How to create user in specific user group in Microsoft Active Directory ?

Similar Messages

• How to create User in the specific group in Microsoft Active Directory

  Hi,
  I am using Nestcape LDAP, and want to create user in the user defined group. I have created a new user group "TestUsers" in the "Users" container of Active Directory, I want to add the new user to Test Users group But my problem is that whenever I create a new user
  it get added to Domain Users group.
  I tried adding memberOf attribute with value "TestUsers"
  attr = new LDAPAttribute("memberOf", "TestUsers");          
  attrs.add(attr);
  It gives me following error :
  code= 53 Exception 0000209A: SvcErr: DSID-031A0D6F, problem 5003 (WILL_NOT_PERFORM), data 0
  Following is the code I am using.
  public LDAPResult createUserID(
  String userId,
  String pwd,
  String pId,
  boolean resetonLogOn,
  LDAPConnection ldCon) {
  boolean flag = false;
  int code=0;
  try {
  String pwdLastSetVal;
  String desName;
  String desc;
  /* Specify the DN of the new entry. */
  String dn =
  "CN=" + userId + ",CN=" + this.container + "," + this.baseDN; // container = "Users"
  /* Create and add attributes to the attribute set. */
  String objectclass_values[] =
  { "top", "person", "organizationalPerson", "user" };
  // LDAPEntry findEntry=null;
  /* Create a new attribute set for the entry. */
  LDAPAttributeSet attrs = new LDAPAttributeSet();
  /* Attribute sAMAccountName */
  LDAPAttribute attr = new LDAPAttribute(LDAP_SAM_KEY, userId);
  attrs.add(attr);
  /* Attribute unicodePwd */ // LDAP_PASSWORD_KEY = "unicodePwd"
  attr =
  new LDAPAttribute(
  LDAP_PASSWORD_KEY,
  (byte[]) this.encodePassword(pwd));
  attrs.add(attr);
  /* Attribute Display Name */
  desName = userId + ":" + pId;
  //desName = userId ;
  attr = new LDAPAttribute(LDAP_DIS_NAME_KEY, desName);
  attrs.add(attr);
  /** Attribute userAccountControl to enable the userid.
  attr = new LDAPAttribute(LDAP_ACCOUNT_KEY, LDAP_ACCOUNT_EN_VAL); // LDAP_ACCOUNT_EN_VAL= "548"
  attrs.add(attr);
  /* Attribute pwdLastSet to reset the password on first logon*/
  if (resetonLogOn == true) {
  pwdLastSetVal = "0";
  } else {
  pwdLastSetVal = "-1";
  attr = new LDAPAttribute(LDAP_RESET_KEY, pwdLastSetVal);
  attrs.add(attr);
  /* Attribute Description */
  desc = " Account Created by HelpNow App";
  attr = new LDAPAttribute(LDAP_DESC_KEY, desc);
  attrs.add(attr);
  /* Attribute objectclass */
  attr = new LDAPAttribute("objectclass", objectclass_values);
  attrs.add(attr);
  attr = new LDAPAttribute("memberOf", "TestUsers");          
  attrs.add(attr);
  /* Create an entry with this DN and these attributes . */
  LDAPEntry myEntry = new LDAPEntry(dn, attrs);
  /* Add the entry to the directory. */
  ldCon.add(myEntry);
  flag = true;
  }catch (LDAPException e) {
  flag = false;
  code=e.getLDAPResultCode();
  }catch (Exception e) {
  flag = false;
  code=LDAPException.OTHER;
  }finally {
  ldaprs.flag=flag;
  ldaprs.code=code;
  return ldaprs;
  }

  Refer to the post titled "JNDI, Active Directory and Group Memberships" available at http://forum.java.sun.com/thread.jspa?threadID=581444&tstart=150

• ODI Integration With Microsoft Active Directory to bring User id to Table

  Hi All,
  I have to bring the USER Id of  Employees from the Microsoft Active Directory based on the Mai id of the user.
  I have a table like below:
  User_name
  Mail_id
  Vishwas
  [email protected]
  John
  [email protected]
  Depak
  [email protected]
  I need to bring the User id of that employees from Active Directory and load it to another table
  Now the Issues is What are the Things i have to perform in ODI to do this:
  I have gone through some of the Blogs for the same but every where i found using ODI for External Authentication.
  Can i get the User Ids in a relational tables so that i can join it with above table and load it to target ?
  Please let me know if any body have the solution for it
  Thanks
  Regards

