How to display active directory users through weblogic portal Application?

Similar Messages

• How to populate active directory users in to drop down list items dynamically in Share point 2010 ?

  Hi My self Arun in my current project i have a task on that active directory user  need to automatically populate in share point list drop down  please help me.  is that any out of box feature in share point 2010 ?   
  Thanking You 
  Arun 

  Arun,
  If you plan to implement the "Querying the Active Directory" based on my code snippet,
  and if you do not have permission [your account must be the part of domain admin] to do so,
  Then still you can do it in least effort through code,
  string usersInXml = SPContext.Current.Web.AllUsers.Xml;your xml string look like this.
  <Users><User ID="2" Sid="" Name="Administrator"
  LoginName="i:0#.w|murugesan\administrator" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1" Sid="" Name="Murugesa Pandian" LoginName="i:0#.w|murugesan\murugesan" Email="" Notes="" IsSiteAdmin="True" IsDomainGroup="False" Flags="0" /><User ID="1073741823" Sid="S-1-0-0" Name="System Account" LoginName="SHAREPOINT\system" Email="" Notes="" IsSiteAdmin="False" IsDomainGroup="False" Flags="0" /></Users>
  You can user Linq to XML to filter the "LoginName,Name and Email and then populate your drop down list.
  * User must be logged into the site at least once.
  Murugesa Pandian.,MCTS|App.Devleopment|Configure

• How to integrate Active Directory with Oracle Weblogic

  hi
  is there any Oracle Document that descripes how to integrate the LDAP Active directory with Oracle Weblogic 10.3
  Regards
  Edited by: qasas on 28-Nov-2009 13:56

  weblogic docs (and there identity asserters) - http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html

• How to Add Active Directory user to Admin Role

  Hi All,
  I am trying to figure out how to add a AD user to the Admin Role..
  I am connected to AD and can see the user (myself), however, when I try to add myself to the admin role, it says user not found.
  I go to Security Realms > myreals > Roles and Policies > Global Roles > Roles > Admin > View Role Condition.
  I see that the Administrators Group is already added. Now I click "add Conditions" and select "User" from the Predicate List and type in the user " Doe' John".
  On the next screen I get "user: John or Dow" does not exist.
  Another option could be to add the user to the Administrator group, but I couldnt figure out how to do that as well. When I navigate to the user under Users or Groups, I dont see an option to add that user to the Administrator group.
  Is it that you can only add users created in Weblogic to the Admin group?
  Any help on this will be very appreciated.
  Thanks in advance.

  I think I got it. I had to add the AD group the user is part of to the Admin role.

• How to integrate active directory users(credentials) to Open Directory LDAPv3?

  -I don't want to have a separate directory anymore.

  Hi RM,
  It would require that you setup your Portal in such a way being able to handle Windows Integrated Authentication via Kerberos. This is already very well explained in the following blogs:
  /people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
  http://wiki.sdn.sap.com/wiki/display/EP/SingleSignOntotheJ2EEEnginefromWindows
  After setting up your datasource, in your case the ADS, you will need to run SPNego Wizard in NWA to have it integrated with SSO.
  Best regards,
  Andre

