Checking against multiple domains

Hi all
The script below works perfectly fine, but I feel there is a better way to write it/condense it. We have a list of nearly 2,800 servers that we have to confirm which of the 8 domains they belong to. When I run this script from the root domain it checks against
that domain and, if not a part of the root domain, then moves onto the first child domain, and then the next child domain, and so on.
$servers = Get-Content c:\scripts\servers.txt
foreach ($server in $servers){
If (test-connection $server){
write-host "Checking which domain $server is part of..."
try {
$a = Get-ADComputer -Identity $server
Write-Host "$server is member of rootdomain"
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
try {
$a = Get-ADComputer -Identity $server -server childdomain1
Write-Host "$server is member of childdomain1"
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
try {
$a = Get-ADComputer -Identity $server -server childdomain2
Write-Host "$server is member of childdomain2"
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{
try {
$a = Get-ADComputer -Identity $server -server childdomain3
Write-Host "$server is member of childdomain3"
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{
Write-Host "$server not found on any domain"
}Else{
Write-Host "$server not responding"
That's a lot of Try/Catch when you have 7 child domains, so I was wondering if there was a way to check against multiple domains in a better way.
~Rick

While the method you suggest is easier if the list was flat, the list I am using is dynamic and the script will run against it every night. Essentially, it pulls from an XLS sheet in column A (hostname), looks to see if column B (domain) is empty, and if
it is empty it then runs the script to pull specific details about the server. Once it captures the info it then populates the spreadsheet with the required details (IP, # of CPU cores, memory, storage size, OS, service pack, DNS details, etc...).
Unfortunately we don't have SCCM to do something like this. The portion I copied above is just a small snip-it from the real script. I was hoping to simplify that portion so I could condense the script a little more.

Similar Messages

How to use the Load Balancer Plug-in to serve multiple domains

In SJSAS8.1 SE/EE the asadmin commands that create and maintain a load balancer configuration operate within a domain. When the load balancer configuration is exported an xml file is created that contains all the information for that domain. To make the load balancer plug-in balance the load for multiple domains, the loadbalancer.xml files can be manually merged to conatin the data that is exported from each domain's load balancer configuration.
For example, 2 domains are created, both having a load balancing configuration. After exporting both configurations using the asadmin export-http-lb-config command, the user would then cut and past the cluster information into the single loadbalancer.xml file that resides under the web server's config directory.
An example of the manually merged loadbalancer.xml file follows:
<?xml version="1.0" encoding="UTF-8"?>
<loadbalancer>
<cluster name="domain1">
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1026 https://localhost:38181" name="i1"/>
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1027 https://localhost:38182" name="i2"/>
<web-module context-root="ab" disable-timeout-in-minutes="30" enabled="true"/>
<health-checker interval-in-seconds="5" timeout-in-seconds="60" url="/"/>
</cluster>
<cluster name="domain2">
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1029 https://localhost:38189" name="i3"/>
<instance disable-timeout-in-minutes="30" enabled="true" listeners="http://localhost:1030 https://localhost:38188" name="i4"/>
<web-module context-root="webservice" disable-timeout-in-minutes="30" enabled="true"/>
<health-checker interval-in-seconds="5" timeout-in-seconds="60" url="/"/>
</cluster>
<property name="response-timeout-in-seconds" value="60"/>
<property name="reload-poll-interval-in-seconds" value="5"/>
<property name="https-routing" value="false"/>
<property name="require-monitor-data" value="false"/>
<property name="route-cookie-enabled" value="true"/>
</loadbalancer>
Hope this helps - Mark

