CSS and MS Active Directory

Similar Messages

• Integration of sap R/3 (4.7) and Microsoft active directory (2003)

  Hi All,
  I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
  Pls help me with this issue.
  Thanks in advance,
  Regards,
  Raghav.

  Hi,
  First You should read:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
  Regards,
  Jarek

• SCCM report to show last logged on user and the Active Directory department attribute of that user.

  I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.

  You problem is here.
  right
  join v_R_User USR on USR.ResourceID
  = CS.ResourceID
  USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
  end up with unreliable results.
  Anyways you need to make these changes to your query.
  left
  join v_R_User USR on USR.Unique_User_Name0
  = CS.UserName0
  http://www.enhansoft.com/

• User base Synchronization between SAP and MS Active Directory Server

  Dear all!
  I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
  i successfully implemented the synchronization of user data between SAP and the ADS.
  My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
  Currently I don't have a clue how to do this.
  Regards,
  Christoph

  Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
  The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
  Regards,
  Marc g

• OID and MS Active Directory  LDAP information Synchronization

  Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?

  Hi, I have the same question.
  Thanks,
  Malin

• I have windows server 2012 R2 and install active directory

  My question is I install active directory in windows server 2012 R2 and create Group Policy. ( These set-up is only for test)
  Have not registered domain only install active directory to test. 
  So the problem is when I created Group policy for my user and put software restriction policy but its affected to my administrator accounts too, No when I open VMware (install Virtual Machine windows XP) and start os then its shows you can not user this
  software as you restricted from installing software (Something like that don't know exact Error). I could not start installed Virtual Machine. 
  Please give me a solution for this.
  This is the setup for a test use only so their not big environment connect with my pc.
  Thanks in advance.
  Regards,
  Krunal

  Hi,
  The following article is talking about creating and managing Group Policy on a Windows Server 2012:
  http://www.thomas-krenn.com/en/wiki/Creating_and_managing_a_Group_Policy_on_a_Windows_2012_Server
  As Darren Blanchard mentioned, if you want to apply the GPO, you could link it to an OU that contain the computer or user.
  Group Policy Overview
  http://technet.microsoft.com/en-us/library/hh831791.aspx
  Please feel free to let us know if you need further assistance.
  Regards.
  Vivian Wang

• Cisco ISE 1.2 and 2 Active Directory Domains

  Hi Support,
  does anyone know whether I can perform Certificate Authentication for two different Active Directory domains using the same ISE host / deployment?
  We have two forests with a trust link between them.
  We have a seperate PKI in each domain.
  I am thinking that the ISE can only be joined to a single domain, but because we have a trust between the two forests, the ISE can have two certificate profiles in an identity source sequence which can then use in a single authorisation policy.
  I take it that I would need local certs from each CA in the local certificate store of the ISE?
  We are performing a company merger and we cannot migrate users to the primary AD domain due to several reasons so we would like to use the same ISE deployment to authenticate Wireless users on both AD domains.
  Thanks
  Mario

  Mario,
  This is possible.  Here are the guidelines for the Multi-Forest support in ISE 1.2:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1350874
  You would have to set a new Certificate Authentication Profile for each domain and use the Authentication Policies to determine which of the Certificate Authentication Profiles to use.
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1349174
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• Oracle context and MS Active Directory

  Hello,
  I have one pc with Windows Server 2003 and Oracle 10g r2
  When I add a user from my Active Directory in the External OS Users of the Oracle Managed Object (via mmc), I get this error:
  ORA-30041: Cannot grant quota on the tablespace
  And when I try to connect with this user (Active Directory user) to isqlplus, I get another error:
  ORA-28030: Server encountered problems accessing LDAP directory servic
  Someone know how to resolve these errors ?
  Server's Configs
  Active directory name: cyclops.home.com
  Host name: server.cyclops.home.com
  My database name in the Oracle context object of my Active directory: oracle_db
  My Oracle context: “CN=OracleContext,DC=home,DC=com"
  #Ldap.ora
  DEFAULT_ADMIN_CONTEXT = "DC=cyclops,DC=home,DC=com"
  DIRECTORY_SERVER_TYPE = AD
  #Listener.ora
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = C:\oracle\product\10.2.0\db_1)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
  #Sqlnet.ora
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (LDAP)
  #Tnsnames.ora
  PROJET =
       (DESCRIPTION =
            (ADDRESS = (PROTOCOL = TCP)(HOST = server.cyclops.home.com)(PORT = 1521))
            (CONNECT_DATA =
                 (SERVER = DEDICATED)
                 (SERVICE_NAME = oracle_db)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)

