How to Apply Exchange 2013 Active Directory Split Permission Model and Completely Isolate AD and Exchange Management??
Hi Experts,
I am Deploying Exchange 2013 in an organization where currently Active Directory is handled and Administered by a different Admins and they want Exchange to be managed by another set of Admins. My customer wants to completely Isolate Administration and Management
of both AD And Exchange. i have gone through some technet articles and tested option for both RBAC and Active Directory Split permission model. I think Active Directory Split Permission model would be helpful but while testing i came to know that, via Split
permission Exchange admin can not create or delete User/Dist. Groups but still he can Edit or modify the details (City, office address, phone no. Department and display name etc.) which means that this is not fully separation of Roles between AD Admins and
Exchange Admins.
please help me to resolve below queries and Scenarios if supported by Exchange Split permission model -
(1) only AD Admins should be able to create, Delete or modify the Security principles property in Active Directory. Exchange Admin should only need to modify Exchange related property/attributes from exchange Control panel or shell. they should not be able
to change the Display name, and other AD related common attributes via Exchange Admin centre or management shell.
(2) similarly i want to restrict my AD Admins from modifying or changing exchange related attributes by any means (ADSIEDIT, ADUC,). i want to restrict my AD Admins from assigning organization management or recipient management rights to them-self and do
any modification on my exchange servers via Shell or Admin Centre and then Revoke the membership from Exchange Security groups. i want AD Admins and Exchange should do their respective tasks without any ability to change/edit or modify any settings of each
others??
(3) I Want to restrict to open Exchange Admin Centre (ECP) via some limited Systems only. i know we can block to open ECP via internet but i want to restrict it to open within internal network as well and from limited systems of my Exchange Admin.
Regards,
Aanand Singh Karki
Regards, Aanand Singh
Hi,
For Exchange privileges, I suggest use RBAC.
Regards,
Simon Wu
TechNet Community Support
Similar Messages
-
How do i use an active directory group for vpn and not all user
hi all,
i have an asa 5515x...
how do i use a particular group in active directory to have vpn/anyconnect access? right now i believe it's for all user on my current config,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
!integrate with active directory
aaa-server LDAPSERVERS protocol ldap
aaa-server LDAPSERVERS (vlan192) host 10.0.0.2
ldap-base-dn dc=company,dc=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password 12345678
ldap-login-dn cn=administrator,cn=Users,dc=company,dc=com
server-type auto-detect
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
say i want this "vpn-group" object group in AD and my vpn is only anyconnect and no other vpn types.
thanks for any comment you may add.The best way is to use Dynamic Access Policies (DAP). Cisco has a white paper (here) that shows how one can choose the LDAP group as one of the DAP criteria.
DAP requires the Advanced Endpoint Assessment feature, so your licensing must support that. -
Active Directory - Server 2008 R2 and 2012 R2 (Server Formatting or not productive
Hello guys, I come here to try to clarify a great doubts regarding Server Operating Systems, I will attempt to detail the most of my scenario.
Suppose I have a Server 2008 R2 in production, and this is my Active Directory server (meudominio.local) and am managing through Group Policy settings my workstations that are around 60-70 computers, guys my doubts the thing is, if I need some time to format
and perform a fresh installation of my server as it will be my Active Directory? Of course I will have lost my domain controller and I have to accomplish the placement of each workstation again that enters my domain one by one.
I know there is the option of AD replication, so we call the Active Directory, even for another version of the Operating System, prátia already realized this, but it most often comes not functioning properly, done without replication problems Server 2003 to
2008 R2.
Guys like to know a solution to not having to put my plants in my domain network again one by one, is there any way to backup so that when I reinstalled the system and the AD again in my server stations return to "see" again that server as your domain
controller, even me installing AD with the same domain name before this formatting stations do not respond to this driver in this case do the Network ID or add the station to the area again, so she creates a new user profile for example (Max.meudominio) while
your old profile "guy" still remains on the machine, I adopted the practice of editing the record of this newly created profile and pointing him well for the old user folder which contains all data and settings, eg edit my key "ProfileImagePath"
regedit logged in with the newly created profile (Max.meudominio) ->
(switch "ProfileImagePath" C:\Users\Max.meudominio) thus pointing to the folder before replacing in the field again this season after formatted server, thus ->
(Switch "ProfileImagePath" C:\Users\Max), detail that we give permission for all such user "C:\Users\Max" folder, after that restart the computer and he comes back with the user profile and all your settings.
I wonder if there is another method to perform this procedure, do not know even a backup AD to not have to replace all the seasons again "meudominio.local".
Thank you for your attention!
Translation with Google translator! Sorry.