• How to import your MS Active Directory users in an Oracle table

  Hello,
  I first tried to get a Heterogenous Connection to my MS Active Directory to get information on my Active Directory users.
  This doesn't work so I used an alternative solution:
  How to import your MS Active Directory users in an Oracle table
  - a Visual Basic script for export from Active Directory
  - a table in my database
  - a SQL*Loader Control-file
  - a command-file to start the SQL*Loader
  Now I can schedule the vsb-script and the command-file to get my information in an Oracle table. This works fine for me.
  Just to share my scripts:
  I made a Visual Basic script to make an export from my Active Directory to a CSV-file.
  'Export_ActiveDir_users.vbs                              26-10-2006
  'Script to export info from MS Active Directory to a CSV-file
  '     Accountname, employeeid, Name, Function, Department etc.
  '       Richard de Boer - Wetterskip Fryslan, the Nethterlands
  '     samaccountname          Logon Name / Account     
  '     employeeid          Employee ID
  '     name               name     
  '     displayname          Display Name / Full Name     
  '     sn               Last Name     
  '     description          Description / Function
  '     department          Department / Organisation     
  '     physicaldeliveryofficename Office Location     Wetterskip Fryslan
  '     streetaddress          Street Address          Harlingerstraatweg 113
  '     l               City / Location          Leeuwarden
  '     mail               E-mail adress     
  '     wwwhomepage          Web Page Address
  '     distinguishedName     Full unique name with cn, ou's, dc's
  'Global variables
      Dim oContainer
      Dim OutPutFile
      Dim FileSystem
  'Initialize global variables
      Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
      Set OutPutFile = FileSystem.CreateTextFile("ActiveDir_users.csv", True)
      Set oContainer=GetObject("LDAP://OU=WFgebruikers,DC=Wetterskip,DC=Fryslan,DC=Local")
  'Enumerate Container
      EnumerateUsers oContainer
  'Clean up
      OutPutFile.Close
      Set FileSystem = Nothing
      Set oContainer = Nothing
      WScript.Echo "Finished"
      WScript.Quit(0)
  Sub EnumerateUsers(oCont)
      Dim oUser
      For Each oUser In oCont
          Select Case LCase(oUser.Class)
                 Case "user"
                      If Not IsEmpty(oUser.distinguishedName) Then
                          OutPutFile.WriteLine _
                 oUser.samaccountname      & ";" & _
                 oUser.employeeid     & ";" & _
                 oUser.Get ("name")      & ";" & _
                 oUser.displayname      & ";" & _
                 oUser.sn           & ";" & _
                 oUser.description      & ";" & _
                 oUser.department      & ";" & _
                 oUser.physicaldeliveryofficename & ";" & _
                 oUser.streetaddress      & ";" & _
                 oUser.l           & ";" & _
                 oUser.mail           & ";" & _
                 oUser.wwwhomepage      & ";" & _
                 oUser.distinguishedName     & ";"
                      End If
                 Case "organizationalunit", "container"
                      EnumerateUsers oUser
          End Select
      Next
  End SubThis give's output like this:
  rdeboer;2988;Richard de Boer;Richard de Boer;de Boer;Database Administrator;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Richard de Boer,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;
  tbronkhorst;201;Tjitske Bronkhorst;Tjitske Bronkhorst;Bronkhorst;Configuratiebeheerder;Informatie- en Communicatie Technologie;;Harlingerstraatweg 113;Leeuwarden;[email protected];;CN=Tjitske Bronkhorst,OU=Informatie- en Communicatie Technologie,OU=Afdelingen,OU=WFGebruikers,DC=wetterskip,DC=fryslan,DC=local;I made a table in my Oracle database:
  CREATE TABLE     PG4WF.ACTD_USERS     
       samaccountname          VARCHAR2(64)
  ,     employeeid          VARCHAR2(16)
  ,     name               VARCHAR2(64)
  ,     displayname          VARCHAR2(64)
  ,     sn               VARCHAR2(64)
  ,     description          VARCHAR2(100)
  ,     department          VARCHAR2(64)
  ,     physicaldeliveryofficename     VARCHAR2(64)
  ,     streetaddress          VARCHAR2(128)
  ,     l               VARCHAR2(64)
  ,     mail               VARCHAR2(100)
  ,     wwwhomepage          VARCHAR2(128)
  ,     distinguishedName     VARCHAR2(256)
  )I made SQL*Loader Control-file:
  LOAD DATA
  INFILE           'ActiveDir_users.csv'
  BADFILE      'ActiveDir_users.bad'
  DISCARDFILE      'ActiveDir_users.dsc'
  TRUNCATE
  INTO TABLE PG4WF.ACTD_USERS
  FIELDS TERMINATED BY ';'
  (     samaccountname
  ,     employeeid
  ,     name
  ,     displayname
  ,     sn
  ,     description
  ,     department
  ,     physicaldeliveryofficename
  ,     streetaddress
  ,     l
  ,     mail
  ,     wwwhomepage
  ,     distinguishedName
  )I made a cmd-file to start SQL*Loader
  : Import the Active Directory users in Oracle by SQL*Loader
  D:\Oracle\ora92\bin\sqlldr userid=pg4wf/<password>@<database> control=sqlldr_ActiveDir_users.ctl log=sqlldr_ActiveDir_users.logI used this for a good list of active directory fields:
  http://www.kouti.com/tables/userattributes.htm
  Greetings,
  Richard de Boer

  I have a table with about 50,000 records in my Oracle database and there is a date column which shows the date that each record get inserted to the table, for example 04-Aug-13.
  Is there any way that I can find out what time each record has been inserted?
  For example: 04-Aug-13 4:20:00 PM. (For my existing records not future ones)
  First you need to clarify what you mean by 'the date that each record get inserted'.  A row is not permanent and visible to other sessions until it has been COMMITTED and that commit may happen seconds, minutes, hours or even days AFTER a user actually creates the row and puts a date in your 'date column'.
  Second - your date column, and ALL date columns, includes a time component. So just query your date column for the time.
  The only way that time value will be incorrect is if you did something silly like TRUNC(myDate) when you inserted the value. That would use a time component of 00:00:00 and destroy the actual time.

