How to create email users with open directory?

I'm trying to used a mac mini as a mail server for my domains. It works well for SMTP server/gateway for multiple locally networked systems running Lion, Mountain Lion and Maverick. The server is running Mavericks 10.9.2 server 3.1.1.
I need to add email users to it, so I tried Open Directory. I added a user with an email address with a domain listed in the mail server's domains. Then used the server app to give the user permission to use the mail service and selected to have the mail be saved on the server.
However, even though I set the mail server to accept any authentication method, I couldn't log in to get mail (via IMAP) from any email client on my computer. I tried Mail and Sparrow.
The IMAP log on the server says 'Disconnected (auth process communication failure)'. I tried everything that I could from the server app and the workgroup manager app. When using 'Mail.app', the IMAP log shows an empty user name. Trying with Sparrow shows the user name in the log, but still fails.
I restricted authentication to Open Directory, but that didn't help either. Tried with Secure Connection and without.
Am I missing something? Is there anything that I need to do to make the server accept IMAP connections? The mail service is running and handling SMTP.
The domain has an MX record pointing the server's domain name.
All the services are secured with a self signed certificate.
Doing a CLI check with 'sudo serveradmin fullstatus mail' results in the following:
[snip]
mail:protocolsArray:_array_index:0:status = "ON"
mail:protocolsArray:_array_index:0:kind = "INCOMING"
mail:protocolsArray:_array_index:0:protocol = "IMAP"
mail:protocolsArray:_array_index:0:state = "RUNNING"
mail:protocolsArray:_array_index:0:service = "MailAccess"
mail:protocolsArray:_array_index:0:error = ""
[snip]

Didn't find a way to edit my post above.
UPDATE:
Trying to log in with Thunderbird showed differently in the IMAP log. It's user disabled instead.
imap-login: Info: Disconnected (user disabled): user=<username>, method=CRAM-MD5, rip=192.168.8.101, lip=192.168.8.99, TLS
How do I 'enable' this user?

Similar Messages

  • How to create a button to open directory

    Dear all,
    is it possible to create a button can open directory
    like My Documents
    i test this in CMD command prompte it's work but in
    in forms they are not work
    "explorer.exe" & @MyDocumentsDir
    or
    cmd /c "explorer.exe" & @MyDocumentsDir
    in forms :
    i create a button with trigger When-button-pressed
    in trigger :
    host('"explorer.exe" & @MyDocumentsDir');
    host ('cmd /c "explorer.exe" & @MyDocumentsDir'); ----> i think this should work
    but it's not work
    can you help please
    thanks
    regard

    hi Ammad
    sorry Ammad, but in the first step i get this errors
    Compilation errors on WEBUTIL_DB_LOCAL:
    PL/SQL ERROR 201 at line 9, column 12
    identifier 'WEBUTIL_DB.OPENBLOB' must be declared
    PL/SQL ERROR 0 at line 9, column 5
    Statement ignored
    PL/SQL ERROR 201 at line 18, column 12
    identifier 'WEBUTIL_DB.CLOSEBLOB' must be declared
    PL/SQL ERROR 0 at line 18, column 5
    Statement ignored
    PL/SQL ERROR 201 at line 24, column 5
    identifier 'WEBUTIL_DB.WRITEDATA' must be declared
    PL/SQL ERROR 0 at line 24, column 5
    Statement ignored
    PL/SQL ERROR 201 at line 29, column 12
    identifier 'WEBUTIL_DB.READDATA' must be declared
    PL/SQL ERROR 0 at line 29, column 5
    Statement ignored
    PL/SQL ERROR 201 at line 35, column 12
    identifier 'WEBUTIL_DB.GETLASTERROR' must be declared
    PL/SQL ERROR 0 at line 35, column 5
    Statement ignored
    PL/SQL ERROR 201 at line 40, column 12
    identifier 'WEBUTIL_DB.GETSOURCELENGTH' must be declared
    PL/SQL ERROR 0 at line 40, column 5
    Statement ignored
    PL/SQL ERROR 201 at line 45, column 12
    identifier 'WEBUTIL_DB.GETSOURCECHUNKS' must be declared
    PL/SQL ERROR 0 at line 45, column 5
    Statement ignored
    Failed to generate library.more help plz
    thanks

