Help!  Example to list users Active Directory

Similar Messages

• Unable to find user list in Active Directory Authenticator

  Hi all,
  I am using weblogic 10.3 and want to configure ActiveDirectory Authenticator for my weblogic application. We have one managed srever under admin server . I have configured a Active Directory Authenticator named "ADAuthenticator" and made following changes as per the below values:
  I set the control flag to "OPTIONAL" .
  Security Realms-->myrealm-->Providers-->ADAuthenticator-->Provider Specific
  UserName Attribute : ServiceBEA
  Principal : ServiceBEA
  Host : xxxxxx
  User Search Scope : subtree
  Group From Name Filter : (&(ServiceBEA=%g)(objectclass=group))
  Credential : xxxxxx
  Confirm Credential : xxxxxx
  User From Name Filter : (&(ServiceBEA=%u)(objectclass=user))
  Static Group Name Attribute : ServiceBEA
  User Base DN : values provided as per requirement
  Port : 389
  User Object Class : user
  Use Retrieved User Name as Principal : checked
  Group Base DN : same values as per User Base DN
  Static Group Object Class : group
  Group Membership Searching : unlimited
  Max Group Membership Search Level : 0
  These are my AD settings. After doing this i click on save and then activate changes and then restarted the admin server.
  But the problem is when i login to weblogic console to check the user list under "User and Group" i am unble to find any Active Directory users.
  I don't know where i made the mistake. Can some make me out of this trouble.
  Any help is highly appreciated.
  Thanks in advance !

  Hi Sean,
  Actually we have already a Active Directory with username "ServiceBEA" in our windows server. So i used this "ServiceBEA" as UserName Attribute in weblogic console while creating a Active Directory Authenticator.
  You mean to say that we should go for "sAMAccountName" or what? If that is the case then i have also tested with following values, but still no luck.
  UserName Attribute : sAMAccountName
  Principal : ServiceBEA
  Host : xxxxxx
  User Search Scope : subtree
  Group From Name Filter : (&(sAMAccountName=%g)(objectclass=group))
  Credential : xxxxxx
  Confirm Credential : xxxxxx
  User From Name Filter : (&(sAMAccountName=%u)(objectclass=user))
  Static Group Name Attribute : sAMAccountName
  User Base DN : values provided as per requirement
  Port : 389
  User Object Class : user
  Use Retrieved User Name as Principal : checked
  Group Base DN : same values as per User Base DN
  Static Group Object Class : group
  Group Membership Searching : unlimited
  Max Group Membership Search Level : 0
  Please advise what to be place in case of User Name Attribute.
  Any help is highly appreciated.
  Thanks in advance !

• Cfldap to get 2 level of subordinates list from active directory

  <CFLDAP SERVER="ldap.com" PORT="333" START="O=COM,C=AN" SCOPE="SUBTREE"
  NAME="qryLevel1" ACTION="QUERY" ATTRIBUTES="cn, uid, alias"
  FILTER="(&(manager=cn=TestName,ou=employee,o=COM,c=an)(objectclass=olPerson))" MAXROWS="999999" TIMEOUT="90000">
  By using the above code, I am able to get subordinates for User(TestName), But I need the list of subordinate of all the subordinates also without loop please as it is taking long time to execute.
  please assist me on this??

  Create a "global catalog" on the 2nd domain contoller, will fix this problem. 
  To create a new global catalog:
  On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services .
  In the console tree, double-click Sites , and then double-click <var>sitename</var> .
  Double-click Servers , click your domain controller, right-click NTDS Settings , and then click Properties .
  On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server.
  Restart the domain controller.