• How to create "folders" in Active Directory Users and Computers?

  Hello Community
      In Windows Server 2008R2 when you go to Active Directory Users and Computer
  you will see icons of folders such as:
      -  Builtin has a folder icon
      - Computers has a folder icon
      - ForeignSecurityPrinicpals has a folder icon
      - Domain Controller as a folder icon
      - Managed Service Accounts has a folder icon
      - Users has a folder icon
      All of the above folders are visually identical.
      If you right click and select “File” –  “New”
   on any of the selections the icon
  will not look like the folder icon they have their own icons which look different
  from the "Folder" icon.
      I would like to create a “Folder” that looks just visually exactly like the ones
  mentioned above, how can I create those types of Folders in Active Directory User
  and Computers?
      Note: I would like to put users in the folders.
      Thank you
      Shabeaut

  Hi,
  you should use OUs (an OU is they type of object (folder) that is available for you to easily create.
  The object type you are asking about is a "container", and there are various reasons why an OU is more flexible (applying GPO, etc).
  Refer: Delegating Administration by Using OU Objects
  http://technet.microsoft.com/en-us/library/cc780779(v=ws.10).aspx   
  and the sub-articles:
  Administration of Default Containers and OUs
  http://technet.microsoft.com/en-us/library/cc728418(v=ws.10).aspx
  Delegating Administration of Account and Resource OUs
  http://technet.microsoft.com/en-us/library/cc784406(v=ws.10).aspx
  Also: http://technet.microsoft.com/en-us/library/cc961764.aspx
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Active Directory Users and Computer not displaying column data?

  I am running Windows 8.1 Enterprise with RSAT installed.  My Domain controllers are Server 2008 R2.
  I am having and issue with Active Directory Users and Computers.  Typically I will turn on Advanced Features and then add Columns for Email address and Display Name.  This for example allows me to easily export lists of users and there email
  addresses among other things.
  The issue is that on my Windows 8.1 client, the columns for Email and Display Name are empty.  It simply will not display this information.  It only displays Name, TYpe and Description.
  If I use a Windows 7 client, the information displays correctly.
  Has anyone run into this issue or heard of this problem when using ADUC on Windows 8.1?

  ADUC is an AD tool that is no longer being improved, with Microsoft now focusing on ADAC (Administrative Center). In 8.1, it has improved quite a bit since 7. You can also just try using the
  ActiveDirectory PowerShell Module, which is easy to use and fairly powerful. It can be simple to export lists, and the module for AD is included with RSAT tools.
  Example:
  Import-Module ActiveDirectory
  Get-ADUser -Filter {Manager -eq "John.Smith"} -Properties DisplayName,Mail | Export-Csv dump.csv -NoTypeInformation
  So, recommendation: either use ADAC, or PowerShell -- ADUC is part of the wave of deprecation.

• Logging into weblogic console using Active directory users?

  Hi,
  We developed a portal application using BEA 8.1 by getting users from embidded LDAP provided with the weblogic server.Now we need to access the users accounts stored in active directory.we configured new active directory authenticator and able to see the user and group names in the weblogic console. when we try to login to the console using one of the active directory user names, we are unable to login.
  I would be thankful if any one can help on this.
  Thanks & Regards
  Surendranath Reddy

  Hi Surendranath,
  I am trying to attempt the same task, but have been unsuccessful so far. If you have had any luck with this, please let me know.
  I can get MS AD to work just fine in the Security Provider and it works via the developers application, but I cannot login using the Active Directory users from the Admin Console.
  Thanks,
  Kevin.

