Help! Example to list users Active Directory
Hello, I�m totaly new to jndi. I need to obtain the list of users from Active Directory. Can anyone point me to an example or tutorial?
Thanx
Javier
After alot of trial and error I think I got this example to work. I got the example somewhere in this forum but I don�t remember from who, so if you think it�s your code, thanks. I hope it is usefull for anyone else....
<code>
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import javax.naming.*;
import java.util.Hashtable;
import java.util.Enumeration;
public class JndiTest
public static void main(String[] args)
System.out.println("Starting...");
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.20.223.129:389/");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS, "digitel412");
try
DirContext ctx = new InitialDirContext(env);
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrs = { "cn", "telephoneNumber", "sn", "userPrincipalName","memberOf","name" };
ctls.setReturningAttributes(attrs);
String filter = "(objectClass=organizationalPerson)";
NamingEnumeration answer = ctx.search("CN=Users,DC=digiteltest,DC=com,DC=xx", filter, ctls);
while (answer.hasMoreElements())
//NameClassPair nc = (NameClassPair)answer.next();
//System.out.println(nc);
SearchResult si = (SearchResult) answer.next();
Attributes attribs = si.getAttributes();
if (attribs == null)
System.out.println("No attributes");
else
for (NamingEnumeration ae = attribs.getAll(); ae.hasMoreElements();)
Attribute attr = (Attribute) ae.next();
String attrId = attr.getID();
for (Enumeration vals = attr.getAll(); vals.hasMoreElements(); System.out.println(attrId + ": " + vals.nextElement()));
System.out.println("======================================================================================");
ctx.close();
catch (Exception e)
e.printStackTrace();
System.out.println("Finished.");
</code>
Similar Messages
-
Unable to find user list in Active Directory Authenticator
Hi all,
I am using weblogic 10.3 and want to configure ActiveDirectory Authenticator for my weblogic application. We have one managed srever under admin server . I have configured a Active Directory Authenticator named "ADAuthenticator" and made following changes as per the below values:
I set the control flag to "OPTIONAL" .
Security Realms-->myrealm-->Providers-->ADAuthenticator-->Provider Specific
UserName Attribute : ServiceBEA
Principal : ServiceBEA
Host : xxxxxx
User Search Scope : subtree
Group From Name Filter : (&(ServiceBEA=%g)(objectclass=group))
Credential : xxxxxx
Confirm Credential : xxxxxx
User From Name Filter : (&(ServiceBEA=%u)(objectclass=user))
Static Group Name Attribute : ServiceBEA
User Base DN : values provided as per requirement
Port : 389
User Object Class : user
Use Retrieved User Name as Principal : checked
Group Base DN : same values as per User Base DN
Static Group Object Class : group
Group Membership Searching : unlimited
Max Group Membership Search Level : 0
These are my AD settings. After doing this i click on save and then activate changes and then restarted the admin server.
But the problem is when i login to weblogic console to check the user list under "User and Group" i am unble to find any Active Directory users.
I don't know where i made the mistake. Can some make me out of this trouble.
Any help is highly appreciated.
Thanks in advance !Hi Sean,
Actually we have already a Active Directory with username "ServiceBEA" in our windows server. So i used this "ServiceBEA" as UserName Attribute in weblogic console while creating a Active Directory Authenticator.
You mean to say that we should go for "sAMAccountName" or what? If that is the case then i have also tested with following values, but still no luck.
UserName Attribute : sAMAccountName
Principal : ServiceBEA
Host : xxxxxx
User Search Scope : subtree
Group From Name Filter : (&(sAMAccountName=%g)(objectclass=group))
Credential : xxxxxx
Confirm Credential : xxxxxx
User From Name Filter : (&(sAMAccountName=%u)(objectclass=user))
Static Group Name Attribute : sAMAccountName
User Base DN : values provided as per requirement
Port : 389
User Object Class : user
Use Retrieved User Name as Principal : checked
Group Base DN : same values as per User Base DN
Static Group Object Class : group
Group Membership Searching : unlimited
Max Group Membership Search Level : 0
Please advise what to be place in case of User Name Attribute.