• Security API help needed / howto list user in group

  Hi there,
  i have tried all example programs of the hyperion security api. hard work to correct the errors in these scripts.
  now i can create native groups an users and can create groups on groups or put users in native groups.
  i have read the java doc / reference for the security api too but its not possible for me to list users of a group (group reference by name).
  is there anybody who can help with a code sample to list users of a group like "testgroup" ?
  something like (...getGroups(context,"testgroup")...) ??
  Best Regards
  Kai

  Please don't cross-post. It is considered very rude to do that here:
  http://forum.java.sun.com/thread.jspa?threadID=5233033&messageID=9953169#9953169

• Get Windows User  (Active DIrectory)

  Hi all,
  does anybody know how to get the Windows UseID within a WebDynpro component ? I have tried with cl_gui_frontend_services class but it does not work.
  Thanks a lot,
  Max

  If your clients support PowerShell, you should be able to use the [adsi] accelerator and the ADSystemInfo object to bind to the user object corresponding to the current user on the client and retrieve the values of any AD attributes desired. For example:
  # Retrieve the DN of the current user in AD.
  $SysInfo =
  New-Object -ComObject
  "ADSystemInfo"
  $UserDN =
  $SysInfo.GetType().InvokeMember("UserName",
  "GetProperty",
  $Null, $SysInfo,
  $Null)
  # Bind to the user object in AD.
  $User =
  [ADSI]"LDAP://$UserDN"
  # Retrieve attributes of the user.
  $Mail =
  $User.mail
  # Display to the user.
  "Your email address in Active Directory is $Mail"
  Richard Mueller - MVP Directory Services

• Help Apache Tomcat integrate with Active Directory

  Hello ,
  I am trying to authenticate users in Apache Tomcat 5.5 from active
  directory with no such luck.
  The way my users are structured in AD is there's a department root OU
  and then sub OU's for each department . The Groups OU is in its own OU.
  This is the syntax Im using for the server.xml file. I have created
  two groups am and thc and put the neccesary users in the groups.
  <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
  connectionURL="ldap://dc1:389"
  alternateURL="ldap://fs6:389"
  userRoleName="member"
  userBase="OU=Departments,dc=2krecovery,dc=com"
  userPattern="cn={0},OU=Departments,dc=2krecovery,dc=com"
  UserSubtree="true"
  roleBase="OU=Groups,dc=2krecovery,dc=com"
  roleName="cn"
  roleSearch="(member={0})"
  roleSubtree="false"
  userSubtree="true"
  />
  Could someone tell me if this is right? Running a Windows 2000 native
  domain level with 2 windows 2000 dc's and one windows 2003 dc.
  Here's the web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Tax Housing Compliance</web-resource-name>
  <url-pattern>/thc/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>thc</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Asset Management</web-resource-name>
  <url-pattern>/am/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>am</role-name>
  </auth-constraint>
  </security-constraint>

  Pl do not post duplicates - Use Multi Domain to integrate with Active Directory in R12

• I need help removing hosts from all Active Directory Groups! - PowerShell

  In our environment, we use AD Groups to create collections in Configuration Manager. I have a few PC's that need to be removed from all AD Groups in our Forest. I do not know how many groups these computers are in and to script it in PowerShell. Could
  someone please guide me in the right direction?

  Hi,
  Here's how you can check group membership:
  Get-ADComputer COMPUTERNAME -Properties MemberOf |
  Select -ExpandProperty MemberOf
  http://ss64.com/ps/ad.html
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Active Directory Domain Services crash after Administrator renames object in Active Directory Users and Computers

