Exchange 2010 - #554 5.2.0 The Active Directory user wasn't found
We have migrated form Exchange 2003 to Exchange 2010 a year ago with no issues. All Exchange legacy servers uninstalled with no issues. We had an issue today were emails sent to mail-enabled public folder was returning NDRs. This happened on two or three
and then trickled down thorugh several public folders. This client has several public folders and uses them for business processes. There have been 100s of incidents now.
Symtoms:
E-mail messages that been sent to mail-enabled public folder in Exchange Server 2010 environment rejected with the following NDR:
#554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn't found. ObjectNotFoundException: The Active Directory user wasn't found. ##
We are getting the following Event log messages on Hub transport servers.
Log Name: Application
Source: MSExchange Store Driver
Date: 5/29/2014 2:45:53 PM
Event ID: 1020
Task Category: MSExchangeStoreDriver
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxx
Description:
The store driver couldn't deliver the public folder replication message "Backfill Request (xxxxxxx)" because the following error occurred: The Active Directory user wasn't found..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange Store Driver" />
<EventID Qualifiers="49156">1020</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-05-29T18:45:53.000000000Z" />
<EventRecordID>168407</EventRecordID>
<Channel>Application</Channel>
<Computer>xxxxxx</Computer>
<Security />
</System>
<EventData>
<Data>"Backfill Request (xxxxxxx)"</Data>
<Data>The Active Directory user wasn't found.</Data>
</EventData>
</Event>
Actions:
We have executed the following steps.
1. Start the ADSI Edit MMC Snap-in. Click Start, then Run, and type adsiedit.msc, and then click OK.
2. Connect & Expand the Configuration Container [YourServer.DNSDomainName.com], and then expand CN=Configuration,DC=DNSDomainName,DC=com.
3. Expand CN=Services, and then CN=Microsoft Exchange, and then expand CN=YourOrganizationName.
4. You will see an empty Administrative Group. Expand the CN=YourAdministrativeGroupName.
5. Expand CN=Servers.
6. Verify there are no server objects listed under the CN=Servers container.
7. Right click on the empty CN=Servers container and choose Delete.
8. Verify the modification, and try to send again the E-mail to the mail-enabled public folder.
To no avail the issue still exists.
We have not rebooted the servers and plan to in the early morning.
We have dismounted/mounted public folder DBs
Does anyone have any other suggestions?
Danny Kennedy, MCSE, MCITP
I have already uninstalled legacy servers a year ago.
This was the solution:
I moved the public folder hierarchy to exchange 2010 using ADSIEdit.
If you don't know adsiedit tool that much check this
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%253Demr_na-c03067450-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&sp4ts.oid=1840527&ac.admitted=1401455429281.876444892.492883150
Danny Kennedy, MCSE, MCITP
Similar Messages
-
Is it possible to get the active directory user name of the person
Is it possible to get the active directory user name of the person who is logged onto a windows computer, when they are using your coldfusion site, the same way asp pages can do that?
SECOND TRY TO POST THIS REPLY
You have to turn on "Windows Integrated Security" and turn off anonymous login in the IIS web server, once that condition is met the cgi.AUTH_USER variable will be popluated with the domain/username of the user logged into the cient computer.
If the user is using a windows browser on a windows client computer this will be done silently in the background. Otherwise they will normally be presented with a login dialog box by the browser. -
How to import your MS Active Directory users in an Oracle table
Hello,
I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
This doesn't work so I used an alternative solution:
How to import your MS Active Directory users in an Oracle table
- a Visual Basic script for export from Active Directory
- a table in my database
- a SQL*Loader Control-file
- a command-file to start the SQL*Loader
Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
Just to share my scripts:
I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
'Export_ActiveDir_users.vbs 26-10-2006
'Script to export info from MS Active Directory to a CSV-file
' Accountname, employeeid, Name, Function, Department etc.