Any help is highly appreciated.
Thanks in advance ! -
Cfldap to get 2 level of subordinates list from active directory
<CFLDAP SERVER="ldap.com" PORT="333" START="O=COM,C=AN" SCOPE="SUBTREE"
NAME="qryLevel1" ACTION="QUERY" ATTRIBUTES="cn, uid, alias"
FILTER="(&(manager=cn=TestName,ou=employee,o=COM,c=an)(objectclass=olPerson))" MAXROWS="999999" TIMEOUT="90000">
By using the above code, I am able to get subordinates for User(TestName), But I need the list of subordinate of all the subordinates also without loop please as it is taking long time to execute.
please assist me on this??Create a "global catalog" on the 2nd domain contoller, will fix this problem.
To create a new global catalog:
On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services .
In the console tree, double-click Sites , and then double-click <var>sitename</var> .
Double-click Servers , click your domain controller, right-click NTDS Settings , and then click Properties .
On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server.
Restart the domain controller. -
Security API help needed / howto list user in group
Hi there,
i have tried all example programs of the hyperion security api. hard work to correct the errors in these scripts.
now i can create native groups an users and can create groups on groups or put users in native groups.
i have read the java doc / reference for the security api too but its not possible for me to list users of a group (group reference by name).
is there anybody who can help with a code sample to list users of a group like "testgroup" ?
something like (...getGroups(context,"testgroup")...) ??
Best Regards
KaiPlease don't cross-post. It is considered very rude to do that here:
http://forum.java.sun.com/thread.jspa?threadID=5233033&messageID=9953169#9953169 -
Get Windows User (Active DIrectory)
Hi all,
does anybody know how to get the Windows UseID within a WebDynpro component ? I have tried with cl_gui_frontend_services class but it does not work.
Thanks a lot,
MaxIf your clients support PowerShell, you should be able to use the [adsi] accelerator and the ADSystemInfo object to bind to the user object corresponding to the current user on the client and retrieve the values of any AD attributes desired. For example:
# Retrieve the DN of the current user in AD.
$SysInfo =
New-Object -ComObject
"ADSystemInfo"
$UserDN =
$SysInfo.GetType().InvokeMember("UserName",
"GetProperty",
$Null, $SysInfo,
$Null)
# Bind to the user object in AD.
$User =
[ADSI]"LDAP://$UserDN"
# Retrieve attributes of the user.
$Mail =
$User.mail
# Display to the user.
"Your email address in Active Directory is $Mail"
Richard Mueller - MVP Directory Services -
Help Apache Tomcat integrate with Active Directory
Hello ,
I am trying to authenticate users in Apache Tomcat 5.5 from active
directory with no such luck.
The way my users are structured in AD is there's a department root OU
and then sub OU's for each department . The Groups OU is in its own OU.
This is the syntax Im using for the server.xml file. I have created
two groups am and thc and put the neccesary users in the groups.
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://dc1:389"
alternateURL="ldap://fs6:389"
userRoleName="member"
userBase="OU=Departments,dc=2krecovery,dc=com"
userPattern="cn={0},OU=Departments,dc=2krecovery,dc=com"
UserSubtree="true"
roleBase="OU=Groups,dc=2krecovery,dc=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
userSubtree="true"
/>
Could someone tell me if this is right? Running a Windows 2000 native
domain level with 2 windows 2000 dc's and one windows 2003 dc.
