How to remove user from custom DLU Group
Hi,
I have created a DLU policy that creates a local user, and places this user
in a custom local group (Group is already present on the system). Now I want
to remove this user from this custom group and place it in another custom
group. I have created a second DLU policy to place the user in the new
custom group. The new custom group is added fine, but the old custom group
assignment also remains. How should I set up the policy so that the user is
removed from the old custom group, or is this not possible?
Regards,
Hen
Hen,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/
Similar Messages
-
How to Remove User from Built in Administrators group With Group Policy Enabled
Hi,
I want to remove user from Administrator group which is in restricted group. So I cannot remove him through Active Directory what is the way to remove user from Administrator restricted group.
Thanks
Jibran Ishtiaq> Disable Group policy
"Edit", not "Disable"
> Under Domain click Delegation and went to the restricted group account.
> Remove User from group.
Why "Delegation"? Simply edit the GP object where the "Restricted
Groups" setting is in place...
> Also we have two DNS but one from where I remove account is the primary.
How is DNS related to group policy?
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Remove users from all distribution groups in Microsoft 365
Hello
I would like to know if there is a way I can remove a user from all distribution groups in Microsoft 365. I have a rather large list of users that this would need to be applied to though.
Any help would be greatly appreciated.
JohnI would assume yes since there is a cmdlet called, "Remove-DistributionGroupMember", you usually have to have to post some code of what you have
tried or working on to get further help from most other people here. -
How to add users from person or group field in a sharepoint list to sharepoint group
Hi,
How to add users(single or multiple) from person or group field in a sharepoint list to sharepoint group programmatically?
Any suggestions would be appreciated.
Thank you,
AA.Hello,
Use SPGroup.AddUser() method to add user in group. I have just written sample code in notepad so it is not tested:
SPSecurity.RunWithElevatedPrivileges(delegate()
using(SPSite Site = new SPSite(SPContext.Current.Site.Url))
Using(SPWeb Web = Site.OpenWeb())
SPList list = web.Lists["ListName"];
SPQuery query=new SPQuery ();
query.Query = "<Where><Eq><FieldRef Name='Title' /><Value Type='Text'>Test</Value></Eq></Where>";
SPListItemCollection items = list.GetItems(query);
if(items.Count > 0)
foreach(SPListItem item in items)
//Get USers from person or group column
SPFieldUser userField = (SPFieldUser)item.Fields.GetField("Users");
SPFieldUserValueCollection userFieldValueCollection = (SPFieldUserValueCollection)userField.GetFieldValue(item["Users"].ToString());
SPGroup spGroup = spSite.RootWeb.Groups[groupName];//group name
if (users.Count != 0)
bool isUserInGroup = false;
foreach (SPFieldUserValue user in users)
foreach (SPUser item in spGroup.Users)
string itemUserName = item.LoginName;
string UserName = user.User.LoginName;
if (itemUserName == UserName)
isUserInGroup = true;
break;
if (!isUserInGroup)
spGroup.AddUser(user.User);
The above code will query list item and then get users from "Users" column. Now it will check whetehr user is already in group not, if not then add user in group.
http://rajanijilla.blogspot.sg/2012/09/add-users-to-group-programmatically.html
Hope it could help
Hemendra:Yesterday is just a memory,Tomorrow we may never see
Please remember to mark the replies as answers if they help and unmark them if they provide no help -
USMT ChangeGroup command to remove users from the Administrators group is not working
I'm running USMT in a task sequence, and using this in my config.xml to remove admin rights:
<ProfileControl>
<localGroups>
<mappings>
<changeGroup from="Administrators" to="Users" appliesTo="AllUsers">
<include>
<pattern>*</pattern>
</include>
</changeGroup>
</mappings>
</localGroups>
</ProfileControl>
I see in the scanstate log that this happens:
[0x000000] ProfileControl: Parsing ChangeGroup Administrators => Users for AllUsers
[0x000000] ProfileControl: Parsing ChangeGroup (Administrators => Users) 1 include nodes
[0x000000] ProfileControl: Parsing ChangeGroup (Administrators => Users) 0 exclude nodes
[0x000000] ProfileControl: Parsing ChangeGroup is done
But, in the loadstate on the other end, this happens:
[0x000000] Local Group Membership Mapping: XYX\User123 Added to Administrators
I've tried USMT 4 and 5, changed appliesTo="AllUsers" to "MigratedUsers", i've made the <include> more specific. I can see in the C:\_SMSTaskSequence folder that the config.xml does have the correct info in it.