' Richard de Boer - Wetterskip Fryslan, the Nethterlands
' samaccountname Logon Name / Account
' employeeid Employee ID
' name name
' displayname Display Name / Full Name
' sn Last Name
' description Description / Function
' department Department / Organisation
' physicaldeliveryofficename Office Location Wetterskip Fryslan
' streetaddress Street Address Harlingerstraatweg 113
' l City / Location Leeuwarden
' mail E-mail adress
' wwwhomepage Web Page Address
' distinguishedName Full unique name with cn, ou's, dc's
'Global variables
Dim oContainer
Dim OutPutFile
Dim FileSystem
'Initialize global variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
'Enumerate Container
EnumerateUsers oContainer
'Clean up
OutPutFile.Close
Set FileSystem = Nothing
Set oContainer = Nothing
WScript.Echo "Finished"
WScript.Quit(0)
Sub EnumerateUsers(oCont)
Dim oUser
For Each oUser In oCont
Select Case LCase(oUser.Class)
Case "user"
If Not IsEmpty(oUser.distinguishedName) Then
OutPutFile.WriteLine _
oUser.samaccountname & ";" & _
oUser.employeeid & ";" & _
oUser.Get ("name") & ";" & _
oUser.displayname & ";" & _
oUser.sn & ";" & _
oUser.description & ";" & _
oUser.department & ";" & _
oUser.physicaldeliveryofficename & ";" & _
oUser.streetaddress & ";" & _
oUser.l & ";" & _
oUser.mail & ";" & _
oUser.wwwhomepage & ";" & _
oUser.distinguishedName & ";"
End If
Case "organizationalunit", "container"
EnumerateUsers oUser
End Select
Next
End SubThis give's output like this:
rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
CREATE TABLE PG4WF.ACTD_USERS
samaccountname VARCHAR2(64)
, employeeid VARCHAR2(16)
, name VARCHAR2(64)
, displayname VARCHAR2(64)
, sn VARCHAR2(64)
, description VARCHAR2(100)
, department VARCHAR2(64)
, physicaldeliveryofficename VARCHAR2(64)
, streetaddress VARCHAR2(128)
, l VARCHAR2(64)
, mail VARCHAR2(100)
, wwwhomepage VARCHAR2(128)
, distinguishedName VARCHAR2(256)
)I made SQL*Loader Control-file:
LOAD DATA
INFILE 'ActiveDir_users.csv'
BADFILE 'ActiveDir_users.bad'
DISCARDFILE 'ActiveDir_users.dsc'
TRUNCATE
INTO TABLE PG4WF.ACTD_USERS
FIELDS TERMINATED BY ';'
( samaccountname
, employeeid
, name
, displayname
, sn
, description
, department
, physicaldeliveryofficename
, streetaddress
, l
, mail
, wwwhomepage
, distinguishedName
)I made a cmd-file to start SQL*Loader
: Import the Active Directory users in Oracle by SQL*Loader
D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
http://www.kouti.com/tables/userattributes.htm
Greetings,
Richard de BoerI have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
Is there any way that I can find out what time each record has been inserted?
For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
First you need to clarify what you mean by 'the date that each record get inserted'. A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time. -
Getting Active Directory Users in UCM User Admin - Users Tab
Hello All
We have integrated WLS with our Active Directory. And we are getting all the active directory users under Security Realms >myrealm >Users and Groups tab in WLS Console.
We are also able to login to webcenter spaces and Content server using those userid and credentials. But our problem is in UCM under Admin Applets - User Admin - Users tab all the active directory users are not listed. So we are not able to assign particular roles to the users.
When a particular Active Directory user logins in UCM (First Time) after that the admisistrator (weblogic) is able to get that user under Admin Applets - User Admin - Users tab. And also it comes as an External user so we are not able to assign role.
So basically UCM requires a login to get all the users listed in users tab.
Our requirement is we want all the Active Directory users to get listed in UCM without the condition that the users has to login in content server once.
ThanksHi Navin ,
First and foremost the requirement that you have posted is not possible and the reason for that is :
Users are created on AD which is outside the realm of UCM hence there is no way that the users created on AD will be shown up under Users tab without they login atleast once . UCM does not know which all users are part of the realm until and unless the AD users login in atleast once .
Secondly external users cannot be assigned roles from UCM because when the Auth type is set to External UCM sees it as external entity hence not giving it any way to relate roles / groups from UCM . As a workaround you can change the AuthType for the External users to Global from User Admin applet after the users login for the first time . This will enable you to assign roles / groups for the AD users .
Hope this helps .
Thanks
Srinath -
How to display active directory users through weblogic portal Application?
Hi,
Does anyone has faced this situation?
I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
I have two doubts on this?
1)Is it I need to write custom code to view the active directory users in our portal?
2)Does I need to use any jars that supports active directory authenticator?
I would appreciate if any one can reply on this with helpfull docs/information.
We are using BEA 8.1 SP4.
Windows 2000.
SurendraHi,
I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%@ page import="java.util.Set" %>
<%@ page import="javax.naming.Context" %>
<%@ page import="weblogic.jndi.Environment" %>
<%@ page import="weblogic.management.MBeanHome" %>
<%@ page import="weblogic.management.configuration.DomainMBean" %>
<%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
<%@ page import="weblogic.management.security.RealmMBean" %>
<%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
<%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
<%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
<%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
<%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
<%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
<%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
<%@ page import="weblogic.management.utils.ListerMBean" %>
<%@ page import="javax.management.MBeanException" %>
<%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
<%@ page import="examples.security.providers.authentication.manageable.*" %>
<%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
<%@ page import="weblogic.management.utils.InvalidParameterException" %>
<%@ page import="weblogic.management.utils.NotFoundException" %>
<%@ page import="weblogic.security.SimpleCallbackHandler" %>
<%@ page import="weblogic.servlet.security.ServletAuthentication"%>
<%!
private String makeErrorURL(HttpServletResponse response,
String message)
return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
%>
<html>
<head>
<title>Password Changed</title>
</head>
<body>
<h1>Password Changed</h1>
<%
// Note that even though we are running as a privileged user,
// response.getRemoteUser() still returns the user who authenticated.