Here's the web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Tax Housing Compliance</web-resource-name>
<url-pattern>/thc/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>thc</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Asset Management</web-resource-name>
<url-pattern>/am/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>am</role-name>
</auth-constraint>
</security-constraint>Pl do not post duplicates - Use Multi Domain to integrate with Active Directory in R12
-
I need help removing hosts from all Active Directory Groups! - PowerShell
In our environment, we use AD Groups to create collections in Configuration Manager. I have a few PC's that need to be removed from all AD Groups in our Forest. I do not know how many groups these computers are in and to script it in PowerShell. Could
someone please guide me in the right direction?Hi,
Here's how you can check group membership:
Get-ADComputer COMPUTERNAME -Properties MemberOf |
Select -ExpandProperty MemberOf
http://ss64.com/ps/ad.html
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing) -
Hello.
We have two domain controllers - node1 (Windows 2008 R2) and node2 (Windows 2012 R2). When administrator connects to node2 and tries to rename some object in AD (for example, user) AD Domain Services crashes and reboot server after 60 seconds.
In Events I can see these messages:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 04.03.2014 12:37:58
Event ID: 1173
Task Category: Internal Processing
Level: Warning
Keywords: Classic
User: domain\admin
Computer: NODE2.domain.example
Description:
Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.
Exception:
c0000005
Parameter:
0
Additional Data
Error value:
7ffc7c38e45d
Internal ID:
0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="32768">1173</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>9</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.116264800Z" />
<EventRecordID>881</EventRecordID>
<Correlation />
<Execution ProcessID="572" ThreadID="2580" />
<Channel>Directory Service</Channel>
<Computer>NODE2.domain.example</Computer>
<Security UserID="S-1-5-21-3794920928-4165619442-305938157-2047" />
</System>
<EventData>
<Data>c0000005</Data>
<Data>7ffc7c38e45d</Data>
<Data>0</Data>
<Data>0</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 04.03.2014 12:37:58
Event ID: 1015
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: NODE2.domain.example
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="49152">1015</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
<EventRecordID>189578</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>NODE2.domain.example</Computer>
<Security />
</System>
<EventData>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>c0000005</Data>
</EventData>
</Event>
Log Name: Application
Source: Application Error
Date: 04.03.2014 12:37:58
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: NODE2.domain.example
Description:
Faulting application name: lsass.exe, version: 6.3.9600.16384, time stamp: 0x5215e25f
Faulting module name: ntdsai.dll, version: 6.3.9600.16421, time stamp: 0x524fcaed
Exception code: 0xc0000005
Fault offset: 0x000000000019e45d
Faulting process id: 0x23c
Faulting application start time: 0x01cf3773fe973e1b
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\system32\ntdsai.dll
Report Id: 85cfbe32-a367-11e3-80cc-00155d006724
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
<EventRecordID>189576</EventRecordID>
<Channel>Application</Channel>
<Computer>NODE2.domain.example</Computer>
<Security />
</System>
<EventData>
<Data>lsass.exe</Data>
<Data>6.3.9600.16384</Data>
<Data>5215e25f</Data>
<Data>ntdsai.dll</Data>
<Data>6.3.9600.16421</Data>
<Data>524fcaed</Data>
<Data>c0000005</Data>
<Data>000000000019e45d</Data>
<Data>23c</Data>
<Data>01cf3773fe973e1b</Data>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>C:\Windows\system32\ntdsai.dll</Data>
<Data>85cfbe32-a367-11e3-80cc-00155d006724</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
In node2 we installed all available updates and hotfixes.Hi Azamat Hackimov,
Regarding to error messages, it seems that the
ntdsai.dll file caused the issue. Based on current situation, please use
sfc /scannow command to scan protected system files and check if find error and repair. Meanwhile, you can also navigate to the location of this DLL file and confirm details.
In addition, Windows Server 2012 R2 has reboot unexpectedly. Please check if you get some dump file and then analysis it. It may help us to find the root reason. Please refer
to the following KB.