  When I use this cmd ldapbind -h cyclops.home.com that works.
  If I log to isqlplus with the system user and do select username from all_users; I can see my Active Directory user.
  I also changed the LDAP_DIRECTORY_ACCESS parameter to PASSWORD (default was SSL) but that changed nothing.
  Maybe the problem is from the Oracle wallet, I did one when I have created the database but I don't know well about it and the use. I think I should have something in my sqlnet.ora file related to the wallet but I don't know how to set.
  I search on internet, some homepages said I should use Oracle Net Manager to set the wallet location but I found nothing in Oracle Net manager for it.

• Import and Export Active Directory users

  Hello,
  I want to export my Active Directory users and import them to different domain.
  I try to use ldifde without any success.
  Do anyone have any idea??
  Thanks,
  Lior

  I would suggest the Active Directory Migration tool.  
  http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
  D/L link: http://www.microsoft.com/en-us/download/details.aspx?id=8377
  If you have 2012, it will be a little more complicated.

• Oracle Discoverer 10G and mapping Active Directory to use SSO/OID

  Could anybody point me please to the right direction?
  1. I've setup Oracle 10gIAS but turned off SSO and my users running discoverer /portals with no SSO.
  2. My goal is to turn on SSO and synchronize it with Active directory on the windows box.
  Thanks you in advance

  Hi Randy;
  As you mention all notes refer to SSO&OID for Active Directory integration.AFAIK there is no way to do it, please log a Sr and confirm this wiht oracle support
  Regard
  Helios

• WL 7.0 and MS Active Directory.

  Hi all,
  I'm trying to use MS Active directory to authenticate my WL users. I did
  everything that the documentation tells to do but I'm still getting the
  following exception:
  <Aug 15, 2002 3:18:05 PM EDT> <Notice> <Management> <140005> <Loading
  configurat ion E:\bea\user_projects\testsecuritydomain4\.\config.xml>
  <Aug 15, 2002 3:18:12 PM EDT> <Notice> <Security> <090082> <Security
  initializin g using realm myrealm.> <Aug 15, 2002 3:18:12 PM EDT> <Critical>
  <WebLogicServer> <000364> <Server faile d during initialization.
  Exception:java.lang.SecurityException: Authentication f or user weblogictest
  denied
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  >
  <Aug 15, 2002 3:18:12 PM EDT> <Emergency> <WebLogicServer> <000342> <Unable
  to i nitialize the server: Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for user weblogictest
  den ied
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  >
  The WebLogic Server did not start up properly.
  Exception raised:
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  Reason: Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for user weblogictest
  den ied
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  User weblogictest is present in both WL and AD and is a member of
  Administrators group on both.
  The problem is that I can't find anything to tell me what the reason for
  authentication failure is and therefore it's hard to figure out what to do
  next.
  Thank you,
  Eugene Khosid

