Creating connection to Active Directory

Hi there,
I am trying to create a report that can pull back the AD attribute sapUsername for users in one of our AD Org Units. Here is what i am using to create the new connection
Connection Type: OLE DB (ADO)
Provider: OLE DB Provider for Microsoft Directory Services
Data Source: mydc-01.domain.com
User ID: my.name
Password: xxxxxxxx
Command:
SELECT sAMAccountName, mail, sapUsername
FROM 'LDAP://OU=User Accounts,OU=state,OU=country,OU=area,DC=domain,DC=com'
WHERE objectClass='User'
I have read access for the entire AD tree but i am getting an error of "Table does not exist"
Is my syntax correct?
Thanks,
Bernard.

It turned out my SQL syntax was correct all along. The problem was in the setup of my connection to AD in Crystal.
I found out that going New Report => Create New Connection => OLE DB(ADO) => Make New Connection => Select OLE DB Provider for Microsoft Directory Services => Click Finish instead of next. => Add your SQL command, then this worked
I dont know why, but i was not asked for any logon credentials. Could have something to do with the fact that the account i was logged in on my workstation had read access of the AD tree in the 1st place, but not sure!

Similar Messages

Not able to connect to Active Directory through Topology manager of ODI

Hi,
We are trying to connect to Active Directory though ODI Topology manager.
The details given are :
+1. Using LDAP(JNDI) driver:+
username : CN=Administrator
JDBC Driver name : com.sun.jndi.ldap.LdapCtxFactory
JDBC URL : ldap://ten.mydomain.com:636/dc=oracle,dc=com
I am getting the error as shown below:
java.sql.SQLException: No suitable driver
 at java.sql.DriverManager.getDriver(Unknown Source)
 at com.sunopsis.sql.SnpsConnection.u(SnpsConnection.java)
 at com.sunopsis.sql.SnpsConnection.a(SnpsConnection.java)
 at com.sunopsis.sql.SnpsConnection.testConnection(SnpsConnection.java)
 at com.sunopsis.sql.SnpsConnection.testConnection(SnpsConnection.java)
*2. Sunopsis JDBC driver for LDAP:*
Username: cn=Administrator
JDBC Driver Name : com.sunopsis.ldap.jdbc.driver.SnpsLdapDriver
JDBC Driver URL :
jdbc:snps:ldap?ldap_url=ldap://ten.mydomain.com:636/&ldap_password=abcd1234&ldap_basedn=dc=oracle,dc=com
We also tried with URL : jdbc:snps:ldap?ldap_url=ldap://ten.mydomain.com:636/&ldap_basedn=dc=oracle,dc=com
We are getting an error as shown below:
Java.sql.SQLException: A NamingException occured saying: Request: 1 cancelled with this explanation: Request: 1 cancelled and this remaining name: null
 at com.sunopsis.ldap.jdbc.driver.i.e(i.java)
 at com.sunopsis.ldap.jdbc.driver.i.a(i.java)
 at com.sunopsis.ldap.jdbc.driver.SnpsLdapConnection.<init>(SnpsLdapConnection.java)
Did I misconfigure something? Do I need to install a seperate Driver for this?
Please help me out in this.
Thanks in advance for any help.

For LDAP default user Root is having all the priviledge to access all the Ldap data.
Go to physical architecture and insert a new dataserver
user - cn=root,dc=css,dc=hyperion,dc=com [ change this according to your requirememnt for you it will be *cn=Administrator ,dc=oracle,dc=com* ]
password - null
JDBC
jdbc driver : com.sunopsis.ldap.jdbc.driver.SnpsLdapDriver
jdbc url : jdbc:snps:ldap?ldap_url=ldap://<server name :port/&ldap_password=KLLEJMNLKFLBKLKODDGPGPDB&ldap_basedn=dc=css,dc=hyperion,dc=com
[ for you it will be *jdbc:snps:ldap?ldap_url=ldap://ten.mydomain.com:636/&ldap_password=<encoded password>ldap_basedn=dc=oracle,dc=com* ]
Here the Default Ldap password for ROOT is SECURITY and if its changed or you are using for some other user . Please use that .
you also need to encode the password using this command
java -cp C:\OraHome_1\oracledi\drivers\snpsldapo.jar com.sunopsis.ldap.jdbc.driver.SnpsLdapEncoder <enter password here>
Later test the connection and you should be able to connect successfully.
Thanks

