Get OSX to retrieve users from a specific AD OU.

Similar Messages

• Script to logout users from a specific group, when queries are long

  Hi,
  I have a requirement that users from a specific group need to be logged out, when they are running queries for more than say 20 mins.
  I could get the list of users from that group and could get the list of active sessions on the application, but I get too many info there like connection IP request state etc. and if I spool it to a file, output is not very easy to format to select what's required, rather I have to write lot of shell scripting to format the file.
  So my question here is to know if there's a MAXL script or any other method through which I can just get only couple of columns from the "display session on application <app name>" that I require for my work like username, session ID, DB connect time, and request time.
  Thanks!!

  There are a number of ways to accomplish this, but AFAIK none of them is straightforward like writing a script to accomplish the task.
  This could be accomplished quite readily with the Essbase API.
  Unfortunately, when Maxl outputs tabular data such as what comes out after DISPLAY SESSION ALL; - it comes out as all one big string with lots of spaces.
  So to parse that output you would need to use a language that can tokenize the text into a collection and parse that for the users.
  Then you need to do the same sort of thing after running DISPLAY USER IN GROUP ALL; (or instead of all, use a specific group name);
  Then run ALTER SYSTEM LOGOUT SESSION BY USER <parsed_username>;
  What would be ideal (hello Oracle... <wink> ) is a MAXL command ALTER SYSTEM LOGOUT SESSION BY GROUP <GroupName>;
  The way I would approach this would be to write a little utility that does exaclty what you seek:
  - Scan the current session periodically (say, once every 5 mins)
  - for each user that belongs to group(s) <group>(<group>...)
  - if user has an open query running longer than n minutes, kill the user request.
  This way you're not kicking people, your just taking back resources. Of course you can be more aggressive and code it to kick the user by forcefully ending (invalidating) his session too.
  I can give you a hand with this offline if you want.
  Robb

• Can retrieve users from some sub OUs and from other sub OUs cann't

  hi,
  I am using Windows 2003 Active Directory Server and Jndi to access that in my application. I am using follwing code to retrieve all Users from a aprticular OU.
  ctx = new InitialDirContext(environment);
  SearchControls ctls = new SearchControls();
  ctls.setSearchScope(2);
  String attrs[] = {
  "sn", "givenName", "userPrincipalName"
  ctls.setReturningAttributes(attrs);
  String filter = "(&(objectClass=*))";
  String serachCriteria[] = {"User Container", "Admin Leads,OU=Administration,OU=User Container"};
  for(int i = 0; i < serachCriteria.length; i++)
  StringBuffer searchString = new StringBuffer("OU=");
  searchString.append(serachCriteria);
  searchString.append(",DC=india,DC=mycompany,DC=com");
  for(NamingEnumeration answer = ctx.search(searchString.toString(), filter, ctls); answer.hasMoreElements();)
  SearchResult searchResult = (SearchResult)answer.next();
  ....................and so on
  as can be observed in the bold text above, I have to specify the path of sub OU to retrieve users under that. Whereas apart from this sub OU, it is retrieving users from others sub OUs. The problem is, the code can access users from some OUs but not from other sub OUs
  Can anybody help?
  regards,
  Zaid

  Active Directory has a very rich access control model.
  Perhaps it may not have occurred to you, that you do not have list access rights to the child3 & child9 organizational units ?
  You may have access rights to all the leaf objects contained in child3 & child9, which explains why you can retrieve all the leaf objects when you explicitly bind to them, however you may not have list access rights to child3 & child9 which explains why you can't bind to it when iterating through parent1.
  What happens if you simply perform a one level search on parent1, using a filter (objectClass=organizationalUnit) ?
  If it doesn't retrieve child3 & child9, then perhaps you do not have list access rights for those two ou's.

• Hi am having issues with getting the list of users from the Active Director

  Hi am having issues with getting the list of users from the Active Directory, can anyone help me with this!

