Creating a user in Active Direcory
Hi,
Here is the scenario.
I am loading accounts into IdM through flatfile, after loading accounts into IdM, through actvesync I am trying to push any updated or new accounts into Active Directory.
but I am unable to create account in AD, strangely I am not seeing any error too.
test connection was successful and I reconciled AD, unmatched accounts gets loaded into Idm.
any ideas please....why I am not able to load accounts from IdM to AD?
In the activesync form I specified waveset.resources field to AD(resource name) and viewOptions.Process field to CreateUser(workflow name). I specified the CreateUser workflow in the pre-process workflow option.
am I doing in the right way?
Any ideas please..
Thanks
the fields in the active sync form
<Field name='waveset.accountId'>
<Comments> email. </Comments>
<Expansion>
<block name='checkTrace' trace='true'>
<ref>activeSync.accountId</ref>
</block>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='global.firstname'>
<Comments> fullname. </Comments>
<Expansion>
<ref>activeSync.firstname</ref>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='global.lastname'>
<Comments> firstname. </Comments>
<Expansion>
<ref>activeSync.lastname</ref>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='waveset.password'>
<Comments>
 Make up a password for accounts that are being created.
 </Comments>
<Expansion>
<cond>
<notnull>
<ref>activeSync.password</ref>
</notnull>
<ref>activeSync.password</ref>
<s>change12345</s>
</cond>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='waveset.resources'>
<Expansion>
<list>
<s>AD</s>
</list>
</Expansion>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
</Field>
<Field name='viewOptions.Process'>
<Expansion>
<s>Create User</s>
</Expansion>
</Field>
Similar Messages
-
Need Help creating new user in Active Directory
I am trying to create a new user in active directory via a java application. I have included the code that I am using. I am able to successfully bind to Active Directory. I have been able to change passwords, and delete users, but I have not been able to create a user.
ldapHost : "mta101.DOM101.CEL.ACC.AF.MIL"
domainName: "dc=dom101,dc=cel,dc=acc,dc=af,dc=mil"
existing account: CN=Brett K. Humpherys,OU=Users,OU=CEL
I get the following error on the createSubcontext statement:
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - 00000057: LdapErr: DSID-0C09098B, comment: Error in attribute conversion operation, data 0, v893 ; remaining name 'CN=test1,OU=Users,OU=CEL'
I have commented out the password portion and change the ObjectCategory to a 32 and get the same error.
public GblStatus createAccount7(DbaDb dbConn,
String jsrcName,
String personName,
String username,
String password)
Hashtable ldapEnv = new Hashtable(11);
ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ldapEnv.put(Context.PROVIDER_URL, "ldap://" + this.ldapHost + ":636");
ldapEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
ldapEnv.put(Context.REFERRAL, "ignore");
ldapEnv.put(Context.SECURITY_PRINCIPAL,"cn=" + this.adminAcct + ",cn=users," + this.domainName);
ldapEnv.put(Context.SECURITY_CREDENTIALS, this.adminPwd);
try
// Create the initial context
DirContext ctx = new InitialDirContext(ldapEnv);
BasicAttributes attrs = new BasicAttributes();
BasicAttribute ocs = new BasicAttribute("objectclass");
ocs.add("top");
ocs.add("person");
ocs.add("organizationalPerson");
ocs.add("user");
attrs.put(ocs);
BasicAttribute gn = new BasicAttribute("givenName", "test1");
attrs.put(gn);
BasicAttribute sn = new BasicAttribute("sn", "");
attrs.put(sn);
BasicAttribute cn = new BasicAttribute("cn", "test1");
attrs.put(cn);
BasicAttribute uac = new BasicAttribute("userAccountControl", "66048");
attrs.put(uac);
BasicAttribute sam = new BasicAttribute("sAMAccountName", "test1");
attrs.put(sam);
BasicAttribute disName = new BasicAttribute("displayName", "test1");
attrs.put(disName);
BasicAttribute userPrincipalName = new BasicAttribute
("userPrincipalName", "[email protected]");
attrs.put(userPrincipalName);
BasicAttribute instanceType = new BasicAttribute("instanceType", "4");
attrs.put(instanceType);
BasicAttribute objectCategory = new BasicAttribute
("objectCategory","CN=User,CN=Schema,CN=Configuration," + domainName);
attrs.put(objectCategory);
String newVal = new String("\"password\"");
byte _bytes[] = newVal.getBytes("Unicode");
byte bytes[] = new byte[_bytes.length - 2];
System.arraycopy(_bytes, 2, bytes, 0, _bytes.length - 2);
BasicAttribute attribute = new BasicAttribute("unicodePwd");
attribute.add((byte[]) bytes);
attrs.put(attribute);
ctx.createSubcontext("CN=test1,OU=Users,OU=CEL", attrs);
ctx.close();
catch (NameAlreadyBoundException nex)
System.out.println("User ID is already in use, please select a different user ID ...");
catch (Exception ex)
System.out.println("Failed to create user account... Please verify the user information...");
ex.printStackTrace();
return new GblStatus();
Any help would be much appreciated.Hi .,
me too got up with same problem., can anyone help me.??