Mark, be my savior, I work for SUN as subcontractor at client site. the only one at site ...so I depend on this forum for solutions........
still having trouble failingover to second instance. I have two AccessManagers behind this loadbalancer.
Here is what I saw......
**************LOGS**********************
[20/Jun/2005:14:22:47] failure (15102): for host 128.114.65.13 trying to GET /amconsole/base/AMA
dminFrame, service-passthrough reports: timed out waiting for request body
[20/Jun/2005:14:22:47] warning (15102): reports: lb.runtime: ROUT1014: Non-idempotent request /
amconsole/base/AMAdminFrame cannot be retried.
So I went and updated the loadbalancer.xml (see at the end of the msg). Now I get a different kind of problem...
**************LOGS******************************
[20/Jun/2005:15:25:18] failure (15295): for host 128.114.65.13 trying to GET /amconsole/base/AMA
dminFrame, service-passthrough reports: timed out waiting for request body
[20/Jun/2005:15:25:18] info (15295): reports: lb.runtime: RNTM3003 : Error servicing the request : NoVal
Here is my loadbalancer.xml file...
<loadbalancer>
<cluster name="cluster1">
<instance name="instance1" enabled="true" disable-timeout-in-minutes="1" listeners="http://idm-test-1.ucsc.
edu:80 "/>
<instance name="instance2" enabled="true" disable-timeout-in-minutes="1" listeners="http://idm-test-2.ucsc.
edu:80 "/>
<web-module context-root="amconsole" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lber
ror.html" >
<idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
</web-module>
<web-module context-root="amserver" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lberr
or.html" >
<idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
</web-module>
<web-module context-root="ampassword" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lb
error.html" />
<web-module context-root="amcommon" disable-timeout-in-minutes="1" enabled="true" error-url="sun-http-lberr
or.html" >
<idempotent-url-pattern url-pattern="/*" no-of-retries="3" />
</web-module>
<health-checker url="/" interval-in-seconds="15" timeout-in-seconds="2" />
</cluster>
<property name="reload-poll-interval-in-seconds" value="60"/>
<property name="response-timeout-in-seconds" value="30"/>
<property name="https-routing" value="false"/>
<property name="require-monitor-data" value="true"/>
<property name="active-healthcheck-enabled" value="true"/>
<property name="number-healthcheck-retries" value="3"/>
<property name="route-cookie-enabled" value="true" />
</loadbalancer>
**************************************************************

LDAP Authentication - Multiple Domains

I want to be able to use the built in LDAP Authentication scheme to allow authentication against multiple AD Domains... each with it's own separate Host IP/Server, and LDAP DN String. The User ID is formated the same among all Domains, so that is not a concern. I am currently authenticating against one Domain and it scans the tree successfully.
Host: xx.xx.xx.xx
DN String: %LDAP_USER%@amer.globalco.net
(amer.globalco.net is the domain)
How can this be accomplished? Is it possible all you guru's out there?
I saw one forum thread discussing how to add a drop down list to the login page, then use the value of the page item in the DN String to specify Domain... That makes sense - HOWEVER - I also have to use a different Host Server / IP address for each domain as well.... Now that is 2 fields that need updating based on one select list.
I can build the select list using "IP/Domain" - but how do I separate the two data bits in the ITEM Value into their own field values?
Can I use the ldap_dnprep function to do text editing to create two field values from one ITEM value that I can use in the standard LDAP authentication form fields?
As you can tell - I am not a SQL/PLSQL person... and I want to avoid creating my own LDAP scheme.
Please include example/suggested SQL -
Thanks in advance...
Rich
Apex v3.2.1
Oracle 10G Express

Based on prior post I had similar question and the result was to write custom auth scheme to read the values from the login page, perform auth against appropriate ldap, then return a valid session to proceed with login in apex app. In our case, the issue was having users is different branch nodes on the same ldap server but not being able to search from a common higher-level branch for some reason...
Another option you could try, not recommended as it would mean multiple pages to maintain, would be a separate login page per ldap/domain, maybe would even have to multiple apps with just a login page and then redirect to the main app... been a really long time since i've tried anything like it, just giving some options to try.

Messed with multiple Domains... Big Problems

I have posted on this topic because I was experiencing very slow save times and publishing times.
I had 20+ sites created in iWeb, many of which have large photo galleries.
Wanting to solve this problem, I tried a couple of techniques to start with a fresh Domain.
I tried duplicating the existing Domain and deleting the sites I didnt want in Domain 2.
Problem was this retained the massive "Albums" folder within iWeb package content.
The sites didnt show in the iWeb interface but the new Domain was giant (1.9 gigs) and saving and publishing still took forever.
So I went into the Domain 2 package contents and deleted the Albums for the sites I didnt want in my new Domain.
Well then Domain saved and published nice and fast as I expected it to.
Thing is...
Now all of my previous sites from the old Domain are broken when you attempt to view them on the web.
They all look fine when I look at them in iWeb by opening their files in iWeb.
My original Domain is still intact where I have stored it on my computer.
When I check my iDisk, I can see that my old websites are there but their Media folders are completely empty.
Sooo... how do I fix this situation?
I realize I brought this upon myself but I was trying to do what I have got to believe is doable.
I want to have multiple Domains so I can work more efficiently.
Surely I dont have to be saddled with updating a 1.9 gig Domain every time I publish to iWeb.

