Grant access to users from different Domains
Hi,
Recently my company was merged with another. All users from my company are setup in our Domain (DomainA). Sharepoint is able to see the users in this domain and grant access to the users as well. When the merger happened, we created a Group (Test - Sharepoint)
in our AD to add groups from other companie's domain:DomainB, totally different Forest. There is a two way trust setup between these domains. The group Test-Sharepoint is "domain local" and it is able to see the groups/users from other domain: DomainB.
The other users are now able to access our sharepoint environment once access is granted to DomainA\Test-Sharepoint.
Problem came when we applied Audience targetting around few web parts. The users from DomainB who are added as object in DomainA\Test-Sharepoint (group in DomainA) are not able to see the web parts that have audience targeting for this group. Someone
suggested that AD groups should be Global or Universal but that is not our case. Most of the groups in our AD are domain local and SP is able to see the users within it.
Please suggest how we can resolve audience targeting issue?
Regards, Kapil ***Please mark answer as Helpful or Answered after consideration***
My apologies, yes that is correct you'll have to use Domain Local in this case. http://technet.microsoft.com/en-us/library/cc755692(v=WS.10).aspx
Actually what you'll need to do is not use Groups in your domain at all, as the users are Foreign Security Principals. Instead, use a group in the trusted domain, or attributes of the users you intend to target directly.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Similar Messages
-
How to grant access to sharepoint for the user from different Domain
Hi All
I need to grant access to user from different domain.
Where I can able to view the users in people picker (different domain).
Thanks in Advance.
RajHi
Trevor Seward
Sorry to disturb
you again.
I am trying to restrict user from search from other domain, say we have domain A and Domain B, where I am trying to restrict all the user from domain B (Search users)for a site collection. I have found couple of stsadmin command to do so. but none
of them works. Below are the commands I have tried
STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv "domain:<Name>.domain" -url "http://Site URL"
stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv “(canonicalName=<Name>.domain*)” -url "Site URL"
we have two way trust.
Can you suggest any solution.
Thanks
Raj -
AD Resource forest access with user from different forest
I am trying to access a AD resource forest using a user from a different forest.
The "different forest" is the main forest used to contain all user accounts etc. This domain is trusted by the resource forest (which contains things like outlook distribution lists etc) and so I am able to log into the resource forest (using ldp.exe or the mmc ad snap-ins) with my credentials from the main forest.
How can I replicate this in java?
I can connect directly to the user forest with simple authentication. But I can't do the same with the resource forest (as the user does not exist on it - it is merely trusted). Is there an authentication method that will allow me to do this?
In this organisation user accounts for the resource forest are not given out - you have to use one from the main user forest. So I have to find a work-around where I can connect with my current credentials.
Any ideas anyone?Devid,
I am facing the same problem.
Did you get the solutions.
I am getting exception while calling "InitialDirContext"
"Problem searching directory: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece" -
Mapping users coming from different domain in AD
HI,
We have configured vintela SSO which is working.Now we are trying to add another domain but it has been unsuccessful.
We have imported the users coming from other domain in CMC->AD, and UseFDQNDirectoryForServers parameter in registry.
The issue is our complex krb5.ini errors as "cannot find kdc for realm" for the user account coming from the other domain.The existing domain kinit is successful.
Please help in resolving this issue!!! We need to have users coming from different domain to use vintela SSO.
Thank you.well you're mixing things up a bit.
The usefqdnfordirectoryservers is used to map in groups. If the groups show up as well as the users that piece should be complete.
the krb5.ini is for logging in users manually, it must conatin the KDC for every domain that may contain users that need to log into BO. It also must have a KDC or capath entry to define all the parent domains as well (even if they do not have members that need to login. This is how the krb5 is used to verify transitive trusts. Then all users that are not in the default domain must logon as username@ DNSDOMAIN.COM where the DNS domain is entered in all caps aqnd represents the FQDN of theidomain the users bewlong to. Now if not logging in manually this should be a big problem.
So for SSO (vintela anyway) this process is automatic, although you may want to configure vintela with site information so it doesn't randomly use all your DC's Site can be set following the steps at the end of business objects note 1261835 (complete and vintela only editions).
In order for vintela to work properly the value entered in CMC > Authentication > Windows AD > service principal name must = an SPN thet was created on the account that is running the SIA/CMS
Regards,
Tim -
Displaying image from different domain in an applet
can anybody tell how to load & display an image from a different domain. the image is being generated dynamically on that server so that i cannot save it.