Someone help me to create attributes in AD using LDAP
package LDAPpack;
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import java.util.Hashtable;
class CreateAttrs {
public static void main(String[] args) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.242.6.166:389/");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL, "CN=cname,OU=Users,OU=Dealer,OU=Community,DC=test2,DC=org");
env.put(Context.SECURITY_CREDENTIALS, "password-1");
LdapContext ctx =null;
try {
//ctx = new InitialLdapContext(env,null);
try {
ctx = new InitialLdapContext(env,null);
catch(NamingException e) {
System.out.println("Login failed");
System.exit(0);
if(ctx!=null){
System.out.println("Login Successful");
byte[] buf = new byte[] {0, 1, 2, 3, 4, 5, 6, 7}; // same data
// Create a multivalued attribute with 4 String values
BasicAttribute oc = new BasicAttribute("objectClassNew", "topNew");
oc.add("personNew");
oc.add("organizationalPersonNew");
// Create an attribute with a byte array
BasicAttribute photo = new BasicAttribute("jpegPhotoNew", buf);
// Create attribute set
BasicAttributes attrs = new BasicAttributes(true);
attrs.put(oc);
attrs.put(photo);
Attributes attrs1 = ctx.getAttributes("CN=cname,OU=Users,OU=Dealer,OU=Community,DC=test2,DC=org");
System.out.println(attrs1);
Context result = ctx.createSubcontext("CN=cname,OU=Users,OU=Dealer,OU=Community,DC=test2,DC=org", attrs);
//i got error here; i attach the error below.
ctx.close();
System.out.println("close");
catch(NamingException e){
e.printStackTrace();
ERROR:
Login Successful
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece
ANYONE HELP ME PLS.
Edited by: vencer on Jun 19, 2008 12:38 AM -
How do you find who created a user in Active Directory?
I think it would be almost impossible to tell who created an individual AD record, as in my experience there is generally only 1 Domain Admin account for which to create users.
So I've done some research and have found LDAP queries that will tell me when a user is created, but not necessarily who created the user. The reason I am asking is because I ran an audit of active and inactive users and between my boss and I (we are a small company so we know all the users) we could not figure out who some of the users were. Thanks for your help!
This topic first appeared in the Spiceworks Community -
Error while creating a user in Active Directory.
Hi Guys,
I am creating a custom connector for AD and Exchnage , I am able to create user in AD using my Java Code... but i am also getting below error, I want to finish the operation smoothly.... Please find below error logs.
13:51:15,635 ERROR [STDERR] Data AccessException:
13:51:15,636 ERROR [STDERR] com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_AD_CHILD_GRP_NAME from UD_AD_CHILD where UD_AD_CHILD_KEY = Description: ORA-00936: missing expression
SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.insertResponseMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.updateSchItem(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeProcessAdapter(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeAdapter(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpCREATEADUSER.implementation(adpCREATEADUSER.java:85)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy758.setProcessFormData(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy803.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
Thanks,
Hemantat com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited. -
How do I create a user in active directory?