  • How to create a user with read only access for ESB / BPEL Console

    I need to create a user with read only access to ESB Console & BPEL Console. I have created a user
    (esbreadonly) and assigned ascontrol_monitor role but user is still able to
    delete services from ESB systems (such as DefaultSystem). Is there any way to
    create a user that has strickly read only access to ESB Console & BPEL
    Console
    Thanks
    Dinesh Patel

    Check out this post.. I'm in the process of testing.
    http://chintanblog.blogspot.com/2007/12/i-saw-numerous-people-asking-about-bpel_290.html

  • How to create new user with more than one default folder

    hi
    A new user created in OCS has only one default folder(Inbox).
    I want to create new user with customized default folder.
    for example:
    a new user has more than one default folder(Inbox,Outbox,Draft,Dustbin...)
    And also I want to automaticly enable the functions:
    When sending messages, place a copy in Outbox
    Keep message drafts in Draft
    Move deleted messages to Dustbin
    who know that?
    thanks

    The same reason that Apple and 3rd Party vendors put multi-size templates in one file I expect. I am trying to construct an in-house standard template for use in our company, and it is easier to manage if there is only one file to send to people rather than many - both initially and for subsequent edits / updates to the template.
    Of course it would be possible to create several templates (one for each size). But since it is clear that templates can be combined, it appears sensible to do this - unless the doing of it is horridly complicated

  • How to Create Internet user with email id as user id

    Hi All,
    I am having a requirement to create internet user taking email id as the user id, means the user id is same as the email id, to achieve this do I need to maintain some settins or is there any standard BAPI to do this.
    Is this a standard feature of CRM 2007.
    Thanks in advance,
    Mayank

    Hello Mayank,
    B2C Scenario has these options for the parameter usertype in the Application definition.
    In R/3 scenario: R3_SU05Customer_LoginEmail ISA R/3:This login configuration is the only one that is supported for ISA R/3 B2C. It cannot be chosen for the B2B and shopadmin applications. During B2C registration, SU05 users are created with type equals 'KNA1', referring to a newly created R/3 customer.
    -In CRM scenario:_ CRM_Standalone_LogonConsumer: Standard user management settings if Internet Sales is used as a standalone, the login is based on the e-mail address. The internet users must use the SU01 user concept. Consumer is the keyword here. The BP associated with the SU01 user is a Consumer.
    The B2C application is hard-wired the way it is defined above.
    Now for the B2B application
    In R/3 scenario: Only R/3 ISA provides some SU05 user possibilities. But they are not relevant to your situation
    In CRM scenario: it gives CRM Standalone or CRM Portal possibilities. In CRM Standalone, the login id uses Alias. But nothing stops you from using keeping Alias same as the User ID. In case of Portal, the login occurs via Portal. That is user log on to portal and gets into ISA using SSO. The portal offers varieties of ways to authenticate including email adress, user id etc. This is made possible by use of LDAP in portal for user authentication. They maintain a mapping between email-id and user-id and do what you are seeing now in SDN. If you have Portal in your landscape, and let external B2B users come through Portal into ISA with SSO, you can also do login using email-id in a jiffy.
    But in your case I think you are stuck with CRM Standalone
    Easwar Ram
    http://www.parxlns.com

  • How to create new user, with same personal files, for troubleshooting?

    I cannot find this answer in "Finder Help", nor in the Community discussions thus far. What I must do to troubleshoot the spinnign beach ball: My next step: I must troubleshoot my friend's iMac running Mac O.S 10.6.8 by setting up a new user, called "Test". This I can do easily. However, what I am unsure of is this: as this "new user", actually just me as a tester, I must be able to access the same email, Word files, Desktop, photos, etc. that I used to access. How, then? Copy all into a shared folder or what? There must be a less cumbersome way. I do NOT wish to delete anything. Of course, I have justmade a perfect backup of everything on my hard drive. Please advise re my next step: sharing the "User" little house files, with myself, as the new, possilbly temporary, user. Thank you so much, anyone and everyone!