Matias Duarte Coordenador de Suporte Dual Solucoes® | Soluções em tecnologia da informaçãoAs the practice of replication I know her mostly said she has some flaws when I do the replication of my domain to another server but it works correctly, so having a server "master" and the other ServidorBKP as "slave", in redundancy,
the problem is when I say, and put the "ServidorBKP" being my primary domain controller and disabling my main controller, to disable or turn off my main controller the stations themselves are unable to login because it does not communicate with the
my ServidorBKP "slave" even I put it as the main driver of course.
Regarding the System State as far as I know this option existed in Server 2003.
I also got some information, confer on the links below.
http://msdn.microsoft.com/en-us/library/bb727048.aspx
http://technet.microsoft.com/pt-br/library/cc758435(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc961934.aspx
I'm still researching other ways, getting communicate any news to everyone. (Google Translate)
Matias Duarte Coordenador de T.I. Dual Solucoes® | Soluções em tecnologia da informação http://www.matiasduarte.com.br -
How to import Photos into Active Directory
Hi -
IT Director asked me to import employees pictures into Active Directory so that we can use them in Outlook, SharePoint, Lync etc.
Do you know how to import pictures into Active Directory?Thumbnailphoto Attribute in active directory is responsible for adding photos to Active directory.
By Default Replication of this attribute will be disabled to Global catalog server. To make use of this facility we will have to enable replication of this attribute to Global Catalog. ( To accomplish this you will have to edit the schema using Active directory
schema snap in).
Refer Below link which explains about enabling the replication of Thumbnailphoto attribute to Global catalog.
http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/configuring-using-display-picture-exchange-server-2010.html
Requirements
Minimum requirement for your exchange enviornment to use this - Exchange 2010.
Exchange 2007 Don't support uploading photos AFAIK.
Domain controller should be running with atleast windows server 2008 or later. And
schema has to be windows server 2008
Additionally for your information,
How to remove the uploaded photos?
Either You can edit the Thumbnailphoto attribute using ADSIedit and remove the entry which is assocaited with Thumbnailphoto attribute.
Or,
Try this.
The Import-RecipientDataProperty and Export-RecipientDataProperty cmdlets allow you to import and export the photo blob to and from
thumbnailPhoto attribute, but there's no Remove-RecipientDataProperty cmdlet to remove it. You can use the
RemovePicture switch of Set-Mailbox cmdlet to remove a user's photo. For example:
Set-Mailbox "Bharat Suneja" -RemovePicture
Check out the below link which explains in and out of uploading photos,
http://blogs.technet.com/b/exchange/archive/2010/06/01/gal-photos-frequently-asked-questions.aspx
http://blogs.technet.com/b/ilvancri/archive/2009/11/17/upload-picture-in-outlook-2010-using-the-exchange-management-shell-exchange-2010.aspx
To know about uploading photo using powershell ask this question in powershell forum
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/threads
Regards,
_Prashant_
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Sharepoint 2013 Active Directory Import- Manager field not updating
Hi,
SharePoint 2013 Active directory import -Manager field not updating
Concern/Issue-
We are using SharePoint and configured the Active Directory Import .First import it seems everything is working fine and OOB Organization chart built using User profile data is coming out right.
Now the user is moved from one Organization Unit to Another.
Now our Manager field is not Updating .There is change in AD manager attribute but not reflecting in the SharePoint User profile.
Manger field is mapped to "manager" attribute in SharePoint.
We tried removing the user and Re-Import using Incremental import but no luck.
Thanks for help in advance
SachinMoving a user from one OU to another in AD won't normally change the Manager attribute in AD. You would need to edit the user's organization settings to change the manager value in AD. I've also seen these changes not be picked up unless something
other than just the manager field in AD changing. Try changing something like Office location and see if the manager change is picked up by AD Import.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
How to import your MS Active Directory users in an Oracle table
Hello,
I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
This doesn't work so I used an alternative solution:
How to import your MS Active Directory users in an Oracle table
- a Visual Basic script for export from Active Directory
- a table in my database
- a SQL*Loader Control-file
- a command-file to start the SQL*Loader
Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
Just to share my scripts:
I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
'Export_ActiveDir_users.vbs 26-10-2006
'Script to export info from MS Active Directory to a CSV-file
' Accountname, employeeid, Name, Function, Department etc.
