How to create user in specific user group in Microsoft Active Directory ?
Hi,
I am using Nestcape LDAP, and want to create user in the user defined group. I have created a new user group "TestUsers" in the "Users" container of Active Directory, I want to add the new user to Test Users group But my problem is that whenever I create a new user
it get added to Domain Users group.
Following is the code I am using which adds user to default group Domain Users.
public LDAPResult createUserID(
String userId,
String pwd,
String pId,
boolean resetonLogOn,
LDAPConnection ldCon) {
boolean flag = false;
int code=0;
try {
String pwdLastSetVal;
String desName;
String desc;
/* Specify the DN of the new entry. */
String dn =
"CN=" + userId + ",CN=" + this.container + "," + this.baseDN; // container = "Users"
/* Create and add attributes to the attribute set. */
String objectclass_values[] =
{ "top", "person", "organizationalPerson", "user" };
// LDAPEntry findEntry=null;
/* Create a new attribute set for the entry. */
LDAPAttributeSet attrs = new LDAPAttributeSet();
/* Attribute sAMAccountName */
LDAPAttribute attr = new LDAPAttribute(LDAP_SAM_KEY, userId);
attrs.add(attr);
/* Attribute unicodePwd */ // LDAP_PASSWORD_KEY = "unicodePwd"
attr =
new LDAPAttribute(
LDAP_PASSWORD_KEY,
(byte[]) this.encodePassword(pwd));
attrs.add(attr);
/* Attribute Display Name */
desName = userId + ":" + pId;
//desName = userId ;
attr = new LDAPAttribute(LDAP_DIS_NAME_KEY, desName);
attrs.add(attr);
/** Attribute userAccountControl to enable the userid.
attr = new LDAPAttribute(LDAP_ACCOUNT_KEY, LDAP_ACCOUNT_EN_VAL); // LDAP_ACCOUNT_EN_VAL= "548"
attrs.add(attr);
/* Attribute pwdLastSet to reset the password on first logon*/
if (resetonLogOn == true) {
pwdLastSetVal = "0";
} else {
pwdLastSetVal = "-1";
attr = new LDAPAttribute(LDAP_RESET_KEY, pwdLastSetVal);
attrs.add(attr);
/* Attribute Description */
desc = " Account Created by HelpNow App";
attr = new LDAPAttribute(LDAP_DESC_KEY, desc);
attrs.add(attr);
/* Attribute objectclass */
attr = new LDAPAttribute("objectclass", objectclass_values);
attrs.add(attr);
/* Create an entry with this DN and these attributes . */
LDAPEntry myEntry = new LDAPEntry(dn, attrs);
/* Add the entry to the directory. */
ldCon.add(myEntry);
flag = true;
}catch (LDAPException e) {
flag = false;
code=e.getLDAPResultCode();
}catch (Exception e) {
flag = false;
code=LDAPException.OTHER;
}finally {
ldaprs.flag=flag;
ldaprs.code=code;
return ldaprs;
}
Refer to the post titled "JNDI, Active Directory and Group Memberships" available at http://forum.java.sun.com/thread.jspa?threadID=581444&tstart=150
Similar Messages
-
How to create User in the specific group in Microsoft Active Directory
Hi,
I am using Nestcape LDAP, and want to create user in the user defined group. I have created a new user group "TestUsers" in the "Users" container of Active Directory, I want to add the new user to Test Users group But my problem is that whenever I create a new user
it get added to Domain Users group.
I tried adding memberOf attribute with value "TestUsers"
attr = new LDAPAttribute("memberOf", "TestUsers");
attrs.add(attr);
It gives me following error :
code= 53 Exception 0000209A: SvcErr: DSID-031A0D6F, problem 5003 (WILL_NOT_PERFORM), data 0
Following is the code I am using.