    You shouldn't do any of that for troubleshooting. The test user account should be pristine. If you copy stuff from the old account, then you also copy whatever is causing a problem.
    Just use the Accounts/Users & Groups preferences to create a second user called, "test." Make this user an admin user. Then log out of the old account and log into the new one. That's it. You can still access and use applications in the Applications folder if you need to test third-party applications.
    We could be more helpful if you explain just what you need to troubleshoot. If just the spinning beachball is your issue, then visit The XLab FAQs and read the FAQ on resolving the SBOD problem.
    If the computer is simply running slowly then read the following:
    Things You Can Do To Resolve Slow Downs
    If your computer seems to be running slower here are some things you can do:
    Start with visits to:     OS X Maintenance - MacAttorney;
                                      The X Lab: The X-FAQs;
                                      The Safe Mac » Mac Performance Guide;
                                      The Safe Mac » The myth of the dirty Mac;
                                      Mac maintenance Quick Assist.
    Boot into Safe Mode then repair your hard drive and permissions:
    Repair the Hard Drive and Permissions Pre-Lion
    Boot from your OS X Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer.
    Repair the Hard Drive - Lion/Mountain Lion/Mavericks
    Boot to the Recovery HD:
    Restart the computer and after the chime press and hold down the COMMAND and R keys until the Utilites Menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD disk icon and click on the arrow button below.
    When the recovery menu appears select Disk Utility. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported, then click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the main menu. Select Restart from the Apple menu.
    Restart your computer normally and see if this has helped any. Next do some maintenance:
    For situations Disk Utility cannot handle the best third-party utility is Disk Warrior;  DW only fixes problems with the disk directory, but most disk problems are caused by directory corruption; Disk Warrior 4.x is now Intel Mac compatible.
    Note: Alsoft ships DW on a bootable DVD that will startup Macs running Snow Leopard or earlier. It cannot start Macs that came with Lion or later pre-installed, however, DW will work on those models.
    Suggestions for OS X Maintenance
    OS X performs certain maintenance functions that are scheduled to occur on a daily, weekly, or monthly period. The maintenance scripts run in the early AM only if the computer is turned on 24/7 (no sleep.) If this isn't the case, then an excellent solution is to download and install a shareware utility such as Macaroni, JAW PseudoAnacron, or Anacron that will automate the maintenance activity regardless of whether the computer is turned off or asleep.  Dependence upon third-party utilities to run the periodic maintenance scripts was significantly reduced since Tiger.  These utilities have limited or no functionality with Snow Leopard or later and should not be installed.
    OS X automatically defragments files less than 20 MBs in size, so unless you have a disk full of very large files there's little need for defragmenting the hard drive.
    Helpful Links Regarding Malware Protection
    An excellent link to read is Tom Reed's Mac Malware Guide.
    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
    See these Apple articles:
              Mac OS X Snow Leopard and malware detection
              OS X Lion- Protect your Mac from malware
              OS X Mountain Lion- Protect your Mac from malware
              About file quarantine in OS X
    If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)
    Troubleshooting Applications
    I recommend downloading a utility such as TinkerTool System, OnyX, Mavericks Cache Cleaner, or Cocktail that you can use for removing old log files and archives, clearing caches, etc. Corrupted cache, log, or temporary files can cause application or OS X crashes as well as kernel panics.
    If you have Snow Leopard or Leopard, then for similar repairs install the freeware utility Applejack.  If you cannot start up in OS X, you may be able to start in single-user mode from which you can run Applejack to do a whole set of repair and maintenance routines from the command line.  Note that AppleJack 1.5 is required for Leopard. AppleJack 1.6 is compatible with Snow Leopard. Applejack does not work with Lion and later.
    Basic Backup
    For some people Time Machine will be more than adequate. Time Machine is part of OS X. There are two components:
    1. A Time Machine preferences panel as part of System Preferences;
    2. A Time Machine application located in the Applications folder. It is
        used to manage backups and to restore backups. Time Machine
        requires a backup drive that is at least twice the capacity of the
        drive being backed up.
    Alternatively, get an external drive at least equal in size to the internal hard drive and make (and maintain) a bootable clone/backup. You can make a bootable clone using the Restore option of Disk Utility. You can also make and maintain clones with good backup software. My personal recommendations are (order is not significant):
      1. Carbon Copy Cloner
      2. Get Backup
      3. Deja Vu
      4. SuperDuper!
      5. Synk Pro
      6. Tri-Backup
    Visit The XLab FAQs and read the FAQ on backup and restore.  Also read How to Back Up and Restore Your Files. For help with using Time Machine visit Pondini's Time Machine FAQ for help with all things Time Machine.
    Referenced software can be found at MacUpdate.
    Additional Hints
    Be sure you have an adequate amount of RAM installed for the number of applications you run concurrently. Be sure you leave a minimum of 10% of the hard drive's capacity as free space.
    Add more RAM. If your computer has less than 2 GBs of RAM and you are using OS X Leopard or later, then you can do with more RAM. Snow Leopard and Lion work much better with 4 GBs of RAM than their system minimums. The more concurrent applications you tend to use the more RAM you should have.
    Always maintain at least 15 GBs or 10% of your hard drive's capacity as free space, whichever is greater. OS X is frequently accessing your hard drive, so providing adequate free space will keep things from slowing down.
    Check for applications that may be hogging the CPU:
    Pre-Mavericks
    Open Activity Monitor in the Utilities folder.  Select All Processes from the Processes dropdown menu.  Click twice on the CPU% column header to display in descending order.  If you find a process using a large amount of CPU time (>=70,) then select the process and click on the Quit icon in the toolbar.  Click on the Force Quit button to kill the process.  See if that helps.  Be sure to note the name of the runaway process so you can track down the cause of the problem.
    Mavericks and later
    Open Activity Monitor in the Utilities folder.  Select All Processes from the View menu.  Click on the CPU tab in the toolbar. Click twice on the CPU% column header to display in descending order.  If you find a process using a large amount of CPU time (>=70,) then select the process and click on the Quit icon in the toolbar.  Click on the Force Quit button to kill the process.  See if that helps.  Be sure to note the name of the runaway process so you can track down the cause of the problem.
    Often this problem occurs because of a corrupted cache or preferences file or an attempt to write to a corrupted log file.