You're only putting the domain file(s) in the trash to prevent iWeb opening them so that it will be forced to created a new blank domain file. Then drag it out and store it in a folder.
Individual domain files are opened in Iweb by double clicking them.
Splitting domain files with multiple sites is not recommended. You're only leaving yourself open to file corruption and other problems some where down the line.
Start each new site on a blank domain file and store it in its own folder.

Auto-mapping across multiple domains

I originally posted this in an O365 Exchange forum and was redirected here. Any help is appreciated.
Single E1/E3 O365 account with multiple domains having hosted email. Automapping is working correctly only if the shared mailbox is from the first domain added to O365. The other 4 domains that were added to O365 are not able to utilize automapping.
I have recreated Outlook profiles, removed and recreated permissions with PowerShell and the O365 GUI. I also looked at the DNS settings required for O365 to work properly and everything looks correct. Mail is being delivered, Lync is working,
Example: [email protected] has full access to [email protected]'s mailbox. Automapping does not work and UserA is prompted to provide credentials to log into UserB's mailbox.
Any thoughts on why automapping would be failing across domains?

Hi,
Generally, if the Automapping works, the msExchDelegateListLink value for the shared mailbox should contains all users who have full access permission to this shared mailbox. Please follow these steps to check this value:
1. Open Active Directory Users and Computers.
2. In Users, right-click the shared mailbox > Properties.
3. In Attribute Editor tab, double click msExchDelegateListLink attribute.
4. Make sure all users who have full access permissions are listed in the Values field.
Regards,
Winnie Liang
TechNet Community Support

Delivery against multiple PO

Dear all,
I want to create delivry against PO and i am using GN_DELIVERY_CREATE . Plz tell me can i use it to create delivery against multiple PO . Plz suggest some small example.

Hi,
I am little bit disappointed since I did not get even a single reply for the issue that I raised. Anyways finally after couple of days debugging VL10d and going thru SAP support website I found couple of solutions. Here it is in case anybody else needs it in the future.
I am using solution 2 below.
Solution 1.
From SAP portal website u2013 Apply SAP note 386340 (Grouping purchase orders into one delivery using VL10*)
Note- This solution will affect all your plants and delivery types that is using VL10d transaction or any other transactions calling FM GN_DELIVERY_CREATE
Solution 2.
This is the solution that I am using and it is done by implementing BADI u2018LE_SHP_GN_DLV_CREATEu2019 method MOVE_KOMDLGN_TO_LIKP.
1) Here I am checking for two fields (IS_XKOMDLGN-WERKS and IS_XKOMDLGN-LFART) are equal to the plant and delivery type that I need to combine deliveries for.
2) If step 1 above is true then I am updating the header structure CS_LIKP-LFDAT (delivery date) to todays date (sy-datlo).
Thanks
SHR.

Announcing the availability of enabling Windows Server 2012 R2 Essentials' integration of Microsoft online services in environments with multiple domain controllers

In Windows Server Essentials 2012 R2, all of our online services integration features, including Azure Active Directory and Office 365, are supported only in environments that
have a single domain controller. In environments with more than one domain controller, integration of these services is blocked due limitations in the user account and password synchronization mechanism in Windows Server Essentials.
I am happy to announce that with the recent Windows August Update released on (8/12/2014, PST), this limitation has been removed. This update adds support for both Azure
Active Directory integration and Office 365 integration features in domain environments consisting of a single domain controller, multiple domain controllers, or Windows Server Essentials as a domain member server.
For more information, please go to
http://support.microsoft.com/kb/2974308

Hi JoeBeck,
Thanks for the comment. Could you please tell which link you clicked to download?
Please go to PinPoint check details and start download
http://pinpoint.microsoft.com/en-US/applications/Dynamics-CRM-Online-Add-in-12884966386
Thanks,
Shanghai Wicresoft

How do I get certificate authentication working across multiple domains?

