[Forum FAQ] Using PowerShell to assign permissions on Active Directory objects

Similar Messages

• How i use OEM 12c to monitor Microsoft Active directory.

  Hi,
  How i use OEM 12c to monitor Microsoft Active directory.Please assist me on this.
  Thanks,
  Sagar

  Hi,
  The fundamental problem with this scenario is that you have non-failover capable modules in a failover chassis - think of the ASA failover pair as one device and the IPS modules as two completely separate devices.
  Then, as already mentioned, add only the primary ASA. (The secondary will never be passing traffic in standby mode so it's not actually needed in MARS) Then, with the first IPS module you can add it as a module of the ASA or as a standalone device (MARS doesn't care). With the second IPS module the only option is to add it as a separate device anyway.
  In a failover scenario the ASA's swap IP's but the IPS's don't so whereas you'll only ever get messages from the active ASA you'll get messages from both IPS IP's depending on which one happens to be in the active ASA at the time.
  Don't forget that you have to manually replicate all IPS configuration every time you make a change.
  HTH
  Andrew.

• What is the default Win2000 Active Directory Object Attribute definition for adding users? I'm using the 4.1 Netscape Directory SDK

  The Netscape/NDS AddUser implements inetOrgPerson, and some other objects/Attributes not implemented in Active Directory Object Attributes, and I receive errors about the Attributes. Could you tell me the correct Attribute definition for the default DS, to add a user?

  Unsure what you mean. iDS 5 implements the inetOrgPerson as of the RFC. It is made of 4 objects top, person, organizationPerson and inetOrgPerson. The user object in MAD using many more MS specifi attributes in the top class. (53 extras)

• Delegate permissions in Active Directory

  Hello All,
  I have a temporary technician that comes once in a while to do work for us.I want to delegate the following permissions to do the day to day support tasks:-
  1)Reset Users password
  2)Unlock the User Accounts
  3)join computers into our domain and remove the computers
  from our domain
  All our User are kept under a "OU=Staff" and All our Computer accounts are kept under "OU=Computers" 
  I don't want to give any other unnecessary permissions to this
  technician on other OU's, My Domain Controller is windows 2008.
  Can you please help me how to do this task.
  Regards,

  You see the Wiki I started here for the permissions delegation in AD: http://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx
  To delegate unlocking user accounts: http://windowsitpro.com/security/q-how-can-i-delegate-right-unlock-locked-active-directory-ad-user-accounts
  To delegate the reset of users password: http://community.spiceworks.com/how_to/1464-how-to-delegate-password-reset-permissions-for-your-it-staff
  To delegate joining computers to a domain: https://robiulislam.wordpress.com/2012/02/07/delegate-non-admin-account-to-add-workstations-to-domain/
  To delegate removing computers from a domain: http://sigkillit.com/2013/06/12/delegate-adddelete-computer-objects-in-ad/
  In case you would like also delegating moving AD objects then here you go: http://social.technet.microsoft.com/wiki/contents/articles/20747.delegate-moving-user-group-and-computer-accounts-between-organizational-units-in-active-directory.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• SCOM 2012 - Use Powershell to put specific server and contained objects into Maintenance Mode