  Hello.
  We have two domain controllers - node1 (Windows 2008 R2) and node2 (Windows 2012 R2). When administrator connects to node2 and tries to rename some object in AD (for example, user) AD Domain Services crashes and reboot server after 60 seconds.
  In Events I can see these messages:
  Log Name:      Directory Service
  Source:        Microsoft-Windows-ActiveDirectory_DomainService
  Date:          04.03.2014 12:37:58
  Event ID:      1173
  Task Category: Internal Processing
  Level:         Warning
  Keywords:      Classic
  User:          domain\admin
  Computer:      NODE2.domain.example
  Description:
  Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.
  Exception:
  c0000005
  Parameter:
  0
  Additional Data
  Error value:
  7ffc7c38e45d
  Internal ID:
  0
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
      <EventID Qualifiers="32768">1173</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>9</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8080000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-04T06:37:58.116264800Z" />
      <EventRecordID>881</EventRecordID>
      <Correlation />
      <Execution ProcessID="572" ThreadID="2580" />
      <Channel>Directory Service</Channel>
      <Computer>NODE2.domain.example</Computer>
      <Security UserID="S-1-5-21-3794920928-4165619442-305938157-2047" />
    </System>
    <EventData>
      <Data>c0000005</Data>
      <Data>7ffc7c38e45d</Data>
      <Data>0</Data>
      <Data>0</Data>
    </EventData>
  </Event>
  Log Name:      Application
  Source:        Microsoft-Windows-Wininit
  Date:          04.03.2014 12:37:58
  Event ID:      1015
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      NODE2.domain.example
  Description:
  A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005.  The machine must now be restarted.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
      <EventID Qualifiers="49152">1015</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
      <EventRecordID>189578</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>Application</Channel>
      <Computer>NODE2.domain.example</Computer>
      <Security />
    </System>
    <EventData>
      <Data>C:\Windows\system32\lsass.exe</Data>
      <Data>c0000005</Data>
    </EventData>
  </Event>
  Log Name:      Application
  Source:        Application Error
  Date:          04.03.2014 12:37:58
  Event ID:      1000
  Task Category: (100)
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      NODE2.domain.example
  Description:
  Faulting application name: lsass.exe, version: 6.3.9600.16384, time stamp: 0x5215e25f
  Faulting module name: ntdsai.dll, version: 6.3.9600.16421, time stamp: 0x524fcaed
  Exception code: 0xc0000005
  Fault offset: 0x000000000019e45d
  Faulting process id: 0x23c
  Faulting application start time: 0x01cf3773fe973e1b
  Faulting application path: C:\Windows\system32\lsass.exe
  Faulting module path: C:\Windows\system32\ntdsai.dll
  Report Id: 85cfbe32-a367-11e3-80cc-00155d006724
  Faulting package full name:
  Faulting package-relative application ID:
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Application Error" />
      <EventID Qualifiers="0">1000</EventID>
      <Level>2</Level>
      <Task>100</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
      <EventRecordID>189576</EventRecordID>
      <Channel>Application</Channel>
      <Computer>NODE2.domain.example</Computer>
      <Security />
    </System>
    <EventData>
      <Data>lsass.exe</Data>
      <Data>6.3.9600.16384</Data>
      <Data>5215e25f</Data>
      <Data>ntdsai.dll</Data>
      <Data>6.3.9600.16421</Data>
      <Data>524fcaed</Data>
      <Data>c0000005</Data>
      <Data>000000000019e45d</Data>
      <Data>23c</Data>
      <Data>01cf3773fe973e1b</Data>
      <Data>C:\Windows\system32\lsass.exe</Data>
      <Data>C:\Windows\system32\ntdsai.dll</Data>
      <Data>85cfbe32-a367-11e3-80cc-00155d006724</Data>
      <Data>
      </Data>
      <Data>
      </Data>
    </EventData>
  </Event>
  In node2 we installed all available updates and hotfixes.

   Hi Azamat Hackimov,
  Regarding to error messages, it seems that the
  ntdsai.dll file caused the issue. Based on current situation, please use
  sfc /scannow command to scan protected system files and check if find error and repair. Meanwhile, you can also navigate to the location of this DLL file and confirm details.
  In addition, Windows Server 2012 R2 has reboot unexpectedly. Please check if you get some dump file and then analysis it. It may help us to find the root reason. Please refer
  to the following KB.
  How to read the small dump memory dump file that is created by Windows if a crash occurs.
  http://support.microsoft.com/kb/315263/en-us
  By the way, it is not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service
  and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request, please refer to the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  Hope this helps.
  Best regards,
  Justin Gu