• Active directory users and computers wont start on a dc, "the server is not operational"

  In our environment, we have 3 dc's 
  two which run server 2008 (they work perfectly)
  and one never off branch dc that runs server 2008 r2.
  We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
  We have a third party DNS solution.
  How do i troubleshoot this issue?

  dc01 (which replicates perfectly with dc02, and vise versa)
  dcdiag /test:dns
  C:\Users\adminuser>dcdiag /test:dns
  Domain Controller Diagnosis
  Performing initial setup:
  Done gathering initial info.
  Doing initial required tests
  Testing server: Hostingpartner\ourdc01
  Starting test: Connectivity
  ......................... ourDC01 passed test Connectivity
  Doing primary tests
  Testing server: Hostingpartner\ourdc01
  DNS Tests are running and not hung. Please wait a few minutes...
  Running partition tests on : ForestDnsZones
  Running partition tests on : DomainDnsZones
  Running partition tests on : Schema
  Running partition tests on : Configuration
  Running partition tests on : int
  Running enterprise tests on : int.domain.com
  Starting test: DNS
  Test results for domain controllers:
  DC: ourdc01.int.domain.com
  Domain: int.domain.com
  TEST: Delegations (Del)
  Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
  Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
  Summary of test results for DNS servers used by the above domain controllers:
  DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
  2 test failures on this DNS server
  Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
  Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
  Summary of DNS test results:
  Auth Basc Forw Del Dyn RReg Ext
  Domain: int.domain.com
  ourdc01 PASS PASS PASS FAIL n/a PASS n/a
  ......................... int.domain.com failed test DNS
  dcdiag on dc01(which can replicate with dc02)
  C:\Users\adminuser>dcdiag
  Domain Controller Diagnosis
  Performing initial setup:
  Done gathering initial info.
  Doing initial required tests
  Testing server: hostingpartner\ourdc01
  Starting test: Connectivity
  ......................... OURDC01 passed test Connectivity
  Doing primary tests
  Testing server: hostingpartner\ourdc01
  Starting test: Replications
  [Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
  Win32 Error 8453.
  ......................... OURDC01 failed test Replications
  Starting test: NCSecDesc
  ......................... OURDC01 passed test NCSecDesc
  Starting test: NetLogons
  [OURDC01] User credentials does not have permission to perform this operation.
  The account used for this test must have network logon privileges
  for this machine's domain.
  ......................... OURDC01 failed test NetLogons
  Starting test: Advertising
  ......................... OURDC01 passed test Advertising
  Starting test: KnowsOfRoleHolders
  ......................... OURDC01 passed test KnowsOfRoleHolders
  Starting test: RidManager
  ......................... OURDC01 passed test RidManager
  Starting test: MachineAccount
  ......................... OURDC01 passed test MachineAccount
  Starting test: Services
  ......................... OURDC01 passed test Services
  Starting test: ObjectsReplicated
  ......................... OURDC01 passed test ObjectsReplicated
  Starting test: frssysvol
  ......................... OURDC01 passed test frssysvol
  Starting test: frsevent
  ......................... OURDC01 passed test frsevent
  Starting test: kccevent
  ......................... OURDC01 passed test kccevent
  Starting test: systemlog
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:04:29
  (Event String could not be retrieved)
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:04:50
  (Event String could not be retrieved)
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:10:56
  (Event String could not be retrieved)
  An Error Event occured. EventID: 0xC0002719
  Time Generated: 04/04/2013 15:11:17
  (Event String could not be retrieved)
  ......................... OURDC01 failed test systemlog
  Starting test: VerifyReferences
  ......................... OURDC01 passed test VerifyReferences
  Running partition tests on : ForestDnsZones
  Starting test: CrossRefValidation
  ......................... ForestDnsZones passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... ForestDnsZones passed test CheckSDRefDom
  Running partition tests on : DomainDnsZones
  Starting test: CrossRefValidation
  ......................... DomainDnsZones passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... DomainDnsZones passed test CheckSDRefDom
  Running partition tests on : Schema
  Starting test: CrossRefValidation
  ......................... Schema passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... Schema passed test CheckSDRefDom
  Running partition tests on : Configuration
  Starting test: CrossRefValidation
  ......................... Configuration passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... Configuration passed test CheckSDRefDom
  Running partition tests on : int
  Starting test: CrossRefValidation
  ......................... int passed test CrossRefValidation
  Starting test: CheckSDRefDom
  ......................... int passed test CheckSDRefDom
  Running enterprise tests on : int.domain.com
  Starting test: Intersite
  ......................... int.domain.com passed test Intersite
  Starting test: FsmoCheck
  ......................... int.domain.com passed test FsmoCheck
  The problematic dc03:
  Dcdiag gives the same output as dcdiag /test:dns
  C:\Users\adminuser>dcdiag
  Directory Server Diagnosis
  Performing initial setup:
  Trying to find home server...
  Home Server = OURDC03
  Ldap search capabality attribute search failed on server NTSDC03, return
  value = 81
  We have an infoblox dns server on ip address xxx.y.y.251.
  first error in event logs on dc03:
  error 1863
  This is the replication status for the following directory partition on this directory server.
  Directory partition:
  CN=Configuration,DC=int,DC=domain,DC=com
  This directory server has not received replication information from a number of directory servers within the configured latency interval.
  Latency Interval (Hours):
  24
  Number of directory servers in all sites:
  2
  Number of directory servers in this site:
  2
  The latency interval can be modified with the following registry key.
  Registry Key:
  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
  To identify the directory servers by name, use the dcdiag.exe tool.
  You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
  i have also go several warning 2088, 2093, 2087.
  And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones

• Active Directory Authentication in Weblogic 8.1

  Hi,
  We want to do authentication from Microsoft Active Directory using weblogic 8.1.
  I have created a Active directory and
  configured weblogic from console to use it. But it is still not working. Your
  help with these question would be highly
  appreciated.
  1. Is there anyone in group who have tried this before. Please let me know how
  to proceed.
  2. Is there any tool by which I can get to know the different attribute asked
  for configuration in Weblogic?
  3. I am not able to login to my application after configuration. Is there any
  other way to come to know whether it is working
  or not?
  There could be plethora of reason but nothing which can come to my mind. Everything
  seems to be configured correctly. Here is
  portion of my config.xml related with authentication:
  <FileRealm Name="wl_default_file_realm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
  <Security GuestDisabled="false" Name="vendavo-dev"
  PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm" RealmSetup="true">
  <weblogic.security.providers.authentication.DefaultAuthenticator
  ControlFlag="SUFFICIENT"
  Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.DefaultIdentityAsserter
  ActiveTypes="AuthenticatedUser"
  Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultRoleMapper
  Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAuthorizer
  Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAdjudicator
  Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.credentials.DefaultCredentialMapper
  Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.authentication.UserLockoutManager
  Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.Realm
  Adjudicator="Security:Name=myrealmDefaultAdjudicator"
  AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
  =myrealmADAuthenticator"
  Authorizers="Security:Name=myrealmDefaultAuthorizer"
  CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
  DefaultRealm="true" DisplayName="myrealm"
  Name="Security:Name=myrealm"
  RoleMappers="Security:Name=myrealmDefaultRoleMapper"
  UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
  <weblogic.security.providers.pk.DefaultKeyStore
  Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
  ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
  DisplayName="ADAuthenticator" FollowReferrals="false"
  GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
  Name="Security:Name=myrealmADAuthenticator"
  Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
  </Security>
  First, of all is it possible to use Active Directory authentication in Weblogic
  without writing any custom code. If yes, how?
  Thanks in advance,
  Amit Tyagi