I've been trying to figure this out and found some tutorials online. I am getting this error:
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1771
From this code:
try
String userType = user.getUserType() + "s (dural)";
LOG.debug("user type is " + userType);
String groupName = "Thin Client Users";
Attributes attrs = new BasicAttributes(true);
attrs.put("objectClass", userType);
attrs.put("samAccountName", user.getWindowsId());
attrs.put("cn", user.getCommentString());
attrs.put("givenName", user.getFirstName());
attrs.put("sn", user.getLastName());
attrs.put("displayName", user.getCommentString());
String userName = String.format(
"CN=%s,OU=Staff,OU=%s,DC=elandata,DC=com",
user.getCommentString(), user.getUserType());
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put(
"userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD
+ UF_PASSWORD_EXPIRED + UF_ACCOUNTDISABLE));
Context result = ctxGC.createSubcontext(userName, attrs);
LOG.info("Creating windows account for: " + userName);
StartTlsResponse tls = (StartTlsResponse) ctxGC
.extendedOperation(new StartTlsRequest());
tls.negotiate();
ModificationItem[] mods = new ModificationItem[2];
String newQuotedPassword = "\"password\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newUnicodePassword));
mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT
+ UF_PASSWORD_EXPIRED)));
ctxGC.modifyAttributes(userName, mods);
LOG.info("Set password & updated userccountControl");
try
ModificationItem member[] = new ModificationItem[1];
member[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("member", userName));
ctxGC.modifyAttributes(groupName, member);
System.out.println("Added user to group: " + groupName);
} catch (NamingException e)
System.err.println("Problem adding user to group: " + e);
// Could have put tls.close() prior to the group modification
// but it seems to screw up the connection or context ?
tls.close();
ctxGC.close();
I've tried commenting out the "unicodePwd" attribute since I can't find it on microsoft's website, but still same error.Are you getting it when creating the subcontext or when modifying the attributes?
And why are you doing that in two steps? Why not just set all the attributes you need before creating the subcontext?
And is there any clue in the exception as to which attribute is wrong?
And have you tried commenting out the attributes one by one to see which it is? -
Creating a windows user in Active Directory
I am trying to create a user in Active Directory that can log on as any other Windows user, but when I try to log into Windows, I get the following error message:
"The local policy of this system does not allow you to logon interactively".
Are there any attributes or objectclass settings that must be set for the user to allow interactive logons?
Thanks in advance!This has nothing to do with JNDI, the object class or attributes.
I assume that you are trying to logon locally to the domain controller with the new user that you have just created.
By default, the domain controller's policy only allows specific users or members of a group to logon locally at the domain domain controller's console.
Either edit the domain controller'sgroup policy and add your newly created user to the list of users permitted to logon locally, or add the user to a group which has already been granted permission to logon locally. -
How to create user in Active directory
Hello,
I'm trying to create a user in active directory via the following example:
String userName = "cn=Jef Klak,ou=Ps Users,ou=Users,ou=Managed,dc=xxx,dc=local";
Attributes attrs = new BasicAttributes(false);
Attribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
attrs.put(oc);
attrs.put("cn","Jef Klak");
attrs.put("giveName","Jef");
attrs.put("sn","Klak");
attrs.put("displayName","Klak, Jef");
attrs.put("description","IR");
attrs.put("userPrincipalName","[email protected]");
attrs.put("mail","[email protected]");
attrs.put("company", "XXX");
attrs.put("sAMAccountName","jk666");
attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_DONT_EXPIRE_PASSWD+ UF_ACCOUNTDISABLE));
Context result = fctx.createSubcontext(userName, attrs);
As a result I'm getting the following error:
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece
remaining name 'cn=Jef Klak,ou=Ps Users,ou=Users,ou=Managed,dc=xxx,dc=local'
Anybody any tips or advice on this one? Or maybe a working examples how to add users in AD?
Listing entries in the AD is no problem, so it's only adding them.