Creating users in Active Directory through LDAP connector

Hello,
If we need to create users in Active directory using LDAP connector, what are the options for the following:
1) Update back into SAP from AD. LDAP connector updates only in one direction i.e from SAP to Active directory.
2) Can we add additional fields in LDAPMAP which are not standard e.g can we we write our own code to extract data from HR to map the value with an attritube within Active directory?
Regards,
Ahmad

Hello!
I noticed the email in my inbox and understand the reason for deleting it - checked the rules again - no problem with that.
Here is the posting again - sanitized this time.
You can create users in LDAP/AD from SAP without a problem. SAP provides function modules to create/maintain/delete users with LDAP attributes in the correct ou path.
You can also perform group membership assignment in LDAP from SAP if needed.
I have done this quite a few times at different companies that use SAP HCM.
A userid in SAP is created automatically during hiring action with default password e.g. birthday of employee and certain authorization roles based on configured information.
The userid is then created right away in LDAP in the correct ou path (controlled via custom configuration table) and LDAP group membership is assigned.
A job runs every 8 hours to perform delta updates in LDAP.
The userid in SAP and LDAP are locked automatically if the user is terminated using termination action in HR.

Can FIM create OU in Active Directory

Experts,
Although I think answer must be YES but asking to confirm as I have not worked on FIM.
Can FIM also create OU in Active Directory?
Thanks,
Mann

Yes, you can either manage OUs separately or create them during user provisioning, given you set Hierarchical Provisioning up and running.
That's almost OOTB behavior of AD MA

Unable to connect to Active directory from obiee 11g

Hi Gurus,
I was trying to integrate Active directory into OBIEE 11g. Followed the Oracle documentation and Rittman Mead too but cannot get past a connection issue. I create a new provider,provide the connection details,use bissytemuser in AD as the Principal but when WLS is bounced/restarted, it fails to connect and throws the below error:
"Cannot initialize identity store, cause: oracle.security.idm.ConfigurationException: javax.naming.CommunicationException: <hostname>:389 [Root exception is java.net.UnknownHostException: <hostname>]".
Not sure if this makes a difference but admin and managed server come up but not analytics.
Please help me out with scenarios to test if my bi server is connecting to AD or not?
Thanks,
Dan

To answer this need more details.
btw: I would suggest to check these
Property Name=virtualize
Value=true
and
Control Flag list to OPTIONAL
you may send me email

How to create user in Active directory

Hello,
I'm trying to create a user in active directory via the following example:
String userName = "cn=Jef Klak,ou=Ps Users,ou=Users,ou=Managed,dc=xxx,dc=local";
     Attributes attrs = new BasicAttributes(false);
     Attribute oc = new BasicAttribute("objectClass");
     oc.add("top");
     oc.add("person");
     oc.add("organizationalPerson");
     oc.add("user");
     attrs.put(oc);
          attrs.put("cn","Jef Klak");
          attrs.put("giveName","Jef");
          attrs.put("sn","Klak");
          attrs.put("displayName","Klak, Jef");
          attrs.put("description","IR");
          attrs.put("userPrincipalName","[email protected]");
          attrs.put("mail","[email protected]");
          attrs.put("company", "XXX");
          attrs.put("sAMAccountName","jk666");
attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_DONT_EXPIRE_PASSWD+ UF_ACCOUNTDISABLE));
          Context result = fctx.createSubcontext(userName, attrs);
As a result I'm getting the following error:
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece
remaining name 'cn=Jef Klak,ou=Ps Users,ou=Users,ou=Managed,dc=xxx,dc=local'
Anybody any tips or advice on this one? Or maybe a working examples how to add users in AD?
Listing entries in the AD is no problem, so it's only adding them.
Many thanks,
Filip

          attrs.put("giveName","Jef");
javax.naming.directory.NoSuchAttributeExceptionSpelling error.

How to create "folders" in Active Directory Users and Computers?