  Hi all,
  It did work after all. Apparently there were some issues with AD replication
  that we have set up...
  However I immediately ran into the next problem:
  If I drop the WL Default Authenticator I'm getting the following exception
  while trying to boot
  <Aug 21, 2002 10:25:36 AM EDT> <Critical> <WebLogicServer> <000364> <Server
  fail
  ed during initialization. Exception:java.lang.SecurityException: User
  weblogictest is not permitted to boot the server
  java.lang.SecurityException: User weblogictest is not permitted to boot the
  server
  at
  weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
  yServiceManager.java:1076)
  at
  weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
  anager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  >
  <Aug 21, 2002 10:25:36 AM EDT> <Emergency> <WebLogicServer> <000342> <Unable
  to
  initialize the server: Fatal initialization exception
  Throwable: java.lang.SecurityException: User weblogictest is not permitted
  to boot the server
  java.lang.SecurityException: User weblogictest is not permitted to boot the
  server
  at
  weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
  yServiceManager.java:1076)
  at
  weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
  anager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  >
  The WebLogic Server did not start up properly.
  Exception raised:
  java.lang.SecurityException: User weblogictest is not permitted to boot the
  server
  at
  weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
  yServiceManager.java:1076)
  at
  weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
  anager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  Reason: Fatal initialization exception
  Throwable: java.lang.SecurityException: User weblogictest is not permitted
  to boot the server
  java.lang.SecurityException: User weblogictest is not permitted to boot the
  server
  at
  weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
  yServiceManager.java:1076)
  at
  weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
  anager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  My guess is that for some reason WL server does not recognize the fact that
  that weblogictest is an administrator... I wonder if we should write our own
  Authorization provider or a Role mapper...
  Any ideas?
  Thanks,
  Eugene
  "Vimala Ranganathan" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  You should not see this error is the user is defined in both wls andactivedir
  and belongs to Administrators group.
  Can you change the value of the control flag accordingly to check whetherthe
  issue is from active directory or wls default provider ?
  You can make the ControlFlag for ActiveDir as optional and check whetherthe
  error goes away.
  You would have start the server to do any changes in the console.
  You could start the server by deleting the UserConfig folder under thedomain
  but you would lose all the Security config settings.
  Vimala
  Eugene Khosid wrote:
  Hi all,
  I'm trying to use MS Active directory to authenticate my WL users. I did
  everything that the documentation tells to do but I'm still getting the
  following exception:
  <Aug 15, 2002 3:18:05 PM EDT> <Notice> <Management> <140005> <Loading
  configurat ion E:\bea\user_projects\testsecuritydomain4\.\config.xml>
  <Aug 15, 2002 3:18:12 PM EDT> <Notice> <Security> <090082> <Security
  initializin g using realm myrealm.> <Aug 15, 2002 3:18:12 PM EDT>
  <Critical>
  <WebLogicServer> <000364> <Server faile d during initialization.
  Exception:java.lang.SecurityException: Authentication f or userweblogictest
  denied
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  >
  <Aug 15, 2002 3:18:12 PM EDT> <Emergency> <WebLogicServer> <000342><Unable
  to i nitialize the server: Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for userweblogictest
  den ied
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  >
  >>
  The WebLogic Server did not start up properly.
  Exception raised:
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  Reason: Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for userweblogictest
  den ied
  java.lang.SecurityException: Authentication for user weblogictest denied
  at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
  SecurityServiceManager.java:978)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
  erviceManager.java:1116)
  at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
  at weblogic.Server.main(Server.java:31)
  >>
  User weblogictest is present in both WL and AD and is a member of
  Administrators group on both.
  The problem is that I can't find anything to tell me what the reason for
  authentication failure is and therefore it's hard to figure out what todo
  next.
  Thank you,
  Eugene Khosid

• AADSync and Azure Active Directory Device Registration Service

  Now I try to implement Azure Active Directory Device Registration Service with AADSync.
  According to step-by-step guide, it has to execute "Enable-MSOnlineObjectManagement" cmdlet.
  Step-by-Step Guide for On-premises Conditional Access using Azure Active Directory Device Registration Service
  https://msdn.microsoft.com/en-us/library/azure/dn788908.aspx
  Unfortunately, AADsync doestn't have "Enable-MSOnlineObjectManagement", and can't find similar cmdlet.
  I'm looking for cmdlet for device object synchronization.
   Does anyone know alternate cmdlet?