  Hi Jason,
  Try this:
  1.  In Ultiboard select Tools>>Netlist Editor>>Pins, press the Delete button
  2.  Select all nets in the Select the Net to Delete dialog and then press the Delete button.  This will clear all nets in the layout, don't worry all traces, parts are still on the design.
  3.  Go to Multisim and select Transfer>>Forward annotate to Ultiboard.    This will add all nets that you removed back and it should fix the pin problem
  Tien P.
  National Instruments

• Error while Retrieving users from DB using Field Loop

  Hi,
  Im working on IDM 6.0 in Sun Appserver 8.1, with waveset on SQL Server2000.
  I have a rule that list all the users from a table in SQL Server2000.
  Ive used this rule in a form to get list of all users. This rule works fine in BPE and the drivers are properly placed
  When I view the Form I get the following error.
  XPRESS exception ==> com.waveset.util.WavesetException: Can't call method queryList on class com.waveset.util.JdbcUtil ==> com.waveset.util.WavesetException: ==> java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC][SQLServer]Could not find server 'com' in sysservers. Execute sp_addlinkedserver to add the server to sysservers.

  I was able to solve the error but how can I display the all fields retrieved by the query. (like select name,comments from tablename)
  This is my code. I just need to display comments
  <FieldLoop for='cdata1'>
    <expression>
      <rule name='MSSQL DB Connect'/>       <!-- This rule lists all users.-->
    </expression>
    <Field name='accounts[$(cdata1)].name'>
      <Display class='Text'>
        <Property name='size'>
          <Integer>10</Integer>
        </Property>
        <Property name='value'>
          <ref>cdata1</ref>               <!-- prints user -->
        </Property>
      </Display>
    </Field>
    <Field name='accounts[$(cdata1)].comments'>  
      <Display class='TextArea'>
        <Property name='rows'>
          <Integer>1</Integer>
        </Property>
        <Property name='columns'>
          <Integer>15</Integer>
        </Property>
      </Display>
    </Field>
  </FieldLoop>Thanx

• Getting error while removinf user from AD group

  Hi,
  In AD User process definition, there is a default taks called :Remove user from Group. This task runs after another task called Organization Name Update . Whenever, an user is moved from one org to another org, his organization gets updated in AD user form and this task"Remove user from Group" runs. The work of this task is to remove the user from old groups. BUt the task is getting rejected and i see the below error in log files.
  11/07/04 00:24:17 Data AccessException:
  11/07/04 00:24:17 com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_ADUSRC_GROUPNAME from UD_ADUSRC where UD_ADUSRC_KEY = Description: ORA-00936: missing expression
  SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
  at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
  at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
  at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADREMOVEUSERFROMGROUP.implementation(adpADREMOVEUSERFROMGROUP.java:48)
  If anybody knows the solution for this then plz let me know.
  Thanks,
  Kalpana.

  I think the mappings and all would be correct. Here is what Kevin meant:
  - Let's assume the AD user account is a part of GroupA, GroupB and GroupC
  - Now on Change Organization completion if you invoke Remove user from Group then the adapter/process task has no way to know that which 3 of those groups has to be removed (or all 3 for your case)
  - Alternatively if you use API's to remove the group then this task would be invoked by the original OIM process/triggers and so the actual value would be known to adapter/process task.

• How do I get a list of users for a specific role in EP 6.0

  Hi,
  I'm trying to find a table or an API that I can use to get a list of users for a role that I have created in the portal. There are about 940 users tied to this role that I would like to dump to an excel or text file. My goal is to get these users into a security group and tie the role to the group instead of each user. Thanks!

  Hi Chris,
  first, welcome on SDN!
  UMFactory.getInstance().getRoleFactory(roleID).getUserMembers() returns the users which are members of the role, see http://media.sdn.sap.com/html/submitted_docs/60_sp2_javadocs/ume/com/sap/security/api/IRole.html
  addGroupMember(...) adds a group.
  removeUserMember(...) removes a user from a role.
  Corresponding method exist for the groups.
  Hope it helps
  Detlev
  PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance!
  PPS: Wrong forum, should have been EP DEV for example. It's not a question in conjunction with KM.