  I am still trying to develop what I thought was going to be an easy script, to put a specific server and all it's contained objects into maintenance mode in SCOM 2012.   Not a group, but just one specific server and all it's stuff.
  My script to START maintenance mode has two parameters:
  1.  The FQDN.  So for example: server1.contoso.com
  2.  The amount of minutes to put into maintenance mode
  Then it does the following to START maintenance mode:
  Import-Module OperationsManager
  $Instance = Get-SCOMClassInstance -Name $FQDN
  If ($Instance)
  $newEnd = ((Get-Date).AddMinutes($minutes))
  Start-SCOMMaintenanceMode -Instance $Instance -end $newEnd -Reason "PlannedOther" -Comment "Comments here"
  This seems to work from what I can tell.  I know that when you schedule maintenance mode manually in SCOM, there is an option to apply to "Selected objects and all their contained objects".  I do not know if that is occurring based on
  my code above.   But I think that is what I want to happen.   I just want all monitoring and alerting for the specified server to stop.   So if you think I need to change the above code so that it gets all the "contained
  objects" please let me know.
  The second part, which I know for a fact isn't fully working, is intended to stop maintenance mode for a server.
  My script to STOP maintenance mode has only one parameter:
  1.  The FQDN.  So for example: server1.contoso.com
  Then it does the following to STOP maintenance mode:
  Import-Module OperationsManager
  $Instance = Get-SCOMClassInstance -Name $FQDN
  If ($Instance)
  $MMEntry = Get-SCOMMaintenanceMode -Instance $Instance
  If ($MMentry)
  #basically sends an end time of 1 minute from when the script is run
  $newEnd = ((Get-Date).AddMinutes(1))
  Set-SCOMMaintenanceMode -MaintenanceModeEntry $MMEntry -EndTime $NewEnd -Comment "Removing from Maintenance Mode"
  This part does seem to work partially.   It does remove the server from maintenance mode.  However, I suspect that it's not removing all the "contained objects" from maintenance mode because when I run the script to stop maintenance
  mode on a server, the little maintenance mode icon in SCOM does go away but the overall light for the server stays set to "Not Monitored".   It never turns back to the green checkbox and says "Healthy".   When I start
  and stop maintenance mode manually I can see that the green Healthy checkbox comes back.  But when I try to run my above code to do it via script, it stays at "Not Monitored" instead.
  Can someone help me out here?  Looking for answers to two questions:
  1.  Does my Start maintenance mode code look ok? Will that put a server and all it's contained objects into maintenance mode?
  2.  What do I need to hadd to my Stop maintenance mode code, so that it correctly stops maintenance mode on the server and all its objects and everything starts to be monitored again?
  Thanks in advance!  Please let me know if you need any more information in order to be able to help me!

  Hello, thanks for your response.  Unfortunately, it does not appear that the link you provided works.
  As far as not including "selected objects and all their contained objects" I am wondering if there is a way for me to tell for sure. One thing I found was that if I run this script and put the server into maintenance mode, then I go into
  SCOM and click on Edit Maintenance Mode for that server, it shows me the details.   It has some comment, and my selected reason, based on the code I posted above.   It also DOES have "selected objects and all their contained objects"
  selected at top.  So it seems to me like it is working correctly, and does contain all the objects.   If you think that 'Edit' screen would be inaccurate for some reason, please let me know.  Or if you know of a way for me to check and
  confirm, please let me know that as well.
  As for REMOVING it from maintenance mode, I did eventually find a line of code that I think works.  Here's what my code looks like now:
  Import-Module OperationsManager
  $Instance = Get-SCOMClassInstance -Name $FQDN
  If ($Instance)
  $MMEntry = Get-SCOMMaintenanceMode -Instance $Instance If ($MMentry)
  $Instance.StopMaintenanceMode([DateTime]::Now.ToUniversalTime(),[Microsoft.EnterpriseManagement.Common.TraversalDepth]::Recursive);
  When I use the above code to STOP maintenance mode, the green checkmark does reappear for the server, and everything seems to be being monitored again.   Unlike before, where the maintenance mode icon would go away, but it would never change back
  to saying 'Monitored' again.  So I think that changing that one line to stop maintenance mode seems to have done the trick.
  So I guess my last concern now is just putting in maintenance mode initially, as I was talking about above.  If you still think the 'Edit Maintenance Mode' screen is not a good indicator of what my code does, please let me know.