  • Populating Users With Open Directory Archive

    I have a New 10.8.2 Lion server that I would like to bring all the 10.7.5 users over. what is the best way to do this. It seems that the 10.7.5 arcive is not compatable with 10.8.2.  Any ideas would be great. I can't upgrade the 10.7.5 system becuase its an an old system.

    Didn't find a way to edit my post above.
    UPDATE:
    Trying to log in with Thunderbird showed differently in the IMAP log. It's user disabled instead.
    imap-login: Info: Disconnected (user disabled): user=<username>, method=CRAM-MD5, rip=192.168.8.101, lip=192.168.8.99, TLS
    How do I 'enable' this user?

  • How can I create a user with rights to install packages on a publish instance?

    Hi,
    I am trying to create a user with the rights to upload and install content packages on a CQ publish instance and I do not wish to use the admin user.  Simply adding a new user to the administrators group does not seem to be enough.
    I tried adding a rep:GrantACE node through crx de/explorer but it reported the node as locked.  I was able to upload a content package that removed the rep:DenyACE jcr:read for everyone, but this is not safe it seems.
    Is there some special privilege that I need to add to my user/group that will allow them to access the /etc/packages tree or do I just need to add some permission somewhere within the tree.
    Regards,
    Chris

    With some help from David Collie, Alex Klimetschek & Jörg Hoh I have a better idea of what is going on and we've found a solution. 
    It seems that the admin account always works in these scenarios as it has special privileges in the CRX security system; admin can do anything it likes.
    Instead of creating the rep:GrantACE nodes directly, I was able to add a new ACL entry for the administrators group to /etc/packages via the Access Control Editor (http://localhost:4502/crx/explorer/ui/aceditor.jsp?ck=1373027669916&Name=acEditor&Path=%2F etc%2Fpackages&_charset_=utf-8). 
    Strangely, the administrators account already had some inherited rights on this directory that were overridden by the deny|everyone|jcr:read ACL entry on /etc/packages node.  Adding allow:administrators|jcr:read gives any member of that group access to read and write to the /etc/packages. directory.
    Now that I have setup this user we can setup a deploy step in out CI build that does not rely on using the admin account.
    Thanks
    Chris

  • How to create portal user and integrate with external appl login

    How to create portal user and integrate the user with external application for single sign-on ?
    I want to access my external application thru portal user ..?
    Shyam

    Hi Jithin,
    The link that you've shared talks about a different scenario.
    In my case, I want to pass the portal user id when the user clicks on the Help Link present in the header area.
    I am trying to pass it along with the Help Link Url property of a masthead iview but it is not getting passed to the target Url.
    I would like to know if it is possible to pass the Portal User Id in this way or not.
    Though if we create a appintegrator iview and pass the user id <User.UserID> along with the target Url, it reaches there.
    Thanks & Regards,
    Anurag

  • How does one create a user with a null password in iManager?