// weblogic.security.Security.getCurrentUser() will return the
// run-as user.
System.out.println("------------------------------------------------------------------");
String username = request.getRemoteUser();
System.out.println("User name -->"+username);
// Get the arguments
String currentpassword = request.getParameter("currentpassword");
System.out.println("Current password -->"+currentpassword);
String newpassword = request.getParameter("newpassword");
System.out.println("New password -->"+newpassword);
String confirmpassword = request.getParameter("confirmpassword");
System.out.println("Confirm password -->"+confirmpassword);
// Validate the arguments
if (currentpassword == null || currentpassword.length() == 0 ||
newpassword == null || newpassword.length() == 0 ||
confirmpassword == null || confirmpassword.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Password must not be null."));
return;
if (!newpassword.equals(confirmpassword)) {
response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
return;
if (username == null || username.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Username must not be null."));
return;
// First get the MBeanHome
String url = request.getScheme() + "://" +
request.getServerName() + ":" +
request.getServerPort();
System.out.println("URL -->"+url);
Environment env = new Environment();
env.setProviderUrl(url);
Context ctx = env.getInitialContext();
MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
System.out.println("MBean home obtained....");
DomainMBean domain = mbeanHome.getActiveDomain();
SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
// Sar
EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
RealmMBean realm = secConf.findDefaultRealm();
System.out.println("RealmMBean obtained....");
AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
System.out.println("AuthProvMBean obtained....");
// Now get the UserPasswordEditorMBean
// This code will work with any configuration that has a
// UserPasswordEditorMBean.
// The default authenticator implements these interfaces
// but other providers could work as well.
// We try each one looking for the provider that knows about
// this user.
boolean changed=false;
UserPasswordEditorMBean passwordEditorMBean = null;
System.out.println("UserPwdEdtMBean obtained....");
//System.out.println("Creating MSAI....");
//ManageableSampleAuthenticatorImpl msai =
// new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
//System.out.println("Done....");
for (int i=0; i<authenticators.length; i++) {
System.out.println("### Authenticator --->"+authenticators);
if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
ActiveDirectoryAuthenticatorMBean adamb =
(ActiveDirectoryAuthenticatorMBean)authenticators[i];
System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
String listers = adamb.listUsers("*",0);
while(adamb.haveCurrent(listers))
System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
adamb.advance(listers);
if (authenticators[i] instanceof UserPasswordEditorMBean) {
passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
System.out.println("Auth match ...."+passwordEditorMBean);
try {
// Now we change the password
// Sar comment
System.out.println("Password changed....");
//passwordEditorMBean.changeUserPassword(username,
// currentpassword, newpassword);
changed=true;
// Sar Comment
catch (InvalidParameterException e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
catch (NotFoundException e) {
catch (Exception e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
// Sar code
LDAPAuthenticatorMBean ldapBean = null;
UserReaderMBean urMBean = null;
UserEditorMBean ueMBean = null;
GroupReaderMBean gMBean = null;
//ListerMBean lBean = null;
try
if (authenticators[i] instanceof LDAPAuthenticatorMBean)
ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
String userFilter = ldapBean.getAllUsersFilter();
System.out.println("userFilter ="+userFilter);
if (authenticators[i] instanceof UserEditorMBean)
try
System.out.println("UserEditorMBean...");
ueMBean = (UserEditorMBean) authenticators[i];
System.out.println("List users..."+ueMBean);
boolean b = ueMBean.userExists("webuser");
System.out.println("User Exists->>>"+b);
String cursor = ueMBean.listUsers("webuser", 2);
System.out.println("List User ----->"+cursor);
catch(InvalidParameterException e)
response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
catch(java.lang.reflect.UndeclaredThrowableException e)
response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
e.printStackTrace();
catch(Exception e)
response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
catch(Exception ex)
ex.printStackTrace();
response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
return;
if (passwordEditorMBean == null) {
response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
return;
System.out.println("pwd changed ->"+changed);
if (!changed) {
// This happens when the current user is not known to any providers
// that implement UserPasswordEditorMBean
response.sendRedirect(makeErrorURL(response,
"No password editors know about user " + username + "."));
return;
%>
User <%= username %>'s password has been changed!
<br>
<br>
</body>
</html>
Here is the console log
User name -->webuser
Current password -->i
New password -->u
Confirm password -->u
URL -->http://localhost:7011
MBean home obtained....
Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
RealmMBean obtained....
AuthProvMBean obtained....
UserPwdEdtMBean obtained....
