Failure to Rename User
I have a resource where we check a user out for 'rename' I swap the users resource account to the new and check the user back in. While I am not getting any errors I notice that the users IDM object has both instances of the user for that resource, so the next time that user has an update IDM tries to re-create the old user but fails.
I have this in other IDM environment, with no issues.
Is this a waveset DB issue?
What can I trace on to find this? Mu waveset DB is on SQL.
Thank You!
If you go to http://www.portaltown.com, under Demos\Dash and Demos\Dash Editor you can see an RSS feed aggregator that provides graphical layout for a portal page. This provides an extremly simple way to grab feeds and publish them with dynamic parameters (height,width,positon,scrollers,etc..) which can be user defineable if elected. It can also be integrated with OID for user and group access. It is built with Java and Oracle libraries and is totally free for download with source included. Portaltown can also help with the integration into your enviornment if desired to ensure successful integration.
Similar Messages
-
Change user's OU with punctuation mark doesn't work by Rename User View
Hi,
I have problem with moving user between OU by Rename User View when punctuation mark in name of OU is used.
I have own WF that assign user to specific OU depending on value of Select component. When value of this component is changed (against previous value) I call Rename View, that assign user to new OU. For OU without punctuation mark Rename View works OK.
After finishing WF with punctuation mark in OU this Error appers:
java.lang.RuntimeException: There is no such object on the server.
But creating new AD account (by role assignment) in OU with punctuation work OK. In select component is rule that replace puctional character in correct form.
Select component:
<Field name='slctOrganizationalUnitUzivatele'>
<Display class='Select' action='true'>
<Property name='title' value='Nastavte organizacni jednotku:'/>
<Property name='allowedValues'>
<block>
<dolist name='zmena'>
<invoke name='listResourceObjects' class='com.waveset.ui.FormUtil'>
<invoke class='com.waveset.session.SessionFactory' name='getServerInternalContext' />
<s>OrganizationalUnit</s>
<s>AD</s>
<null/>
<s>false</s>
</invoke>
<rule name="RUL nahrada znaku">
<argument name="inputString">
<ref>zmena</ref>
</argument>
<argument name='hledanyRetezec'>
<s>\,</s>
</argument>
<argument name='nahrazovaciRetezec'>
<s>\, </s>
</argument>
</rule>
</dolist>
</block>
</Property>
<Property name='sorted'>
<Boolean>true</Boolean>
</Property>
</Display>
<Default>
<upcase>
<ref>user.accounts[AD].ad_container</ref>
</upcase>
</Default>
</Field>
WF-Rename User
<Activity id='10' name='renameUzivatele'>
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='checkoutView'/>
<Argument name='type' value='RenameUser'/>
<Argument name='id' value='$(user.waveset.accountId)'/>
<Argument name='authorized' value='true'/>
<Return from='WF_ACTION_ERROR' to='error'/>
<Return from='view' to='renameView'/>
</Action>
<Action id='1'>
<expression>
<block>
<set name='renameView.accounts[AD].identity'>
<ref>newDNrecord</ref>
</set>
<set name='renameView.resourceAccounts.currentResourceAccounts[AD].identity'>
<ref>newDNrecord</ref>
</set>
<set name='renameView.resourceAccounts.currentResourceAccounts[AD].selected'>
<s>true</s>
</set>
<set name='user.global.OrganizationalUnit'>
<ref>slctOrganizationalUnitUzivatele</ref>
</set>
</block>
</expression>
</Action>
<Action id='2' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='checkinView'/>
<Argument name='view' value='$(renameView)'/>
<Argument name='authorized' value='true'/>
</Action>
<Transition to='nastaveniPristupu-overeni'/>
<WorkflowEditor x='193' y='343'/>
</Activity>
<set name='newDNrecord'>
<concat>
<s>CN=</s>
<ref>user.global.fullname</ref>
<s>,</s>
<ref>slctOrganizationalUnitUzivatele</ref>
</concat>
</set>Do you have any ideas?
Thanks PetrHi,
I discovered following:
- if name of OU in AD is without space (e.g. test,sample) so DN record is test\,sample and user is moved into this OU.
- if name of OU in AD is with space (e.g. test, sample) so DN record is still test\,sample and user isn't moved.
So problem is with empty space. How can I preserve space in DN name? I found something in documentation but I doesn't work for me.
+Special Characters in FieldValues
If you have a field value with a comma (,) or double quote (") character, or you want to preserve leading or trailing spaces, you must embed your field value within a pair of double quotes ("field_value"). You then need to replace double quotes in the field value with two double quote (") characters. For example, "John ""Johnny"" Smith" results in a field value of John "Johnny" Smith. +
(from IDM Business Administrator's Guide, p.77)
Guided this information I put value of slctOrganizationalUnitUzivatele into "". But this didn't work. Is good idea to have space in DN?