Hello Community
    In Windows Server 2008R2 when you go to Active Directory Users and Computer
you will see icons of folders such as:
    - Builtin has a folder icon
    - Computers has a folder icon
    - ForeignSecurityPrinicpals has a folder icon
    - Domain Controller as a folder icon
    - Managed Service Accounts has a folder icon
    - Users has a folder icon
    All of the above folders are visually identical.
    If you right click and select “File” – “New”
on any of the selections the icon
will not look like the folder icon they have their own icons which look different
from the "Folder" icon.
    I would like to create a “Folder” that looks just visually exactly like the ones
mentioned above, how can I create those types of Folders in Active Directory User
and Computers?
    Note: I would like to put users in the folders.
    Thank you
    Shabeaut

Hi,
you should use OUs (an OU is they type of object (folder) that is available for you to easily create.
The object type you are asking about is a "container", and there are various reasons why an OU is more flexible (applying GPO, etc).
Refer: Delegating Administration by Using OU Objects
http://technet.microsoft.com/en-us/library/cc780779(v=ws.10).aspx
and the sub-articles:
Administration of Default Containers and OUs
http://technet.microsoft.com/en-us/library/cc728418(v=ws.10).aspx
Delegating Administration of Account and Resource OUs
http://technet.microsoft.com/en-us/library/cc784406(v=ws.10).aspx
Also: http://technet.microsoft.com/en-us/library/cc961764.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Creating a simulated Active directory

Hi all,
I am studying IDM now and doing some exercises, one of them include making a simulated file of an AD, but it doesn't work like an Active directory at all.
I installed the gateway but didn't see how can I connect a simulated file to the gateway. and when I try to use cn=.... and so on, I simply get the string as the userid which prevents me from using it to seed the users with the other simulated files.
How can I simulate an AD or what should I set so the cn=.... string will work correctly.

Well I made an oraganization called XYZCompany.
And then connected the AD simulated resource to an xml file using the following:
cn=$login$,ou=$division$,ou=$department$,dc=$xyzcompany,dc=com
when I did a full reconcile on IDM 6 it didn't put the user accounts into XYZCompany, it put them in top and with a user name as long as the string above. Did excatly the same with IDM 5 and it inserted the login name into the XYZCompany organization and I could work with it.

Add random number to a email id while creating account in active directory

Hi,
I have this code with me,
in this code i am creating user account into the active directory, i am facing issue in validating it.
validation is: Let's say we got 2nd Aman verma into the active directory, first aman verma got id as [email protected], i want id of second aman verma as [email protected] (or any other number at the place of 1)
below is my code,
using System;
using System.IO;
using System.DirectoryServices;
namespace ActiveDirectoryAddContacts
class Class1
static void Main(string[] args)
System.DirectoryServices.DirectorySearcher DSESearcher = new System.DirectoryServices.DirectorySearcher();
string RootDSE=DSESearcher.SearchRoot.Path;
RootDSE=RootDSE.Insert(7,"ou=Mytest,");
DirectoryEntry myDE = new DirectoryEntry(RootDSE);
DirectoryEntries myEntries = myDE.Children;
// Create a new entry 'Sample' in the container.
FileStream fs = new FileStream("C:\\UserDetails.csv" , FileMode.OpenOrCreate, FileAccess.Read
StreamReader sr = new StreamReader(fs);
for(int i=1;i<291;i++)
string str = sr.ReadLine();
char[] ca={','};
try
string[] sa = str.Split(ca,4);
DirectoryEntry myDirectoryEntry = myEntries.Add("CN="+sa[2], "user");
myDirectoryEntry.Properties["givenname"].Value=sa[0];
//myDirectoryEntry.Properties["sn"].Value=sa[1];
//myDirectoryEntry.Properties["displayname"].Value=sa[2];
//myDirectoryEntry.Properties["mail"].Value=sa[3];
//myDirectoryEntry.CommitChanges();
catch (Exception e)
Console.WriteLine(str);
any Help will be highly appreciated.
Thank you!
Aman

Hi,
As this might not be a SharePoint issue, I suggest you open a thread in the Windows Server forum, you will get more help and confirmed answers there:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
Thanks
Patrick Liang
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Unable to create a specific Active Directory mobile Account