  I think you can user ldap driver to read entries from your ldap server. Please check the documentation at LDAP Directories - 11g Release 1 (11.1.1)

• How to create Lookup field in user form in OIM 11g - Urgent

  Hi Experts,
  How to create Lookup field in User Form - OIM 11g.
  Pls. provide your support on priority.
  Regards
  Karan

  Thanks all for your suggestion.
  Our requirement, is we need to have a user defined field similar to how its there in "Organisation".
  For example we need to create an user defined field like "Service Holding" which holds different services say like Service 1, Service 2, Service 3 etc.
  Under each service there are multiple roles....
  Eg:
  Service 1 - Role 1, Role 2, Role 3
  Service 2 - Role 4, Role 5
  Service 3 - Role 6, Role 7, Role 8
  Is there a way to store multi-valued attribute in OIM UDF? If so, pls. guide us
  If its not possible we would need to create a Lookup field (something similar to Organization or Manager). User clicks on the button (lens button), which should invoke an API wherein he can select specific Roles and save in User. Eg. like Service 1 - Role 1#Service 2 # Role 5 and store in the backend database.
  Is this possible. Pls. guide.
  Regards,
  Karan

• How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR

  Hi,
  How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR
  Regards
  Anil Kumar

  Hello there Anil,
  A simple way to quickly get a overview is to look at the request history within the portal environment (note that this will expire in a few day based on your environment, after that you would need to FIM Reporting Module - but you could increase this to
  maybe 60 days to so, watch the DB size).
  To do this you could create some custom search scopes of do some custom queries. The creator of the SSPR activities always has the same GUID so you can use that so search.
  In your search scope you can use the following XPath to play with.
  - All Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and Operation='Put']
  - All Completed Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and RequestStatus=‘Completed']
  You can play with the "RequestStatus".
  Hope this helps.
  Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
  faster.]

• How can I set a specific user log on neme to a specific machine

  Greeting,
  I have a question : 
  How can I set a specific user log on name to a specific machine.
  e.g. 
  Only User.A can log on to PC.A and the other can not.
  Base On :
  Windows Server 2003
  Active Directory Version : 5.2.3790.1812

  Technically we're both right.  This depends on what scenario you're setting this up.
  1)  If you want to say only this person can log on to this machine, and it's not an enterprise solution (meaning you have a handful of computers you want restricted, not all computers) then do something like Yan Li has recommended.  However, I
  do not recommend using any DENY LOCAL LOGON user rights.  In this case, you would have to deny everyone except 'User A' and your Administrators.  If you put a user in ALLOW LOCAL LOGON and DENY LOCAL LOGON, then DENY wins and no one logs in.  Instead,
  you should remove all the settings from ALLOW LOCAL LOGON and add only User A and administrators.
  2) If this is an enterprise solution, use the LOG ON TO option I mentioned before.  Managing user right assignments per machine is very difficult and isn't a practical way to do it on a large scale.  If every user in your domain is assigned a computer
  that they can use, only that user can use that machine and that machine will effectively only allow that user.  For this to work, EVERY user must be restricted to a workstation, if no setting is present, then that user can log on anywhere.  This
  is my preferred solution still.
  Like I said, it depends on your situation to which route is better.  I hope this helps and is clear and easy to understand.
  - If you have my posts to be helpful, or the answer, please mark them appropriately.  Thank you.
  Chris Ream

• How to create a new admin user in oracle 9i?.

  Hi I am new to oracle. I want to set up a new database for my application.
  How to create a new admin user in oracle 9i?. I would like to have a new schema. where I can create tables for my application from scratch.

  If I understand your question correctly:
  You need to be connected to the database with the user SYS.
  open a command-line session and do the following to create an Oracle user with DBA option other than SYS.
  C:\>sqlplus /nolog
  SQL*Plus: Release 9.2.0.1.0 - Production on Fri Oct 14 08:46:13 2005
  Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.
  SQL> conn  /  as sysdba
  Connected.
  SQL>
  SQL> create user test identified by pass;
  User created.
  SQL> grant create session to test;
  Grant succeeded.
  SQL> alter user test account unlock;
  User altered.
  SQL> grant dba to test with admin option;
  Grant succeeded.
  SQL> conn test/pass
  Connected.
  SQL>
  SQL> sho user
  USER is "TEST"
  SQL>Now you have a user with username 'test' and password 'pass' with DBA role with Admin option
  Tony Garabedian
  From now on you can connect directly with SQL*Plus no need for comman-line. Just provide the username/password and you're logged in.
  Message was edited by:
  Tony Garabedian

• How to create and see the user interface of helloworld sample??

  hello friends,
  i have deployed the hello world sample
  now i want to know how to create and see the user interface of hello world sample.
  thanks and regards..