Hi,
I've got LC ES2 set up for certificate authentication and when there's only one domain (with a single certificate mapping set up), it works fine.
However would like to have multiple domains (application specific), with a small set of administrator type users who manage all of the domains.
To test, I've set up two domains, with the admin users in one and the normal users in the other.
I've set up two certificate mapping rules (both for the same CA), one for each domain.
However LC will only authenticate users who are matched using the first certificate mapping rule.
Has anyone else seen/tried this? Have I missed something obvious?
For the moment I'm going to have to work with a single domain, which is a pain, but will have to do for now.
Thanks
Craig
Here's the error I get when LC fails to match (or attempt to match?) on the second cert mapping rule:
2010-05-11 11:23:41,331 WARN [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
2010-05-11 11:36:38,835 WARN [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
2010-05-11 11:36:38,885 ERROR [STDERR] 11/05/2010 11:36:38 AM com.adobe.rightsmanagement.webservices.rest.RestServlet doAction
SEVERE: Unexpected exception in Rest Call
com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16423 errorCodeHEX:0x4027 message:Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mappingcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12805 errorCodeHEX:0x3205 message:Authentication failed for (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping
at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:251)
at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:194)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:338)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:154)
at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:162)
at com.adobe.idp.um.dsc.util.dscservice.UserManagerUtilServiceImpl.authenticateWithWSHeaderE lement(UserManagerUtilServiceImpl.java:173)
at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.jav a:118)
at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor. java:140)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassi vationInterceptor.java:53)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(Transa ctionInterceptor.java:74)
at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew (EjbTransactionBMTAdapterBean.java:218)
at sun.reflect.GeneratedMethodAccessor363.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:158)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 73)
at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:169)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
at $Proxy179.doRequiresNew(Unknown Source)
at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvi der.java:145)
at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInt erceptor.java:72)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStra tegyInterceptor.java:55)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateIntercep tor.java:37)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterc eptor.java:165)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:121)
at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessage Receiver.java:93)
at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:22 5)
at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispat cher.java:66)
at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
at com.adobe.idp.um.dsc.util.client.UserManagerUtilServiceClient.authenticate(UserManagerUti lServiceClient.java:210)
at com.adobe.edc.server.platform.UMHelper.authenticate(UMHelper.java:549)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.validateClientAuthenticationHeader (RestFacade.java:161)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.getBusinessHandler(RestFacade.java :206)
at com.adobe.rightsmanagement.webservices.rest.RestFacade.getAuthenticationToken(RestFacade. java:226)
at com.adobe.rightsmanagement.webservices.rest.RestDefaultRequestHandler.handleRequest(RestD efaultRequestHandler.java:29)
at com.adobe.rightsmanagement.webservices.rest.RestSecureRequestHandler.handleRequest(RestSe cureRequestHandler.java:13)
at com.adobe.rightsmanagement.webservices.rest.RestRequestRouter.routeRequest(RestRequestRou ter.java:10)
at com.adobe.rightsmanagement.webservices.rest.RestServlet.doAction(RestServlet.java:50)
at com.adobe.rightsmanagement.webservices.rest.RestServlet.doGet(RestServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:179)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java: 157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
a
2010-05-11 11:36:38,886 ERROR [STDERR] t org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)

Craig,
The certificate mapping works in the following manner,
First the User's certificate is validated.
If the certificate is valid, the related Certificate mapping information is fetched.
From the Certificate Mapping information, the domain is determined.
Following this, the user is searched in the domain and checked for it's current/deleted status.
If user exists or is a valid one, then return an AuthResult corresponding to that is returned to the client.
The error log below says, "Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping"
1. Please check if the concerned user exists in the domain registered in the second cert mapping.
2. Also check if the concerned user satisfies the attribute mapping specified in the second cert mapping.
3. Could you confirm whether the admin Users and the normal users are distinct in both the domains and not duplicate in any of them??
Because if same user exists in 2 domains, then there is no way to find out which domain you are referring to. In that case the first domain which declares the user as valid will return the AuthResult.
4. You are using LC ES2, so there is a Test Certificate utlity on the same Certificate Mapping page, which can help you confirm the validity of the user's certificate and then you can proceed.