Dear Community,
I do have a problem with one workstation when I want to login with a specific Active Directory mobile user account. The login window will shake and refuse login due to invalid credentials... but this is not true, on other workstations the same account works without any problem. And also the Active Directory settings are verified and correct and other mobile account also work.
So I tried to create the mobile account manually via Terminal :
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobilea ccount -n username
sudo createhomedir -c -u username
But this command results in an error that the account already exists, trying to delete, again an error null, etc... so no way.
So I tried to start up in Single-User-Mode and get into dscl to finally delete this mysterious account daemon... but again I'm resulting in an error:
dscl . -delete /Users/{username}
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
Anyone any idea how to get this base cleaned so I can make this specific operator work on this specific Mac ? Help greatly appreciated. Thanks
Cheers

Could it be DNS cache?
http://old.nabble.com/%3Cdscl_cmd%3E-DS-Error%3A--14009-%28eDSUnknownNodeName%29 -td30706666.html
The LSAP DB?
http://old.nabble.com/Bad-Users!-td19172901.html
Or even this?
https://discussions.apple.com/thread/1448801?start=0&tstart=0

Unable to import User Profiles even though I can connect to Active Directory. What could be wrong?

Hi,
I have set up User Profile to import from Active Directory. So, I have a connection and have selected a number of directories in AD folder which should import a number of user profiles. However, when I click on the "Run Now" to start the sync timer
job it shows AD syncing and then within a second goes back to idle state. The account I am using is userprofile account which is in Farm Administrators group. There is nothing obvious in the logs. This account has been set up for "Replicate Directory
Changes" (as far as we know anyway).
Any ideas how to check or where I might be going wrong?
Thanks.
John.

Hi John,
According to your description, my understanding is that the user profile of the user profile service account with "Replicate Directory Changes" didn't import from AD to SharePoint.
I did a test as your description. After I set "Replicate Direstory Changes" as
it, I wen to User profile service application, then clicked "Start Profile Synchronization"->Start Full Synchronization->OK.
Then find the timer jobs "User Profile Service Application-User Profile to SharePoint Full Synchronization" and "User Profile Serivce Application-User Profile Change Job".
Wait for the Idle status. Then I went to Manage user profiles, searched the user profile service account, the change was displayed in this user profile.
Please do again as the above, compare the result.
If this issue still exists, please feel free to reply.
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support

How to handle SQL connection if password Active directory always change? (Connection using Active directory via network SQL 2012 )

I have 3 server (Web server, database sql 2012 server and Active directory). I'm using sqlsvr version 3.0, PHP version 5.3 ,IIS version 7 and windows server 2008.
Right now my php connection to SQL 2012 using AD id, so How to handle if password on active directory change?

Solved : Using Kaberos

Cisco NSS 322 not staying connected to Active Directory.

Hello,
We recently deployed a NSS 322 in our office, and connected it to our windows 2003 domain controller (running as a VM). It seems every morning that i need to log into the NSS 322 and reconnect to the active directory (Network Services -> Microsoft Networking). After i do this, everyone is able to connect to the shares on the NSS 322.
Just to add, we do not have any issues during the day with the active directory authentication, it seems to only occur over night when no one is using the shares.
Does anyone have any idea why this would be happening, or any solutions to resolve or minimize its occurrence.
Cheers,
Walter.

Hi,
Please maske sure you are running on the latest firmware 1.3.0.5 .(always make sure data is backed up)
Make sure write cache is disabled.(since it's VM)
Make sure the NSS time is pointed back to your PDC
We have a couple VM running 08 Server; hadn't run into any issues.
If this doesn't fix your issue, please call in for support 1-866-606-1866
Thanks,
Jason Bryant
Cisco Support Engineer