' Richard de Boer - Wetterskip Fryslan, the Nethterlands
' samaccountname Logon Name / Account
' employeeid Employee ID
' name name
' displayname Display Name / Full Name
' sn Last Name
' description Description / Function
' department Department / Organisation
' physicaldeliveryofficename Office Location Wetterskip Fryslan
' streetaddress Street Address Harlingerstraatweg 113
' l City / Location Leeuwarden
' mail E-mail adress
' wwwhomepage Web Page Address
' distinguishedName Full unique name with cn, ou's, dc's
'Global variables
Dim oContainer
Dim OutPutFile
Dim FileSystem
'Initialize global variables
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
'Enumerate Container
EnumerateUsers oContainer
'Clean up
OutPutFile.Close
Set FileSystem = Nothing
Set oContainer = Nothing
WScript.Echo "Finished"
WScript.Quit(0)
Sub EnumerateUsers(oCont)
Dim oUser
For Each oUser In oCont
Select Case LCase(oUser.Class)
Case "user"
If Not IsEmpty(oUser.distinguishedName) Then
OutPutFile.WriteLine _
oUser.samaccountname & ";" & _
oUser.employeeid & ";" & _
oUser.Get ("name") & ";" & _
oUser.displayname & ";" & _
oUser.sn & ";" & _
oUser.description & ";" & _
oUser.department & ";" & _
oUser.physicaldeliveryofficename & ";" & _
oUser.streetaddress & ";" & _
oUser.l & ";" & _
oUser.mail & ";" & _
oUser.wwwhomepage & ";" & _
oUser.distinguishedName & ";"
End If
Case "organizationalunit", "container"
EnumerateUsers oUser
End Select
Next
End SubThis give's output like this:
rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
CREATE TABLE PG4WF.ACTD_USERS
samaccountname VARCHAR2(64)
, employeeid VARCHAR2(16)
, name VARCHAR2(64)
, displayname VARCHAR2(64)
, sn VARCHAR2(64)
, description VARCHAR2(100)
, department VARCHAR2(64)
, physicaldeliveryofficename VARCHAR2(64)
, streetaddress VARCHAR2(128)
, l VARCHAR2(64)
, mail VARCHAR2(100)
, wwwhomepage VARCHAR2(128)
, distinguishedName VARCHAR2(256)
)I made SQL*Loader Control-file:
LOAD DATA
INFILE 'ActiveDir_users.csv'
BADFILE 'ActiveDir_users.bad'
DISCARDFILE 'ActiveDir_users.dsc'
TRUNCATE
INTO TABLE PG4WF.ACTD_USERS
FIELDS TERMINATED BY ';'
( samaccountname
, employeeid
, name
, displayname
, sn
, description
, department
, physicaldeliveryofficename
, streetaddress
, l
, mail
, wwwhomepage
, distinguishedName
)I made a cmd-file to start SQL*Loader
: Import the Active Directory users in Oracle by SQL*Loader
D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
http://www.kouti.com/tables/userattributes.htm
Greetings,
Richard de BoerI have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
Is there any way that I can find out what time each record has been inserted?
For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
First you need to clarify what you mean by 'the date that each record get inserted'. A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time. -
User login report in Active Directory for specific date and time
I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
Is any query, script or any tool available?
Waiting for reply pleaseYou can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Hey Scripting Guys,
I have been in and out of Powershell last few years, not that great at it tbh !!! I'm looking for advice on how I can as in Title, Create a Powershell script to Scan Active Directory Attributes for Country and Department ,Then add to Group then add to Distribution
list based on Region/Country
I was thinking along the lines of get-aduser -LDAPFilter "(department=SALES France) and adding a where clause for country.
Any help would be great.
DecSo I have tried a few variations but get errors on both
get-aduser -LDAPFilter "(&(department=SALES)(c=us))" | Add-ADPrincipalGroupMembership -MemberOf "testgroup"
get-aduser -LDAPFilter "(&(department=SALES)(c=fr))" | Add-ADGroupMember -identity "testgroup"
Add-ADPrincipalGroupMembership : Object reference not set to an instance of an
object.
At line:1 char:86
+ get-aduser -LDAPFilter "(&(department=SALES)(c=fr))" | Add-ADPrincipalGroupMe
mbership <<<< -MemberOf "testgroup"
+ CategoryInfo : NotSpecified: (:) [Add-ADPrincipalGroupMembershi
p], NullReferenceException
+ FullyQualifiedErrorId : Object reference not set to an instance of an ob
ject.,Microsoft.ActiveDirectory.Management.Commands.AddADPrincipalGroupMem
bership -
Hi All,
I have a task, that is i want to retrive the details from active directory based on name and i want show that details into grid view.
Can any one help how to start.
Thanks in advance!Hi AnilKarthik,
You can get user details by name using DirectoryService namespace. Then you can create a DataTable to restore the information and then bind to the SharePoint GridView.