Exchange 2003 migrate to Exchange 2010 - single forest multiple domain. Active Sync problem

Hi All,
I have AD single forest and multiple domain. for example, the forest domain is jakarta.co.id, and the other domain is bali.co.id.
Exchange 2003 deployed in jakarta.co.id, User mail enabled in domain jakarta.co.id and bali.co.id.
Then, I upgrade to Exchange 2010 (deploy in jakarta.co.id) and move mailbox from Exchange 2003 to Exchange 2010.
All users in bali.co.id are able to access email from Owa, BlackBerry (BIS), Outlook, but cannot access from Android, Windows Phone. (Active-Sync).
I got error information generated from https://testconnectivity.microsoft.com, as following:
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Tell me more about this issue and how to resolve it
Additional Details
Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
Active-Sync still not work even I check option "Include inheritable permissions from this object" in security tab.
any idea to fix this issue?
Thanks.
Endrik
Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread.

Hi Sathish,
We are planning to migrate Exchange 2003 to Exchange 2013, all user already in Exchange 2010 and Exchange 2003 was decommissioned
Event Viewer log as following:
Log Name: Application
Source: MSExchange ActiveSync
Date: 1/17/2014 10:00:48 PM
Event ID: 1008
Task Category: Requests
Level: Warning
Keywords: Classic
User: N/A
Computer: EXC2010.jakarta.co.id
Description:
An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization.
URL=/Microsoft-Server-ActiveSync/default.eas?Cmd=Sync&User=bali%5Csteveng&DeviceId=SAMSUNG123456789&DeviceType=SAMSUNGGTN7000
--- Exception start ---
Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=Steven Gerrard,OU=IT,DC=bali,DC=co,DC=id.
Exception level: 0
HttpStatusCode: 500
AirSyncStatusCode: 110
XmlResponse:
This request does not contain a WBXML response.
Exception stack trace: at Microsoft.Exchange.AirSync.ADDeviceManager.SetActiveSyncDeviceContainerPermissions(ActiveSyncDevices container)
at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDeviceContainer(Boolean retryIfFailed)
at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime, Boolean retryIfFailed)
at Microsoft.Exchange.AirSync.ADDeviceManager.CreateActiveSyncDevice(GlobalInfo globalInfo, ExDateTime syncStorageCreationTime)
at Microsoft.Exchange.AirSync.Command.UpdateADDevice(GlobalInfo globalInfo)
at Microsoft.Exchange.AirSync.Command.CompleteDeviceAccessProcessing()
at Microsoft.Exchange.AirSync.Command.WorkerThread()
--- Exception end ---.
I think KB817379 is not related because Exchange 2003 was decommissioned.
Regards,
Endrik
Endrik | blog: itendrik.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread.

PowerShell - Remove-ADGroupMember not working multiple domains

I have a task to remove like 200 accounts from a group and have these in a CSV file. I have a script I will use to do this with.   I'm first testing this by trying to do the single command with one user before executing it against multiple users.
Here is my sample command:
I wanted to use the DN name to define the members because I have multiple child domains containing these users so SAM really won't work because we could have duplicates between the two domains. The group is in the Parent Domain and I'm running the
command on a DC in the parent domain. I have tried using the Identity of the group as a Guid, SID and DN with all similar results. I'm logged into the DC as a Enterprise Admin.
Remove-ADGroupMember -Identity "Named Users" -Members "CN=Smith\, Joe,OU=COU_LOU2_Users,OU=COU_LOU2,OU=COU_LOU,OU=COU,DC=Child1,DC=Domain,DC=com" -Confirm:$false
When running this I get ERROR:
Remove-ADGroupMember : A referral was returned from the server
At line:1 char:21
+ Remove-ADGroupMember <<<< -Identity "CN=Named Users,OU=Valid Users,DC=Domain,DC=com" -Members "CN=Smith\, Joe,OU=COU_LOU2_Users,OU=COU_LOU2,OU=COU_LOU,OU=COU,DC=Child1,DC=Domain,DC=com" -Confirm:$false
     + CategoryInfo          : ResourceUnavailable: (CN=Named...domain,DC=com:ADGroup) [Remove-ADGroupMember],
     ADReferralException
     + FullyQualifiedErrorId : A referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember
Here is the script I plan on running against everyone.
$Members = import-csv "C:\Scripts\Users.csv"
ForEach ($user in $Members)
Remove-ADGroupMember -Identity "Named Users" -Members $user.DistinguishedName -Confirm:$false
Please help I need a pshell script that I can run that will remove users in a csv file from this group.
I do not have to use DN for the users. I could change this to something else.
Previously asked in the Scripting forum.
I have also tried the command with the -server setting and the FQDN of the parent domain DC.