Many thanks,
Filipattrs.put("giveName","Jef");
javax.naming.directory.NoSuchAttributeExceptionSpelling error. -
Hi all,
I am trying to write a script to create new user in Active Directory using power-shell
$sam = "13653123"
try{
get-aduser -Identity $sam -ErrorAction Stop
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
$error1= [System.Windows.Forms.MessageBox]::Show("ERROR : Account Not found")
$SamAccountName = $sam
$gn = "Jack Sparrow"
$Initials = "ZX"
$dn = "$gn "+" $Initials"
$Department = "1260"
$title = "AM"
$pwd1 = read-host "Please enter the password"
$pwd2 = read-host "Please enter the password"
if($pwd1 -eq $pwd2)
$pwd = $pwd1 = $pwd2
try
$userprinicpalname = $SamAccountName + "@XXX.com"
New-ADUser -SamAccountName $SamAccountName -UserPrincipalName $userprinicpalname -GivenName $gn -Initials $Initials -Name $dn -DisplayName $dn -Title $title -Department $Department -Office $Department -Path "OU=XXXX,DC=XXX,DC=com" -AccountPassword (ConvertTo-SecureString $pwd -AsPlainText -force) -Enabled $True -PasswordNeverExpires $False -ErrorAction Stop
catch [Microsoft.ActiveDirectory.Management.ADPasswordComplexityException]
$error7= [System.Windows.Forms.MessageBox]::Show("ERROR : The password you entered doesnot meet the complexity set in the Password Policy" )
break
else
$error2= [System.Windows.Forms.MessageBox]::Show("ERROR : passwords donot match")
I am getting issue when The password complexity error is coming. It is showing up the error in the catch, but it is creating the account in AD and disabling it.
What I want is if any error is found and caught in the catch, then the user should not be created. How to do that?
Please provide your valuable suggestions and help me out
Naveen BasatiThis is a good way to get teh paassword to abort when it fails the test.
function Test-Password{
Param($Password)
Try{
$pwd=ConvertTo-SecureString $Password -AsPlainText -force
Set-ADAccountPassword testuser11 -NewPassword $pwd –Reset
# it worked so return the encrypted password
$pwd
Catch{
Throw $_
$sam = "13653123"
if(get-aduser -Filter "SamAccountName -eq $sam"){
Write-Host 'User already exists' -ForegroundColor green
}else{
Try{
$pwdText='x123!heLno34' # 3 levels of compexity plus length > 9
$pwd=Test-Password $pwdText
$given='Jack'
$surname='Sparrow'
$Initials='Z'
$Department='1260'
$title='AM'
$props=@{
SamAccountName=$sam
UserPrincipalName="$[email protected]"
GivenName=$given
Initials=$Initials
Name="$given $initials $surname"
DisplayName="$given $initials $surname"
Title=$title
Department=$Department
Office=$Department
Path='OU=TestOU,DC=testnet,DC=local'
AccountPassword=$pwd
Enabled=$True
PasswordNeverExpires=$False
New-ADUser @props -ErrorAction Stop
Catch{
throw $_
We just re-throw the error and it propagates to the outer try/catch block.
¯\_(ツ)_/¯ -
Saving the password of a user in active directory using java
Hello, i am trying to use java to build a class that creates a user in Active directory 2012.But the problem is that when the user is created the password is not being saved.
Can anybody help on this knowing that i tried to save in the fields userPassword and unicodePwd.