Thanks for help.
Petr
Edited by: petrklinkovsky on Sep 10, 2009 5:06 AM -
The kerberos PAC verification failure when all users of only one Site which having only one RODC server(A), trying to get access iis webpage of different site which having WDC server(B) using Integrated Windows Authentication. But when they accessing the
website using IP address, it is not asking for credentials as I think it is using NTLM Authentication at that time which is less secure than Kerberos.
Note that:- All user accounts and Computers of the RODC has been allowed cache password on the RODC. Nearest WDC for the RODC (A) is the WDC (B).
The website is hosted on a windows server 2003 R2 and generating below system event log for those users of the RODC site :-
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 7
Date:
<var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">date</var>
Time:
<var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">time</var>
User: N/A
Computer:
<var style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name (the 2003 server)</var>
Description: The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client<var style="color:#333333;font-family:'Segoe
UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">computer_name</var> in realm <var
style="color:#333333;font-family:'Segoe UI', Arial, Verdana, Tahoma, sans-serif;font-size:13px;line-height:normal;">realm_name</var> had
a PAC which failed to verify or was modified. Contact your system administrator.
This issue has been raised for last one week. Before that everything was fine. No Group Policy changed, Time also same.
In this situation do I need to do Demotion of the RODC and re-promote it as RODC again or is there any other troubleshooting to resolve it.
Thanks in Advanced
SouvikHi Amy,
Thanks for your response
I noticed that Logon server could become incorrect again after user re-login or restart of a workstation.
It seems root cause is different. Need a permanent solution.
The Workstations of the RODC site are getting IP from a DHCP server by automatic distribution of IP from a specific subnet for the site only. The RODC is
the Primary DNS server for the site.
I have checked the subnet and it is properly bound with only with that AD site. The group of users and workstations are in the same site AD organisational Unit.
Sometime I restarted the NET LOGON service and DNS server service on ther RODC server and sometime rebooted the server. But the Logon server issue has not fixed permanently.
The internal network bandwidth of the site is better than the bandwidth to communicate with other site.
The server is Windows server 2008 R2 standard and hosting the below roles
RODC
DNS
File server
The server performance is Healthy in core times when maximum users usually logins.
Any further support would be much appreciated Amy
Thanks
Souvik -
Rename user's in Oracle 8i ???
This is possible ==> rename user's in Oracle 8i ???
You mean, renaming user: SCOTT to user: JOHN.
As far as I know, the answer is NO.
One of way to do the above is:
1. export owner=SCOTT.
2. Create user JOHN like SCOTT. You can set the same password using
ALTER USER JOHN ... etc. values clause.
3. imp fromuser=SCOTT touser=JOHN.
4. delete user SCOTT (making sure no objects belong to scott).
HTH
Srinivasa -
Hi,
I'm going to adopt user renames, using Rename User View, and automatic attribute derivation (like email addresses) is a must. Everything's working fine except changing attributes of the waveset name space (email, organization).
Here's the rule:
<Rule name='Set Attributes for Rename'>
<RuleArgument name='renameView' value='$(renameView)'/>
<dolist name='resource'>
<ref>renameView.toRename</ref>
<set>
<concat>
<s>renameView.resourceAccounts.currentResourceAccounts[</s>
<ref>resource</ref>
<s>].selected</s>
</concat>
<s>true</s>
</set>
<cond>
<ref>user.newLogin</ref>
<block>
<set name='renameView.newAccountId'>
<ref>user.newLogin</ref>
</set>
<set>
<concat>
<s>renameView.accounts[</s>
<ref>resource</ref>
<s>].login</s>
</concat>
<ref>user.newLogin</ref>
</set>
<set>
<concat>
<s>renameView.accounts[</s>
<ref>resource</ref>
<s>].accountId</s>
</concat>
<ref>user.newLogin</ref>
</set>
<set>
<concat>
<s>renameView.accounts[</s>
<ref>resource</ref>
<s>].email</s>
</concat>
<concat>
<ref>user.newLogin</ref>
<s>@domain.com</s>
</concat>
</set>
</block>
</cond>
</dolist>
</Rule>The problem is that the email address is only changing on accounts like Active Directory (account[AD].email), but the old value is still in waveset.email and global.email ('cause there isn't an account[Lighthouse].email attribute).
Is there a way to change these values too? It seems that it's no use inserting lines into the rule about waveset and global attributes.
Thanks,
Adamcheck the workflows, forms, and views document. Its detailed there.
Note that IDM doesn not support domain moves...only OU moves within the same domain.
Dana Reed
AegisUSA
Denver, Co
[email protected]
"We are the Identity Company" -
What the best way of renaming users??