• How to import your MS Active Directory users in an Oracle table

  Hello,
  I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
  This doesn't work so I used an alternative solution:
  How to import your MS Active Directory users in an Oracle table
  - a Visual Basic script for export from Active Directory
  - a table in my database
  - a SQL*Loader Control-file
  - a command-file to start the SQL*Loader
  Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
  Just to share my scripts:
  I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
  'Export_ActiveDir_users.vbs                              26-10-2006
  'Script to export info from MS Active Directory to a CSV-file
  '     Accountname, employeeid, Name, Function, Department etc.
  '       Richard de Boer - Wetterskip Fryslan, the Nethterlands
  '     samaccountname          Logon Name / Account     
  '     employeeid          Employee ID
  '     name               name     
  '     displayname          Display Name / Full Name     
  '     sn               Last Name     
  '     description          Description / Function
  '     department          Department / Organisation     
  '     physicaldeliveryofficename Office Location     Wetterskip Fryslan
  '     streetaddress          Street Address          Harlingerstraatweg 113
  '     l               City / Location          Leeuwarden
  '     mail               E-mail adress     
  '     wwwhomepage          Web Page Address
  '     distinguishedName     Full unique name with cn, ou's, dc's
  'Global variables
      Dim oContainer
      Dim OutPutFile
      Dim FileSystem
  'Initialize global variables
      Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
      Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
      Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
  'Enumerate Container
      EnumerateUsers oContainer
  'Clean up
      OutPutFile.Close
      Set FileSystem = Nothing
      Set oContainer = Nothing
      WScript.Echo "Finished"
      WScript.Quit(0)
  Sub EnumerateUsers(oCont)
      Dim oUser
      For Each oUser In oCont
          Select Case LCase(oUser.Class)
                 Case "user"
                      If Not IsEmpty(oUser.distinguishedName) Then
                          OutPutFile.WriteLine _
                 oUser.samaccountname      & ";" & _
                 oUser.employeeid     & ";" & _
                 oUser.Get ("name")      & ";" & _
                 oUser.displayname      & ";" & _
                 oUser.sn           & ";" & _
                 oUser.description      & ";" & _
                 oUser.department      & ";" & _
                 oUser.physicaldeliveryofficename & ";" & _
                 oUser.streetaddress      & ";" & _
                 oUser.l           & ";" & _
                 oUser.mail           & ";" & _
                 oUser.wwwhomepage      & ";" & _
                 oUser.distinguishedName     & ";"
                      End If
                 Case "organizationalunit", "container"
                      EnumerateUsers oUser
          End Select
      Next
  End SubThis give's output like this:
  rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
  tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
  CREATE TABLE     PG4WF.ACTD_USERS     
       samaccountname          VARCHAR2(64)
  ,     employeeid          VARCHAR2(16)
  ,     name               VARCHAR2(64)
  ,     displayname          VARCHAR2(64)
  ,     sn               VARCHAR2(64)
  ,     description          VARCHAR2(100)
  ,     department          VARCHAR2(64)
  ,     physicaldeliveryofficename     VARCHAR2(64)
  ,     streetaddress          VARCHAR2(128)
  ,     l               VARCHAR2(64)
  ,     mail               VARCHAR2(100)
  ,     wwwhomepage          VARCHAR2(128)
  ,     distinguishedName     VARCHAR2(256)
  )I made SQL*Loader Control-file:
  LOAD DATA
  INFILE           'ActiveDir_users.csv'
  BADFILE      'ActiveDir_users.bad'
  DISCARDFILE      'ActiveDir_users.dsc'
  TRUNCATE
  INTO TABLE PG4WF.ACTD_USERS
  FIELDS TERMINATED BY ';'
  (     samaccountname
  ,     employeeid
  ,     name
  ,     displayname
  ,     sn
  ,     description
  ,     department
  ,     physicaldeliveryofficename
  ,     streetaddress
  ,     l
  ,     mail
  ,     wwwhomepage
  ,     distinguishedName
  )I made a cmd-file to start SQL*Loader
  : Import the Active Directory users in Oracle by SQL*Loader
  D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
  http://www.kouti.com/tables/userattributes.htm
  Greetings,
  Richard de Boer

  I have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
  Is there any way that I can find out what time each record has been inserted?
  For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
  First you need to clarify what you mean by 'the date that each record get inserted'.  A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
  Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
  The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time.