• Spfarm Account Permissions in active directory

  Hello All,
  I have created SP 2010 lab env with AD. i have created on user in ad as SP_farm. i dont know exactly what permissions should be given to SP_Farm account in AD.
  Thanks

  It can be a normal user in AD but if you use same account for Profile sync the it should have "Replicate directory changes" on AD.  Normally people use same account for install as well. Then it should have server admin permission on SP Server.
  http://technet.microsoft.com/en-us/library/cc263445%28v=office.15%29.aspx
  Server farm account
  This account is also referred to as the database access account.
  This account has the following properties:
  It's the application pool identity for the SharePoint Central Administration website.
  It's the process account for the Windows SharePoint Services Timer service.
  Setup user account
  The user account that is used to run:
  If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the
  db_owner fixed database role for the database.
  Setup on each server computer
  SharePoint Products Configuration Wizard
  The Psconfig command-line tool
  The Stsadm command-line tool
  If this helped you resolve your issue, please mark it Answered

• How do I configure a cisco 1131 AP to use WPA2 enterprise and authenticate to Active Directory

  I have a Win2008 server set up as a radius server (192.168.32.71) and a stand alone AP (192.168.201.9) The AP is config is below:
  version 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  enable secret 5 $1$IdUV$UvE2IJTNzHX6mW6Mmh3At0
  ip subnet-zero
  ip domain name TKGCORP.local
  ip name-server 192.168.32.71
  aaa new-model
  aaa group server radius rad_eap
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa group server radius rad_eap1
  server 192.168.201.9 auth-port 1812 acct-port 1813
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authentication login eap_methods1 group rad_eap1
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 ssid ka_test
     vlan 201
     authentication open eap eap_methods1
     authentication network-eap eap_methods1
     guest-mode
  power inline negotiation prestandard source
  username Cisco password 7 112A1016141D
  username tkgadmin privilege 15 password 7 022D167B06551D60
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 201 mode ciphers aes-ccm tkip
  encryption key 1 size 128bit 7 673B0AA56FCB4E630D8E4856427E transmit-key
  encryption mode wep mandatory
  broadcast-key change 150
  ssid ka_test
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio0.201
  encapsulation dot1Q 201
  no ip route-cache
  bridge-group 201
  bridge-group 201 subscriber-loop-control
  bridge-group 201 block-unknown-source
  no bridge-group 201 source-learning
  no bridge-group 201 unicast-flooding
  bridge-group 201 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  encryption key 1 size 128bit 7 B711059074E30B1E1D4E3EC038BB transmit-key
  encryption mode wep mandatory
  broadcast-key change 150
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface FastEthernet0.201
  encapsulation dot1Q 201
  no ip route-cache
  bridge-group 201
  no bridge-group 201 source-learning
  bridge-group 201 spanning-disabled
  interface BVI1
  ip address 192.168.201.9 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server local
    no authentication eapfast
    no authentication mac
    nas 192.168.201.9 key 7 010703174F
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 0835495D1D
  radius-server host 192.168.201.9 auth-port 1812 acct-port 1813 key 7 0010161510
  radius-server vsa send accounting
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end

  Sorry for the late reply Steve. The link you provided was extremely helpful here is what my config  looks like now:
  ersion 12.3
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  enable secret 5 $1$7vHS$YWCMbrlAgDUayKlOHhMlF1
  ip subnet-zero
  ip domain name TKGCORP.local
  ip name-server 192.168.32.71
  aaa new-model
  aaa group server radius rad_eap
  server 192.168.32.71 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization exec default local
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  dot11 ssid wap_test
     authentication open eap eap_methods
     authentication network-eap eap_methods
     authentication key-management wpa
     guest-mode
     infrastructure-ssid optional
  power inline negotiation prestandard source
  username Cisco password 7 047802150C2E
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption mode ciphers tkip
  ssid wap_test
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface Dot11Radio1
  no ip address
  no ip route-cache
  shutdown
  speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
  station-role root
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  hold-queue 160 in
  interface BVI1
  ip address 192.168.201.9 255.255.255.0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  ip radius source-interface BVI1
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 192.168.32.71 auth-port 1645 acct-port 1646 key 7 071B245F5A
  radius-server vsa send accounting
  control-plane
  bridge 1 route ip
  line con 0
  line vty 0 4
  end
  I get a login screen but it will not let me connect, on my radius server I have it set to allow a group that my username is in. Here are some debugs from when I try to connect to the AP:
  ap#debug aaa  authentication
  AAA Authentication debugging is on
  ap#
  *Mar  2 01:11:53.284: AAA/BIND(00000006): Bind i/f 
  *Mar  2 01:11:53.355: AAA/AUTHEN/PPP (00000006): Pick method list 'eap_methods'
  *Mar  2 01:11:54.556: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
  *Mar  2 01:11:55.280: AAA/BIND(00000007): Bind i/f 
  *Mar  2 01:11:55.404: AAA/AUTHEN/PPP (00000007): Pick method list 'eap_methods'
  *Mar  2 01:11:56.349: AAA/BIND(00000008): Bind i/f 
  *Mar  2 01:11:56.525: AAA/AUTHEN/PPP (00000008): Pick method list 'eap_methods'
  *Mar  2 01:11:57.300: AAA/BIND(00000009): Bind i/f 
  *Mar  2 01:11:58.070: AAA/BIND(0000000A): Bind i/f 
  *Mar  2 01:11:58.812: AAA/BIND(0000000B): Bind i/f 
  *Mar  2 01:12:15.470: AAA/AUTHEN/PPP (0000000B): Pick method list 'eap_methods'
  *Mar  2 01:12:15.492: %DOT11-7-AUTH_FAILED: Station c0cb.3835.a102 Authentication failed
  ap#undebug all
  All possible debugging has been turned off