public LDAPResult createUserID(
String userId,
String pwd,
String pId,
boolean resetonLogOn,
LDAPConnection ldCon) {
boolean flag = false;
int code=0;
try {
String pwdLastSetVal;
String desName;
String desc;
/* Specify the DN of the new entry. */
String dn =
"CN=" + userId + ",CN=" + this.container + "," + this.baseDN; // container = "Users"
/* Create and add attributes to the attribute set. */
String objectclass_values[] =
{ "top", "person", "organizationalPerson", "user" };
// LDAPEntry findEntry=null;
/* Create a new attribute set for the entry. */
LDAPAttributeSet attrs = new LDAPAttributeSet();
/* Attribute sAMAccountName */
LDAPAttribute attr = new LDAPAttribute(LDAP_SAM_KEY, userId);
attrs.add(attr);
/* Attribute unicodePwd */ // LDAP_PASSWORD_KEY = "unicodePwd"
attr =
new LDAPAttribute(
LDAP_PASSWORD_KEY,
(byte[]) this.encodePassword(pwd));
attrs.add(attr);
/* Attribute Display Name */
desName = userId + ":" + pId;
//desName = userId ;
attr = new LDAPAttribute(LDAP_DIS_NAME_KEY, desName);
attrs.add(attr);
/** Attribute userAccountControl to enable the userid.
attr = new LDAPAttribute(LDAP_ACCOUNT_KEY, LDAP_ACCOUNT_EN_VAL); // LDAP_ACCOUNT_EN_VAL= "548"
attrs.add(attr);
/* Attribute pwdLastSet to reset the password on first logon*/
if (resetonLogOn == true) {
pwdLastSetVal = "0";
} else {
pwdLastSetVal = "-1";
attr = new LDAPAttribute(LDAP_RESET_KEY, pwdLastSetVal);
attrs.add(attr);
/* Attribute Description */
desc = " Account Created by HelpNow App";
attr = new LDAPAttribute(LDAP_DESC_KEY, desc);
attrs.add(attr);
/* Attribute objectclass */
attr = new LDAPAttribute("objectclass", objectclass_values);
attrs.add(attr);
attr = new LDAPAttribute("memberOf", "TestUsers");
attrs.add(attr);
/* Create an entry with this DN and these attributes . */
LDAPEntry myEntry = new LDAPEntry(dn, attrs);
/* Add the entry to the directory. */
ldCon.add(myEntry);
flag = true;
}catch (LDAPException e) {
flag = false;
code=e.getLDAPResultCode();
}catch (Exception e) {
flag = false;
code=LDAPException.OTHER;
}finally {
ldaprs.flag=flag;
ldaprs.code=code;
return ldaprs;
}Refer to the post titled "JNDI, Active Directory and Group Memberships" available at http://forum.java.sun.com/thread.jspa?threadID=581444&tstart=150
-
ODI Integration With Microsoft Active Directory to bring User id to Table
Hi All,
I have to bring the USER Id of Employees from the Microsoft Active Directory based on the Mai id of the user.
I have a table like below:
User_name
Mail_id
Vishwas
[email protected]
John
[email protected]
Depak
[email protected]
I need to bring the User id of that employees from Active Directory and load it to another table
Now the Issues is What are the Things i have to perform in ODI to do this:
I have gone through some of the Blogs for the same but every where i found using ODI for External Authentication.
Can i get the User Ids in a relational tables so that i can join it with above table and load it to target ?
Please let me know if any body have the solution for it
Thanks
RegardsI think you can user ldap driver to read entries from your ldap server. Please check the documentation at LDAP Directories - 11g Release 1 (11.1.1)
-
How to create Lookup field in user form in OIM 11g - Urgent
Hi Experts,
How to create Lookup field in User Form - OIM 11g.
Pls. provide your support on priority.
Regards
KaranThanks all for your suggestion.
Our requirement, is we need to have a user defined field similar to how its there in "Organisation".
For example we need to create an user defined field like "Service Holding" which holds different services say like Service 1, Service 2, Service 3 etc.
Under each service there are multiple roles....
Eg:
Service 1 - Role 1, Role 2, Role 3
Service 2 - Role 4, Role 5
Service 3 - Role 6, Role 7, Role 8
Is there a way to store multi-valued attribute in OIM UDF? If so, pls. guide us
If its not possible we would need to create a Lookup field (something similar to Organization or Manager). User clicks on the button (lens button), which should invoke an API wherein he can select specific Roles and save in User. Eg. like Service 1 - Role 1#Service 2 # Role 5 and store in the backend database.
Is this possible. Pls. guide.