Thanks.DirContext ctx = new InitialDirContext(pr);
BasicAttributes entry = new BasicAttributes(true);
String entryDN = "cn=CharbelHad,ou=test users,dc=test,dc=dev";
Attribute cn = new BasicAttribute("cn", "ChHad");
Attribute street = (new BasicAttribute("streetAddress", "Ach"));
Attribute loginPreW2k = (new BasicAttribute("sAMAccountName", "[email protected]"));
Attribute login = (new BasicAttribute("userPrincipalName", "[email protected]"));
Attribute sn = (new BasicAttribute("sn", "Chl"));
Attribute pwd = new BasicAttribute("unicodePwd", "\"Ch@341\"".getBytes("UTF-8"));
Attribute userAccountControl = new BasicAttribute("userAccountControl", "512");
Attribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
// build the entry
entry.put(cn);
entry.put(street);
entry.put(sn);
entry.put(userAccountControl);
entry.put(pwd);
entry.put(login);
entry.put(loginPreW2k);
entry.put(oc);
ctx.createSubcontext(entryDN, entry); -
User Defined Activity: Run OS Command with OS parameters
OS: OELR5 U3 x64
DB: 11.1.0.7
OWB: 11R1
I would like to be able to run an os command from a user defined activity within a process flow. I am trying to make use of VMWare's vmrun to control a virtual machine. From the OS command line I enter:
/usr/bin/vmrun -T server -h https://server:port/sdk -u user -p userpassword -gu guest -gp guestpassword runProgramInGuest "[standard] VM/Virtual Machine.vmx" -activeWindow -interactive "c:\path_to_program\program.exe" /switch
How many I duplicate this OS command from within a user defined activity in a process flow?
I create a user defined activity:
COMMAND: /usr/bin/vmrun
PARAMETER_LIST:
RESULT_CODE:
SCRIPT: -T server -h https://server:port/sdk -u user -p userpassword -gu guest -gp guestpassword runProgramInGuest "[standard] VM/Virtual Machine.vmx" -activeWindow -interactive "c:\path_to_program\program.exe" /switch
SUCCESS_THRESHOLD: 0
The process runs without error in the log, but the os command is not being run.
I tried again with:
COMMAND: /usr/bin/vmrun
PARAMETER_LIST: ?-T?server?-h?https://server:port/sdk?-u?user?-p userpassword?-gu?guest?-gp guestpassword?runProgramInGuest "[standard] VM/Virtual Machine.vmx"?-activeWindow?-interactive?"c:\path_to_program\program.exe"?/switch?
RESULT_CODE:
SCRIPT:
SUCCESS_THRESHOLD: 0
with the same result.
And I also tried calling sh:
COMMAND: bin/sh
PARAMETER_LIST:
RESULT_CODE:
SCRIPT: /usr/bin/vmrun -T server -h https://server:port/sdk -u user -p userpassword -gu guest -gp guestpassword runProgramInGuest "[standard] VM/Virtual Machine.vmx" -activeWindow -interactive "c:\path_to_program\program.exe" /switch
SUCCESS_THRESHOLD: 0
also with the same result.
The process runs in each case, and ends with: "Log file is available", but when I look in the log, I don't see errors or any information that might help me adjust the user defined activity.This method works:
COMMAND: bin/bash
PARAMETER_LIST:
RESULT_CODE:
SCRIPT: /usr/bin/vmrun -T server -h https://server:port/sdk -u user -p userpassword -gu guest -gp guestpassword runProgramInGuest "standard VM/Virtual Machine.vmx" -activeWindow -interactive "c:\path_to_program\program.exe" /switch
SUCCESS_THRESHOLD: 0
The issue seems to be caused on an upgrade to OWB 11R2. Our installation does not always update the VALUE entry when a user types in a value, meaning that our entry changes were not reflected into the deployed process package. -
Workflow: User Decision Activity doesn't work
friends,
URGENT!!!
I've created a User Decision Activity but it doesn't work.
It sends a message to SBWP but there the user hit APROVE OR REJECT, and instead it work, it simply show another screen with only a button labelad "Cancel and keep work item in inblox".
It simplily doesn't folow.
I've created an method that executes a standard function 'EDITOR_TABLE' that call a screen to the user put a description text for the rejection. It's market 'Advance with dialog'.
thanks
Glauco
Abap / Workflow Consultant
msn: [email protected]Hi,
Your patch level seems to be OK.
pls. try the declaration as 'Data: uid like syst-uname' or you could try directly assigning the sy-uname.
Try to debug and see the content of the sy-uname, when it hits this code.
