box of more than 15 characters and bind its value to a user-defined variable. But mine are being truncated. Any help would be appreciated.
Sorry, think you are bit confused. There was never a way to specify the maximum size of a variable when created, because that maximum size is 256. There is still a way to specify the length of a variable when inserting it in a text container (caption or shape) and it is in exactly the same location in CP7: when you insert the variable with the X button in the formatting accordion, in the dialog box. Previously maximum number of displayed characters was set at 15, now it is 50. If you have made a typo and talks about CP8 that same X is in Properties panel, Style tab, Character region:
-
Licence types for users creating and executing BW reports
Hi Friends,
Will users who are writing queries attract a full professional licence or a limited professional licence.
Will users who are only executing queries need an ERP employee licence, limited professional or full professional licence?
Thanks,
RameshHi,
User who are executing the reports, they will have execute authorisation of the query only. They dont require full authorisation.
Developer who created the query they will have full authorisation of the query.
I am not getting what are you talking about License.Can you explain ?? -
Forgot password for users for whom challenge questions are not set
Hi,
I have a scenario here where initially the environment property for force setting challenge questions during first login was not set to true.
But it has been set to true later. But for users created prior setting this property to true, the forgot password link is taking to a page to answer challenge questions which obviously is not working.
Is there anyway to handle this scenario without doing ADF customization? For example say, to force all previous users also to set challenge questions for whom the challenge questions are not set.Hi, In your scenario, since user has forgotten his/her password and he has not set his answers to questions, so the only option left is calling Help Desk. Help desk guys should educate end users that go to OIM->My Information -> Set Security Questions. This is the only easy way I can think of.
HTH,
~Abhishek -
User Created RDP bookmarks on ASA
How to configure ASA for user created bookmarks for RDP and VNC connections to their respective resources?
hi,
are you referring to RDP and VNC plug-ins for clientless SSL VPN?
AFAIK, you can create bookmarks for HTTP/HTTPS, CIFS and FTP only. -
How to create report for user in terminal licens
Dear Sir,
how to take report for terminal server license, I have windows 2008 r2, I am trying to create a report for cal per user license
it is disable.
windows 2008 r2
workgroup
citrix 6.5
thanks
saud alam
saudalamHi,
Thank you for posting in Windows Server Forum.
Agree with words of TP, to create per user CAL report server must be domain joined. You cannot create report in workgroup mode. Please check beneath article for guide.
Track the Issuance of Remote Desktop Services Per User Client Access Licenses
http://technet.microsoft.com/en-us/library/cc754625.aspx
Hope it helps!
Thanks.
Dharmesh Solanki -
How to get the user created at and modified at properties for a site collection using powershell
Hi guys, I Know how to get the list of users of a site collection by Get-SPUser cmdlet but hte problem is that this cmdlet doesnt give me the user Created at and modifed at properties
can any one tell me how to get these values via powershell????
ps: ignore the 2013 screenshot.. i just want a way to get those values .. if you provide me solution in either 2010 or 2013 , i will crack the other..
plz guys help me ...Get the User Information list and then get the user from that list
$web = Get-SPWeb "siteUrl"
$userInfoList = $web.SiteUserInfoList
$userItem = $userInfoList.Items[0]; #0 here is just for demonstration. You take the user you want here or loop through all users.
$created = $userItem["Created"]
$modified = $userItem["Modified"] -
How to get the user created when I prepare for the BD Identity Manager
Hi I have a query, I need to get a backup database Identity Manager 9.1, I have a problem I do not remember user created to perform the backup, how can you know that I created when I made the installation of Identity Manager, or how can I find
Hi,
You can do this trick:
1) Go to "Deployment Manager" in the Web Console, and open the EXPORT applet
2) Export the User Defined Fields from the USR form. You don't need any dependence for this.
3) Open the generated XML with a text editor.
3) Search for the <SDK_SCHEMA> tag
This tag contains the OIM schema name, wich shoud be your OIM database user.
Hope it helps,
Maybe you are looking for
-
My 3G iphone only loads few apps since I updated and the camera doen't work anymore, what now. Tried to reset to original settings and now it won't load apps, even old ones.
-
Every time i download an app it keeps going on my other ios devices how do i stop this
how do i solve this
-
Revaluate Depreciation for an asset in prior years
Hi, I have a problem with a couple of assets. We are using 2 depreciation areas - one for statutory depreciation that is posted against GL accounts and one for fiscal purposes, which is only statistical. For some assets the depreciation key in the al
-
Print to RGB PDF from Freehand
Hi everyone, I have been trying to work this out for a while but am only a geologist using the software for drafting purposes. I have Freehand MX on Windows XP, with Adobe acrobat 9 installed. When I print to PDF from Freehand it usually converts the
-
Why do I have to pay line rental when I have FTTP?
I don't understand why am I paying for a phone line when I have FTTP (Fibre to the premisies)? that's over £160 a year and I don't even use the copper wiring, and I certainly don't need or want a phone line.