Custom routing agent based on sender's security group and subject

Similar Messages

• How to send my security questions and answers to my e-mail?

  how to send my security questions and answers to my e-mail?

  call apple 1-800-694-7466 ask for account security.
  Peace, Clyde

• What is the Behavior.Navigation URL for creating navigation bar links for search scopes for security group and distribution groups?

  ...the search scope is used to subset the SGs and DGs. The search scope itself shows expected results. The search scope filter used is: /Group[Type='Security' or Type='MailEnabledSecurity'][(Domain = 'DomainX') or (Domain = 'DomainY')]
  Tried the following, with the GUID being the resource ID from the search scope for security groups:
  ~/identitymanagement/aspx/customized/CustomizedObjects.aspx?type=Group&searchtype=e8ed98b6-e299-4b8d-bfe5-e4b2adf1cd60
  ~/IdentityManagement/aspx/groups/Groups.aspx?type=Group&searchtype=e8ed98b6-e299-4b8d-bfe5-e4b2adf1cd60
  Thanks

  are you talking about redirect URL in search scope ? FIM will automatically add the searchtype querystring
  for custom groups search scope you can use :
  ~/IdentityManagement/aspx/groups/AllGroups.aspx
  and configure you search scope to use the same UsageKeywords as for the security groups
  and restart your IIS server using the command "IISRESET"
  in your case if you want to create navigation bar link to your group-type search scope use may use this format:
  http://{your fim server}/IdentityManagement/aspx/groups/AllGroups.aspx?searchtype={your searchscope guid}&content=%2a
  ex : http://fimserver/IdentityManagement/aspx/groups/AllGroups.aspx?searchtype=47e0a973-0ab4-46f5-815f-f5028c1af58e&content=%2a

• Creating New Security group and Refreshing Security Filters

  Hi
  I have created a new security group (and added people to it)
  I have given this security group write access to certain dimension members within the planning application
  I have refreshed the security filters via Planning_Manage Database_Security Filters
  But the people in the new security group still dont have write access to the dimension members
  If I look in EAS ... I cant see the the new security group that I have created
  Question 1
  Do I need to refresh the security filters via EAS
  If I do this ... I know that I need to make sure that no one is in the Essbase application
  Do I also need to make sure that no one is within the relavent planning application?
  Question 2
  Is it enough to refresh the security filters (tick security filters) .. or Do I need to tick database in the manage database options
  Question 3
  Does anyone have any suggestions that I havent mentioned above?
  Thank you
  PD

  Hi John
  Thanks for your suggestion
  I tried this and He still doesnt have write access
  He doesnt need to be able to lock and send values via essbase ... However when we are in planning, He cant submit data to the dimension members mentioned above.. i.e the cells are all green
  I have checked and doubled check the security on the dimension members (and form security) in the form that he cant edit
  Do you have any other suggestions?
  Thank you
  PD

• Filter AD Security Group and add member through visual webpart

  Hi All,
  I want to know how to Filter AD Security Group and add members to it from SharePoint 2013 Visual webpart, where i have multiple domains as well.
  Regards
  Rathanavel
  Rathanavel

  SP doesn't interrogate AD groups (DL's or SG's)... you'll need to query AD directly (ADSI).
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Powershell script for security groups and users for multiple share folders

  Hi scripting team,
  I need your help with powershell script for the below queries 
  1. List out the security groups for more than one server share path and output it to a file ( csv ) 
  For eg.
  If the are are two share paths 
  \\servername\foldermain\folder1
  \\servername\foldermain\folder2
  So I needs the list of security groups for each share path
  And the output needs to be under each any every path.
  2. Grab the users belongs to main security groups and it nested groups for more than one security group and listed the users under each and every group. No need to display nested groups. Just users belongs to main group and users under nested.
  Your teams help is much appreciated 
  Thank you.
  Thilochana kumararatne

  Hi Braham,
  Thanks for your quick reply.
  Are we able to do this on two stage method
  1. grab the security groups from the share paths
  if can grab the share path from a separate txt file than copying it to the <your path> location
  so i can modify the txt file
  once run the script
  if can the output like below to a CSV file
  \\servername\foldermain\folder1group 1group 2group 3\\servername\foldermain\folder2group 1group 2group 3then i know which groups belongs to which share paththen i can remove the duplicate groups and keep the common groups to grab the users belongs to itso with the second script same as the first copy the security groups to a txt file and the out put as below.what I needs is the users full name and the samaccount name ( user id )group 1user1user2user3
  group 2user1user2user3looking forward your help on thisThank you.Thilo

• How to create a new security group and assignments of rigths?