Regards,
Karan -
Hi,
How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR
Regards
Anil KumarHello there Anil,
A simple way to quickly get a overview is to look at the request history within the portal environment (note that this will expire in a few day based on your environment, after that you would need to FIM Reporting Module - but you could increase this to
maybe 60 days to so, watch the DB size).
To do this you could create some custom search scopes of do some custom queries. The creator of the SSPR activities always has the same GUID so you can use that so search.
In your search scope you can use the following XPath to play with.
- All Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and Operation='Put']
- All Completed Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and RequestStatus=‘Completed']
You can play with the "RequestStatus".
Hope this helps.
Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
faster.] -
How can I set a specific user log on neme to a specific machine
Greeting,
I have a question :
How can I set a specific user log on name to a specific machine.
e.g.
Only User.A can log on to PC.A and the other can not.
Base On :
Windows Server 2003
Active Directory Version : 5.2.3790.1812Technically we're both right. This depends on what scenario you're setting this up.
1) If you want to say only this person can log on to this machine, and it's not an enterprise solution (meaning you have a handful of computers you want restricted, not all computers) then do something like Yan Li has recommended. However, I
do not recommend using any DENY LOCAL LOGON user rights. In this case, you would have to deny everyone except 'User A' and your Administrators. If you put a user in ALLOW LOCAL LOGON and DENY LOCAL LOGON, then DENY wins and no one logs in. Instead,
you should remove all the settings from ALLOW LOCAL LOGON and add only User A and administrators.
2) If this is an enterprise solution, use the LOG ON TO option I mentioned before. Managing user right assignments per machine is very difficult and isn't a practical way to do it on a large scale. If every user in your domain is assigned a computer
that they can use, only that user can use that machine and that machine will effectively only allow that user. For this to work, EVERY user must be restricted to a workstation, if no setting is present, then that user can log on anywhere. This
is my preferred solution still.
Like I said, it depends on your situation to which route is better. I hope this helps and is clear and easy to understand.
- If you have my posts to be helpful, or the answer, please mark them appropriately. Thank you.
Chris Ream -
How to create a new admin user in oracle 9i?.
Hi I am new to oracle. I want to set up a new database for my application.
How to create a new admin user in oracle 9i?. I would like to have a new schema. where I can create tables for my application from scratch.If I understand your question correctly:
You need to be connected to the database with the user SYS.
open a command-line session and do the following to create an Oracle user with DBA option other than SYS.
C:\>sqlplus /nolog
SQL*Plus: Release 9.2.0.1.0 - Production on Fri Oct 14 08:46:13 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
SQL> conn / as sysdba
Connected.
SQL>
SQL> create user test identified by pass;
User created.
SQL> grant create session to test;
Grant succeeded.
SQL> alter user test account unlock;
User altered.
SQL> grant dba to test with admin option;
Grant succeeded.
SQL> conn test/pass
Connected.
SQL>
SQL> sho user
USER is "TEST"
SQL>Now you have a user with username 'test' and password 'pass' with DBA role with Admin option
Tony Garabedian
From now on you can connect directly with SQL*Plus no need for comman-line. Just provide the username/password and you're logged in.
Message was edited by:
Tony Garabedian -
How to create and see the user interface of helloworld sample??
hello friends,
i have deployed the hello world sample
now i want to know how to create and see the user interface of hello world sample.
thanks and regards..If you go to bpel console host:port/BPELConsole (in a dev install, localhost:9700), click on your process, we will generate, based on the describing wsdl a UI for you ..
hth clemens -
How to create a login to users in PHP
How to create a login for users to access their data,
currently I can only see the first user everytime I login even with
a different username. I know I need session stuff but don't know
how to use, add or where to put them in.
Thanks in advanced.I also am wrestling with the same problem. Session variables
have not worked. I have determined that if the GET method is used,
then the recordset of the users records are there. If the POST
method is used, the recordset is blank. It appears to be something
inherent in the Log In User behavior.
I am trying to have a customer log in and then only see their
particular inventory records. I do not want them be directed to a
page with a listing of all the various customers and then select
from that. Not suitable at all.
If I find an answer, will let you know.
Thanks and good luck,
Dale :-) -
How to create a new application user by my application?
Hello,
I want to give the user of my application the possibility to create a new application user if necessary. The creation of a new user should be realized in my application. I tried to find the answer in the apex user guide, but I haven't found it. Can somebody tell me how to create a new application user in the implemented application (one page in application for creating users for my application)?