    I'm setting up LDAP authentication and need to create a user with a null password.
    If you do not put a password in the password field when creating the user in iManager, a message pops up stating, No password has been defined for this user.
    You are given a choice of:
    Allow user to log in without a password
    - or -
    Do not allow user to log in without a password
    If you choose Do not allow user to log in without a password, there are no complaints.
    When I look at the properties of the newly-created user, however, I note that the "Require a password" checkbox is not filled in.
    That would imply that the answer to the question posed during the user's creation is moot; either answer produces a user that can log in without a password.
    I can then assign the Common Proxy password policy to the user, which does not dictate a minimum length for a password.
    From that point forward, any attempts to leave the password field blank in iManager results in another pop-up message stating:
    "Failure to enter a password will allow the user to login without a password."
    That implies that no password exists for the user, as opposed to a null password.
    Is that correct or are the public and private key for the user object still generated?

    If you do not specify a password, which is what happens when you select
    the 'Do not allow user to log in without a password' option initially, the
    user cannot login. A user with no password (meaning no password exists at
    all, similar to a 'null' in programming) cannot login with a password
    because, of course, they do not have a password.
    If you specify a zero-length string as the password you are effectively
    (and usually) creating a proxy user, for example to be used for the LDAP
    service in eDirectory, and this user can login typing in a password (since
    typing would imply one or more characters) but nevertheless there IS a
    password, but it happens that it is zero-length, so typing nothing for the
    password IS submitting the correct password. This is the option carried
    out by eDirectory when you choose, 'Allow user to log in without a
    password' (the prompt is a little misleading with its "without a password"
    phrase).
    Once you assign a UP policy you are telling the system that there SHOULD
    be a password on the user (and with common proxy there definitely should
    be, probably a strong one at that) so the only option now is whether or
    not the password is zero-length or longer. Obviously longer is the
    correct option for security reasons.
    Good luck.
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • Some errors in creating AD user with mailbox enabled

    Dear adler Steven / all,
    I followed all your posts and able to create AD user with mail box enabled, Now i am able to send and receive mails for this user.
    But the user in AD is disabled , that is it is not with the icon of an enabled user but it has an icon of user with a cross marked in Red.
    i have given the successful coding below:
    attrs.put("cn","chngcode");
    attrs.put("instanceType","4");
    attrs.put("objectCategory","CN=Person,CN=Schema,CN=Configuration,DC=csindia,DC=com");
    attrs.put("objectClass","top");
    attrs.put("objectClass","person");
    attrs.put("objectClass","organizationalPerson");
    attrs.put("objectClass","user");
    attrs.put("mailNickname","chngcode");
    attrs.put("mail","[email protected]");
    attrs.put("sAMAccountName","chngcode");
    attrs.put("msExchHomeServerName","/o=CYGNUS_O/ou=CSINDIA/cn=Configuration/cn=Servers/cn=CSISERVER2");
    attrs.put("objectCategory","CN=Person,CN=Schema,CN=Configuration,DC=csindia,DC=com");
    attrs.put("userPrincipalName","[email protected]");
    attrs.put("distinguishedName","CN=chngcode,CN=Users,DC=csindia,DC=com");
    attrs.put("instanceType","4");
    attrs.put("mDBUseDefaults","TRUE");
    attrs.put("name","chngcode");
    attrs.put("replicatedObjectVersion","0");
    attrs.put("legacyExchangeDN","/o=CYGNUS_O/ou=CSINDIA/cn=Recipients/cn=chngcode");
    attrs.put("givenName","chngcode");
    attrs.put("displayName","chngcode");
    // Create the context
    Context result = ctx.createSubcontext(userName, attrs); Help me on further process :
    -How to solve the above bottle neck , Is any thing missed for above?
    - I have not set the password thru codings. what to do on this ?
    -When/where to use the homeMDB attributes ( Is it necessary to use this homeMDB ? )
    -How to create the mailbox with in a store ? (Presently i have created the mail box in Recipients container for this AD user)
    Expecting your early enlightening on this..
    Advanced thanks for your efforts.
    By,
    Softeek.