  If you go to bpel console host:port/BPELConsole (in a dev install, localhost:9700), click on your process, we will generate, based on the describing wsdl a UI for you ..
  hth clemens

• How to create a login to users in PHP

  How to create a login for users to access their data,
  currently I can only see the first user everytime I login even with
  a different username. I know I need session stuff but don't know
  how to use, add or where to put them in.
  Thanks in advanced.

  I also am wrestling with the same problem. Session variables
  have not worked. I have determined that if the GET method is used,
  then the recordset of the users records are there. If the POST
  method is used, the recordset is blank. It appears to be something
  inherent in the Log In User behavior.
  I am trying to have a customer log in and then only see their
  particular inventory records. I do not want them be directed to a
  page with a listing of all the various customers and then select
  from that. Not suitable at all.
  If I find an answer, will let you know.
  Thanks and good luck,
  Dale :-)

• How to create a new application user by my application?

  Hello,
  I want to give the user of my application the possibility to create a new application user if necessary. The creation of a new user should be realized in my application. I tried to find the answer in the apex user guide, but I haven't found it. Can somebody tell me how to create a new application user in the implemented application (one page in application for creating users for my application)?
  Thanks,
  Bettina

  Hello Bettina,
  You can do that using the API: www_flow_fnd_user_api.create_fnd_user. If you look at that procedure in SQL Dev (or TOAD or whatever you like), you can see an example and the description of the arguments.
  Greetings,
  Roel
  http://roelhartman.blogspot.com/
  http://www.bloggingaboutoracle.org/
  http://www.logica.com/

• Remove users from all distribution groups in Microsoft 365

  Hello
  I would like to know if there is a way I can remove a user from all distribution groups in Microsoft 365. I have a rather large list of users that this would need to be applied to though.
  Any help would be greatly appreciated.
  John

  I would assume yes since there is a cmdlet called, "Remove-DistributionGroupMember", you usually have to have to post some code of what you have
  tried or working on to get further help from most other people here. 

• Creating group dynamically in active directory depending on their role

  Hi,
  I have sycn oid and active directory using directory integration platform. Now the scenario is We have one system says hr system which take care of entering all the user information. Once it submit that information it goes to oid. Now we want that when we import all that user from oid to active directory it didn't duplicate any user as well as depending on their role it should create groups dynamically in active directory. For e.g: If user belong to Trainee category or manager category it must create Trainee group & Manager group & respective person should go into that group. I don't know whether my question is placed in right group or not. I am using filter to do this task but not able to write proper condition in "source matching filter" and "destination matching rule". Any help will be appreciated.
  Thanks,
  Sonya Sharma

  Thanks Tamim. To clear your thought, i will explain again. I have sync oid and active directory through Directory integration platform. I have created user in oid.(cn=users,dc=mycompany,dc=com). It get sync in active directory properly. Now i have created two group in active directory say for e.g Trainees and Manager. There is a field name position in oid which is a custom attribute. When i fill the information of user in oid, I have to fill "Position" attribute also. So my question is that, if i fill Trainee as a value in Position attribute and click on submit it should go in Trainee Group In active directory and not in user group. Same for manager. How can we achieve this? Can we do it through filter? Or any other way? It's needed desperately. Please help me in resolving this issue.
  Regards,
  Sunil