Thanks,
BettinaHello Bettina,
You can do that using the API: www_flow_fnd_user_api.create_fnd_user. If you look at that procedure in SQL Dev (or TOAD or whatever you like), you can see an example and the description of the arguments.
Greetings,
Roel
http://roelhartman.blogspot.com/
http://www.bloggingaboutoracle.org/
http://www.logica.com/ -
Remove users from all distribution groups in Microsoft 365
Hello
I would like to know if there is a way I can remove a user from all distribution groups in Microsoft 365. I have a rather large list of users that this would need to be applied to though.
Any help would be greatly appreciated.
JohnI would assume yes since there is a cmdlet called, "Remove-DistributionGroupMember", you usually have to have to post some code of what you have
tried or working on to get further help from most other people here. -
Creating group dynamically in active directory depending on their role
Hi,
I have sycn oid and active directory using directory integration platform. Now the scenario is We have one system says hr system which take care of entering all the user information. Once it submit that information it goes to oid. Now we want that when we import all that user from oid to active directory it didn't duplicate any user as well as depending on their role it should create groups dynamically in active directory. For e.g: If user belong to Trainee category or manager category it must create Trainee group & Manager group & respective person should go into that group. I don't know whether my question is placed in right group or not. I am using filter to do this task but not able to write proper condition in "source matching filter" and "destination matching rule". Any help will be appreciated.
Thanks,
Sonya SharmaThanks Tamim. To clear your thought, i will explain again. I have sync oid and active directory through Directory integration platform. I have created user in oid.(cn=users,dc=mycompany,dc=com). It get sync in active directory properly. Now i have created two group in active directory say for e.g Trainees and Manager. There is a field name position in oid which is a custom attribute. When i fill the information of user in oid, I have to fill "Position" attribute also. So my question is that, if i fill Trainee as a value in Position attribute and click on submit it should go in Trainee Group In active directory and not in user group. Same for manager. How can we achieve this? Can we do it through filter? Or any other way? It's needed desperately. Please help me in resolving this issue.
Regards,
Sunil -
The user and the mailbox are in different Active Directory Sites
Hi All,
I have 2 site, each site have an Exchange Server 2010 SP1, let say Site HQ and Site DRC I monitored it with SCOM 2007 R2, site HQ successfully monitored, then I continue try to monitor DRC site. I executed new-TestCasConnectivityUser.ps1 at MBX DRC Site
to create extest user.
Then I try to execute command to test-connectivity, but it failed.
Test-OwaConnectivity -TestType:Internal -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true | fl
RunspaceId : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
AuthenticationMethod :
MailboxServer : CONMBX02.contoso.com
LocalSite : CONMBX02.contoso.com
SecureAccess : False
VirtualDirectoryName :
Url :
UrlType : Unknown
Port : 0
ConnectionType : Plaintext
ClientAccessServerShortName : DRCCAS01
LocalSiteShortName : CONMBX02
ClientAccessServer : DRCCAS01.contoso.com
Scenario : Reset Credentials
ScenarioDescription : Reset automated credentials for the Client Access Probing Task user on Mailbox server CON
MBX02.contoso.com.
PerformanceCounterName :
Result : Failure
Error : [Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while t
rying to access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extes
t_xxxxxxxx
Additional information:
[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in
different Active Directory sites..
UserName : extest_xxxxxxxx
StartTime : 04/01/2012 20:46:19
LaCONcy : 00:00:00.0156460
EventType : Error
LaCONcyInMillisecondsString :
Identity :
IsValid : True
WARNING: No Client Access servers were tested.
RunspaceId : 6b709fa5-0719-4be5-ae62-ec4b3617a6e0
Events : {Source: MSExchange Monitoring OWAConnectivity Internal
Id: 1005
Type: Error
Message: Couldn't access one or more test mailboxes.
The service that is being tested will not run against these mailboxes.
Detailed information:
Local Site:DRCProduction
[Microsoft.Exchange.Monitoring.CasHealthStorageErrorException]: An error occurred while trying to
access mailbox CONMBX02.contoso.com, on behalf of user contoso.com\extest_xxxxxxxx
Additional information:
[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in differen
t Active Directory sites..