### Authenticator --->Security:Name=myrealmDefaultAuthenticator
Auth match ....Security:Name=myrealmDefaultAuthenticator
Password changed....
UserEditorMBean...
List users...Security:Name=myrealmDefaultAuthenticator
User Exists->>>true
java.lang.reflect.UndeclaredThrowableException
at $Proxy1.listUsers(Unknown Source)
at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
a:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
64)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.management.MBeanException
at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
ava:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
... 14 more
### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
pwd changed ->true
Can u pls let me know how to get all the entries from LDAP.
Thanx
Sar -
Open Directory Active Directory users want to know Is there a method?
Help
Open Directory Active Directory users want to know Is there a method?
Or can I make the Active Directory users to share on the Open Directory.
My goal is to use our school Mac computers with SSOIf I understand your question correctly, using Active Directory with OSX, there are a few ways this can be accomplished.
One way is by joining each Mac directly to Active Directory. This doesn't take advantage of the additional managed preference available to OSX, but does allow AD users to authenticate on OSX. On each machine, one would open System Preferences > Accounts > Login Options > Click Join next to Network Account Server. Follow the prompts and provide the domain name of your Active Directory deployment to join the system.
Another method is to follow the steps above, but only after extending the Active Directory Schema to support the OSX-specific managed preferences. It's a mostly harmless operation and means that you'll have a single administration interface for both OSX and Windows systems. The AD Schema information is available from Apple Support, but may also be readily available on the Internet.
Because our Windows team preferred to not change our AD schema any more than we already had, we used a different method. We created an Open Directory Master on one of our OSX servers, then we joined it as a member server to Active Directory. Next, we join all of our OSX workstations and laptops as members to the Open Directory domain instead of to Active Directory. This way, SSO still works. New user accounts are added to Active Directory and all managed preferences for OSX can be managed through the native OSX Workgroup Manager tool.
I think there are some instructions in the User Management PDF (Mac OS X Server, User Management, Version 10.6 Snow Leopard) or in the Advanced Server Admin PDF (Mac OS X Server, Advanced Server Administration, Version 10.6 Snow Leopard) but not completely certain. This page might have the docs. -
Remove Active Directory User Discovery
We're looking at enabling Active Directory User Discovery in our Config Mgr 2012 instance as as part of testing Intune. If we decide to not implement Intune, will we be able to disable Active Directory User Discovery, and remove that information from
the database?
If so, is there good documentation on how to do this?
ThanksThe easiest is to disable the Active Directory User Discovery
and than delete all the users from the All Users collection.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Logging into weblogic console using Active directory users?
Hi,
We developed a portal application using BEA 8.1 by getting users from embidded LDAP provided with the weblogic server.Now we need to access the users accounts stored in active directory.we configured new active directory authenticator and able to see the user and group names in the weblogic console. when we try to login to the console using one of the active directory user names, we are unable to login.
I would be thankful if any one can help on this.
Thanks & Regards
Surendranath ReddyHi Surendranath,
I am trying to attempt the same task, but have been unsuccessful so far. If you have had any luck with this, please let me know.
I can get MS AD to work just fine in the Security Provider and it works via the developers application, but I cannot login using the Active Directory users from the Admin Console.
Thanks,
Kevin. -
How to populate a sharepoint 2010 from the active directory.
I want a list of all the computers in the active directory,
another one with all users.
I want also to populate a sharepoint 2010 list from the sharepoint user profiles.
Thanks
szWhile
the contacts list is usually filled out for contacts that are outside the company, there are times when you would use a contacts list to store internal and external resources. Wouldn’t it be nice if you didn’t have to re-type your internal contacts’
information that are already in the system? Now you can with a little InfoPath customization on the contacts list.
Here’s our plan:
Create the contacts list, and open in InfoPath
Create a data connection to the User Profile web service
Customize the form adding some text, a people picker and a button
Create InfoPath rules that will populate the contact fields from the user fields in the User Profile store
Let’s get going! Before we begin, make sure you have InfoPath 2010 installed locally on your computer. I also want to give credit Laura
Rogers and Darvish Shadravan’s book Using
Microsoft InfoPath 2010 with Microsoft SharePoint 2010 Step by Step. I know it looks like a lot of steps, but it’s easy once you get the hang of it.
So obviously we need a contacts list. If you don’t already have one, go to the SharePoint site where it will live, and create a contacts list.
From the list, click the List tab on the ribbon, then click Customize form:
So now we have our form open in InfoPath 2010. Let’s add our elements to the form.
Above all the fields, let’s add some text instructing users what to do with the the field we’re about to add (.e.g To enter an existing user’s information, choose the user below).
Insert a people picker control by clicking the Person/Group Picker control in the Controls section of the ribbon. This will add a column to the contacts list called group.
Below the people picker, insert a button control from the same section of the ribbon as above. With the button still highlighted, click the Control Tools|Properties tab on the ribbon.