  Hi,
  Thanks for your post.
  You need to use the command import-module DirSync in PowerShell, then running the command "get-command -m Microsoft.Online.Conexistence.PS.config", you will find the cmdlet "Enable-MSOnlineObjectManagement"
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Oracle Non-Windows DB and MS Active Directory

  Question:
  How can one configure a Microsoft Active Directory (LDAP-compliant directory
  service) with an Oracle Database when the Database resides on a unix server
  without the need of the Oracle LDAP? Is it possible ? If yes, please explain.

  Question: I have been looking at examples of using the LDAP packages but I am not sure if the examples are explaining the ldap_base and groups for MS AD OR an example for Oracle OID.
  Can you explain is this Oracle OID
  GC$ldap_user VARCHAR2(256) := 'cn=orcladmin';
  GC$ldap_passwd VARCHAR2(256) := 'welcome1';
  GC$ldap_base VARCHAR2(256) := 'cn=my_cn,dc=my_dc,dc=fr';
  Can you give an example for MS AD?

• Enable SSO APEX 4 and MS Active Directory

  Hi,
  I want enable SSO on my APEX applications. Actually, we use Microsoft Active Directory and Windows 2003 (tomorrow maybe Windows 2008).
  Regarding your experiences, what is the best solution that I can us in order to implement SSO ?
  Thanks for your help,
  I have forget to give this informations :
  - Our Oracle Server is under Linux.
  - We use Oracle Database 11GR2.
  - Our domain controller is under Windows 2003 (we will probably upgrade to 2008 this year).
  - Our APEX version is 4.1.0.00.32.
  Edited by: user7224400 on 3 févr. 2012 16:23

  Morten -- Interesting. I wish we had found that before we implemented WebLogic and the APEX listener, it may have been an interesting other option to consider. I'm not sure it would have made it past our change control folks as they might bark at the supportability/security, but it is a intriguing option.
  Patrick -- (You have a great blog by the way.). We are talking about upgrading our APEX 3.1 instances this year so I am very interested in the new authentication type. Is it doing anything other than simply retrieving the logon_user? i.e., is it actually authenticating against anything or would it just read the logon_user and let them in if they matched a known username?
  AJ -- We just converted from Oracle Portal last year. When I had Oracle Portal, I had it setup to use Windows Native Authentication following the supported solution for that and then had APEX set up as a partner application for portal. So if someone hit portal first, they'd automatically logon as their active directory user through WNA and would be dropped into portal. If they then hit a link for APEX in portal, it would (in rapid succession) go to APEX, redirect back to the portal SSO server, see they were authenticated in app server, and drop them into APEX with barely a visible screen flicker. It worked flawlessly UNTIL we started upgrading to Windows 7. Then a number of changes and patches are required to get WNA to work with app server 10g and Windows 7. If you are using portal in your 10g IAS, you may want to consider that route.
  Pardon me while I hop on my soapbox briefly -- I think if our friends in Oracle land could come out with a fully supported method of using NTLM or similar technologies to automatically login to APEX applicaitons, it would help considerably in the adoption of APEX and the APEX listener in customers that have Oracle databases and Active Directory which is a pretty decent size market.
  Ok, soapbox moment ended. :-)
  Rgds/Mark M.

• Oracle Enterprise User, OVD and MS Active Directory (AD)

  Hi,
  I need to authenticate Oracle Users from MS Active Directory.
  If I create an Oracle Enterprise User, can I just use OVD or do I need also OID ?
  If the answer is YES, I just need OVD do I need just to install OVD or do I need any other installation from OIM in order for it to work?
  Thanks in advance for answering this post : )
  CMT

  Hi,
  I am not sure that you are correct.
  In the meantime, some one mentioned a white paper to read: "Directory Services Integration with Database Enterprise User Secuirty. In page 10 it mentions a scenario: EUS deployment using Active Directory and OVD
  (without OID).
  The cons mentioned are: Need to extend AD schema to include EUS meta-data (which I am not sure how its done).