Hi,
I have used Vb Script and it removes users. I have removed around 300 users from a group.
You have to give the DN of the group "Set objGroup = GetObject("LDAP://DNofgroup") " and make sure you keep users.txt and script file on the same location. users.txt contains the list of users SAMACCOUNTName
DIM objGroup, objRootLDAP, objFSO, objInput, objConnection, objCommand
DIM strUser
On Error Resume Next
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objInput = objFSO.OpenTextFile("users.txt")
Set objGroup = GetObject("LDAP://DNofgroup")
Do Until objInput.AtEndOfStream
strUser = ObjInput.ReadLine
objCommand.CommandText = "<<a href="ldap://dc=Brakes,dc=intra>;(&(objectCategory=person)(sAMAccountName">LDAP://dc=Brakes,dc=intra>;(&(objectCategory=person)(sAMAccountName=" & strUser & "));distinguishedName,userAccountControl;subtree"
Set objRecordSet = objCommand.Execute
If objRecordSet.RecordCount = 0 Then
    MsgBox strUser & " was not found!" & VbCrLf & "Skipping", VbOkOnly,"User Not Found"
Else
    strDN = objRecordSet.Fields("distinguishedName")
    Set objUser = GetObject("LDAP://" & strDN)
    objGroup.Remove(objUser.AdsPath)
End If
Loop
WScript.Echo "Complete"

ATP check and Check against planning for a production order

Hi
When I create a production order for some orders it is ATP check and for some orders it is showing 2 in type avail check is check against planning in coois screen. Because of this orders are gettign released even though BOM material is out of stock.Can I know in which situations the orders will come under the second scenario. I always want the orders should be in ATP check
regards,
PradeepM.

Hi,
If you want only ATP check, then in MRP-3 view of the mtl master change the checking group to the same value as the one which you find to be following the ATP check.
However before making this change do consult your colleagues in other domains, as this will impact all places where Av. check is done.
Hope it clarifies.
Regards,
Vivek

Help Setup KMS on single domain and active for multiple domain another

Hi all,
I have a problem about configure DNS for KMS host. My company use a single domain "abc.com". But I must mange more than 10 company different and they use another domain and dns running independently, they have a one lease line connect them together.
My challenge is how to active all client on more than 10 company. Any ideas is very appreciate.
Please help.
Thanks,

That's a good article suggested by Meinolf, but it's a little outdated.
For an updated guide for this:
https://technet.microsoft.com/en-us/library/ff793409.aspx
Publishing to Multiple DNS Domains
By default, the KMS host is registered only in the DNS domain to which the host belongs. If the network environment has only one DNS domain, no further action is required.
If there is more than one DNS domain name, you can create a list of DNS domains for a KMS host to use when publishing its SRV RR. Setting this registry value suspends the KMS host’s default behavior of publishing only in the domain specified as the Primary
DNS Suffix.
Optionally, add priority and weight parameters to the
DnsDomainPublishList registry value for KMS. This feature enables you to establish KMS host priority groupings and weighting within each group to define which KMS host to try first and balance traffic among multiple KMS hosts.
Note DNS changes might not be reflected until all DNS servers have been replicated. Changes made too frequently (time < replication time) can leave older records if the change is performed on a server that has not been
replicated.
To automatically publish KMS in multiple DNS domains, add each DNS domain suffix to whichever KMS should publish to the multi-string registry value
DnsDomainPublishList in registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform. After changing the value , restart the Software Licensing Service to create the SRV RRs.
Note This key has changed from the Windows Vista location of
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SL.
After configuring a KMS host to publish to multiple domains, export the registry subkey, and then import it in to the registry on additional KMS hosts. To verify that this procedure was successful, check the Application event log on each KMS host. Event
ID 12294 indicates that the KMS host successfully created the SRV RRs. Event ID 12293 indicates that the attempt to create the SRV RRs was unsuccessful. For a complete list of error codes, see the
Volume Activation 2.0 Operations Guide at
http://technet.microsoft.com/en-us/library/cc303695.aspx.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Help Working With Multiple Domains