How to read the small dump memory dump file that is created by Windows if a crash occurs.
http://support.microsoft.com/kb/315263/en-us
By the way, it is not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service
and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu -
How to import your MS Active Directory users in an Oracle table
Hello,
I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
This doesn't work so I used an alternative solution:
How to import your MS Active Directory users in an Oracle table
- a Visual Basic script for export from Active Directory
- a table in my database
- a SQL*Loader Control-file
- a command-file to start the SQL*Loader
Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
Just to share my scripts:
I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
'Export_ActiveDir_users.vbs 26-10-2006
'Script to export info from MS Active Directory to a CSV-file
' Accountname, employeeid, Name, Function, Department etc.
' Richard de Boer - Wetterskip Fryslan, the Nethterlands
' samaccountname Logon Name / Account
' employeeid Employee ID
' name name
' displayname Display Name / Full Name
' sn Last Name
' description Description / Function
' department Department / Organisation
' physicaldeliveryofficename Office Location Wetterskip Fryslan
' streetaddress Street Address Harlingerstraatweg 113
' l City / Location Leeuwarden
' mail E-mail adress
' wwwhomepage Web Page Address
' distinguishedName Full unique name with cn, ou's, dc's
'Global variables
Dim oContainer
Dim OutPutFile
Dim FileSystem
'Initialize global variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
'Enumerate Container
EnumerateUsers oContainer
'Clean up
OutPutFile.Close
Set FileSystem = Nothing
Set oContainer = Nothing
WScript.Echo "Finished"
WScript.Quit(0)
Sub EnumerateUsers(oCont)
Dim oUser
For Each oUser In oCont
Select Case LCase(oUser.Class)
Case "user"
If Not IsEmpty(oUser.distinguishedName) Then
OutPutFile.WriteLine _
oUser.samaccountname & ";" & _
oUser.employeeid & ";" & _
oUser.Get ("name") & ";" & _
oUser.displayname & ";" & _
oUser.sn & ";" & _
oUser.description & ";" & _
oUser.department & ";" & _
oUser.physicaldeliveryofficename & ";" & _
oUser.streetaddress & ";" & _
oUser.l & ";" & _
oUser.mail & ";" & _
oUser.wwwhomepage & ";" & _
oUser.distinguishedName & ";"
End If
Case "organizationalunit", "container"
EnumerateUsers oUser
End Select
Next
End SubThis give's output like this:
rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
CREATE TABLE PG4WF.ACTD_USERS
samaccountname VARCHAR2(64)
, employeeid VARCHAR2(16)
, name VARCHAR2(64)
, displayname VARCHAR2(64)
, sn VARCHAR2(64)
, description VARCHAR2(100)
, department VARCHAR2(64)
, physicaldeliveryofficename VARCHAR2(64)
, streetaddress VARCHAR2(128)
, l VARCHAR2(64)
, mail VARCHAR2(100)
, wwwhomepage VARCHAR2(128)
, distinguishedName VARCHAR2(256)
)I made SQL*Loader Control-file:
LOAD DATA
INFILE 'ActiveDir_users.csv'
BADFILE 'ActiveDir_users.bad'
DISCARDFILE 'ActiveDir_users.dsc'
TRUNCATE
INTO TABLE PG4WF.ACTD_USERS
FIELDS TERMINATED BY ';'
( samaccountname
, employeeid
, name
, displayname
, sn
, description
, department
, physicaldeliveryofficename
, streetaddress
, l
, mail
, wwwhomepage
, distinguishedName
)I made a cmd-file to start SQL*Loader
: Import the Active Directory users in Oracle by SQL*Loader
D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
http://www.kouti.com/tables/userattributes.htm
Greetings,
Richard de BoerI have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
Is there any way that I can find out what time each record has been inserted?
For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
First you need to clarify what you mean by 'the date that each record get inserted'. A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time. -
How to get Primary Group details of a user from Active Directory
Hi ,
This is Viswanath. I want to know how can we retrieve the primary group of a user (Active Directory). I have searhed the entire forum but could not get the required information.