I thought I had this tested and working previously, and noticed in some recent migrations that the user still had admin rights. I can reproduce the issue on demand now. I recently upgraded sccm 2012 to r2, but I'm not sure what that would have to do
with the issue. I am not using the USMT 6 package (going from XP still). It may very well be that my testing was flawed, and I didnt have it working in the first place
Any suggestions are welcome.you bet, it is a vbs:
Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" And UCase(user.name) <> "SYSTEM WORKSTATION (ADMINISTRATOR)" Then
group.remove user.adspath
End If
Next
Obviously you can modify the list of allowed admin accounts to suit your enviornment. -
How to prevent users from customizing KMs?
Hi,
I have users with CONNECT and DESIGNER profiles assigned to. How to drop out "customize KMs" rights?
ThanksIs there a way to stop users from having the ability to create/edit knowledge modules? I would like to separate the role of creating and maintaining KM's from developers that move data.
Troy -
How to remove User from ProcessRoleInstance Dynamically
Hi All,
I have a requirement of removing a user from the assigned users of a processRoleInstance at runtime.I have tried
executionContext.getProcessRoleInstance().removeRuntimeDefinedUser(user) but its not working properly.Even after executing it ,user remains as a processor of this ProcessRoleInstance.Please help.
Regards
Vikranti thiing it should work with updateing UI
try ....
MainPanel.remove(btnFix[1]);
MainPanel.remove(btnFix[2]);
MainPanel.remove(btnFix[3]);
MainPanel.updateUI();
best luck -
Who removed user from AD Universal secuirty group
Hello , i am trying to find who removed user from universal AD group , i checked audit management policy is enabled but some how event is not getting generated or unable to find those events so please help how to find who did that job - removed the user
from universal security group.
And suppose if anybody is deleting and the logs should be generated on one of the local site Domain controller is that correct ? so anywhere or it can be generated on the member server. Any free third party tool who can help here .
ThanksHere is another informative technet blog resource that helps to track all the changes made in active directory : http://blogs.technet.com/b/askpfeplat/archive/2012/03/05/how-to-track-the-who-what-when-and-where-of-active-directory-attribute-changes-part-i-the-case-of-the-mysteriously-modified-upn.aspx
If you wish to audit such changes automatically, you may also consider on this automated solution (http://www.activedirectoryaudit.com/) that would be a better approach to audit all the critical changes
into real time and get instant notification for through customized email notification. -
I created a new user account from SSH connection to our cluster. The user belongs to two groups by default: nobody and wheel. I tried to delete him from the two group by using dscl command, I got the following error:
/NetInfo/root/Groups > delete wheel GroupMembership ryan
<main> attribute status: eDSAttributeNotFound
/NetInfo/root/Groups > read wheel
AppleMetaNodeLocation: /NetInfo/root
GeneratedUID: ABCDEFAB-CDEF-......
GroupMembership: root
Password: *
PrimaryGroupID: 0
RealName: System Group
RecordName: wheel
RecordType: dsRecTypeStandard:Groups
SMBSID: ......
I would like to know how to remove him from the two groups. Thank you very much.