Then in the Label box, change the text to something more appropriate to our task (e.g. Click here to load user data!).
You can drag the button control a little larger to account for the text.
We should end up with something like this:
Before we can populate the fields with user data, we need to create a connection to the User Profile Service.
Add a data connection to the User Profile Service
Click the Data tab on the ribbon, and click the option From Web Service, and From SOAP Web Service.
For the location, enter the URL of your SharePoint site in the following format – http://<site url>/_vti_bin/UserProfileService.asmx?WSDL. Click Next.
Note - for the URL, it can be any SharePoint site URL, not just to the site where your list is.
For the operation, choose GetUserProfileByName. Click Next.
Click Next on the next two screens.
On the final screen, uncheck the box for “Automatically retrieve data when form is opened”. This is because we are going to retrieve the data when the button is clicked, also for performance reasons.
Now we need to wire up the actions on our button to populate the fields with the information for the user in the people picker control.
Tell the form to read the user from the people picker control
Click the Home tab on the ribbon.
Click the button control we created, and under the Rules section of the ribbon, click Manage Rules. Notice the pane appear on the far right.
In the Rules pane, click New –> Action. Change the name to something like “Query and load user data”.
Leave the condition to default (none – rule runs when button is clicked).
Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
For Field, click the button on the right to load the select a field dialog. Click the Show advanced view on the bottom. At the top, click the drop down and choose the GetUserProfileByName
(Secondary) option. Expand myFields and queryFields to the last option and highlightAccountName. Click ok.
For Value, click the formula icon. On the formula screen, click the Insert Field or Group button. Again click the show advanced view link, but this time leave the data
connection as Main. Expand dataFields, then mySharePointListItem_RW. At the bottom you should see a folder called group (the people picker control we just added to the form). Expand this, then pc:Person,
and highlightAccountId. Click Ok twice to get back to the Rules pane.
If we didn’t do this and just queried the user profile service, it would load the data of the currently logged in user. So we need to tell the form what user to load the data for. We take the AccountID field from the people
picker control and inject into the AccountName query field of the User Profile Service data connection.
Load the user profile service information for the chosen user
Click the Add button next to “Run these actions:”, and choose Query for data.
In the popup, for Data connection, click the one we created earlier – GetUserProfileByName and clickOk.
We’re closing in on our goal. Let’s see our progress. We should see something like this:
Now that we have the user’s data read into the form, we can populate the fields in the contact form. The number of steps to complete will depend on how many fields you want to populate. We need to add an action step for
each field. I’ll show you one example and then you will just repeat the steps for the other fields. Let’s update the Job Title field.
Populate the contact form fields with existing user’s data
Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
For Field, click the button on the right to load the select a field dialog. Highlight the field Job Title.
For Value, click the formula icon. On the formula screen, click the Insert Field or Group button. Click the Show advanced view on the bottom. At the top, click the
drop down and choose theGetUserProfileByName (Secondary) option. Expand the fields all the way down until you see the Value field. Highlight it but don’t click ok, but click the Filter
Data button, then Add.
For the first dropdown that says Value, choose Select a field or group. The value field will be highlighted, but click the field Name field
under PropertyData. Click Ok.
In the blank field after “is equal to”, click in the box and choose Type text. Then type the text Title.
Click ok until you get back to the Manage Rules pane. The last previous screen will look like this.
We’re going to update common fields that are in the user’s profile, and likely from Active Directory. You can update fields like first and last name, company, mobile and work phone number, etc. For the other fields, the
steps are the same except the Field you choose to update from the form, and the very last step where you enter the text will change. Here’s what the rules look like when we’re done:
We’re all done, good work! You can preview the form and try it now. Click Ctrl+Shift+B to preview the form. Once you’re satisfied, you can publish the form back to the library. Click File –> Quick
Publish. Once it’s done, you will get confirmation:
Now open your form in SharePoint. From the contact list, click Add new item. Type in a name, and click the button and watch the magic happen! -
Hi My self Arun in my current project i have a task on that active directory user need to automatically populate in share point list drop down please help me. is that any out of box feature in share point 2010 ?
Thanking You
ArunArun,
If you plan to implement the "Querying the Active Directory" based on my code snippet,
and if you do not have permission [your account must be the part of domain admin] to do so,
Then still you can do it in least effort through code,
string usersInXml = SPContext.Current.Web.AllUsers.Xml;your xml string look like this.
<Users><User ID="2" Sid="" Name="Administrator"
LoginName="i:0#.w|murugesan\administrator" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1" Sid="" Name="Murugesa Pandian" LoginName="i:0#.w|murugesan\murugesan" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1073741823" Sid="S-1-0-0" Name="System Account" LoginName="SHAREPOINT\system" Email="" Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0" /></Users>
You can user Linq to XML to filter the "LoginName,Name and Email and then populate your drop down list.
* User must be logged into the site at least once.