• Custom AD Attributes using powershell

  Hi,
  Is it possible to create custom attributes using powershell v2/v3 ?
  Marcel

  Marcel,
  Active Directory Cookbook, 3rd Edition has a way to do it. Unfortunately, they do not include the crucial step of assigning the new attribute to the class. My company has multiple developers each with their own VM and we need to be able to do this hundreds
  of times internally and for our clients. I have been struggling for weeks trying to find the final piece. (recipe 10.7). Please let me know if you can figure out the last step
  Using PowerShell
  To create a schema attribute using the Quest tools, use the
  new-QADObject
  cmdlet as
  follows:
  new-QADObject -ParentContainer 'cn=schema,cn=configuration,
  <ForestRootDN>'
  -type
  'attributeSchema' -name 'adatum-LanguagesSpoken' -ObjectAttributes
  @{lDAPDisplayName='adatum-LanguagesSpoken';
  attributeId='1.3.6.1.4.1.999.1.1.28.3';oMSyntax='20';attributeSyntax='2.5.5.4';
  isSingleValued='FALSE';description='Language a user speaks';searchFlags='1'}
  To create a schema attribute using native PowerShell functionality, use the following
  syntax:
  $root = [ADSI]"LDAP://RootDSE"
  $schema = $root.schemaNamingContext
  $parentCont = [ADSI]("LDAP://" + $schema)
  $newAttr = $parentCont.Create("attributeSchema","adatum-LanguagesSpoken")
  $newAttr.put("lDAPDisplayName","adatum-LanguagesSpoken")
  $newAttr.put("attributeId","1.3.6.1.4.1.999.1.1.28.3")
  $newAttr.put("oMSyntax", 20)
  $newAttr.put("attributeSyntax", "2.5.5.4")
  $newAttr.put("isSingleValued", $false)
  $newAttr.put("description", "Languages a user speaks")
  $newAttr.put("searchFlags", 1)
  $newAttr.SetInfo()
  Discussion
  To create an attribute, you need to add an
  attributeSchema
  object to the
  Schema
  container.
  Typically, when you extend the schema, you perform several additions or modifications
  at once. The order of your extensions is very important. You can’t create a
  class, assign an attribute, and then create the attribute; you obviously need to create
  the attribute before it can be assigned to the class.
  Bud - MCITP

• SharePoint 2013 profile service account requirements when using "Use SharePoint Active Directory Import" option

  Hi All,
  I am trying to configure SharePoint Profile service. We would like a straightforward profile import from Active Directory.
  On the "Configure Synchronization Settings" page, we have chosen the option "Use SharePoint Active Directory Import" option.
  We have created a connection to the Active Directory using Configure Synchronization Connections page. We have specified the account that would be used for the import process.
  Question:
  I would like to confirm whether the account configured for the profile import need any special privileges when using "Use SharePoint Active Directory Import" option ?
  Thanks,
  Saurabh