You should sign your applet to be able to do it.Isn't that normally only necessary for Security
relevant procedures, like locally reading and writing
(saving) files? ( -> So, is that also true (sec.
rel.) for "donwloading" from "different domain"
(URL)? )Yes, it is a security violation. Maybe arguably not as bad as local file system access, but it could still be a problem. The main problem would be turning an unsigned applet (therefore from an unknown source) into a DOS application which starts pounding on all sorts of other servers, including the local host.
As to the problem, you could have a servlet on your host which gets the image from the other host for you. The servlet could be very generic with the applet passing all the info needed to get the file for it. -
Loading modules from different domain
when I load modules from the same location where is main application, everything is fine. But when modules are loaded from different adrress i got following error:
TypeError: Error #1009: Cannot access a property or method of a null object reference.
at mx.utils::LoaderUtil$/isRSLLoaded()[E:\dev\4.5.1\frameworks\projects\framework\src\mx\uti ls\LoaderUtil.as:525]
at mx.utils::LoaderUtil$/http://www.adobe.com/2006/flex/mx/internal::processRequiredRSLs()[E:\dev\4.5.1\frameworks\projects\framework\src\mx\utils\LoaderUtil.as:259]
at mx.core::FlexModuleFactory/getRSLInfo()[E:\dev\4.5.1\frameworks\projects\framework\src\mx \core\FlexModuleFactory.as:582]
at mx.core::FlexModuleFactory/update()[E:\dev\4.5.1\frameworks\projects\framework\src\mx\cor e\FlexModuleFactory.as:470]
at mx.core::FlexModuleFactory/moduleInitHandler()[E:\dev\4.5.1\frameworks\projects\framework \src\mx\core\FlexModuleFactory.as:819]
any ideas what might be wrong?
thanks for any help in advanceThis is a link to testing application:
http://michalnpe.homeip.net:55001/bin-release/LoadModuleApp.html
you can see source code of this app.
Let's say we want to run module from different domain.
so insert following address for crossdomain.xml and module (into TextInput in the applicataion above) .
http://a2s.pl/crossdomain.xml
http://www.a2s.pl/npe/softmgr/Michal/wymiana/TestModule.swf
here is the code that loads the module:
protected function loadModule(event:MouseEvent):void
testloader.url = moduleAddress.text;
//testloader.loadModule();
public function setup():void { // run before loading modules
Security.allowDomain("*");
Security.loadPolicyFile(crossdomain.text);
var request:URLRequest = new URLRequest(crossdomain.text);
var loader:URLLoader = new URLLoader();
loader.load(request); -
How to access form objects from different class?
Hello, I am new to java and i started with netbeans 6 beta,
when i create java form application from template i get 2 classes one ends with APP and one with VIEW,
i put for example jTextField1 with the form designer to the form and i can manipulate it's contents easily from within it's class (let's say it is MyAppView).
Question>
How can i access jTextField1 value from different class that i created in the same project?
please help. and sorry for such newbie question.
Thanks Mikehmm now it says
non static variable jTree1 can not be referenced from static context
My code in ClasWithFormObjects is
public static void setTreeModel (DefaultMutableTreeNode treemodel){
jTree1.setModel(new DefaultTreeModel(treemodel));
and in Class2 it is
ClasWithFormObjects.setTreeModel(model); -
Display problem from different domain
Hi
I am not able to make my display(DISPLAY variable). When I m exporting the display variable from the same domain as the linux box is present. It is working fine but when I trying to export the DISPLAY variable from different domain and use the GUI. it is throwing error. Please help. Also I am able to ping from my window machine to Sun Solaris
operating system: sun solaris 9 (5.9).
Error Message:
(gnome-calculator:5511): Gtk-WARNING **: cannot open display:
Can anybody tell me how and what all we need to check to configure DISPLAY.
I mean the software required and firewall configuration.I trying to export the DISPLAY variable from different domain and use the GUI.Different domain or different network?
I am able to ping from my window machine to Sun SolarisPing means nothing in this case because:
1. ICMP =! TCP
2. You need to have allowed connection from Solaris to your local machine (port 6000) and ping is not capable to check that.
3. You need to check this on/from server (Solaris)
Or you can use X11Forwarding so you don't need to allow connection as mentioned above.