• [SOLVED] - Create Boot Media to Retrieve Content from a Specific Distribution Point Regardless of Boundary/Boundary Group?

  I think I'm a little confused because maybe I missed something somewhere.
  I'd like to create bootable meda that would pull the content from a specific DP no matter where the device was physically.  So if the machine is in Boundary A/B/C within Boundary Group group A/B/C, that media should
  always pull from Distribution Point 'F'.
  During the task sequence media creation process, on the 'Boot Image' page, you're asked to select a distribution point so I believed that was all I needed to do.  But even though I selected a specific DP, DP F, when creating the media,
  during the operating system deployment task sequence, I saw it was pulling the image from another DP; a remote DP for that matter. Imaging over the WAN is not ideal! 
  I double checked the Boundaries and with the exception of 1 overarching boundary, there were no other overlapping Boundaries.  I then checked the Boundary Groups to confirm the Boundaries were associated with the correct Boundary Group (e.g.: all IP's
  at site A are in Boundary Group A) and that the correct site system server had been specified for each Boundary Group.
  Why the overarching overlap?  I wanted to cover scenarios where a local DP had not yet been stood up or simply didn't exist.  We frequently stand up several ad-hoc small 'offices' of just 1-3 people with bare-bones infrastructure.  I
  wanted them to fall back to HQ if they needed anything versus configuring separate Boundaries for each one as the ranges vary each time.
  First question is, am I doing something wrong or is this just not possible?
  Second, HQ is a fallback source location for content, and that's where this particular system was pulling content from.  If the DP I specified during the TS Media creation is missing content, how can I confirm this and validate that the client was directed
  to the fallback source which is HQ?

  That cannot be done. DPs will be determined dynamically. The DP used in the wizard is for downloading the content just for creating the media.
  Torsten Meringer | http://www.mssccmfaq.de
  Oh man - thank you for clearing that up.  Sheesh I was thinking about that the wrong way.

• Exchange PowerShell script to get mailbox properties of user from a CSV file

  Hi Team,
  I've a CSV file with alias of numerous users and I want to get their mailbox sizes and other properties. These users are dispersed in various databases of same Exchange organization.
  Need a Powershell Script, Any help?
  Muhammad Nadeem Ahmed Sr System Support Engineer Premier Systems (Pvt) Ltd T. +9221-2429051 Ext-226 F. +9221-2428777 M. +92300-8262627 Web. www.premier.com.pk

  You can use this and modify it to what you need. Output to a file (IE: Export-CSV "path to file"
  If you need more specifics let me know. This one is for one user at a time but can be used to read a CSV file.
  # Notifies the user a remote session needs to be started
  Write-Host "Get a users mailbox size" -fore yellow -back red;
  Write-Host "Please wait while a remote session started" -fore red -back yellow;
  # Import a remote session with exchange
  $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://exchangeservername/Powershell/ -Authentication Kerberos
  Import-PSSession $Session
  Do {
  # Prompts user for a name
  $name = Read-Host "Enter a username"
  # Get the mailbox statistics for that user
  Get-MailboxStatistics $name | fl totalitemsize, storagelimitstatus, totaldeleteditemsize | out-default
  # Give the user a choice to test another or EXIT
  $Output = Read-Host "Press Y to continue or ENTER to exit"
  # Ends the program if the user does not press Y
  Until ($Output -ne "Y")
  HossFly, Exchange Administrator

• Get , store and retrieve values from JComboBox, JT.......

  please can you show me how to collect informations from some JComponents like JComboBox, JList , JTextField, JTextArea etc and store them on clicking on a single button and also retreiving them by clicking on another single button

  below are some functions that u can use:
  JComboBox: getSelectedItem()
  JList: getSelectedValue()
  JTextField, JTextArea: getText()
  basically u need to have button, add an action listener for the button, and store the value using the above functions when the button is clicked.
  hth.