    If you refer to the post titled "JNDI, Active Directory (Creating new users & demystifying userAccountControl)" at http://forum.java.sun.com/thread.jspa?threadID=582103&tstart=15 you wil notice that because of the stricter security in Windows Server 2003 Active Directory, user accounts created with null passwords are automagically disabled.
    To enable new user accounts you must assign a password (that meets the security policy !) and then enable the account.

  • How to create a user account by mirroring another account in PowerShell (Trying to learn to use Powshell for some daily AD tasks intead of the GUI)

    Hi,
    I am trying to create user accounts via PowerShell instead of the Gui in server 2008 R2 (PowerShell 2.0).
    I know how to create a user account with the following Power Shell command below is one from a dummy domain I created to practice.
    PS C:\Users\Administrator> New-ADUser -SamAccountName "TestOut" -UserPrincipalNa
    me "[email protected]" -GivenName "Test" -Surname "out" -DisplayName "Testou
    t" -Name "Testout" -Enabled $true -Path "CN=users,DC=bwcat,DC=net,DC=int" -Accou
    ntPassword (Read-Host -AsSecureString "Enter Account Password") 
    However when doing day to day tasks where I work normally we have a new hire, they contact IT and ask that a user account is created.   I will ask who they would like to mirror.
    I then would go into the gui pull up the user that they want to mirror right click him and choose copy.  This would create a new user account that I would then fill out.
    I am wondering if its possible to do this same thing via PowerShell, or  if its not an option because it takes more work type up everything than it does to go into the gui and do it.
    Anyway thanks for the help.