HTH,
Regards,
Nataraj. -
User Defined activity does not log messages
I have created a User Defined activity which calls a unix shell script.
This script writes messages to standrard output ("echo") that I want
the process flow to catch in its log, so I can see the messages in
Control Center Manager.
This was actually the behaviour of my User Defined activity until recently.
I must have changed, unintentionally, some parameter/configuration that
I cannot remember. Maybe some "suppress script-messages" parameter? :-)
Anyone in this forum who knows which paramater I might have changed
and/or how I can get back the old behaviour of my activity?
// PontusI had the same experience recently: I was trying to log a message to a Unix file, but the process flow would always fail, even though the script executed well from the Unix prompt.
The problem in my case was that redirection is not supported from within an OWB version 9.0.4 process flow. Once I eliminated the "echo My message > logfile" everything was fine. You can even keep "echo My message" with no redirection and it's still ok.
The above holds regardless of where you put your script -- external Unix file, or as part of an "external process" icon in the flow.
If things are the same in your case, you'll need to figure out an alternative way of logging messages when executing the script. I decided to use external files as flags, by renaming them from the script.
Santiago -
Create a User account in active directory from SharePoint online 2013 list data
Hello,
I am trying to create a SharePoint list through which i can create a user account into active directory,
1 - HR is sending the detail in the email body to a Specific email address ([email protected]) like below..
First Name: XYZ
Last Name: ABC
Address: ABC 123
Designation: Analyst
Employee ID: 10492
and so on
2 - I need to pickup every new email data of the above section into sharepoint list (in Column)
First Name Last Name Address Designation Employee ID
3 - I want to create a event receiver through which i can go ahead and find the new data in the list and then create a user in the active directory,
I tried very hard and since i dont have much experience in coding part, any help will be highly appreciated
Thank you
Aman1- Configure Incoming Email Setting at your SharePoint Farm -
https://technet.microsoft.com/en-us/library/cc262947.aspx
http://blogs.technet.com/b/harmeetw/archive/2012/12/29/sharepoint-2013-configure-incoming-emails-with-exchange-server-2013.aspx
2- Configure your Sharepoint List Incoming e-mail settings for [email protected] - ListSetting-Communications->Incoming e-mail settings. -
https://support.office.com/en-in/article/Enable-and-configure-e-mail-support-for-a-list-or-library-dcaf44a0-1d9b-451a-84c7-6c52e7db908e
3- Write an Incoming Email Receiver , and Add you Email Body Parsing Code (retrive value of fields , firstname , lastname etc) in
EmailReceived() method. also add the code for adding new user in Active Directory
http://blogs.msdn.com/b/tejasr/archive/2010/03/06/event-handler-code-to-add-incoming-emails-with-subject-discussion-id-as-replies.aspx
https://pholpar.wordpress.com/2010/01/13/creating-a-simple-email-receiver-for-a-document-library/
4- Active Directory Code Help -
http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
http://www.codeproject.com/Tips/534718/Add-User-to-Active-Directory
Thanks
Ganesh Jat [My Blog |
LinkedIn | Twitter ]
Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful. -
Creating users in Active Directory through LDAP connector
Hello,
If we need to create users in Active directory using LDAP connector, what are the options for the following:
1) Update back into SAP from AD. LDAP connector updates only in one direction i.e from SAP to Active directory.
2) Can we add additional fields in LDAPMAP which are not standard e.g can we we write our own code to extract data from HR to map the value with an attritube within Active directory?
Regards,
AhmadHello!
I noticed the email in my inbox and understand the reason for deleting it - checked the rules again - no problem with that.
Here is the posting again - sanitized this time.
You can create users in LDAP/AD from SAP without a problem. SAP provides function modules to create/maintain/delete users with LDAP attributes in the correct ou path.
You can also perform group membership assignment in LDAP from SAP if needed.
I have done this quite a few times at different companies that use SAP HCM.
A userid in SAP is created automatically during hiring action with default password e.g. birthday of employee and certain authorization roles based on configured information.