  Hi,
  In our current "Cisco Unified CM Administration System version: 7.0.1.11000-2" installation, we are a couple of administrators using the same user account to logon to the "https://10.10.x.x/ccmadmin/showHome.do" homepage.
  Where can I create a new user group and assign the appropriate rights to the group, and add users to the group? Or is it another approach that I need to follow instead of the way that security rights a made in a Microsoft Active Directory?
  Is there any place that I can read or view examples on how the setup can be done? I would like to have it in the way that everyone has their personal user account and use this to logon the administration-web page instead of an account that everyone uses.
  Kind regards,
  Carl-Marius

  why do you need to create a new business group? To implement HR? If so, linking a HR responsibility to your user, is one of the few steps to go anyway.
  How you did it on the test environment?
  Why not link a hr resp to your user temporarily, and disable it later.
  I'm always afraid to answer this kind of questions, since the real requirement is not described.

• Person DFF Context Value based on 2 criteria (Business Group and Emp Type)?

  Hello,
  We're implementing HR module into multiple business groups.
  I need to define context value for DFF "Additional Personal Details" based on 2 criteria Business Group ID and Employee Type
  Any idea how to do it?
  Thank you
  Elie

  Hello Elie,
  I am not sure on it,However have you tried creating a context with combination of Business Group and Person Type using merging,
  business_group_id || "_"|| person_type_id And structures would be something like 80_2112 Business Group id = 80 and Person Type id=2112.
  It may resolve your issue if this works out.
  Regards,
  Saurabh

• How to export "Managed by" field of Distribution and Security groups and import with new values? (Exchange 2010, AD 2003)

  My Active Directory environment is 2003 functional level and we have Exchange 2010.
  I am trying to find out the best way to do a mass edit for the "Managed by" values of our security and distribution groups.
  I know we can export the "managed by" field by csvde but I am not sure this is the correct way to do it. Also in the case that there are multiple users assigned to be managing a distribution group it only shows one value. Also powershell from Exchange
  2010 can be used with "get-distribution" but as our AD environment is 2003 is this correct also?
  Finally once the data is exported to csv can it be edited to then reimport and udpate the existing group managed by fields with new values?
  Not really sure that the best way to go about this is.
  Summary - We have 2003 AD with Exchange 2010 and I am trying to export a list of all our Distribution/Security groups showing the group name and managedby values so we can edit and update the
  existing managedby values with new ones. In some cases we have multiple users as the owners.
  Appreciate any advice on how this can be best achieved. Thank you.

  Hi,
  We can use the following command in Exchange 2010 to export "Managed by" field of Distribution and Security groups:
  Get-DistributionGroup | Select-object Name,@{label="ManagedBy";expression={[string]::join(“;”,$_.managedby)}},Primarysmtpaddress | Export-Csv
  C:\export.csv
  After you changed the Managed by field in export.csv and saved it as a new file named import.csv, we can run the following command to set with new value:
  Import-Csv C:\import.csv | Foreach-Object{ Set-DistributionGroup –Identity $_.Name –ManagedBy $_.ManagedBy}
  Hope it works.
  Thanks,
  Winnie Liang
  TechNet Community Support

• How to export "Managed by" field of Distribution and Security groups and import with new values?

