Domain account object class 'user' vs 'contact'

Similar Messages

• Permisson problem: Change UID of domain account

  Hi everyone,
  I'm not sure if this is the right place to ask since I'm new to this forum but I kind of run out of options.
  My company just bought an iMac and it's my job to integrate it into our domain and active directory. I've managed to do this successfully. I can now log on to the machine with my company domain account.
  Each user has a personal home drive (NFS drive) which is (in Windows) mounted at startup. The user logged in has only access to his/her home directory (permissions are set through the UID).
  I managed to mount it on the Mac too.
  BUT:
  There seems to be a permission problem due to false UID's.
  Within the domain, my UID is 1258. When I log on to the Mac, it is 142783090.
  Does anyone now how I can change this? I've been searching for a solution all morning but couldn't find anything helpful. I already tried to change the UID in SysPrefs -> Account -> right-click on the account but it doesn't work for accounts that are not local ones. I also couldn't find out where the Mac gets this strage UID from...
  Thanks in advance for your help!
  Cheers
  PS: If you need more information from me, please ask, I will deliver it gladly =)

  I'm sorry, you're right, the page hold the solution but I was trying to find out how much I can do on the Mac without installing any additional software.
  Thanks anyway for your help!
  Cheers!

• Cn=Users domain is not displaying after configuring new object class in OAM

  We have configured a custom object class which inherits inetorgperson objectclass and reconfigured OAM. After the reconfiguration cn=Users is not available in OAM Attibute Access Control Management domain selection,Delegated Administration domain selection , Workflow Definition -workflow domain selection and searchbase domain.
  If anyone has faced similar issue,please reply back.
  Thanks inadvance.
  Regards,
  Srikanth

  > I cannot RDP using the user
  Any error message?
  Greetings/Grüße,
  Martin
  Mal ein
  gutes Buch über GPOs lesen?
  Good or bad GPOs? - my blog…
  And if IT bothers me -
  coke bottle design refreshment (-:

• Adding object classes when creating ldap user in workflow

  I'm creating ldap users in a workflow and when I assign the object classes in the workflow I get an object class violation. It seems that when I call check in view and when my break point stops in Update User the default object classes on the resource have been removed from the user.accounts[LDAP].objectClass attribute which I just set. Not sure what's going on here. Is there another way to assign more than just the default object classes to a new ldap user through the workflow? Thanks in advance.

  Multiple things I can think of
  1) put all the object classes you may be expecting with the user account in the resource configuration panel. LDAP is smart enough to assign the related object classes to the object based on the attributes assigned to the user.
  2) Check if you have the object class in the schema of LDAP.

• Recon and provisioning of user-defined object class ICF Active Directory

  I have followed the documentation instructions for reconciliation of a user-defined object class in the ICF Active Directory connector. I am using OIM 11gR2 with the ICF Active Directory 11.1.1.5 connector patched to 11.1.1.5.0A. The procedure states to create the new object class in AD and then change the objectClass value in the Lookup.Configuration.ActiveDirectory lookup. In my case I am using the existing ObjectClass of contact, rather than a new object class. Just for completeness I am using a clone of the AD User Resource Object which I call AD User Contact and so my lookup name is Lookup.Configuration.ActiveDirCon.
  When I changed the ObjectClass from User to Contact, and ran the Active DirCon User Target Recon scheduled job, with Object Type also = contact. The first issue I noticed was that the connector wanted a different set of lookups, which is not in the documentation. It is looking for a lookup in my Configuration lookup where code key=contact Configuration Lookup (which I should have expected since there are code keys for User, Group, and organizationalUnit). I added a line to the lookup where code key=contact Configuration Lookup and the Decode=Lookup.ActiveDirCon.CM.Configuration and then I created a new lookup by that name, assigning the 5 values to be the Lookup.ActiveDirCon.UM.xxx lookups. I did not see any need to create a new set of Lookup.ActiveDirCon.CM.xxx lookups with the exact same values.
  I re-ran the scheduled job and it ran successfully, but did not generate any Recon Events, even though I had objects in the OU and I have that same OU in the Lookup.ActiveDirCon.OrganizationalUnits lookup (from the Org Lookup Recon). Everything looks good but getting no results. Looked at the log file from the ConnectorServer and it is building the query properly and executing it properly with the correct syntax, getting no errors, but the SearchAndReturnObjects method is returning zero results.
  Looking to see if anyone has successfully reconciled in user-defined or other non-User objectClass objects from Active Directory, and if so, can you provide Lookup configuration and Connector Server information so I can troubleshoot.
  I resolved this issue by changing the recon lookups to a blank lookup called Lookup.ActiveDirCon.CM.ReconAttrMap and only added in the parameters that are used by a Contact object. Only populate the ReconAttrMap with parameters that exist for the custom object.
  Edited by: Keith Smith AptecLLC on Mar 27, 2013 6:31 AM