I have taken over a site and there are a few changes required by the manager
All users must have a login format
FirstnameS[econdname)
ie. Fred Blogg becomes FredB
The users all have own data stored in Home folders ie. users\username
Users have Groupwise accounts - new email will be in the same new "FredB"
format whilst retaining the old
Users have Documents and Proxy rights
[Thank fully site only has 12 users!!!]
From what I can see :-
I first rename the NDS account & home folder using ConsoleOne
Then rename GroupWise account using ConsoleOne
Add nickname for the old account so emails will still come to them
Have I missed anything?MikeL,
> I first rename the NDS account & home folder using ConsoleOne
> Then rename GroupWise account using ConsoleOne
> Add nickname for the old account so emails will still come to them
>
> Have I missed anything?
That should take care of it. Note that there are utilities out there
that handles mas renames, but as you say, you only have 12 users.
- Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)
Novell has a new enhancement request system,
or what is now known as the requirement portal.
If customers would like to give input in the upcoming
releases of Novell products then they should go to
http://www.novell.com/rms -
I renamed user folder by accident...
i renamed user folder by accident then all my desk,preferences, firefox signets have disapeared.....
But i can see there is still a folder called "desk" which is my good old desk so someone can tell me if there is a solution to recover everything by renaming something or anyhing plz ?Open the desk folder and see if that's it; if so, put it in the Users folder with its original name. If not, choose Go to Folder from the Finder's Go menu, provide /Users/ as the path, and check the folders there. If it's not there, search your computer for a file which is located in the good folder, select it, choose Get Info from the Apple menu, and check its path.
(83111) -
Failure message C:\Users\Owner\AppData\Local\Temp\7zS2FA3\setup\SolutionCenter\
system win 7 pro 64. Wireless Network printer Photosmart C7250
HP Solutions software failed to work. I tried to reinstall software from HP web site. Everytime I try to rerun it I get the error cannot find C:\Users\Owner\AppData\Local\Temp\7zS2FA3\setup\SolutionCenter\ and says failure to complete install.
HELP.Hi,
Click the Start menu and typ %temp% into the search box, open the listed Temp folder and locate the HP installation which starts with the 7z characters.
pen the Setup Folder, then the Solution Center Folder and copy that path.
Once the error appear, click on Browse and past the copied path for that folder, confirm any prompt and check for any difference.
If the same error persists, rename the temp folder you have the files to 7zS2FA3 and click Retry on the error screen, then check if that may go any further.
Shlomi
Say thanks by clicking the Kudos thumb up in the post.
If my post resolve your problem please mark it as an Accepted Solution -
Renaming users in Messaging Server 6.1
Hi!
I'm using Messaging Server 6.1 with schema 2. Tell me please, how can I rename [email protected] (for example) to [email protected]?I want to change UID and email address in LDAP and UID in Messaging Server. It's can be done by:
1. I change UID and email address in LDAP by administration console.
2. mboxutil -r oldmaibox newmailbox
it's working fine.
But can I do step 1 by command prompt?
root@sun/opt/SUNWmsgsr/sbin> /opt/SUNWcomm/bin/commadmin user modify -D admin -w password -l user2222 -A uid:user22
FAIL
com.iplanet.am.sdk.AMException: Unable to set attribute(s)
Is it possible to change UID by this way or I have to create new user with new UID first and delete old user after?
Thanks. -
Senario: user "bob" is a member of group "Employees".
I rename "bob" to "bob2". I submit this to save it.
Problem 1: When I go to view the members of group "Employees", "bob" is still listed as being a member.
So I remove "bob" from the list of members. I submit to save. I then add "bob2". I submit to save.
Problem 2: When I go to "Directory" and search for all groups, I see "Employees". "bob" is still listed in the group.
I'm a dreadful noobie to OID, what am I doing wrong that won't let me rename "bob" and let him resume his proper place in the group membership. When I go into his user account, it lists him as "bob2". In fact, when I click on "bob" in the group membership, it links me to his user account, where I see "bob2" as his name.
Thanks!
DanI guess that's ok. I was able to remove "bob" from the group membership.
Problem: how come when I remove "bob" from group "Employees" and add in "bob1", the group membership keeps showing "bob"? It's like the group is remembering it had "bob" in it even though this is a different UID. -
How to rename user on Macbook pro using Mountain Lion
I renamed the name in "Users and Groups" under system preferences to my name (Bryan) , but somehow the user is still named after the previous owner (David). It won't let me rename it even after I type in the administrator password and click the unlock thing on the bottom left. See pictures.
"David" is still the user name, and it won't let me rename it. Where it says "David" I thought it should say Bryan?!Basically, somehow when I login to "Bryan" it takes me to "David". It's REALLY annoying me. If I could rename "David" to Bryan, and move all my stuff in there I would be happy, but I can't rename it. "David" has all my programs for some reason, and "Bryan" has all my files.