• Getting Problem in retrieving values from JTable

  Hi Guys,
  Suppose i clicked in cell in a table to edit it and done some entry in it and without leaving that cell ( means focus is on that cell only) i clicked one button.
  button prints table data on console.
  now problem is the value in focused cell is coming as null or wht i previously return.
  that means unless i m not leaving a cell the Jtable is not taking that value.
  how could i overcome this problem
  thanks in advance

  Use this:table.putClientProperty("terminateEditOnFocusLost", Boolean.TRUE);The editor will be closed as soon as the table loses focus.

• How to get users from Organizational Unit and with worker's subgroup

  Hi
  I am looking for a f. module to get the list of users from specific Organizational Unit and with specific worker's subgroup.
  I found f. module SWI_GET_USERS_OF_ORG_UNIT but it seems not working and only returns the users, how can I narrow the selection to get only from specific worker's subgroup?
  Thank you

  Hi,
  Try with FM RH_STRUC_GET with following parameters:
  ACT_OTYPE = O
  ACT_OBJID = worker's subgroup
  ACT_WEGID = SBESX
  Most important is to specify OBJID as the workers's subgroup, values for the others parameters may vary.
  Cheers.

• AD Group Membership with User From Domain Outside of Forest

  Here's one to twist your brain around -
  I have kerberos authentication using Active Directory working between a client's web browser and my web-app hosted in JBoss. I also have limited authorization working by checking group memberships using LDAP. This currently only works if all users are in the same domain. The ever-helpful adler_steven has detailed in another thread (http://forum.java.sun.com/thread.jspa?threadID=603815&tstart=15) how to do a group membership check for all Users/Groups in a single forest using the Global Context.
  I need to go beyond the domain and even beyond the forest and try to authorize a user from a trusted domain by checking if the user is a member of a group in my domain. Authentication works fine using kerberos. It's the authorization by group check I am having trouble with. I believe there are two ways to approach this:
  Approach #1
  Access the MS-specific PAC in the kerberos token from the client to get the group SIDs. The structure of the PAC is nicely defined in this article: http://appliedcrypto.com/spnego/pac/ms_kerberos_pac.html. However, I have no idea how to access the decrypted token. I pass the encrypted token that I receive from the browser to myGssContext.acceptSecContext(...) to complete the authentication.
  Question: Does anyone know how to get the decrypted kerberos ticket from there, specifically the authorization-data field?
  Approach #2
  Try to walk through the Active Directory structures in both domains using LDAP. In the domain group that I am checking, I can see a member attribute that references a foreignSecurityPrincipal object. The CN of this object happens to be the objectSID of the user I am looking for in the remote domain. Unfortunately, I have to check the remote domain server directly to verify that. The foreignSecurityPrincipal object itself does not contain any hint about what user it refers to aside from the SID (no originalDomainName attribute or something similar). It is feasible that I could walk the chain of references back to the remote domain AD server. That would require that my configuration include a list of remote domain servers to check (since I could have users from multiple trusted domains) and that my JBoss server have access to those servers.
  Question: Does anyone know of some other LDAP-related way of finding information about a user from a remote, trusted domain without having to hit the server for that domain directly?
  adTHANKSvance
  Eric