  Grant Replicate Directory Changes permission on a domain
  To do this please follows below procedure
  On the domain controller, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  In Active Directory Users and Computers, right-click the domain, and then click Delegate Control.
  On the first page of the Delegation of Control Wizard, click Next.
  On the Users or Groups page, click Add.
  Type the name of the synchronization account, and then click OK.
  Click Next.
  On the Tasks to Delegate page, select Create a custom task to delegate, and then click Next.
  On the Active Directory Object Type page, select This folder, existing objects in this folder, and creation of new objects in this folder, and then clickNext.
  On the Permissions page, in the Permissions box, select Replicating Directory Changes (select Replicate Directory Changes on
  Windows Server 2003), and then click Next.
  Click Finish.
  Thanks & Regards
  ShivaPrasad Pola
  SharePoint Developer 

• Directory object permissions

  I am using the CREATEDIMMV_GS procedure, which receives a directory object by parameter, and I get the following error:
  DBMS_ODM.Open_File: ORA-29289: directory access denied
  DBMS_ODM.Put_Begin: ORA-29289: directory access denied
  DBMS_ODM.CreateDimMV_GS ORA-29289: directory access denied
  BEGIN DBMS_ODM.CREATEDIMMV_GS('DWH_OLAP','D_TIME_10MINUTE','D_DESTIN_MV.SQL','MV_DIR',FALSE,'DWH_OLAP','DWH_OLAP');
  END;
  ERROR at line 1:
  ORA-29289: directory access denied
  ORA-06512: at "OLAPSYS.DBMS_ODM", line 4508
  ORA-06512: at line 1
  I think that I have to give an operating system permission, because I gave permissions to the directory object with the following GRANT:
  GRANT ALL ON DIRECTORY <directory_name> TO <schema>;
  Which is the operating system user that the database uses to write a file in the directory object?
  What kind of permissions I have to give?
  Regards,
  Rui Torres

  I think that is not a permission’s problem, because I created a directory on / and gave read/write permissions to all operating system users.
  The commands that I executed to create the directory and to give permissions are the following:
  mkdir /materialized_views
  chmod –R 777 /materialized_views
  To test the permissions, I created some files in /materilazed_views with different users, and all work perfectly.
  What is the problem?
  Can any body help me?
  Regards,
  Rui Torres

• Re: single log-on (SSO) using Windows 2000 and Active Directory

  Hi Honggo,
  Its possible to see all the Active Directory users in WLS6.1 by
  configuring the ldap realm.
  You can use any of the username/password in ldap but you still have to
  login again.
  However the concept of single sign on across operating system and WLS
  might not work in WLS6.1. WLS 7.0 allows you to write code that
  supports these kind of things better.
  honggo wrote:
  anybody know how to use windows 2k authentication
  (implemented by Active Directory)
  to support SSO in WebLogic Server?
  What I mean is I want to login once and only once
  in win2000 and somehow weblogic server know
  who is currently logon and impose some Access Control
  many regards in advance
  honggo

  Replying again because it didn´t seem to work last time.
  Could you be more specific? What code do I have to write to achive single sing on across Windows and WLS 8.1?
  Regards
  Mauricio Hurtado
  Banco de Mexicio

• How to update users to Active Directory using Hyena Active Task List?

  Kevin,
  thanks for your input. I was able to firgured it out. It need the full path. with the CN=John Doe
  Working like a charm!! thx!!

  http://www.systemtools.com/HyenaHelp/active_editor.htm"Each Active Directory object is identifiable by its directory path, called the ADsPath. A special symbol, %ADSPATH%, can be inserted in the field order list that can be associated with the directory path in the import file. The ADsPath doesNOThave to be one of the attributes for the directory objects in the Editor if the ADsPath is used as the Key Field in the import file.Using an ADsPath as a match field can be difficult, as it is a long and complex string, and if special characters are used in some directory fields, Active Directory will automatically insert additional special characters into the ADsPath. One method of getting the ADsPath into a file for directory objects is to use Hyena's Edit Copy dialog. A special symbol, %ADSPATH%, can be added to any Active Directory copied...