Murugesa Pandian.,MCTS|App.Devleopment|Configure -
Event ID 91 Could not connect to the Active Directory. Active Directory Certificate Services
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event ID: 91
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: DC1.chickbuns.com
Description:
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">91</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-01-07T19:34:00.000000000Z" />
<EventRecordID>819</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>DC1.chickbuns.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DS_RETRY">
</EventData>
</Event>
:\Users\Administrator>dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: FrsEvent
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
......................... DC1 passed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
......................... DC1 passed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : chickbuns
Starting test: CheckSDRefDom
......................... chickbuns passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... chickbuns passed test CrossRefValidation
Running enterprise tests on : chickbuns.com
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... chickbuns.com failed test LocatorCheck
Starting test: Intersite
......................... chickbuns.com passed test Intersite.My test lab one sinle domain controller server 2008 R2 Sp1 and member exchange server is using,the event error 91 is generated as per the technet article http://technet.microsoft.com/en-us/library/cc774525(v=ws.10).aspx the domain
computer and domain users in public key services container is not listed ..
C:\Users\Administrator>netdom /query fsmo
Schema master DC1.chickbuns.com
Domain naming master DC1.chickbuns.com
PDC DC1.chickbuns.com
RID pool manager DC1.chickbuns.com
Infrastructure master DC1.chickbuns.com
The command completed successfully.
Command Line: "dcdiag.exe
/V /D /C /E"
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DC1, is a Directory Server.
Home Server = DC1
* Connecting to directory service on server DC1.
DC1.currentTime = 20140110072353.0Z
DC1.highestCommittedUSN = 131148
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=chickbuns,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=chickbuns,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
DC1.currentTime = 20140110072353.0Z
DC1.highestCommittedUSN = 131148
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
===============================================Printing out pDsInfo
GLOBAL:
ulNumServers=1
pszRootDomain=chickbuns.com
pszNC=
pszRootDomainFQDN=DC=chickbuns,DC=com
pszConfigNc=CN=Configuration,DC=chickbuns,DC=com
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
fAdam=0
iSiteOptions=0
dwTombstoneLifeTimeDays=180
dwForestBehaviorVersion=3
HomeServer=0, DC1
SERVER: pServer[0].pszName=DC1
pServer[0].pszGuidDNSName (binding str)=771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
pServer[0].pszDNSName=DC1.chickbuns.com
pServer[0].pszLdapPort=(null)
pServer[0].pszSslPort=(null)
pServer[0].pszDn=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pServer[0].pszComputerAccountDn=CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com
pServer[0].uuidObjectGuid=771aab3d-96cd-4fb1-90cd-0899fa6b6207
pServer[0].uuidInvocationId=771aab3d-96cd-4fb1-90cd-0899fa6b6207
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=ea9513a0 01cf0dd4
pServer[0].ftRemoteConnectTime=ea2bca80 01cf0dd4
pServer[0].ppszMaster/FullReplicaNCs:
ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[4]=DC=chickbuns,DC=com
SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pSites[0].pszISTG=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pSites[0].iSiteOption=0
pSites[0].cServers=1
NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=chickbuns,DC=com
pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=5fc582f9-b435-49a1-aa54-41769fc24206,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.chickbuns.com
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=
NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=chickbuns,DC=com
pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=9e1c2cb8-b90b-4e9f-90dd-9903f935e4af,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.chickbuns.com
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=
NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=chickbuns,DC=com
pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[2].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=
NC: pNCs[3].pszName=Configuration
pNCs[3].pszDn=CN=Configuration,DC=chickbuns,DC=com
pNCs[3].aCrInfo[0].dwFlags=0x00000201
pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[3].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[3].aCrInfo[0].iSourceServer=0
pNCs[3].aCrInfo[0].pszSourceServer=(null)
pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[3].aCrInfo[0].bEnabled=TRUE
pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[3].aCrInfo[0].pszNetBiosName=(null)
pNCs[3].aCrInfo[0].cReplicas=-1
pNCs[3].aCrInfo[0].aszReplicas=
NC: pNCs[4].pszName=chickbuns
pNCs[4].pszDn=DC=chickbuns,DC=com
pNCs[4].aCrInfo[0].dwFlags=0x00000201
pNCs[4].aCrInfo[0].pszDn=CN=CHICKBUNS,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[4].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[4].aCrInfo[0].iSourceServer=0
pNCs[4].aCrInfo[0].pszSourceServer=(null)
pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[4].aCrInfo[0].bEnabled=TRUE
pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[4].aCrInfo[0].pszNetBiosName=(null)
pNCs[4].aCrInfo[0].cReplicas=-1
pNCs[4].aCrInfo[0].aszReplicas=
5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, chickbuns,
1 TARGETS: DC1,
=============================================Done Printing pDsInfo
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Failure Analysis: DC1 ... OK.