    Hi Wilder, hi Mark,
    first of all: The tutorial sources Mark posted - especially the book "Powershell 3 in A month of lunches" - are good to get a baseline start. A really great reference, especially when you try to learn it while still dealing with your daily business.
    On another note, Wilder: While I fully agree that learning things sequentially is usually the best, I too jumped right in instead of learning how to walk first (though it's been some time now. Fewer years than you'd think, but still ...). So I thought I'd
    give you a little aid with that function husk, so you could just stuff interesting bits into an available structure, making use of the fun tools in a useful context (It's fun fiddling around with the commands, but if you have to type in all of them manually
    each time, using the GUI is often just faster. Doing fun things and being efficient with it feels even better though ...). So ... while I
    do agree with yourself, learn it the Correct & Proper Way, I also do
    intend to finish this little explanation about the husk, all the way to the end.
    Everything below this paragraph is part of this.
    function Copy-ADUser
    <#
    .SYNOPSIS
    A brief description of the Copy-ADUser function.
    .DESCRIPTION
    A detailed description of the Copy-ADUser function.
    .PARAMETER GivenName
    A description of the GivenName parameter.
    .PARAMETER Surname
    A description of the Surname parameter.
    .PARAMETER Template
    A description of the Template parameter.
    .EXAMPLE
    PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
    .NOTES
    Additional information about the function.
    #>
    [CmdletBinding()]
    Param (
    [Parameter(Mandatory = $true)]
    [string]
    $Surname,
    [Parameter(Mandatory = $true)]
    [string]
    $GivenName,
    [Parameter(Mandatory = $true)]
    [string]
    $Template
    ) # Create finished Strings
    $JoinedName = $GivenName + "." + $Surname
    # Create new User
    $NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName $JoinedName -Name "$Surename, $GivenName" -PassThru
    # Copy from old User
    $NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
    # Do Whatever else you feel like doing
    This is again the same function husk I posted earlier. Only this time, I filled a little logic (the pieces that were already posted in this thread). This time, I'll not only go over each part again ... I'll do it by reposting the segments and trying to show
    some examples on how to modify the parts. Thus some of it will be repetitive, but this way all the info is in one spot.
    Segment: Comment Based Help
    <#
    .SYNOPSIS
    A brief description of the Copy-ADUser function.
    .DESCRIPTION
    A detailed description of the Copy-ADUser function.
    .PARAMETER GivenName
    A description of the GivenName parameter.
    .PARAMETER Surname
    A description of the Surname parameter.
    .PARAMETER Template
    A description of the Template parameter.
    .EXAMPLE
    PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
    .NOTES
    Additional information about the function.
    #>
    That's the premier documentation part of a function, that teaches a user what the function does and how to use it. It's what's shown when using the Get-Help cmdlet.
    Comment texts are not restricted to single lines however. For example you could replace ...
    .EXAMPLE
    PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
    ... with ...
    .EXAMPLE
    PS C:\> Copy-ADUser -GivenName "Max" -Surname "Mustermann" -Template "Jonny.Normal"
    Creates a new user named Max Mustermann and copies the group memberships of the already existing user Jonny Normal to this new User
    ... and get an explanation on what the example does when using Get-Help with the
    -Detailed parameter (Explaining examples is always a good idea).
    Segment: Parameter
    [CmdletBinding()]
    Param (
    [Parameter(Mandatory = $true)]
    [string]
    $Surname,
    [Parameter(Mandatory = $true)]
    [string]
    $GivenName,
    [Parameter(Mandatory = $true)]
    [string]
    $Template
    This is the segment that tells Powershell what input your function accepts. Each parameter of Copy-ADUser you set will be available in the next segment as a variable of the same name. You can add additional parameters if you need more information for your
    logic. For example, let's add a parameter that allows you to specify what Organization the new user should belong to:
    [CmdletBinding()]
    Param (
    [Parameter(Mandatory = $true)]
    [string]
    $Surname,
    [Parameter(Mandatory = $true)]
    [string]
    $GivenName,
    [string]
    $Organization,
    [Parameter(Mandatory = $true)]
    [string]
    $Template
    That's how that would look like. You may notice that I didn't add the line with
    "[Parameter(Mandatory = $true)] this time. This means you
    may add the Organization parameter when calling Copy-ADUser, but you need not.
    Segment: Logic
    # Create new User
    $NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -PassThru
    # Copy from old User
    $NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
    # Do Whatever else you feel like doing
    This is the part of the function that does the actual work. Compared to the first husk I posted, this time there are two commands in it (and some comments). First, I create a new user, using the information passed into
    the parameters -Surname and -GivenName. Then I Copy the group memberships of the user identified by the information given by the
    -Template parameter.
    So, let's modify it!
    # Tell the user you are starting
    Write-Host "Starting to create the user account for $GivenName $Surname"
    # Create new User
    $NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -PassThru
    # Tell the user you are copying Group Memberships
    Write-Host "Copying the group-memberhips of $Template to $GivenName $Surname"
    # Copy from old User
    $NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
    # Do Whatever else you feel like doing
    Now after adding a few lines, the logic will tell us what it's doing (and do so before it
    is taking action)!
    Hm ... didn't we create a change in the Parameter Segment to add an -Organization parameter? Let's use it!
    # If the -Organization parameter was set, the $Organization variable will be longer than 0. Thus do ...
    if ($Organization.Length -gt 0)
    # Tell the user you are starting
    Write-Host "Starting to create the user account for $GivenName $Surname in the Organization $Organization"
    # Create new User
    $NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -Organization $Organization -PassThru
    # If the -Organization parameter was NOT set, the $Organization variable will have a length of 0. Thus the if-condition does not apply, thus we do the else block
    else
    # Tell the user you are starting
    Write-Host "Starting to create the user account for $GivenName $Surname"
    # Create new User
    $NewUser = New-ADUser -Surname $Surname -GivenName $GivenName -DisplayName "$Surname, $GivenName" -SamAccountName "$GivenName.$Surename" -Name "$Surename, $GivenName" -PassThru
    # Tell the user you are copying Group Memberships
    Write-Host "Copying the group-memberhips of $Template to $GivenName $Surname"
    # Copy from old User
    $NewUser | Add-ADPrincipalGroupMembership -MemberOf (Get-ADPrincipalGroupMembership $Template | Where { $_.Name -ne 'Domain Users' })
    # Do Whatever else you feel like doing
    There! Now we first check whether the -Organization parameter was set (it's not mandatory after all, so you can skip it). If it
    was set, do whatever is in the curly braces after if (...). However, if it wasn't set, do whatever is in the curly braces after
    else.
    And that concludes my "minor" (and hopefully helpful) tutorial on how to use the function husk I posted :)
    With this, whenever you find another cool command that helps you in the user creation process, you can simply add it, similar to what I did in these examples.
    And if it all didn't make much sense, go through the tutorials in proper order and come back - it'll make much more sense then.
    Cheers and good luck with PowerShell,
    Fred
    There's no place like 127.0.0.1