I mean the software requiredDo you mean client SW or what? -
Unable to load swf from different domain through html wrapper in Chrom
Hi All,
I am trying a embed a swf from different domain. My html wrapper was in one domain and swf was in another domain. I have embedded the swf into the html wrapper. When i run the html file it is loading the swf in firefox and working fine. But when i try to run the same html in chrom or IE the swf is aborted. I have crossdomain.xml file in both the servers which is also allowing both the domains. I was not able to figure out the issue. Can anybody help on this.
regards,
Jayagopal.Are you getting any errors or warnings?
-
Granting access to users to modify published organizational forms outlook 2007 -exchange 2010 ?
How do i grant Access to users to modify published organizational forms outlook 2007 and 2010, we use exchange server 2010 in our environment. Please advise.
Aditya MedirattaHi Aditya
Thank you for your question.
Organizational Forms belongs to public folder. You can use Add-PublicFolderClientPermission modify user permission.
You can refer to the following link:
http://technet.microsoft.com/en-us/library/bb124743(v=exchg.141).aspx
you can refer to the following link to create organizational form;
http://technet.microsoft.com/en-us/library/gg236889(v=exchg.141).aspx
the public folder permission,you can refer to the following link:
http://technet.microsoft.com/en-us/library/ee633461(v=exchg.141).aspx
If any questions, please let me know.
Best Regard,
Jim Xu -
How to access _global variables in different domain
hi
i am loading a swf in local and this has to be communicate the swf which was in the server(different domain). using the system.security.allowdomail i can access the variables, but i can't able to access _global variable.
Pls tell how to access _global variable in different domain
Thanks in advance
@flashGanesh,
It should work the way you mentioned it. I don't see why it
didn't unless there is a spelling mistake or something. If there
is you should have a got an error message. :-)
I actually don't recommend using globals at all, I would rather
use a PL\SQL Package Specification to define Global Variable.
These variables are valid for the duration of the Session and
they are restricted to Char(255) limit. It reduces the number of
mistakes when converting dates and Such. It also forces the
developers to place all the globals in one place instead of
multiple places. Read Feurstein's book on PL\SQL Programming for
more details.
Sunil
MS Ganesh (guest) wrote:
: Hi Steve,
: I know how to assign values to global variables.
: I did the following
: Form Name : FIRST_FORM
: :global.group_id := 'SUPERVISOR'
: call_form('SECOND_FORM');
: In Second Form
: When New Form Instance
: Message(:global.group_id);
: No message is displayed.
: Please explain to me the steps in detail.
: Thanks in advance.
: Bye
: MS GANESH
: Steve (guest) wrote:
: : Just assign value to global variable i.e.
: : :global.foo := 'anything'; or
: : COPY('anything', 'global.foo');
: : to remove global variable
: : ERASE('global.foo');
: : Note: global variables are always VARCHAR2(255);
: : MS Ganesh (guest) wrote:
: : : Dear OTN Members,
: : : I would like to pass values between forms,
: : : I know it is possible to do it by using Parameters.
: : : But I would like to know how to use global variables to
: : : accomplish the same task.
: : : Thanks in Advance.
: : : Bye
: : : MS Ganesh
null -
Grant permissions to user accounts from different domains
Running a PowerShell script from hosts in Domain_A, I need to grant rights to user objects located in Domain_B with a one way trust in place. Going through the process manually, I will get prompted for credentials that can query Domain_B.
How would I go about automating the authentication in PowerShell? The actual commands that run need to be executed by a privileged account in Domain_A; it's only the querying of objects in Domain_B that requires a valid Domain_B credential.Are you doing a domain migration?
Are you leveraging the Get-ACL / Set-ACL CMDlets?
What I would do is create a script that uses get-acl and set-acl CMDlets...
I would then launch that using:
$secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("username", $secpasswd)
start-process "powershell" -ArgumentList "-file c:\path_to_Script.ps1" -Credential $mycreds
There are a ton of ways to do this, but I figure I'd give one of many ways to roll with it.
Entrepreneur, Strategic Technical Advisor, and Sr. Consulting Engineer - Strategic Services and Solutions Check out my book - Powershell 3.0 - WMI: http://amzn.to/1BnjOmo | Mastering PowerShell Coming in April 2015! -
How to access Excel files from different locations?
Hello,
I have successfully tested the Excel sample on WLS 7, and trying to run it on
the WLS 8.1.
Anyways, the common question for both is, how to access an excel files from different
locations (e.g. c:\path\1.xls, \\domain1\finance\fin.xls, \\domain1\marketing\customer.xls,
\\domain2\accounts\vouchers.xls)?