  Oracle Support answered this question via SR

• 11g - LDAP Sync - Select Custom Object class based on user type

  Hi Gurus,
  We have Ldap Sync set up between OIM 11g and ODSEE, we have some custom object class in ODSEE when the user are getting created in OIM it is getting created in ODSEE and it has all object class , every thing is working fine.
  Now we have to select the object class based on user type of OIM, while pushing the user to ODSEE through LDAP sync.
  we checked the LDAPUser.xml we doesnt have any option to choose custom object class based on user type.
  Guys needs suggestion how to go forward on this requirement.

  Do you have OVD between OIM and ODSEE? If yes, then this can be handled at OVD. By modifying the LDAP Adapter and setting up search for users with custom objectclass instead of inetorgperson.
  Flow would be as follows:
  OIM --> LDAPRequest to Create User with inetorgperson to OVD --> OVD --> change request's objectclass to custom objectclass --> Create user in OID with custom objectclass
  ~Yagnesh

• Add user validation in create user form during Configure User Object Classe

  Hi friends,
  I like to add a user validation code (javaScript or PL/SQL) into create user form during Configure User Object Classes.
  Is any way to pick user information and role assignment for validation in Portal side?
  or pre event in OID provisioning befor loading LDAP?
  We like to make a rols assignment validation. But portal does not have this function.
  TOM, Any suggestion?
  Thanks!!

  after study, portal form --LOVGroupSearch take a  role search and display user name  for select role.
  Who know we are can find system object LOVGroupSearch in portal or OID?
  the source SCR as /oiddas/ui/oracle/ldap/das/search/LOVGroupSearch?title=Role%3Fredirect=/oiddas/ui/oracle/ldap/das/search/LOVGroupSearch%3Ftitle=Role
  When we search a role and added it. selected role appears in form Search and Select:.
  When click role name in Search and Select form. system will display Group Members and group owner.
  Who can find behind codes for this form or samilar pl/sql codes?
  Thanks!!

• Can't move iWeb domaine to my other user account

  When I copy my iWeb domaine to my other user account on my iMac by dropping it into idrop it only seems to work for awhile, then by the end of the day it's gone. Very strange.

  Not familiar with iDropd and how it works.  Just copy the domain.sites file to the new Mac and place it wherever you want.  The default location is in the User/Library/Application Support/iWeb folder.
  In Lion and Mountain Lion the Home/Library folder is now invisible. To make it permanently visible enter the following in the Terminal application window: chflags nohidden ~/Library and press the Return key - 10.7: Un-hide the User Library folder.
  To open your domain file in Lion or Mountain Lion or to switch between multiple domain files Cyclosaurus has provided us with the following script that you can make into an Applescript application with Script Editor. Open Script Editor, copy and paste the script below into Script Editor's window and save as an application.
  do shell script "/usr/bin/defaults write com.apple.iWeb iWebDefaultsDocumentPath -boolean no"delay 1
  tell application "iWeb" to activate
  You can download an already compiled version with this link: iWeb Switch Domain.
  Just launch the application, find and select the domain file in your Home/Library/Application Support/iWeb folder that you want to open and it will open with iWeb. It modifies the iWeb preference file each time it's launched so one can switch between domain files.
  WARNING: iWeb Switch Domain will overwrite an existing Domain.sites2 file if you select to create a new domain in the same folder.  So rename your domain files once they've been created to something other than the default name.
  OT

• LDAP object classes for user creation

  Hello,
  I use a remote LDAP for authentication, works fine. However, i want of copy some attributes from the remote LDAP into the dynamically created user profile. This works fine as long as the attributes are par5t of the standard object classes. The remote LDAP has an extra, site specific, object class for users. Since i want to use the same attribute names i added the schema extension (1 object class with a couple of attributes) to the AM LDAP. So far so good.
  My question is: How do i specify the additional object class to be added to the user which is dynamicaly created?
  Thanks in advance, Robert

  Robert,
  To resolve this, I believe that you will need to add the new objectclass to the "LDAP User Object Classes" field on the LDAP Data Store. You will also need to add the attributes to "LDAP User Attributes" on the same tab.
  Hope this helps.