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1 for domain chickbuns.com in site Default-First-Site-Name
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.chickbuns.com/chickbuns.com
* SPN found :LDAP/DC1.chickbuns.com
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.chickbuns.com/CHICKBUNS
* SPN found :LDAP/771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/771aab3d-96cd-4fb1-90cd-0899fa6b6207/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com
* SPN found :HOST/DC1
* SPN found :HOST/DC1.chickbuns.com/CHICKBUNS
* SPN found :GC/DC1.chickbuns.com/chickbuns.com
[DC1] No security related replication errors were found on this DC!
To target the connection to a specific source DC use /ReplSource:<DC>.
......................... DC1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.chickbuns.com/chickbuns.com
* SPN found :LDAP/DC1.chickbuns.com
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.chickbuns.com/CHICKBUNS
* SPN found :LDAP/771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/771aab3d-96cd-4fb1-90cd-0899fa6b6207/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com
* SPN found :HOST/DC1
* SPN found :HOST/DC1.chickbuns.com/CHICKBUNS
* SPN found :GC/DC1.chickbuns.com/chickbuns.com
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC1.
* Security Permissions Check for
DC=ForestDnsZones,DC=chickbuns,DC=com
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=chickbuns,DC=com
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=chickbuns,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=chickbuns,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=chickbuns,DC=com
(Domain,Version 3)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC1\netlogon
Verified share \\DC1\sysvol
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
DC1 is in domain DC=chickbuns,DC=com
Checking for CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com in domain DC=chickbuns,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com in domain CN=Configuration,DC=chickbuns,DC=com on 1 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... DC1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=chickbuns,DC=com has 1 cursors.
DC=DomainDnsZones,DC=chickbuns,DC=com has 1 cursors.
CN=Schema,CN=Configuration,DC=chickbuns,DC=com has 1 cursors.
CN=Configuration,DC=chickbuns,DC=com has 1 cursors.
DC=chickbuns,DC=com has 1 cursors.
* Replication Latency Check
......................... DC1 passed test Replications
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=chickbuns,DC=com
* Available RID Pool for the Domain is 1600 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
* DC1.chickbuns.com is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1103
......................... DC1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... DC1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... DC1 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com and backlink on
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=chickbuns,DC=com
and backlink on
CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=chickbuns,DC=com
and backlink on CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com are
correct.
......................... DC1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... DC1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC1 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : chickbuns
Starting test: CheckSDRefDom
......................... chickbuns passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... chickbuns passed test CrossRefValidation
Running enterprise tests on : chickbuns.com
Starting test: DNS
Test results for domain controllers:
DC: DC1.chickbuns.com
Domain: chickbuns.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:DE:7F:EB
IP Address is static
IP address: 192.168.1.30
DNS servers:
192.168.1.30 (dc1.chickbuns.com.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.1.1 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: chickbuns.com.
Delegated domain name: _msdcs.chickbuns.com.
DNS server: dc1.chickbuns.com. IP:192.168.1.30 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone chickbuns.com
Test record dcdiag-test-record deleted successfully in zone chickbuns.com
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.1.30:
771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
Matching A record found at DNS server 192.168.1.30:
DC1.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.48c41195-2630-4461-aaef-ec2a63cd8bf3.domains._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._udp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kpasswd._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.gc._msdcs.chickbuns.com
Matching A record found at DNS server 192.168.1.30:
gc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_gc._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.pdc._msdcs.chickbuns.com
Total query time:0 min. 3 sec.. Total RPC connection
time:0 min. 0 sec.
Total WMI connection time:0 min. 6 sec. Total Netuse connection
time:0 min. 0 sec.
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.1 (<name unavailable>)
All tests passed on this DNS server
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 5 sec.
DNS server: 192.168.1.30 (dc1.chickbuns.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.chickbuns.com. is operational on IP 192.168.1.30
Total query time:0 min. 3 sec., Total WMI connection
time:0 min. 0 sec.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: chickbuns.com
DC1 PASS PASS PASS PASS PASS PASS n/a
Total Time taken to test all the DCs:0 min. 9 sec.
......................... chickbuns.com passed test DNS
Starting test: LocatorCheck
GC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
PDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
KDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
......................... chickbuns.com passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
PDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
KDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
......................... chickbuns.com passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... chickbuns.com passed test Intersite -
Event ID 31138 "during the active directory update not -uc enabled agents were found"
Hi All,
I have Lync standard 2013 server on-premise and Exchange Office 365. I have enabled my users for Voice.
When I add a user to a response group I get the warning that the user is not enterprise voice enabled. This is strange as the user is enterprise enabled and can make and receive calls.
I also have Event ID 31138 on my Front End server.
"during the active directory update not -uc enabled agents were found
The following agents are specified as agents but are not UC enabled:
sip:[email protected]"
Any thoughts?Hi,
Did you change the default SIP Domain before?