From example i can see that it picks from a specific path under repository.
Thanks
Ashok GuptaThe custom function sets the MS-Excel default directory to System.getProperty("user.dir")+"/excel"
(the domain directory), then opens the filename passed as a parameter. I assume
that if you pass in the fully specified path for the excel file ( like d:\MyDir\data\test.xls),
that it would open that file.
- Mike
"Ashok Gupta" <[email protected]> wrote:
>
Hello,
I have successfully tested the Excel sample on WLS 7, and trying to run
it on
the WLS 8.1.
Anyways, the common question for both is, how to access an excel files
from different
locations (e.g. c:\path\1.xls, \\domain1\finance\fin.xls, \\domain1\marketing\customer.xls,
\\domain2\accounts\vouchers.xls)?
From example i can see that it picks from a specific path under repository.
Thanks
Ashok Gupta -
How to configure PerformancePoint to access SSAS hosted in different domain.
I have Sharepoint 2013 installed in a demo environment with a domain say ABC. I have username and password of an account say DEC\sqlread, having only read permission in SSAS (2008 R2) production environment, which is hosted on different domain. How do I
configure Performance point to use that read account (DEC\sqlread) of SSAS whenever any user of ABC domain uses performance point reports.
I don't have much permission in SSAS production environment to configure things, but I have admin access to demo environment.Hi Dev,
According to your description, you want to configure PerformancePoint to connect SSAS using a read account.
You can configure the Unattended Service Account for the PerformancePoint Services:
Here is a good blog you can refer to:
http://www.c-sharpcorner.com/UploadFile/a9d961/create-an-analysis-service-data-source-connection-using-shar/
Reference:
http://technet.microsoft.com/en-us/library/jj819321(v=office.15).aspx
Thanks,
Eric
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
contact [email protected]
Eric Tao
TechNet Community Support -
Is there a way to migrate AD users to different domain?
Hello SharePoint Fam,
I have a 10,000 user environment and these users are spread across 15 different domains. Our data/network team are beginning to migrate and consolidate our environment down to one domain. We did a test and had them migrate a couple of accounts
to different domain and confirmed that this breaks the user access. Is there a script or recommendation that I could use to migrate specific users to this domain? This new domain is still under the same forest
Thanks n advance,Hi,
According to your description, my understanding is that you want to migrate AD users to another domain.
The tool you need to migrate users between domains is ADMT (Active Directory Migration Tool) which will migrate users, groups, and computers.
After that, we need to use Move-SPUser to migrate the users to new accounts:
$user = Get-SPUser -web http://my.website.url -Identity DomainA\UserA
Move-SPUser -IgnoreSID -Identity $user -NewAlias 'DomainB\UserA'
More references:
http://technet.microsoft.com/en-us/library/ff607729(v=office.15).aspx
http://localhost25.blogspot.com/2012/06/sharepoint-2010-migrate-users-with-move.html
http://blogs.msdn.com/b/sowmyancs/archive/2012/01/07/migrate-users-groups-powershell-script.aspx
Thanks,
Victoria
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Victoria Xia
TechNet Community Support
Maybe you are looking for
-
Attachment button is not displayed in HCM Processes and Form
Hi all, I have configured the attachment in Form Scenario. But the attachment button is not appeared in HCM Form (in MSS portal). What might cause this problem? Rgds, Dominic
-
Hi I need to create VAT 200 report for Andhrapradesh state in INDIA, 1. Is there any sample report available in portal ? 2. How to create this report, send me some useful tips if anyone done this report.. Thanks & Regards Chakrapani
-
Can custom HTML widgets be copy protected in iBooks Author 2.0?
Hi to All! Never used iBooks Author up to this point, but looking in to it. As per the subject heading: If a custom designed HTML widget is used in iBooks Author 2.0 can it easily be copied & pasted by viewers for their own puposes? If this is so can
-
Function of the further Programms when I use LabVIEW PDA
Hi, I write my Bachelor Thesis over a PDA Application where I´ve create with LabVIEW PDA. Before I could use the LabVIEW PDA I must install few programms. 1)VisualStudio 2005 Standard 2)Visual Studio 2005 Command Shell 3)Windows Mobile 5.0 S
-
Why does my iPod touch keep freezing when I attempt to turn off iCloud Keychain in the settings?
Everytime I try to turn off iCloud Keychain, my iPod's Screen freezes and automatically turns iCloud Keychain back on. I really don't want ICloud Keychain and it has been a while since I tried to turn it off.