• Multiple AD account in single domain for a single user

  Hi,
  Does OIM support multiple AD account in single domain for a single user?
  Scenario 1 :- If the multiple accounts already exists in AD can I pull it from AD to OIM for single user.
  Scenraio 2:- Does OIM allow creation of multiple account in AD for a single user, when requested from OIM?
  Thanks,

  yes. this is possible. OIM allow this.
  obviously the recon rule would be employee number or anything other than ' sAmAccontName' for target recon
  while provisioning make sure you are generating unique sAmAccountName and Common Name(if in same OU) for same user
  If you maintain above no issue having multiple account for a sing user in single domain

• How can 1 make an object of user defined class immutable?

  Hi All,
  How can one make an object of user defined class immutable?
  Whats the implementation logic with strings as immutable?
  Regards,

  Hi All,
  How can one make an object of user defined class
  immutable?The simple answer is you can't. That is, you can't make the object itself immutable, but what you can do is make a wrapper so that the client never sees the object to begin with.
  A classic example of a mutable class:
  class MutableX {
      private String name = "None";
      public String getName() {
          return name;
      public void setName(String name) {
          this.name = name;
  }I don't think it's possible to make this immutable, but you can create a wrapper that is:
  class ImmutableX {
      private final MutableX wrappedInstance;
      public ImmutableX (String name) {
          wrappedInstance = new MutableX();
          wrappedInstance.setName(name);
      public String getName() {
          return wrappedInstance.getName();
      // Don't give them a way to set the name and never expose wrappedInstance.
  }Of course, if you're asking how you can make your own class immutable then the simple answer is to not make any public or protected methods that can mutate it and don't expose any mutable members.
  Whats the implementation logic with strings as
  immutable?
  Regards,I don't understand the question.

• Add object Classes before creating user??

  Hi,
  I have a requirement where in I need to add object classes to the user while provisioning to Sun Directory Server. How exactly should I be implementing my process task for the same. Should I add the object class after the Create task is finished or before the Create User task gets triggered?
  Thanks,
  Supreetha

  Are you talking about adding custom object classes for the users? This would be a schema change and should be done prior to adding users since that would fail without having the correct schema in place. To add new object classes you need to either manually create the from the DSEE admin page or import the object definitions and attributes from a ldif file. Once that is all done, you can then configure the provisioning workflow and add the object classes during user creation so the system knows what object classes to associate with each user entry.

• IIS Anonymous User using Plumtree Domain Account

  Is it good or accepted practice to create a Plumtree domain account and have the remote portlets (web apps) use this username / pwd instead of the anonymous user (IUSR_MACHINE) accounts? Then we would only need to grant acess to the Plumtree domain account on file shares, etc.

  The anonymous user for IIS should not be a domain user. It should be a local account and given minimal rights.
  Michael [email protected]

• Visual Studio Test Controller recovery locks out the user domain account, cannot log into PC

  On the recovery tab of the Visual studio Test controller Services properties dialog, there are three recovery settings:
  First Failure, Second failure and Subsequent failures. The default settings for these options is to "Restart the Service". I changed my domain password this morning, restared the PC and could not log in because the Visual Studio Test Controller
  service tried to restart with the wrong credentials in an infinite loop. This resulted in my account with the domain controller getting locked out. The delay between service restarts was very quick and I could not login and stop the service. The kind admin
  fellow logged in  to the PC and changed the service settings.
  Is there a place where the recovery service restart interval can be changed to prevent this situation?

  Hi bcautest1,
  >>I changed my domain password this morning, restared the PC and could not log in because the Visual Studio Test Controller service tried to restart with the wrong credentials in an infinite loop. This resulted in my account with the domain controller
  getting locked out.
  You said that you couldn't log in, do you mean that you couldn't log in your machine or others?
  If you change the domain password, generally we could open the Test Controller configuration and change the logon account for this service.
  But if you mean that you couldn't log in your windows now, I'm afraid that it is not the test controller and Agent issue, it would be the windows issue, because it still has this issue even if you use other servers.
  Reference:
  https://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx
  Like the following documents here:
  http://stackoverflow.com/questions/4468677/domain-account-keeping-locking-out-with-correct-password-every-few-minutes
  Maybe the Window support forum would be better for you:
  https://social.technet.microsoft.com/Forums/windows/en-US/home?forum=w7itprosecurity
  If I misunderstood this issue, please feel free to let me know.
  Best Regards,
  Jack 
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Provision Search in SharePoint Foundation 2013 without Domain Controller / Active Directory - Domain accounts

  Hi,
  I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
  in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller 
  When I run Farm configuration wizard to provision search service application, I get an error:
  ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
  The log file logged the details of this error as:
  ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
  that cannot be translated."
  After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
  be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
  I got some pointer from the below thread
  https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
  However, the above thread doesn't state that the solution worked.
  I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
  Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
  Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
  Thanks in advance.
  Himanshu

  Microsoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
  Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.