• How to get Primary Group details of a user from Active Directory

  Hi ,
  This is Viswanath. I want to know how can we retrieve the primary group of a user (Active Directory). I have searhed the entire forum but could not get the required information.
  The reference link is which i have searched is : http://forum.java.sun.com/thread.jspa?threadID=581444
  I got a sample .NET project where we can retrieve the primary group information :
  refer to the link : http://dunnry.com/blog/DeterminingYourPrimaryGroupInActiveDirectoryUsingNET.aspx
  you can download the sample project and build that in VS.NET 2003 and see the result. Please let me know if this kind of implementation is possible in java.
  Kindly help me as i have to provide a solution to my client.
  Regards,
  Viswanath.
  Edited by: sriganesh on Jun 22, 2008 10:36 AM
  can anybody please share their thoughts on the above

  To connect to the Active Directory you can do something like this:
  import java.util.Hashtable;
  import javax.naming.Context;
  import javax.naming.NamingException;
  import javax.naming.directory.DirContext;
  import javax.naming.directory.InitialDirContext;
  public class AD
  public static void main(String[] args)
  Hashtable environment = new Hashtable();
  //Just change your user here
  String myUser = "myUser";
  //Just change your user password here
  String myPassword = "myUser";
  //Just change your domain name here
  String myDomain = "myDomain";
  //Host name or IP
  String myActiveDirectoryServer = "192.168.0.20";
  environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
  environment.put(Context.PROVIDER_URL, "ldap://" + myActiveDirectoryServer + ":389");
  environment.put(Context.SECURITY_AUTHENTICATION, "simple");
  environment.put(Context.SECURITY_PRINCIPAL, "CN=" + myUser + ",CN=Users,DC=" + myDomain + ",DC=COM");
  environment.put(Context.SECURITY_CREDENTIALS, myPassword);
  try
  DirContext context = new InitialDirContext(environment);
  System.out.println("Exit!!");
  catch (NamingException e)
  e.printStackTrace();
  Reddy Pathepuram
  Inteligic Inc

• Require list of all events for Windows Server 2008 Active Directory

  Hi all,
  I require list of all events for Windows Server 2008 Active Directory. Event Log name for Active Directory log is "Directory Service".
  Regards,
  SR

  Hi,
  Thanks for your posting.
  Do you mean you want to list all Active Directory logs into one file named “Directory Services”?
  If that, it’s hard to achieve. There are kinds of Active Directory logs stored in different locations and they have different file formats. It’s hard
  to collect them into one file.
  Active directory records events in the directory services log in Event Viewer. By default, Active Directory records only critical error events. To instruct Active
  Directory to record other events in the directory services log, we need to modify registry.
  For more information please refer to following MS articles:
  Active Directory Diagnostic Logging
  http://technet.microsoft.com/en-us/library/cc961809.aspx
  How to configure Active Directory diagnostic event log
  http://support.microsoft.com/kb/314980
  Lawrence
  TechNet Community Support

• Active Directory - Authentication Problem

  Hi Guys,
  I'm seeing something really weird in my Environment.
  For example, we have two users as example below in our Active Directory:
  jonesp - Paul Jones
  jonesph - Phillip Jones
  These users can't login into any Mac connected in Active Directory, on PCs the login goes fine.
  But when I renamed the login jonesp to jonespa, both users can login in the Macs.
  Anyone have this issue too? There is a KB telling about this behavior?
  This happens on Macs running 10.7.* and 10.8.*.
  Thanks

  Sorry CT,
  The problem isn't with Active Directory, this only happens on Macs.
  The problem doesn't happens with Windows and Linux, only on Macs.
  Anyway thanks for your help.
  Regards

• "Active Directory operation failed on DC " when assigning Send As permissions on a distribution group