The userid is then created right away in LDAP in the correct ou path (controlled via custom configuration table) and LDAP group membership is assigned.
A job runs every 8 hours to perform delta updates in LDAP.
The userid in SAP and LDAP are locked automatically if the user is terminated using termination action in HR. -
Creating MailBox-enabled Users In Active Directory Using JNDI
Thanks to the Various code samples i have come across in this forum i have been able to use the JNDI API to add a new user to the Microsoft Active directory.
The user account that was added using a combination of the various code samples was already enabled. but the problem is that the user does not have an Exchange MailBox created/enabled as well.
When attempts were made to access the users IMAP mailbox from an external webmail client, the following message:
"No Such Object On The Server"
Was Recieved.
I am wondering wether there is an attribute i am missing out. or something.
i would welcome any suggestions.
please treat as urgent.
thank you in anticipation
Below is the list of attributes i set:
BasicAttributes ba=new BasicAttributes();
ba.put(new BasicAttribute("userPrincipalName","[email protected]"));
ba.put(new BasicAttribute("sAMAccountName","fagu"));
ba.put(new BasicAttribute("title","Anyhow"));
ba.put(new BasicAttribute("mail","[email protected]"));
ba.put(new BasicAttribute("mailNickname","fagu"));
ba.put(new BasicAttribute("objectClass","user"));
ba.put(new BasicAttribute("displayName","Festus Agu"));
ba.put(new BasicAttribute("sn","Agu"));
ba.put(new BasicAttribute("userAccountControl","66048"));
//ba.put(new BasicAttribute("unicodePwd ","fagu"));
ba.put(new BasicAttribute("mDBUseDefaults","TRUE"));
ba.put(new BasicAttribute("homeMTA","CN=Microsoft MTA,CN=XSOCKET2,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=SocketWorks,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=socketworkscorp,DC=localdomain"));
ba.put(new BasicAttribute("msExchHomeServerName", "/o=SocketWorks/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=XSOCKET2"));
ba.put(new BasicAttribute("distinguishedName","CN=Festus"));I am trying to create a MailBox enabled user in AD.I am setting all the attributes that are mentioned above.
Still i am unable to create a user.I guess i am messing up with password and getting error "javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-031D0AAB,
problem 5003 (WILL_NOT_PERFORM), data 0"
Is it that SSL is must to create a user.I saw a certificate on Exchange server.But i am using a simple protocal to create a user.
Please help me with the steps needed to create a user if i have to use SSL or is there is any settings to be turned on the server.
Thanks!!
Maybe you are looking for
-
I AM TRYING TO BUY MORE ICLOUD STORAGE. I PUT IN THE CORRECT PASSWORD AND SAYS COMPLETING PURCHASE. IT THEN GOES BACK TO MY PASSWORD AND I HAVE TO PUT IT IN AGAIN. I CANT GET ANY FURTHER SO WONT LET ME BUY IT. ANY IDEAS?
-
Migration report to move BP and OneOrder texts to def. lang (Note 1155979)
Hello CRM Colleagues, with the procedure described in SAP Note 1155979 "Other users cannot display an entry in the text field" in SAP CRM 6.0 and higher you can define a default language in table COMC_TEXT_COMLNG that will be used for language-indepe
-
Can you rename files in Bridge and relink in InDesign automatically?
I have a 250+ page InDesign file with 800+ links to images. The problem I'm having is the images have French file names. I want to remove the French text and rename the images to English. If I rename the images in Adobe Bridge will the Indesign link
-
MBP FREEZES AFTER 10.4.6 UPDATE WITH WINDOWS PARTITION
Just updated software to 10.4.6, and rebooted the computer unattended. It booted on the Windows partition, and worked fine. Just rebooted in Mac mode, and everything froze. Had to reinstall the OS, from the original DVD. Did anyone experience the sam
-
Hi everyone. I got a Twinhead e10 laptop recently and decided to install Archlinux (the pre-installed Neoshine distro was too slow; had to replace it). I installed Archlinux previously on my PC and on another laptop without major problems, but I ran