I have created multiple domains. I can send mail from all users on all domains but I can only receive mail on some domains. All the anti spam settings are the same for each domain in the enterprise manager smtp_in and smtp_out and on the mail client administration tab of the web client. The mx records are setup exactly the same for dns. When sending from yahoo the following error message is returned.
<[email protected]>:
216.198.xx.xx does not like recipient.
Remote host said: 550 Spam check failed for recipient's address:
[email protected]
Giving up on 216.198.0.0.
Any ideas?

Thanks for the Reply Steven..
I'll go deeper just so I understand.
Lets say I have 2 separate matte shapes: a circle and a triangle....that will be used to cut out 2 different layers of video.
I want to position the triangle in the right side of frame. The video I want to be revealed in that matte position will be placed on v1....the matte on v2.
- I have to take the opacity down on the matte so I can see where to repo my video underneath so that I can chose what portion is seen in the triangle.
- Then nest the matte and video "fill"...essentially building a precomp
- Turn off the matte in the nest
- Cut the Nested Seq into my Main Seq
- Then copy the matte out of my nested seq to keep position intact, and paste that matte into my main seq...in this case on v2
- Bring Matte opacity back up to full
- Add Track Matte FX to v1
- In Track Matte FX settings...chose v2 for matte
Now I have the video in v1 being revealed thru the matte on v2. If for any reason I wish to adjust the repo of video on v1...I must go back into the nest.
To continue and add the Circle shape cutout...I place the video "Fill" on v3 and the circle matte on v4 and repeat above steps.
Is this the correct procedure?

Exchange 2013: how to set up multiple domain for OWA and ECP

Exchange 2013 on Windows 2012R2
Currently we have set this up using the guide below:
http://mouzzamh.wordpress.com/2013/02/04/accessing-owa-from-multiple-domain-url/
We can access OWA and ECP using the internal IP address/owa or ECP but when we use the URL it fails.
We gave it an external IP address as well just to check if it will externally since the external DNS are pointing to the correct records: same issue it only works on IP address/owa or /ecp
We were able to follow the guide from start to finish including the certs..
The only difference on the guide and our exchange IIS environment for the new website is when he mentioned "Under IIS Settings / ISAPI and CGI Restrictions" we only have "ISAPI filters"...." ISAPI and CGI Restrictions" is only
applicable to the default and backend website..
Also, when the guide points to the path, should it be the new website path?
Or maybe to avoid confusion, can anyone guide me on how to do it or any other guide that helped you if ever you had the same issue as mine?
Thanks.

Hi,
Please run the following to check your OWA virtual directories for all web sites:
Get-OWAVirtualDirectory | FL Identity,*URL*,path
Personal suggestion, please consider to deploy another new CAS server. Then we can configure different OWA URLs in different servers. And pointed mail.domain.com and webmail.domain.com to two CAS servers respectively.
Regards,
Winnie Liang
TechNet Community Support

SM21 log Lock triggered against multiple execution

Hi All,
Please refer to the log in SM21 XI. I have checked SM12 , no locks displayed. Please advise on how to analyze this log further.
04:10:26 sapxi_XP1_* DIA PIAFUSER Lock triggered against multiple execution: ID: C*************************
Regards
Shiva

Dear Shiva, dear Daniel,
the technical background for introducing this system log entry was to deal with parallel execution of one message. For details please refer to SAP Note 1147287.
Best regards,
Harald Keimer

Checking against multiple domains

Similar Messages

Maybe you are looking for