If yes. You may need to remove agent from database. As the agents of a Response Group are added to the rgsconfigdatabase, within the database you will find a table called dbo.Agents. When open it you will see an overview of theagents which are member
of the groups. You can do the following steps to remove an agent from this table:
Right click on the dbo.Agents table and select the option Edit Top 200 rows
Search for the user and remove the specific record.
More details:
http://troubleshootinglync.blogspot.com/2013/05/event-id-31137-unable-to-removeadd.html
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Using the Active Directory login information by UNIX
We have 3 servers in our organisation: W2K + Exchange - members of one DOMAIN and Sun server with Solaris 8. All our clients have their login and password for the DOMAIN and the according the security policy they have to change their password periodically. Only a part of our clients have their login on the Solaris (they work using X-Terminal from their PC ).
My question is how can I receive and update automatically the login information on UNIX(Solaris) after updating on the Active Directory . Or how can I use the login information of the Active directory by SolarisAre the configuration reports with the 0.0.0.0 being printed directly from the printer? A 0.0.0.0 address indicates the printer is not actually on the network (or at least not getting DHCP information from the router). The Print and Scan Doctor should not have been able to print to it unless it happened to be connected by a USB cable as well.
What brand and model is the router?
Is the wireless light a solid blue light or a flashing blue light?
You mentioned an Active Directory Domain Services error message. Outside of corporate networks, this is not an error message you should get. I suspect there might be a deeper software issue at fault. Please provide the exact steps you are using to add the printer to generate that error message.
↙-----------How do I give Kudos?| How do I mark a post as Solved? ----------------↓ -
Hi All,
I could see following error event in all client computers , Could you please some one help me on this ?
Log Name: Application
Source:
Microsoft-Windows-CertificateServicesClient-CredentialRoaming
Event ID: 1005
Level: Error
Description: Certificate Services Client: Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.)
Regards, Srinivasu.MuchcherlaIf you are not using certificates and Credential Roaming for clients then simply ignore the error message.
If you are using certificates then you are getting access denied message when Credential Roaming is trying to write to your AD. More details about Credential Roaming here: http://blogs.technet.com/b/askds/archive/2009/01/06/certs-on-wheels-understanding-credential-roaming.aspx
http://blogs.technet.com/b/instan/archive/2009/05/26/considerations-for-implementing-credential-roaming.aspx
This is probably related to the fact that your schema version not 44 or higher: https://social.technet.microsoft.com/Forums/windowsserver/en-US/5b3a6e61-68c4-47d3-ae79-8296cb3be315/certificateservicesclientcredentialroaming-errors?forum=winserverGP
Active Directory
ObjectVersion
Windows 2000
13
Windows 2003
30
Windows 2003 R2
31
Windows 2008
44
Windows 2008 R2
47
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
BO XI 3.1 : Active Directory Authentication failed to get the Active Directory groups
Dear all
In our environment, there are 2 domain (domain A and B); it works well all the time. Today, all the user belong to domain A are not logi n; for user in domain B, all of them can log in but BO server response is very slowly. and there is error message popup when opening Webi report for domain B user. Below are the error message:
" Active Directory Authentication failed to get the Active Directory groups for the account with ID:XXXX; pls make sure this account is valid and belongs to an accessible domain"
Anyone has encountered similar issue?
BO version: BO XI 3.1 SP5
Authenticate: Windows AD
Thanks and RegardsPlease get in touch with your AD team and verify if there are any changes applied to the domain controller and there are no network issues.
Also since this is a multi domain, make sure you have 2 way transitive forest trust as mentioned in SAP Note : 1323391 and FQDN for Directory servers are maintained in registry as per 1199995
http://service.sap.com/sap/support/notes/1323391
http://service.sap.com/sap/support/notes/1199995
-Ambarish-
Maybe you are looking for
-
ITunes 10.3.1 crashing after video plays
This does not happen every time, but frequently enough to be a pain. I am to the point of avoiding playing videos now as when it crashes, it stops responding and I must go and end the program manually through the Task Manager. I am running Win 7, 64
-
Applying custom master page on layout pages
I am applying my custom master page on application layout pages which I am deploying using visual studio. My issue is; I have to copy my custom master page in the same directory where my layout pages exist otherwise its not working. I want to deploy
-
Link freezes when trying to restore
hi there, I did a full back up of my phone and updated the software everything went as planned phone started when i try to do the restore it keeps failing saying communication lost as it is about to start the restore (after saying preparing for resto
-
Unable to open excel files from yahoo mail
I am unable to open an excel file in Yahoo! Mail (sent from PC) to my iMac. My iMac has the MS Office suite too. Any suggestions?
-
Use CW to shutdown unused ports?
Is there a way to have CW (LMS 3.2) shutdown ports that have been inactive for X number of days? I know Campus Manager has the "Reclaim Unused ports UP" where I can enter a number of days and it will give me a list of all the ports that have been unu