Here are some deatiled code demos for your reference:
how to get userdetails from Active Directory based on username using asp.net:
http://www.aspdotnet-suresh.com/2011/03/how-to-get-userdetails-from-active.html
How to get User Data from the Active Directory:
http://www.codeproject.com/Articles/6778/How-to-get-User-Data-from-the-Active-Directory
Using SPGridView to bound to list data in SharePoint:
http://nishantrana.me/2009/03/23/using-spgridview-to-bound-to-list-data-in-sharepoint/
Best Regards
Zhengyu Guo
TechNet Community Support -
How to create "folders" in Active Directory Users and Computers?
Hello Community
In Windows Server 2008R2 when you go to Active Directory Users and Computer
you will see icons of folders such as:
- Builtin has a folder icon
- Computers has a folder icon
- ForeignSecurityPrinicpals has a folder icon
- Domain Controller as a folder icon
- Managed Service Accounts has a folder icon
- Users has a folder icon
All of the above folders are visually identical.
If you right click and select “File” – “New”
on any of the selections the icon
will not look like the folder icon they have their own icons which look different
from the "Folder" icon.
I would like to create a “Folder” that looks just visually exactly like the ones
mentioned above, how can I create those types of Folders in Active Directory User
and Computers?
Note: I would like to put users in the folders.
Thank you
ShabeautHi,
you should use OUs (an OU is they type of object (folder) that is available for you to easily create.
The object type you are asking about is a "container", and there are various reasons why an OU is more flexible (applying GPO, etc).
Refer: Delegating Administration by Using OU Objects
http://technet.microsoft.com/en-us/library/cc780779(v=ws.10).aspx
and the sub-articles:
Administration of Default Containers and OUs
http://technet.microsoft.com/en-us/library/cc728418(v=ws.10).aspx
Delegating Administration of Account and Resource OUs
http://technet.microsoft.com/en-us/library/cc784406(v=ws.10).aspx
Also: http://technet.microsoft.com/en-us/library/cc961764.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
ADFS- SharePoint 2013 ( Active Directory federation Services)
Can you please brief me in what scenarios we go for ADFS in SharePoint 2013.
We have external users for them we create accounts in our AD and then provide access to SP. I am not sure if external users directory is LDAP or Windows AD. Please explain in detail if ADFS can be leveraged in this scenario to provide access to external
users to our internal domain SharePoint site. Or in other words in which scenario ADFS will come into picture.
Most of the blogs talks about how to configure ADFS but not explained in what scenario and why it has been implemented.
Thanks, Ram ChHi
You can use AD FS with the Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 operating systems to build a federated identity management solution that extends distributed identification,
authentication, and authorization services to web-based applications across organization and platform boundaries. By deploying AD FS, you can extend your organization’s existing identity management capabilities to the Internet.
AD FS 2.0 enables identity federation, extending the notion of above centralized authentication, authorization, and single sign-on to Web applications and services located virtually anywhere.
As previously introduced, identity federation relies on standards-based protocols to establish federation trusts between claims providers and relying parties, facilitating secure access to Web
applications and services across security boundaries.
For an organization, AD FS 2.0 provides corporate users with a rich federated experience and seamless access to resources located:
- Inside the corporate intranet;
- Outside the corporate network in a corporate perimeter network, extranet and/or in the Cloud, for example in the Microsoft Windows Azure platform, the Microsoft’s Platform as a Service (PaaS)
offering;
- At the perimeter networks of partner organizations that have made resources available to the considered organization’s users;
- In the Cloud with Software as a Service (SaaS) vendors that support federated identity
More Information:
http://blogs.technet.com/b/abizerh/archive/2013/04/11/more-information-about-sso-experience-when-authenticating-via-adfs.aspx
Please follow below mentioned article to configure ADFS for your scenario:
https://samlman.wordpress.com/2015/02/28/configuring-sharepoint-2010-and-adfs-v2-end-to-end/ -
Hi
We are running on SharePoint Server 2013.When we add AD groups as permissions, we see that the group name is being displayed properly in the permissions. Whereas when I click on the groupname I see the SID with the Sharepoint specific claims characters,
instead of domain\groupname. I understand that the claims characters are because of claims mode. But I expected domain\groupname instead of SID. Is this the right behaviour.
When I call SiteData.GetContent web service, I get the SID of the group name instead of the domain\groupname.
Can someone please clarify?