  My Active Directory environment is 2003 functional level and we have Exchange 2010.
  I am trying to find out the best way to do a mass edit for the "Managed by" values of our security and distribution groups.
  I know we can export the "managed by" field by csvde but I am not sure this is the correct way to do it. Also in the case that there are multiple users assigned to be managing a distribution group it only shows one value. Also powershell from Exchange
  2010 can be used with "get-distribution" but as our AD envronment is 2003 is this correct also?
  Finally once the data is exported to csv can it be edited to then reimport and udpate the existing group managed by fields with new values?
  Not really sure that the best way to go about this is.
  Summary - We have 2003 AD with Exchange 2010 and I am trying to export a list of all our Distribution/Security groups showing the group name and managedby values so we can edit and update the
  existing managedby values with new ones.
  Appreciate any advice on how this can be best achieved. Thank you.

  Hi Barkley,
  You can also refer to Official Scripting Guys forum to get a script solution:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG&filter=alltypes&sort=lastpostdesc
  Best Regards,
  Amy Wang

• SSRS - Intellisense for Security (Groups and Users) and email subscriptions

  When I add a new user to a SQL Server (In SSMS), I can add an AD Group or user, and SQL server will verify their login name.  It will reject if wrong and let me search Active Directory and verify names.  In MS Outlook I can start typing an email
  address and intellisense will help me complete it.
  Is there Intellisense on the Report Server, so when I make a role assignment (giving permissions like Browser to a user) it checks their login or even completes it for me.
  Is there Intellisense when I add email address to a subscription?
  Was wondering if this is a setting I can turn on, or if it is just not available.
  Any workarounds?  How do I know I am entering a user correctly, what if I misspell?
  Thanks,
  Mike

  Hi Computermike,
  According to your description, you want to check the if the e-mail address is valid when creating e-mail subscription. Right?
  In Reporting Services, The report server does not validate e-mail addresses or obtain e-mail addresses from an e-mail server. You must know in advance which e-mail addresses you want to use. This is a feature by design. However, if you send a subscription
  to an invalid e-mail address, the sender (your service account) will receive an e-mail which tells you the destination e-mail address is invalid. 
  If you really need to check the validation of the e-mail address before sending the subscription, we suggest you provide Microsoft a feature request at
  https://connect.microsoft.com/SQLServer 
  so that we may try to expand the product features based on your needs.
  Best Regards,
  Simon Hou

• How to change the values in custom profiles based on security group ??

  Hi,
  i am facing problem for my requirement, can anybody help me for below scenario...
  i have custom check in profiles , there are content types and sub types. sub type nothing but a categories on for particular content type. For example i have News content type , same in the below subtypes drop down list are press release, events, articles etc.
  what i want to do is, when i open custom checkin profile, subtype values need to be changed( some values in subtype should hide) based on security group changes .
  In the Sub type listed values, some values need to hide only when i choose different security groups.. sub types values should display based on the particular security group only. when ever i change the security group, drop down Values in subtypes needs to change.
  hope understand my requirement.
  How to achieve this task. Any help would be greatly appreciated.
  Thanks,
  yt

  Hi,
  Thanks alot. its working fine
  Can we configure DCL Relation two times in one information filed ??? i should not create not more than fields to this requirement.
  Type -> subtype = DCL already existed
  Now, i want to Create DCL to
  Subtype ---> Security group
  As per my requirement, if i change the security group in checkin form, values should be change in the SubType drop down list.
  Created checkin profile there was DCL relation to " Type and "Sub Type" . now i want to map Relation ( DCL ) for subtype to security group.
  i was trying do for DCL for subtype and security group. but there was already existing DCL created for subtype information field (Relation configuration done for content type). even though i was trying to do for DCL in Security group information field. but, i could not find security group information field in configuration manager.
  Now what should i do ?? how to create DCL to subtype and security group ??
  Help would be appreciated.
  yt

• How to read contents of files that do not fall under public security group?