The reference link is which i have searched is : http://forum.java.sun.com/thread.jspa?threadID=581444
I got a sample .NET project where we can retrieve the primary group information :
refer to the link : http://dunnry.com/blog/DeterminingYourPrimaryGroupInActiveDirectoryUsingNET.aspx
you can download the sample project and build that in VS.NET 2003 and see the result. Please let me know if this kind of implementation is possible in java.
Kindly help me as i have to provide a solution to my client.
Regards,
Viswanath.
Edited by: sriganesh on Jun 22, 2008 10:36 AM
can anybody please share their thoughts on the aboveTo connect to the Active Directory you can do something like this:
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class AD
public static void main(String[] args)
Hashtable environment = new Hashtable();
//Just change your user here
String myUser = "myUser";
//Just change your user password here
String myPassword = "myUser";
//Just change your domain name here
String myDomain = "myDomain";
//Host name or IP
String myActiveDirectoryServer = "192.168.0.20";
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.PROVIDER_URL, "ldap://" + myActiveDirectoryServer + ":389");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.SECURITY_PRINCIPAL, "CN=" + myUser + ",CN=Users,DC=" + myDomain + ",DC=COM");
environment.put(Context.SECURITY_CREDENTIALS, myPassword);
try
DirContext context = new InitialDirContext(environment);
System.out.println("Exit!!");
catch (NamingException e)
e.printStackTrace();
Reddy Pathepuram
Inteligic Inc -
Require list of all events for Windows Server 2008 Active Directory
Hi all,
I require list of all events for Windows Server 2008 Active Directory. Event Log name for Active Directory log is "Directory Service".
Regards,
SRHi,
Thanks for your posting.
Do you mean you want to list all Active Directory logs into one file named “Directory Services”?
If that, it’s hard to achieve. There are kinds of Active Directory logs stored in different locations and they have different file formats. It’s hard
to collect them into one file.
Active directory records events in the directory services log in Event Viewer. By default, Active Directory records only critical error events. To instruct Active
Directory to record other events in the directory services log, we need to modify registry.
For more information please refer to following MS articles:
Active Directory Diagnostic Logging
http://technet.microsoft.com/en-us/library/cc961809.aspx
How to configure Active Directory diagnostic event log
http://support.microsoft.com/kb/314980
Lawrence
TechNet Community Support -
Active Directory - Authentication Problem
Hi Guys,
I'm seeing something really weird in my Environment.
For example, we have two users as example below in our Active Directory:
jonesp - Paul Jones
jonesph - Phillip Jones
These users can't login into any Mac connected in Active Directory, on PCs the login goes fine.
But when I renamed the login jonesp to jonespa, both users can login in the Macs.
Anyone have this issue too? There is a KB telling about this behavior?
This happens on Macs running 10.7.* and 10.8.*.
ThanksSorry CT,
The problem isn't with Active Directory, this only happens on Macs.
The problem doesn't happens with Windows and Linux, only on Macs.
Anyway thanks for your help.
Regards -
I'm trying to give a mailbox user Send As right for a distribution group. But the cmdlet comes back with this:
Get-DistributionGroup MyGroup | Add-ADPermission -user albert -ExtendedRights Send-As
Active Directory operation failed on <DC fqdn>. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : FE24751F,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
What could be the problem, considering the items below :
- inheritance is not broken to the level of the distribution group object
- the account used to run the cmdlet is a member of the Organization Management group
- creating a new distribution group in the same OU and running the command works as expected; checking the permission for this group against MyGroup (using Get-DistributionGroup testgroup | Get-ADPermission | Sort-Object User,AccessRights | ft user,accessrights,extendedrights,properties)
shows no differences.
- adding the permission using ADUC results in the user being able to Send As the group, however I'm trying to find out the root cause of the Powershell cmdlet execution problem
- there is no Deny permission on the group's ACL
- the group didn't have the "Hide Membership" feature of Exchange 2003 applied, so there shouldn't be any non-canonical ACL issuesAnyone ever come up with a solution to this? I get something similar when Activesync tries to create objects on user containers.