  • How to create a user ID

    hello friends,
    can you please tell me how to create user ID in server. I have newly joined and in IDEs server it has been asked me to create user ID my self.
    Please let me know with navigation, it would be great help for me.
    Regards,
    Jain

    Hey Akshay,
    Steps are as follows:
    1. Click on the  SAP Logon pad.
    2. Give the user ID and Passwd
    3. Type transaction code su01
    4. You will see the screen name "User Maintenence"
    5. Give the name in the user  field and then click on  the icon (blank folded page) or press F8.
    6.After hitting create,  "maintain user" will open, there you have to fill all the tabs such as Address, logon data,
      Defauls, Parameters, Roles, Profiles, Group, personalization and  License data.
    7. Save it after.
    Note:  When you are assigning the profile, DO NOT GIVE "SAP_ALL"  and "SAP_NEW" bcoz no one will have this profile. Better you ask the manager or the concerned person what profile you need.
    Hope it will help.
    Regards
    Abu

  • HOW TO CREATE LOCAL USER PROFILE

    SIR,
       OS            -    WINDOWS SERVER 2008 R2
       SYSTEM    -    IBM  MACHINE X3400 SERIES
        1. HOW TO CREATE A USER IN WINDOWS SERVER 2008 R2  WITHOUT ACTIVE DIRECTORY 
        2.  AFTER CREATE USER IN WINDOWS SERVER 2008 R2 BUT USER PROFILE NOT CREATE .

    Hi,
    >>1. HOW TO CREATE A USER IN WINDOWS SERVER 2008 R2  WITHOUT ACTIVE DIRECTORY 
    >>2.  AFTER CREATE USER IN WINDOWS SERVER 2008 R2 BUT USER PROFILE NOT CREATE
    Creating an user account on the computer doesn't create a profile for that user. The profile is created the first time the user interactively logs on at the computer. After the user logs onto the computer for the first time, the user's local profile
    will be created in a folder with the name of the user under the systemroot/Users folder.
    Best regards,
    Frank Shen

  • Strange login problem with Open Directory

    Hi,
    I created a web tool that calls dscl to create users in Open Directory from a bound web server.
    Most of the accounts work fine. A couple do not. The particular account in question could login to machines in one computer group, but not on others, using the login window. But it could login on the command-line via su.
    Now here's the kicker. I deleted the user completely and re-created the user account with the same login name, and assigned it to the same groups as other new accounts that work fine. The problem persists.
    The only thing I've found that indicates a problem is the following from the ldap log:
    Sep 17 10:36:14 poseidon slapd[61]: Entry (uid=<username changed>,cn=users,dc=<redacted>,dc=<redacted>,dc=<redacted>): object class 'posixAccount' requires attribute 'homeDirectory'
    (note the redactions and username were put in by me...paranoia etc)
    I used 'Inspector' in Workgroup Manager and verified that the account does in fact have the required homeDirectory attribute, and the account is not unlike other accounts that work fine, save the username and unique ID.
    I hope this provides enough info for someone to give some guidance...this is certainly a strange problem.
    Thanks ahead of time!
    -Matt

    Hi,
    I created a web tool that calls dscl to create users in Open Directory from a bound web server.
    Most of the accounts work fine. A couple do not. The particular account in question could login to machines in one computer group, but not on others, using the login window. But it could login on the command-line via su.
    Now here's the kicker. I deleted the user completely and re-created the user account with the same login name, and assigned it to the same groups as other new accounts that work fine. The problem persists.
    The only thing I've found that indicates a problem is the following from the ldap log:
    Sep 17 10:36:14 poseidon slapd[61]: Entry (uid=<username changed>,cn=users,dc=<redacted>,dc=<redacted>,dc=<redacted>): object class 'posixAccount' requires attribute 'homeDirectory'
    (note the redactions and username were put in by me...paranoia etc)
    I used 'Inspector' in Workgroup Manager and verified that the account does in fact have the required homeDirectory attribute, and the account is not unlike other accounts that work fine, save the username and unique ID.
    I hope this provides enough info for someone to give some guidance...this is certainly a strange problem.
    Thanks ahead of time!
    -Matt

Maybe you are looking for