• How can I configure ECC6.0 to use LDAP (Active Directory) password

  We're setting up an integrated authentication between the ECC 6.0 and the LDAP server, in our case the Microsoft Active Directory. We have some users that can't use WebGui because some features, that only run in the SapGui. We have already configured UME in the Sap Portal accessing directly the ADS server, and Sap Logon Ticket from Portal to ECC. Everything is ok to access the WebGui and SapGui by the Portal with the Sap Logon Ticket. However it demands that all users make the authentication previously in the Sap Portal. Is there another scenario only with SAP tools, for example using Sap Logon directly to the Active Directory. Obs.: Our entire sap servers are UNIX.

  I had already read all these notes.
  In the last week, I tried to configure the UME in our PI/XI environment to access the LDAP. As the result, the ABAP stack was perform the authentication perfectly above the LDAP. However I had some problems with the Java stack and I comeback the back. I will try it, in the next week again.
  It's what I'd like to ECC environment. Anyone has already configured the UME in an ECC? Install a basic Java stack without all Java components only the UME in order to make this integration. If it’s possible I’ll very appreciate any documentation.
  Other problem is the limitation of datasource in the UME, I didn't remember exactly but I guess that is only 5 (Authorization in the ECC, BI, SolMan, PI, APO, CRM, LDAP, Portal, etc). If it's possible I'll group the environments in different UME managers. Forget this paragraph lets focus in the integrated authentication in this thread after that authorization.

• Using the Active Directory login information by UNIX

  We have 3 servers in our organisation: W2K + Exchange - members of one DOMAIN and Sun server with Solaris 8. All our clients have their login and password for the DOMAIN and the according the security policy they have to change their password periodically. Only a part of our clients have their login on the Solaris (they work using X-Terminal from their PC ).
  My question is how can I receive and update automatically the login information on UNIX(Solaris) after updating on the Active Directory . Or how can I use the login information of the Active directory by Solaris

  Are the configuration reports with the 0.0.0.0 being printed directly from the printer?  A 0.0.0.0 address indicates the printer is not actually on the network (or at least not getting DHCP information from the router).  The Print and Scan Doctor should not have been able to print to it unless it happened to be connected by a USB cable as well.
  What brand and model is the router?
  Is the wireless light a solid blue light or a flashing blue light?
  You mentioned an Active Directory Domain Services error message.  Outside of corporate networks, this is not an error message you should get.  I suspect there might be a deeper software issue at fault.  Please provide the exact steps you are using to add the printer to generate that error message.
  ↙-----------How do I give Kudos?| How do I mark a post as Solved? ----------------↓

• [Forum FAQ] How to install and configure Windows Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely

  As we all know,
  the Windows Server Essentials Experience role is available in Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter. We can add the Windows Server
  Essentials Experience role in Server Manager or via Windows PowerShell.
  In this article, we introduce the steps to install and configure Windows
  Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely. For better analyze, we divide this article into two parts.
  Before installing the Windows Server Essentials Experience Role, please use
  Get-WindowsFeature
  PowerShell cmdlet to ensure the Windows Server Essentials Experience (ServerEssentialsRole) is available. (Figure 1)
  Figure 1.
  Part 1: Install Windows Server Essentials Experience role locally
  Add Windows Server Essentials Experience role
  Run Windows PowerShell as administrator, then type
  Add-WindowsFeature ServerEssentialsRole cmdlet to install Windows Server Essentials Experience role. (Figure 2)
  Figure 2.
  Note: It is necessary to configure Windows Server Essentials Experience (Post-deployment Configuration). Otherwise, you will encounter following issue when opening Dashboard.
  (Figure 3)
  Figure 3.
    2. Configure Windows Server Essentials Experience role
  (1)  In an existing domain environment
  Firstly, please join the Windows Server 2012 R2 Standard computer to the existing domain through the path:
  Control Panel\System\Change Settings\”Change…”\Member of. (Figure 4)
  Figure 4.
  After that, please install Windows Server Essentials Experience role as original description. After installation completed, please use the following command to configure Windows
  Server Essentials:
  Start-WssConfigurationService –Credential <Your Credential>
  Note: The type of
  Your Credential should be as: Domain-Name\Domain-User-Account.
  You must be a member of the Enterprise Admin group and Domain Admin group in Active Directory when using the command above to configure Windows Server Essentials. (Figure 5)
  Figure 5.
  Next, you can type the password for the domain account. (Figure 6)
  Figure 6.
  After setting the credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 7)
  Figure 7.
  By the way, you can use
  Get-WssConfigurationStatus
  PowerShell cmdlet to
  get the status of the configuration of Windows Server Essentials. Specify the
  ShowProgress parameter to view a progress indicator. (Figure 8)
  Figure 8.
  (2) In a non-domain environment
  Open PowerShell (Run as Administrator) on the Windows Server 2012 R2 Standard and type following PowerShell cmdlets: (Figure 9)
  Start-WssConfigurationService -CompanyName "xxx" -DNSName "xxx" -NetBiosName "xxx" -ComputerName "xxx” –NewAdminCredential $cred
  Figure 9.
  After you type the commands above and click Enter, you can create a new administrator credential. (Figure 10)
  After creating the new administrator credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 11)
  After a reboot, all the configurations will be completed and you can open the Windows Server Essentials Dashboard without any errors. (Figure 12)
  Figure 12.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Part 2: Install and configure Windows Server Essentials Experience role remotely
  In an existing domain environment
  In an existing domain environment, please use following command to provide credential and then add Server Essentials Role: (Figure 13)
  Add-WindowsFeature -Name ServerEssentialsRole
  -ComputerName xxx -Credential DomainName\DomainAccount
  Figure 13.
  After you enter the credential, it will start install Windows Server Essentials role on your computer. (Figure 14)
  Figure 14.
  After the installation completes, it will return the result as below:
  Figure 15.
  Next, please use the
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with a remote computer. You can use the commands below:
  Enter-PSSession –ComputerName
  xxx –Credential DomainName\DomainAccount (Figure 16)
  Figure 16.
  Then, please configure Server Essentials Role via
  Add-WssConfigurationService cmdlet and it also needs to provide correct credential. (Figure 17)
  Figure 17.
  After your credential is accepted, it will update and prepare your server. (Figure 18)
  Figure 18.
  After that, please type “Y” to continue to configure Windows Server Essentials. (Figure 19)
  Figure 19.
  2. In a non-domain environment
  In my test environment, I set up two computers running Windows Server 2012 R2 Standard and use Server1 as a target computer. The IP addresses for the two computers are as
  below:
  Sevrer1: 192.168.1.54
  Server2: 192.168.1.53
  Run
  Enable-PSRemoting –Force on Server1. (Figure 20)
  Figure 20.
  Since there is no existing domain, it is necessary to add the target computer (Server1) to a TrustedHosts list (maintained by WinRM) on Server 2. We can use following command
  to
  add the TrustedHosts entry:
  Set-Item WSMan:\localhost\Client\TrustedHosts IP-Address
  (Figure 21)
  Figure 21.
  Next, we can use
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with the remote computer. (Figure 22)
  Figure 22.
  After that, you can install Windows Server Essentials Experience Role remotely via Add-WindowsFeature ServerEssentialsRole cmdlet. (Figure 23)
  Figure 23.
  From figure 24, we can see that the installation is completed.
  Figure 24.
  Then you can use
  Start-WssConfigurationService cmdlet to configure Essentials Role and follow the steps in the first part (configure Windows Server Essentials Experience in a non-domain environment) as the steps would be the same.
  The figure below shows the status of Windows Server Essentials.
  Figure
  25.
  Finally, we have successfully configured Windows Server Essentials on Server1. (Figure 26)
  Figure 26.
  More information:
  [Forum
  FAQ] Introduce Windows Powershell Remoting
  Windows Server Essentials Setup Cmdlets
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.