Thanks
NagaHi,
Yes, the identity claim for an AD group is based on the SID of the group. The claim encoding for an Active Directory group consists of the following sections:
c:0+.w|<SID>
•"c" for a claim other than identity
•"+" for a group SID
•"." for a string
•"w" for a Windows claim
More information:
http://www.sharepointfire.com/MyBlog/2013/11/get-ad-group-identity-claim-in-sharepoint-2013/
Thanks,
Dennis Guo
TechNet Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Dennis Guo
TechNet Community Support -
Sharepoint 2013 - Active Directory Import User Profile Property manager fields
Hi there,
I juste encountered actually a little issue regarding the Active Directory Import User Profil.
Importation seems to work well but I have a little problem regarding the Manager field.
When I verify a user profil through the sharepoint admin page ("Manage user profil") , I can see the manager field is correctly populated, but if I want to check my profil as a user (personal information), the manager field is not visible.
With Sharepoint Admin and Manage Profil Properties, I haven't the possibility to modify some settings for the manager.
For example, Policy parameters is greyed.
The only way I found to show this field in a user profil is to give the permission "allow users to Edit values ...".... setting I don't want to set.
Have you already this sort of issue ?
Thanks for your help/idea.Hi Michael,
I don't remember well what I did exactly regarding this issue because I played a lot with user profil.
I know I used this powershell script from Sheyia which in fact help me a lot to clean and create a good profil setting.
http://blogs.technet.com/b/sheyia/archive/2013/10/09/sharepoint-2013-another-way-to-change-order-for-user-profile-properties-via-powershell.aspx
For example, this script help me to resolve some double entries.
Let-me know if it help you (or not of course) -
How to authenticate user in Active Directory for an Oracle report
Hey there,
We have users of 1 report all over the country.
Currently, when using the report, the user chooses a location as a parameter, then runs the report.
The problem is we don't want the user to be able to see data from other locations, only their own.
So how can I do this as all users are set up in Active Directory, but the only thing that distinguishes them apart is under the Properties of the user, under the General tab, the Office field says where they are located.
Thanks in advance!Hey there,
We have users of 1 report all over the country.
Currently, when using the report, the user chooses a location as a parameter, then runs the report.
The problem is we don't want the user to be able to see data from other locations, only their own.
So how can I do this as all users are set up in Active Directory, but the only thing that distinguishes them apart is under the Properties of the user, under the General tab, the Office field says where they are located.
Thanks in advance! -
How to create user in Active directory
Hello,
I'm trying to create a user in active directory via the following example:
String userName = "cn=Jef Klak,ou=Ps Users,ou=Users,ou=Managed,dc=xxx,dc=local";
Attributes attrs = new BasicAttributes(false);
Attribute oc = new BasicAttribute("objectClass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
attrs.put(oc);
attrs.put("cn","Jef Klak");
attrs.put("giveName","Jef");
attrs.put("sn","Klak");
attrs.put("displayName","Klak, Jef");
attrs.put("description","IR");
attrs.put("userPrincipalName","[email protected]");
attrs.put("mail","[email protected]");
attrs.put("company", "XXX");
attrs.put("sAMAccountName","jk666");
attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT + UF_DONT_EXPIRE_PASSWD+ UF_ACCOUNTDISABLE));
Context result = fctx.createSubcontext(userName, attrs);
As a result I'm getting the following error:
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece
remaining name 'cn=Jef Klak,ou=Ps Users,ou=Users,ou=Managed,dc=xxx,dc=local'
Anybody any tips or advice on this one? Or maybe a working examples how to add users in AD?
Listing entries in the AD is no problem, so it's only adding them.
Many thanks,
Filipattrs.put("giveName","Jef");
javax.naming.directory.NoSuchAttributeExceptionSpelling error.
Maybe you are looking for
-
I'm using the professional version 8. I have a form I'm filling in the blanks and at the bottom of the page I need to insert a photo. I know how to attach the photo but you have to click the paper clip and then the photo for it to open. Is there a wa
-
Hi all, just a quick question. Have been using BT Vision now for almost 2 months, and notice that my content has hardly changed at all, especially for kids programmes. Its the same shows and episodes as when I first joined. Does anyone know how often
-
Toad read only sessions open a transaction in DB?
Hi, When I check v$transaction, I see all TOAD and sqldeveloper sessions which are read only accounts. If I use the same user in sqlplus it won't appear in v$transaction. I am puzzled why these tools create a transaction for even select queries. How
-
I am connecting to a remote computer through a VPN via SMB with Hamachi. It works great on all my folders except one that contains hundreds of folders. Every time I try to connect to it I get a timeout error. So is there any way to increase the timeo
-
I bought my first ever Mac about two weeks ago and am already having trouble. Can't seem to get it to turn on suddenly. I had left my Mac in sleep mode charging and when I opened it up, I got a message that said I had to shut down and restart. Now