  You should be able to work back from the foreignSecurityPrincipal object :-) He says with a wry smile..
  This post prompts me to think whether one day someone will draw the entity relationship diagram for AD. Oh well, I've been procrastinating for years, a few more won't hurt !
  If it was a user from within the same forest, you should just be able to perform a search against a GC using the objectSID as the search filter. I've forgotten, but I don't think they will be represented as foreign security principals.
  Have a look at the post titled JNDI, Active Directory and SID's (Security Identifiers) available at
  http://forum.java.sun.com/thread.jspa?threadID=585031&tstart=150 that describes how to search for an object based on their SID.
  Now if it is a user from another forest, with which you have a trust relationship, then we begin the navigation excercise.
  You'll need obtain the user's SID (either from the cn or from the objectSID attributes) from the foreignSecurityPrincipal object. For example CN=S-1-5-21-3771862615-1804478405-1612909269-2143,CN=ForeignSecurityPrincipals,DC=antipodes,DC=com
  objectSID=S-S-1-5-21-3771862615-1804478405-1612909269-2143Then obtain the domain RID, eg.S-1-5-21-3771862615-1804478405-1612909269Next you will have to recurse each of the crossRef objects in the Partitions container, in the configuration naming context (which you will find listed in the RootDSE). The crossref objects that represent trusted domains or forests will have values for their trustParent attributes. A sample query would be something like//specify the LDAP search filter
  String searchFilter = "(&(objectClass=crossRef)(trustParent=*))";
  //Specify the Base for the search
  String searchBase = "CN=Partitions,CN=Configuration,DC=antipodes,DC=com";For each crossRef object, you can then use the dnsRoot attribute to determine the dns domain name of the forest/domain (if you want to later use dns to search for the dns name,ip address of the domain controllers in the trusted domains/forests), and then use the nCName attribute to determine the distinguished name of the trusted forest/domain.dnsRoot = contoso.com
  ncName = dc=contoso,dc=comPerform another bind to the ncName for the trusted domain/forest and retrieve the objectSID attribute, which will be the domain's RID. You may want to cache this information as a lookup table to match domain RID's with domain distingusihed names and dns names.String ldapURL = "ldap://contoso.com:389";
  Attributes attrs = ctx.getAttributes("dc=contoso,dc=com");
  System.out.println("Domain SID: " + attrs.get("objectSID").get());Once you find out which domain matches the RID for the foreignSecurityPrincipal, you can then perform a search for the "real user" .And then finally you should have the user object that represents the foreign security principal !
  Just one thing to note. Assume that CONTOSO and ANTIPODES are two separate forests. If you bind as CONTOSO\cdarwin against the CONTOSO domain, the tokenGroups attribute (which represents teh process token) will contain all of the group memberships of Charles Darwin in the CONTOSO domain/forest. It will not contain his memberships if any, of groups in the ANTIPODES forest. If Charles Darwin accesses a resource in ANTIPODES, then his process token used by the ANTIPODES resource will be updated with his group memberships of the ANTIPODES forest. Also you can have "orphaned foreignn security principal", where the original user object has been deleted !
  BTW, If I was doing this purely on Windows, IIRC, you just use one API call DsCrackNames, to get the "real user", and then the appropriate ImpersonateUser calls to update the process token etc..
  Good luck.

• Pt:treelink Select Users From Specified Group

  Is there anyway to have the pt:treelink show classid="1' (users) from a specific group? I can pass a rootid="ADMIN_FOLDER_ID" and get it to only list objects in that folder id. I'm looking for something similar to pass a GroupID="X", where X is the group that I want to display users from.
  Thanks,
  Jon Yutzy

  I'm looking for something similar to this, although without specific selecting.
  I would like to popup a list of users inside a group (just to view who's in the group).
  I've seen the plumtree portal itself do this while managing security access to different portal objects. You can click the group name to see who's inside. This is exactly what i'm looking for.
  Considering this post was originally made a year and a half ago, has anything become of this?

• Failed to retrieve data from the database using Crystal Reports XI R2

  I am using Crystal reports XI R2 and using the Universal Web Connector (connecting to Coghead).  When I put some some of the fields from the database and run Preview I get "Failed to retrieve data from the database." .   Where is this message coming from and how can I track down what the issue is?

  Hi Jamie,
  When you are trying to Browse Data of a field it is not poping up any window menas, it is unable to interact with database and get the data from database.
  Try to create a new report using ODBC with Xtreem Sample Database.  If you get the data in your report without any error then your connector is not working / unable to pull the data into your report.
  You can find the supported platforms document in below link
  http://support.businessobjects.com/documentation/supported_platforms/xi_release2/default.asp
  Thanks,
  Sastry