As you can see, I'm logged into Bryan. However, I'm actually with all of "David"'s files. "David doesn't whos up in users and groups as you can see. -
Is there any safe way to change a user code? The problem is that user 'ABC' was given a license in one company. Then, another company was created with user 'abc'. The license was not allocated to this new user because of the uppercase/lowercase difference. However, we cannot create user 'ABC' in the new company because user codes are not case-sensitive in general. Is there any way to delete a user from OUSR or rename the user code? Or allocate the license for 'ABC' in company A to 'abc' in company B? Thanks for the help.
Hi Brian.......
Its not at all possible when the particular code is in use. Infact any of the codes can not be renamed once it is used.
But in order to achieve this you can lock these ABC and abc user codes and can create a new user in both the DBs and can share the same license..........
Regards,
Rahul -
URGENT: Impact on renaming user "Groups" in Siebel Web
Hi All,
I have a requirement to change couple of user "Groups" from old one ("ABC Team") to new one ("XYZ Region Team").
Can anyone tell me what kind of impact will be on the existing system by renaming web "Groups" in Siebel Analytics?
Which are the area i need to consider while doing impact analysis?
Thanks in advance. Plz Help.
SudiptaFirst: http://catb.org/esr/faqs/smart-questions.html#urgent
It depends, are you using SSO? If not groups names shouldn't matter unless you are using them in filters or in the narrative view. -
Rename users and transfer Discoverer reports
I hope someone can help. We are running Discoverer 10g with a database EUL. The reports have been operational for several years and users have edited and saved their own versions of standard reports. However it has been decided that a large number of these users (~100) should have their accounts renamed to bring them in line with other corporate usernames. User access to their reports needs to be preserved so that their new accounts look like their old (other than account name / password). These users are Viewer only users so they cannot share reports.
Does any one know of an alternative way of doing this other than the labour intensive way of: creating a new set of Discoverer users (in the new format), logging into each old account in Desktop and sharing all the reports to the equivalent new user. Then repeating this for all 100 users? Please help save my sanity.
I don't suppose that there is a simple solution of renaming Discoverer users.
But I am hoping that maybe the Desktop admin command line (which I am not very familar with) may be of some help.
Or possibly the more scary option of tinkering with the EUL tables on the EUL owning schema.
Any advise welcome.
DuncanHi,
There is no way to rename database users created with a CREATE USER command. You would have to use a database import and export and remap the schema. However, if you have if you have two database users, USERA and USERB where USERA is a Discoverer user who as saved Discoverer reports in the database, then you can move the reports from USERA to USERB by updating the EUL.
Assuming that USERB has not used Discoverer then only USERA will have a record in the EUL5_EUL_USERS table. You can update the table change EU_USERNAME from USERA to USERB so that USERB has a user record in the EUL. USERB will then have access to USERA's workbooks. The workbooks are all held in the EUL5_DOCUMENTS table, the owner of the workbook is found using a lookup in EUL5_EUL_USERS table.
Rod West -
Second go using Migration Assistant, do I need to rename user?
I used migration assistant once to move certain items to my new MacBook Pro. When I go back and try to move other items from that same user (I have 4 users, all me), I am asked if I want to rename the user. What should I do?
Every time MA transfers data it does so to the user account of the backup. However, MA will not overwrite a user account on the destination with the same name. So it offers you the option to stop or rename the account. It will do this every time. You end up with user, user1, user2, user3, etc. until you cannot count any higher or run out of users, whichever comes first.
If all you need to do is transfer some files and not the entire account then use the Time Machine application to restore from the Time Machine backup. Activate the Finder or click on the Desktop, then select Help Center from the Finder's Help menu. When the Help window opens enter, "restore items backed up with time machine" and press RETURN. Click on the first or second link returned under Results from:.
Maybe you are looking for
-
Little fingers have deleted the above mentioned apps! THE APPS IN QUESTION CAME WITH MY iPHONE. I DID NOT PURCHASE THEM! HOW CAN I RESTORE THEM, THEY ARE NOT LISTED IN THE APP STORE????
-
I want to print my online bank statement. Please see screen shots below. The webpage has a link that says: VIEW STATEMENT Click the link and a pop-up opens that warns you about downloading using a public-access computer or sharing a computer with oth
-
How to stop url's becoming links in pages?
I can't figure out how to stop a url from turning into a link automatically in Pages, can anyone help?
-
Cs5 not reading raw from canon t5i
CS5 is not reading my raw files from a new camera Canon T5i. I read in a forum or somewhere to download camera raw 7.4 update. I did and installed, but it's still not reading my raw files. I also have lightroom 4, so I updated lightroom 4 and that
-
White text flickering/v.poor quality
Not sure if there is a solution to this problem, but I am making a DVD, which has quite alot of text on 3 different menu screens. I require the text size to be quite small (13pt/14pt), for the most part, and the background is a video image playing on