PerformanceCounters : {Object: MSExchange Monitoring OWAConnectivity Internal
Counter: Logon LaCONcy
Instance: DRCCAS01.contoso.com|DRCProduction
Value: -1000}
any help appreciate it.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Krisna Ismayanto | My blogs:
Krisna Ismayanto | Twitter: @ikrisnaHi
Removed existing test account on two site.
Then created test account on DGC through new-TestCasConnectivityUser.ps1.
Flushed Health Service on RMS.
Terence Yu
TechNet Community Support
Hi
What do you mean on DGC ? you mean I have remove both test account or just at DRC site only ?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Krisna Ismayanto | My blogs:
Krisna Ismayanto | Twitter: @ikrisna -
How to create the multi-realm (or multi-entries)in one Directory instance?
how to create the multi-realm (or multi-entries)in one Directory instance?
I have installed a new iplanet Directory Server 5.2 on a win2k box, named "vp.com1.com"
When I installed this server, it helped me to create a new Directory server instance with the default realm "dc=com1,dc=com".
I could log on console and found root node, which is "com1.com"
expanded this root node, I got a tree as following:
"com1.com" -> "vp.com1.com" -> "server group" -> "Directory Server(VP)"
Then open "Direbory Server(VP)" -> click tab "Directory"
Got a tree as following:
vp.com1.com(389) --> dc=com1,dc=com
o=NetscapeRoot
Now I wanna create a new entries, which is "dc=com2,dc=com"
How to do?
I had checked almost all the related doc but failed to get the valuable info.
Would you like to do me a favour? Or forward me some reference?
Because I'm a new guy for iplanet Directory Server, would you pls me the help in detail.
This task is very urgent for me, so really appreciate your early help!Look on page 87 of the Sun ONE Directory Server 5.2 Administration Guide. The section "Creating a New Root Suffix Using the Console" should give you step-by-step instructions.
-
I have a two site DAG, and the command is running from the alternate site where the databases are not currently being hosted. The following command...
Test-OutlookConnectivity -Protocol:TCP -TrustAnySSLCert:$true -MonitoringContext:$true
...errors with the following output:
An error occurred while trying to access mailbox CurrentlyHostingMBServerName.InternalDomainName, on behalf of user InternalDomainName\extest_bb13200232474
Additional information:
[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active Directory sit
es..
+ CategoryInfo : OperationStopped: (Microsoft.Excha...onnectivityTask:TestOutlookConnectivityTask) [Test-
OutlookConnectivity], CasHealthStorageErrorException
+ FullyQualifiedErrorId : F2F8AC0D,Microsoft.Exchange.Monitoring.TestOutlookConnectivityTask
I thought this command would work based on the 'AllowCrossSiteRpcClientAccess: True' option on the DAG. The command works well if run a CAS server in the active DB site.Hi,
Exchange 2013 users use Outlook Anywhere to connect to CAS server. You may run the RCA to test the connectivity:
https://www.testexchangeconnectivity.com/
Thanks,
Simon Wu
TechNet Community Support
Maybe you are looking for
-
Can you display multiple photos on one page with slide tool to transition between them?
Hi Folks, I have a series of photos taken from the exact same location but on different days. I would like to display them on one page but use a slide tool/bar to move or transition between the photos. If the slide bar can display the date of the pho
-
How can I change the aspect ratio of an image display
I am snapping a sequence of images and using imgPlot to diplay the images. However, due to my camera specifications [it's a Pulnix 9701 with Pixel Size 11.6μm (H) X 13.3μm (V)], the image I get displayed is elongated in the horizontal direction, i.e.
-
How to downgrade from ios 8 to 6
I want to downgrade my iPhone 4s from IOS 8 IOS 6 HG
-
Creating a report containing Report Names and associated Groups in XIr3.2
Hi -- Does anyone know if we have the ability to create a report that contains Report Names and their associated Groups (like LDAP groups)? We actually have Groups associated at the Report Level as well as the Folder level. This functionality did n
-
How do I know if my iPad has a virus
My iPad has started behaving strangely while I'm using safari. It allows me to open google and then search my chosen point, it delivers the findings and allows me to open the chosen site. However when I try to navigate further on the same page or ret