  Amit,
  We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
  and downs though.
  |
  |
  1) First, make sure you are sending right LDAP queries to AD. To verify this,
  we used free 3rd party LDAP browser from Softerra. There is also java based free
  browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
  Play with your LDAP settings using this and make sure AD is returning the right
  data.
  |
  2) AD has some default settings that makes it return only the top 1000 users.
  Use ntdsutil.exe to modify these default settings
  |
  3) AD needs to have the right set of users and groups. To configure this, refer
  to WLS docs. This is very well documented in WLS docs. Also refer to this article
  http://dev2dev.bea.com/products/wlportal/whitepapers/wlp70_MSADS.jsp as additional
  reference
  |
  4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
  one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
  another product AD/AM (AD in Application Mode) in combination with MIIS server.
  But if you are using sp2, you shouldn't be worry about this.
  |
  5) In your providers, you might want to get rid of the DefaultAuthentication provider,
  once you are able to establish a connection with your ActiveDirectoryAuthentication
  provider. The DefaultAuthentication provider causes some problems and does not
  let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
  investgated the root of this prob. When we deleted DefaultAuthentication provider,
  everything worked normally - so we didn't really care that much :-)
  |
  6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
  your are able to authenticate talk to your AD.
  |
  These are the ones I could think of. Hope this helps..
  Regards,
  Anant
  "Amit" <[email protected]> wrote:
  >
  Hi,
  We want to do authentication from Microsoft Active Directory using weblogic
  8.1.
  I have created a Active directory and
  configured weblogic from console to use it. But it is still not working.
  Your
  help with these question would be highly
  appreciated.
  1. Is there anyone in group who have tried this before. Please let me
  know how
  to proceed.
  2. Is there any tool by which I can get to know the different attribute
  asked
  for configuration in Weblogic?
  3. I am not able to login to my application after configuration. Is there
  any
  other way to come to know whether it is working
  or not?
  There could be plethora of reason but nothing which can come to my mind.
  Everything
  seems to be configured correctly. Here is
  portion of my config.xml related with authentication:
  <FileRealm Name="wl_default_file_realm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
  <Security GuestDisabled="false" Name="vendavo-dev"
  PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm" RealmSetup="true">
  <weblogic.security.providers.authentication.DefaultAuthenticator
  ControlFlag="SUFFICIENT"
  Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.DefaultIdentityAsserter
  ActiveTypes="AuthenticatedUser"
  Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultRoleMapper
  Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAuthorizer
  Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAdjudicator
  Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.credentials.DefaultCredentialMapper
  Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.authentication.UserLockoutManager
  Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.Realm
  Adjudicator="Security:Name=myrealmDefaultAdjudicator"
  AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
  =myrealmADAuthenticator"
  Authorizers="Security:Name=myrealmDefaultAuthorizer"
  CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
  DefaultRealm="true" DisplayName="myrealm"
  Name="Security:Name=myrealm"
  RoleMappers="Security:Name=myrealmDefaultRoleMapper"
  UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
  <weblogic.security.providers.pk.DefaultKeyStore
  Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
  ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
  DisplayName="ADAuthenticator" FollowReferrals="false"
  GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
  Name="Security:Name=myrealmADAuthenticator"
  Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
  </Security>
  First, of all is it possible to use Active Directory authentication in
  Weblogic
  without writing any custom code. If yes, how?
  Thanks in advance,
  Amit Tyagi

• Hide all except one object in Active Directory Users and Computers.

  Hello,
  I have a question.. I need to allow to one group of "administrators" creating users in one OU and adding computers to the domain, nothing else. I allowed them to log on DC using the GPO "Allow log on locally", because I don't want to give
  them administrator rights, I allowed them to do these operations on one OU through delegation wizard and now I need to make all OUs, groups etc. invisible to them except this OU. What is the best way how to achieve this? Thank you...
  d.

  I would disable the ability to allow them to login. I suggest to create a Computers OU that you can delegate to the "admins" to add computers, and don't use the default Computers container.
  I assume the admins are using Windows 7 or newer. You can customize an RSAT installation to just provide the ADAC.
  Description of Remote Server Administration Tools for Windows 7:
  http://support.microsoft.com/default.aspx/kb/958830
  Remote Server Administration Tools for Windows 7:
  http://technet.microsoft.com/en-us/library/ee449475(WS.10).aspx
  Remote Server Administration Tools for Windows 7
  http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
  Customizing - Installing Remote Server Administration Tools (RSAT) for Windows 7
  http://www.petri.co.il/remote-server-administration-tools-for-windows-7.htm
  Or if you want to chop it down and control it further, create a custom ADUC with just that OU you've delegated. I've done this in the past and worked fine for my customer:
  Delegate an Organizational Unit (OU) in Active Directory Users and Computers (ADUC), then create a custom MMC or customized RSAT
  http://blogs.msmvps.com/acefekay/2014/09/04/delegate-an-organizational-unit-ou-in-active-directory-users-and-computers-aduc-then-create-a-custom-mmc-or-customized-rsat/
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Cannot log into DTR with Active Directory User

  Greetings,
  I have set up and installed JDI correctly.  I can log into /devinf, the cbs, cms and sld systems with no problem using both Administrator and my JDI.Administrator that I assigned to an Active Directory user.  I can log into the DTR using a user from the database (i.e. Administrator), however, when trying to access the DTR with an Active Directory user, I get the following message:
  500   Internal Server Error
    SAP J2EE Engine/6.40 
    Application error occurred during the request procession.
    Details:   Error [javax.servlet.ServletException: Group found, but unique name "businessUnit.all.guests" is not unique!], with root cause [com.tssap.dtr.server.deltav.InternalServerException: Group found, but unique name "businessUnit.all.guests" is not unique!].  The ID of this error is
  Exception id: [0012798F81680042000000090000165C0003FE9AA3C0B86B].
  This group exists in multiple domainshowever, this has not caused us any issues to date with our portal and other pieces of SAP WASit's only this DTR error. 
  Any help is greatly appreciated.
  Thanks,
  Marty