  I'm trying to give a mailbox user Send As right for a distribution group. But the cmdlet comes back with this:
  Get-DistributionGroup MyGroup | Add-ADPermission -user albert -ExtendedRights Send-As
  Active Directory operation failed on <DC fqdn>. This error is not retriable. Additional information: Access is denied.
  Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
      + CategoryInfo          : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
      + FullyQualifiedErrorId : FE24751F,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
  What could be the problem, considering the items below :
  - inheritance is not broken to the level of the distribution group object
  - the account used to run the cmdlet is a member of the Organization Management group
  - creating a new distribution group in the same OU and running the command works as expected; checking the permission for this group against MyGroup (using Get-DistributionGroup testgroup | Get-ADPermission | Sort-Object User,AccessRights | ft user,accessrights,extendedrights,properties)
  shows no differences.
  - adding the permission using ADUC results in the user being able to Send As the group, however I'm trying to find out the root cause of the Powershell cmdlet execution problem
  - there is no Deny permission on the group's ACL
  - the group didn't have the "Hide Membership" feature of Exchange 2003 applied, so there shouldn't be any non-canonical ACL issues

  Anyone ever come up with a solution to this?  I get something similar when Activesync tries to create objects on user containers.
  Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Test User,OU=Domain Users,DC=domain,DC=com" container under Active Directory user "Active Directory operation failed on DELL7S09.domain.com. This error is not retriable.
  Additional information: Access is denied.
  Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
  Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchActiveSyncDevices" and doesn't have any deny permissions that block such operations.
  Details:%3
  So...I get this after I introduced a MS Exchange 2010 SP3 RU8 server into my environment.  You can find LOTS of people suggesting the same fix but I've not found anything that deviates from those fixes:  check the "inherit permissions",
  and give full permis to msExchActiveSync devices for the Exchange Servers security group, blah blah.
  I got to this point by following a Migrate to Exch2010 paper by MS.  I have no Win2k servers, my old Exchange server is Win2003r2SP2 with Exch2003SP2 fully patched.  The Exch server is also a DC.  I installed a new 2012r2 server and then patched
  it.  Installed Exch2010SP3Ru8 and all seems well.  
  The old Exch2003 server is still in production.  My iPhone army connects remotely for mail, and all works great.  I created a new Test User in AD, gave it a mailbox on the 2003 server, and waited a bit.  It eventually shows up in the Server
  Manager on the new 2010 Exch Server.  I send it a bunch of emails, connect to it with an outook client on a Win7 machine, all works.  I go to the SM on the 2010 box and migrate the mailbox to the new server.  It works.  I can connect with
  outlook, send receive mail to other users in the org.  I then try to connect with my iPhone and I get the message in Event Viewer over and over.
  Went so far as to Promo the new 2012 server to a DC.  seems to be fine.  Now am wondering if I Demote the old Exch2003 server will it help...or cause a new crop of issues....

• Active Directory integration problem, Bind AC and OD

  Hi.
  I'm trying to set an Open Directory as "connect to a Directory System" because I have a windows 2000 server with Active Directory. But i have a problem when i click on "open directory Access", Access Directory appear and I select Active Directory.
  xxx.yyy is the server with active directory, with its admin and its password. but i cant Bind it and an error always appear.
  can you help me?
  what's "active directory domain"?is it xxx.yyy?
  and what's "computer ID"?
  Are there others parameters to set for example in DNS or other?
  help help help

  What are you trying to achieve by doing this?
  Got to http://www.afp548.com/ and serach for AD-OD integration.
  http://www.afp548.com/article.php?story=20051202151540574

• What is the concept of Active directory in HFM

  Hi Experts
  What is the concept of Active directory in HFM?
  regards
  Dev

  Hi Dave,
  Not sure if this is your exact requirement... but might be helpful.
  The concept of Active directory is that users can login to HFM application with the windows credentials. To make that work you should first need to configure.
  Please refer the below link, page 23:
  http://docs.oracle.com/cd/E17236_01/epm.1112/hss_admin_1112200.pdf
  Hope this helps,
  Thank you,
  Charles Babu J