• The user and the mailbox are in different Active Directory Sites

  Hi All,
  I have 2 site, each site have an Exchange Server 2010 SP1, let say Site HQ and Site DRC I monitored it with SCOM 2007 R2, site HQ successfully monitored, then I continue try to monitor DRC site. I executed new-TestCasConnectivityUser.ps1 at MBX DRC Site
  to create extest user.
  Then I try to execute command to test-connectivity, but it failed.
  Test-OwaConnectivity -TestType:Internal -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true | fl
  RunspaceId                  : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  AuthenticationMethod        :
  MailboxServer               : CONMBX02.contoso.com
  LocalSite                   : CONMBX02.contoso.com
  SecureAccess                : False
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : DRCCAS01
  LocalSiteShortName          : CONMBX02
  ClientAccessServer          : DRCCAS01.contoso.com
  Scenario                    : Reset Credentials
  ScenarioDescription         : Reset automated credentials for the Client Access Probing Task user on Mailbox server CON
                                MBX02.contoso.com.
  PerformanceCounterName      :
  Result                      : Failure
  Error                       : [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while t
                                rying to access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extes
                                t_xxxxxxxx
                                 Additional information:
                                 [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
                                different Active Directory sites..
  UserName                    : extest_xxxxxxxx
  StartTime                   : 04/01/2012 20:46:19
  LaCONcy                     : 00:00:00.0156460
  EventType                   : Error
  LaCONcyInMillisecondsString :
  Identity                    :
  IsValid                     : True
  WARNING: No Client Access servers were tested.
  RunspaceId          : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
  Events              : {Source: MSExchange Monitoring OWAConnectivity Internal
                        Id: 1005
                        Type: Error
                        Message: Couldn't access one or more test mailboxes.
                        The service that is being tested will not run against these mailboxes.
                         Detailed information:
                        Local Site:DRCProduction
                        [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while trying to
                         access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extest_xxxxxxxx
                         Additional information:
                         [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in differen
                        t Active Directory sites..
  PerformanceCounters : {Object: MSExchange Monitoring OWAConnectivity Internal
                        Counter: Logon LaCONcy
                        Instance: DRCCAS01.contoso.com|DRCProduction
                        Value: -1000}
  any help appreciate it.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

  Hi
     Removed existing test account on two site.
     Then created test account on DGC through new-TestCasConnectivityUser.ps1.
     Flushed Health Service on RMS.
  Terence Yu
  TechNet Community Support
  Hi
  What do you mean on DGC ? you mean I have remove both test account or just at DRC site only ?
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Krisna Ismayanto | My blogs:
  Krisna Ismayanto | Twitter: @ikrisna

• How to create the multi-realm (or multi-entries)in one Directory instance?

  how to create the multi-realm (or multi-entries)in one Directory instance?
  I have installed a new iplanet Directory Server 5.2 on a win2k box, named "vp.com1.com"
  When I installed this server, it helped me to create a new Directory server instance with the default realm "dc=com1,dc=com".
  I could log on console and found root node, which is "com1.com"
  expanded this root node, I got a tree as following:
  "com1.com" -> "vp.com1.com" -> "server group" -> "Directory Server(VP)"
  Then open "Direbory Server(VP)" -> click tab "Directory"
  Got a tree as following:
  vp.com1.com(389) --> dc=com1,dc=com
  o=NetscapeRoot
  Now I wanna create a new entries, which is "dc=com2,dc=com"
  How to do?
  I had checked almost all the related doc but failed to get the valuable info.
  Would you like to do me a favour? Or forward me some reference?
  Because I'm a new guy for iplanet Directory Server, would you pls me the help in detail.
  This task is very urgent for me, so really appreciate your early help!

  Look on page 87 of the Sun ONE Directory Server 5.2 Administration Guide. The section "Creating a New Root Suffix Using the Console" should give you step-by-step instructions.

• Test-OutlookConnectivity fails with '[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sites'.

  I have a two site DAG, and the command is running from the alternate site where the databases are not currently being hosted. The following command...
  Test-OutlookConnectivity -Protocol:TCP -TrustAnySSLCert:$true -MonitoringContext:$true
  ...errors with the following output:
  An error occurred while trying to access mailbox CurrentlyHostingMBServerName.InternalDomainName, on behalf of user InternalDomainName\extest_bb13200232474
   Additional information:
   [Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sit
  es..
      + CategoryInfo          : OperationStopped: (Microsoft.Excha...onnectivityTask:TestOutlookConnectivityTask) [Test-
     OutlookConnectivity], CasHealthStorageErrorException
      + FullyQualifiedErrorId : F2F8AC0D,Microsoft.Exchange.Monitoring.TestOutlookConnectivityTask
  I thought this command would work based on the 'AllowCrossSiteRpcClientAccess: True' option on the DAG.  The command works well if run a CAS server in the active DB site.

  Hi,
  Exchange 2013 users use Outlook Anywhere to connect to CAS server. You may run the RCA to test the connectivity:
  https://www.testexchangeconnectivity.com/
  Thanks,
  Simon Wu
  TechNet Community Support