  Hi,
  I need to read the contents of a WCM based xml file that does not fall under public security.
  The process is like this:
  First the user makes chnages to the content.
  The workflow will be triggred based on the security group metadata that is associated with the content.
  Once the content is finally approved our workflow calls a custom idoc script.
  First we tried directly reading the xml contents from the idoc script which was still in the context of workflow. But since content item is still in workflow I was not able to read the changes. So I created a separate content publisher thread and read the DOC_INFO and checked for the dStatus value. If the value is RELEASED then I reading contents by calling ssIncludeXml idoc script.
  This was working fine for public content. But now the requirement is that all content cannot be public. Content authors should not be able to edit the content that does not belong to their group, So we created security groups (and roles) and are associating that groups to the relavent content.
  Beacuse of this change I am not not able to read the non public content. The call to DOC_INFO_BY_NAME service, which gives all the content files' metadata, is expecting the user to be logged in to give the details.
  I tried calling the CHECKIN service with sysadmin and captured the cookies returned by that service and use cookies for the DOC_INFO_BY_NAME service call. But the service call was faling. It is throing the 401 forbidden error with the message that user needs to be logged in to get the details.
  How to address this problem. Someone please help.
  Note: I also tried using ridc for this. I was able to get it working but since it is executing in the context of server ridc api is changing server's environment properties like HTTP_HOST, HTTP_CGIPATHROOT etc. It also seemed like system was becoming non functional after using ridc. When I called check-in the system metadata values like security group are no more loading. Not sure if ridc is the culprit here but worried that it might be causing this issue.
  Regards,
  Pratap

  Sorry, I posted too much details while posting this question. I was saying "not able to read *non* public content".
  Anyway, I was able to resolve the issue. I was able to authenticate with sysadmin credentials in the request to service using basic authentication and was able to read doc info with that credential.
  But I realized there is more than option for reading secure content.
  - I could set user name as sysadmin in the m_environment (if I am in the context of a service) and the call the DOC_INFO_BY_NAME service.
  - I can post an HTTP request to DOC_INFO_BY_NAME service with sysadmin credentials and do basic authorization via the connection. (This is what i have done successfully as of now )
  - I could add guest role to all security groups with R (read) privileges.
  I will look into all options and implement the one which is more apt.
  Regards,
  Pratap

• User won't add to an AD security group

  Hello,
       I've been scouring around the last few days and I've come up empty handed with an issue I'm having on a personal domain and I'm hoping someone here can point me in the right direction.
       I have a domain controller set up in a lab environment running Server 2012 RU with three computers and three users joined to the domain.  I'm currently attempting to apply group policy via AD security groups but I've hit a dead
  end.  I've created the users and moved them to a nested OU, we'll call it SiteA>Users.  I then created a global security group called Control Panel Restriction and placed it in a nested OU in SiteA>Groups, and joined one of the users to the
  security group.  I then created a group policy and configured it to restrict all access to the control panel and linked it to the SiteA OU.  In security filtering I've removed the authenticated users group and added the Control Panel Restriction
  group.
       The first time the user is joined to a security group it seems to work fine.  If I remove the user from the group and run gpupdate /force, the user can once again access the control panel.  From that point going forward,
  however, it's as if the user is never added to a security group again.  I can add the user directly to the security filtering section of the GPO and it works, but it's like security group membership will not update anymore for that user.
       Troubleshooting:  I've verified the permissions of the security group for the GPO and made sure it has read and apply group policy access, I've created a test user and placed it in the Control Panel Restriction security group
  and policy applied successfully (once), so I know the group works.  I ran a gpresult /r for the user and found the group policy IS being applied, but it's being denied through security filtering.  In the group membership section of the gpresult report
  it indicates the user is only a member of the default security groups in AD, not the custom made security group, even though a quick inspection of AD proves otherwise.
       Any advice?

  After you add, or remove, a user from a group, ensure that the changes have replicated/propagated across the DC's (waiting for your replication cycle time is usually enough), then, ensure that the user logs off, and then log the user on again.
  The logoff/logon cycle is typically important, since the user's security token is constructed at logon, and the token is constructed based on group memberships at the time of logon.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Use AD Security Groups for SharePoint database permissions

  In our SharePoint environment we have around 30 content databases. Each of these content databases need a few application pool accounts added to there permissions for various service applications etc. Currently all the accounts are added individually,
  but this can be a little error prone. Is there a reason why we could just pop all the required accounts in an AD security group and add that database permissions in SQL?

  You could do that, but your service accounts shouldn't be accessing the databases directly, instead routing through the SharePoint API, which then permissions would be taken care of by SharePoint accounts (or if you have custom Service Applications, the
  service app pool account).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.