  Hi Marty,
  In the document available at the link enclosed below, there is a part that explains how to configure DTR so that it always uses "Unique-IDs".
  http://help.sap.com/saphelp_nw04/helpdata/en/20/f4a94076b63713e10000000a155106/frameset.htm
  It is mentioned that this is valid for LDAP, but the information is applicable for Active Directory as well.
  Regards,
  Manohar

• Windows 2008 Server - Cannot run Active Directory Users and Computers

  Hi,
  I am running Windows 2008 Server with latest windows updates installed. Directory Services Role also.
  I attempt to open Active Directory Users and Computers tool and I get a;
  Microsoft Visual C++ Runtime Library error;
  "The Application has requested the runtime to terminate it in a unusual way. Please contact the application's support team for more information"
  I click ok, then get the following debug info;
  Problem signature:
  Problem Event Name: APPCRASH
  Application Name: mmc.exe
  Application Version: 6.0.6001.18000
  Application Timestamp: 47919524
  Fault Module Name: msvcrt.dll
  Fault Module Version: 7.0.6001.18000
  Fault Module Timestamp: 4791ad6b
  Exception Code: 40000015
  Exception Offset: 0000000000029b06
  OS Version: 6.0.6001.2.1.0.272.7
  Locale ID: 3081
  Additional Information 1: 43aa
  Additional Information 2: cf3a46656318492c1997480001b6b0e0
  Additional Information 3: 3837
  Additional Information 4: 92f72e0d0589ff77cef51e0a413aeff6
  Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
  If someone could please assist, it would be very much appreciated.
  Regards
  B

   
  Hi,
  To solidly troubleshoot this kind of issue, we need to debug dump file. A suggestion would be to contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request please take a look at the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  However, I am also glad to share my research.
  Some third party applications may lead to this error. Please check if you install other third party applications on Windows server 2008?
  Also, please follow the article below to perform necessary steps to see how it's going?
  FIX: You receive an "invalid page fault in module MSVCRT.DLL" error message after you install the run-time libraries from Visual C++ 6.0
  http://support.microsoft.com/kb/190536/en-us
  Hope this helps.
  Best wishes
  Morgan Che

• Report on Active Directory User Attributes in SCCM 2012

  I need to output a list of all users in a collection, along with certain user attributes from Active Directory. I can get part of what I need with the following query:
  SELECT v_FullCollectionMembership.ResourceID,
  v_R_User.Windows_NT_Domain0,
  v_R_User.Distinguished_Name0,
  v_R_User.Full_User_Name0,
  v_R_User.Mail0,
  v_R_User.User_Name0
  FROM v_FullCollectionMembership, v_R_User
  WHERE v_FullCollectionMembership.ResourceID = v_R_User.ResourceID
  AND v_FullCollectionMembership.CollectionID = 'SMS00002'
  If possible I need to add:
  Last logon timestamp
  User account status (enabled or disabled)
  I have added "lastLogon" and "lastLogonTimestamp" as additional attributesunder Active Directory User Discovery. This discovery method is enabled and I have run a full discovery about a month ago, and again today. I read in
  another thread that these attributes should appear in the table v_R_User, however they have not. Is v_R_User the right place to look for this or is there another view or table I can query?
  Once I have the above sorted out, how can I find the user account status in SCCM? I have done reports in the past directly from AD and used the 'useraccountcontrol' attribute and I noticed there is a column named 'User_Account_Control0' in v_R_User, however
  the values do not match those found in Active Directory.
  Thanks.

  Have you checked the attribute from the Active Directory in decimal format? Check that and compare it to the value ConfigMgr has stored in its 'User_Account_Control0'...
  User Account Control tells you multiple things of the account, for example does the account have "Smart card login required" -option checked from the account properties.
  The tricky part here is to actually get the report show you what you really want, because "useraccountcontrol" -attribute is a numeric value, you have to calculate what decimal combination means what in readable text.
  More info on the attribute can be found from here
  http://support.microsoft.com/kb/305144 and from there you can also find the values for different settings. For example:
  account is enabled = 512
  account is disabled = 514
  account is enabled with smart card = 262656