UME connected to Active Directory. How to change what fields are available

I have successfully changed my UME to point to Active Directory. I'll describe process further on in post. My issue now is how to modify what AD fields will be available in UME and what UME fields they'll be 'mapped' to.
I'll try to describe the process I've gone through so far:
1) Download the 'dataSourceConfiguration_ads_readonly_db.xml' file from Config Tool
2) Renamed file and added the following:
 a) in <responsibleFor><principal type="user"> <nameSpaces><nameSpace name="com.sap.security.core.usermanagement"><attributes> section I added a <attribute name="xxx"/> tag for each new field I wanted. 'xxx' is, of course, the name of the field
 b) in <attributeMapping><principals><principal type="user"> <nameSpaces><nameSpace name="com.sap.security.core.usermanagement"><attributes> section I added a <attribute name="xxx"><physicalAttribute name="yyy"/></attribute> tag for each new field I wanted. 'xxx' is, of course, the name of the field in UME and 'yyy' is the field in the LDAP
Then I uploaded the new file into Config Tool and switched the "Data source configuration file" selection to that new file. Saved the change and restarted the engine.
When I ran some test code I was getting information back from the user's AD entry. For example, I tested the email field. This is a field that is not maintained in the UME but I got the correct value back so I knew it was getting it from AD.
Then I wanted to see if I could get one of the new fields. When I ran my test code the user.getXxx() method call returend null.
Since I knew that getting the e-mail worked I thought I'd change the mapping for the email UME field to point to the 'yyy' field in AD. I did this by making this change:
FROM:
<attribute name="email">
 <physicalAttribute name="mail"/>
</attribute>
TO:
<attribute name="email">
 <physicalAttribute name="yyy"/>
</attribute>
I then uploaded that new xml file and switched to it in Config Tool. Then I restarted the engine.
However, when I ran my test code (see below for snippet) it still shows the email value instead of the value of field 'yyy'.
Any help would be GREATLY appreciated.
Web Dynpro code snippet:
String input = "smith";
IUserFactory userFactory = UMFactory.getUserFactory();
try {
IUserSearchFilter searchFilter = userFactory.getUserSearchFilter();
searchFilter.setLastName(input, ISearchAttribute.LIKE_OPERATOR, false);
ISearchResult searchResult = userFactory.searchUsers(searchFilter);
while (searchResult.hasNext()) {
 String userID = (String)searchResult.next();
 IUser user = userFactory.getUser(userID);
 String email = user.getEmail();
} catch (UMException e1) {
//error handling

Update. I uploaded the wrong file the 2nd time. When I changed the XML file to 'bind' theAD field to the 'email' UME field, my code did return the AD value when I did
user.getEmail();
However, I'm still not able to get the AD field bound to any other UME field that wasn't part of the default XML file.
Is there something else I need to do besides adding the tags I described in my original entry?
Thanks

WGM error while trying to connect to Active Directory

Hello I'm trying to insert AD groups into OD groups so I can create automounts to a users specific network folder. When attempting to connect to AD from within WGM I get an unexpected error. It states:
Error of Type eDSOpenNodeFailed (-14002) on line 4125 of /SourceCache/WorkGroupManager/WorkGroupManager-361.3.1/PMMUGMainView.mm
I tried googling the whole error and parts of the wording but havent found anything relative. It used to work.
Same error using Macmini 10.6.4 and Xserve 10.6.4, recently the district office did change the way my domain sync's with theirs as I was having syn errors with groups. I have a 2000 domain structure and the D.O. has a 2003 structure. i will be migrating the DC roles over to my 2003 Server this Thanksgiving, but for now I have to deal with what I have.
Thanks in advance...Art

All checked out fine from the Server except host -t SRV _gc....it relayed a host not found: 3(NXDomain) Is this a Global Catalog error relayed from the Windows domain?
Yes
... I wonder how this would effect the Xserve, all AD users can log into the machines my only problem is in pulling AD groups into OD. The Xserve OD DNS structure is seperate from AD, but I do have the Xserve bound to AD, I have unbound and rebound my macmini before I made the post to see if that would change anything but it did not, I think I will try the Xserve next.
Why is DNS independent? Not that it is related, but maintaining two DNS identities is going to lead to confusion at best and disaster at worst. If the primary domain is AD, you should be using only the AD DNS. In a normal AD promotion all the SRV records get created by default. While it is possible to create the service records for AD on OS X, it is usually not recommended. Too much management. My gut is to track down the absence of the GC service record. If you truly have independent DNS hosted on OS X and that is the primary resolver for the machine (assuming same domain), then try creating the svr record on OS X for the GC. Seems a bit odd but if you are at odds with the Windows admins, this might be your only way of proving that this is the issue.
You mention that users can log into machines. This is from the workstation. Have you tried dscl from the server or the workstation to see if you are able to browse the groups?

Creating connection to Active Directory

Similar Messages

Maybe you are looking for