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Test User,OU=Domain Users,DC=domain,DC=com" container under Active Directory user "Active Directory operation failed on DELL7S09.domain.com. This error is not retriable.
Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchActiveSyncDevices" and doesn't have any deny permissions that block such operations.
Details:%3
So...I get this after I introduced a MS Exchange 2010 SP3 RU8 server into my environment. You can find LOTS of people suggesting the same fix but I've not found anything that deviates from those fixes: check the "inherit permissions",
and give full permis to msExchActiveSync devices for the Exchange Servers security group, blah blah.
I got to this point by following a Migrate to Exch2010 paper by MS. I have no Win2k servers, my old Exchange server is Win2003r2SP2 with Exch2003SP2 fully patched. The Exch server is also a DC. I installed a new 2012r2 server and then patched
it. Installed Exch2010SP3Ru8 and all seems well.
The old Exch2003 server is still in production. My iPhone army connects remotely for mail, and all works great. I created a new Test User in AD, gave it a mailbox on the 2003 server, and waited a bit. It eventually shows up in the Server
Manager on the new 2010 Exch Server. I send it a bunch of emails, connect to it with an outook client on a Win7 machine, all works. I go to the SM on the 2010 box and migrate the mailbox to the new server. It works. I can connect with
outlook, send receive mail to other users in the org. I then try to connect with my iPhone and I get the message in Event Viewer over and over.
Went so far as to Promo the new 2012 server to a DC. seems to be fine. Now am wondering if I Demote the old Exch2003 server will it help...or cause a new crop of issues.... -
Active Directory integration problem, Bind AC and OD
Hi.
I'm trying to set an Open Directory as "connect to a Directory System" because I have a windows 2000 server with Active Directory. But i have a problem when i click on "open directory Access", Access Directory appear and I select Active Directory.
xxx.yyy is the server with active directory, with its admin and its password. but i cant Bind it and an error always appear.
can you help me?
what's "active directory domain"?is it xxx.yyy?
and what's "computer ID"?
Are there others parameters to set for example in DNS or other?
help help helpWhat are you trying to achieve by doing this?
Got to http://www.afp548.com/ and serach for AD-OD integration.
http://www.afp548.com/article.php?story=20051202151540574 -
What is the concept of Active directory in HFM
Hi Experts
What is the concept of Active directory in HFM?
regards
DevHi Dave,
Not sure if this is your exact requirement... but might be helpful.
The concept of Active directory is that users can login to HFM application with the windows credentials. To make that work you should first need to configure.
Please refer the below link, page 23:
http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200.pdf
Hope this helps,
Thank you,
Charles Babu J
Maybe you are looking for
-
I back up using time machine to an external hard drive, and I back up everything, including my system (System X version 10.6.8), but whilst lying bed with insomnia I thought - if I buy a new Mac with the latest system, and use Time Machine to restore
-
Outlook Integration setup !!
Hello Experts, In My organization we have 23 licences but every system in on LAN.. we are using Exchange for our mails. Every machine has client. Please tell me is there any specific service we got to use for the Outlook Integration ? And do i have t
-
HT4906 how do I download my photos on my iCloud?
Can anyone tell me how to download my iCloud photos, etc... to my MAC?
-
Budget Exceed error while settlement in PS T-Code CJ88
Hi Guru's, I have created structure upto 6 level and i have done planning and budgeting at 6th level only, and actual cost is also posted at 6th level. When i am setteling that amount at 5th level WBS using T-Code CJ88 then it is giving Budget excee
-
Color change when transferring image from Photoshop to After Effects
Hi everyone, I am trying to import a logo from photoshop CS6 to After Effects CS6, however the black color within the image changes to a dark grey when it gets into AE. I noticed on the color picker in PS that it changes to the same grey color that i