Apple Cluster Mac OS X (10.4.3)I had to update the code to the following because Get-SPUser was not working properly:
$url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
$userName = "spfarm\spprofileimport";
$site = New-Object Microsoft.SharePoint.SPSite($url)
$web = $site.OpenWeb()
$siteGroups = $web.Groups;
Clear-Host
$mySiteGroups = @();
foreach($group in $siteGroups)
Write-Host $group
$mySiteGroups += $group;
}#foreach
$members = $web.Groups[$mySiteGroups[0]];
$owners = $web.Groups[$mySiteGroups[1]];
$visitors = $web.Groups[$mySiteGroups[2]];
#Convert the user name to an SPUser account
$spUser = $web.Site.RootWeb.EnsureUser($userName);
Write-Host $spUser.ID
Remove-SPUser -Identity $spUser -Web $url -Group $owners
$web.Update();
$web.Dispose();
Write-Host "User " $userName "removed from " $owners
Was I not using Get-SPUser correctly? -
Adding and removing current user from one SharePoint group to another with event receiver
hi friends
i need to change current user from one SharePoint group to another with list item adding event receiver.
please help meHi Malli,
Greetings. Its nt possible
http://sharepoint.stackexchange.com/questions/42286/event-receivers-on-add-remove-users
Please remember to click 'Mark as Answer' on the answer if it helps you -
CSSImport Utility - Remove Users from Groups
We have a security group that has a few hundred users assigned to the group. When there is a need to remove a user from the group it is difficult to find the user as I have comb through the list to find the user i am trying to remove. Two questions: is there a way to sort the users in the group in Share Services? The second question is can users be removed using the CSSImport utility by specifying the "delete" option in the importexport.properties? Does the "delete" option remove the user from the secuity group and or does it delete it completely from ShareServices? (we are using Hyperion v9.3.0.1.0 Build 5)
Hi,
I am not so sure about the sorting but removing users from groups can be done with the CSSImportExport utility, I see you are on 9.3.0, try and get hold of the 9.3.1 version as it is backward compatible to the 9.3.0 version and more stable.
When removing users from groups, just set your import operation to update
import.operation=update
and in your import csv just put the group children elements and the users you want in the group.
#group_children
id,group_id,group_provider,user_id,user_provider
TestGroup,,,UserToKeepInGroup,Native Directory
This way it will keep the users in the import file and remove the users from the group that are not in the file, also it does not remove the user from shared services only from the group.
Ok?
Cheers
John
http://john-goodwin.blogspot.com/ -
Remove user from multiple Group
Hi All,
Can any one help me on this .
we have around 100 different SSLVPN AD security groups. Need a script or command to remove 790 users
from all these groups.
we have list of user in excel sheet we want to remove from group only.
Regards, TriyambakHi,
Just checking in to see if the suggestion was helpful. Please let us know if you would like further assistance.
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Regards, Yan Li -
Unable to remove user from SharePoint Group using PowerShell
I am trying to remove a user from a SharePoint Group using PowerShell.
I can see the user in the Site Collection as part of the SharePoint Group, however, when I attempt to run the script, I get an error message stating "Can not find the user with ID: 10"
Below is the PowerShell script that I am using:
$url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
$userName = "spfarm\sp2013_svc"
#$userName = "spfarm\spprofileimport";
$site = New-Object Microsoft.SharePoint.SPSite($url)
$web = $site.OpenWeb()
$siteGroups = $web.SiteGroups;
Clear-Host
$mySiteGroups = @();
foreach($group in $siteGroups)
Write-Host $group
$mySiteGroups += $group;
}#foreach
$members = $web.SiteGroups[$mySiteGroups[0]];
$owners = $web.SiteGroups[$mySiteGroups[1]];
$visitors = $web.SiteGroups[$mySiteGroups[2]];
#Remove the user from the specified SharePoint Group
$spUser = Get-SPUser -Identity $userName -Web $url
Write-Host $spUser.ID
Remove-SPUser -Identity $spUser -Web $url -Group $owners
$web.Update();
$web.Dispose();
Write-Host "User " $userName "removed from " $owners
Please advise.I had to update the code to the following because Get-SPUser was not working properly:
$url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
$userName = "spfarm\spprofileimport";
$site = New-Object Microsoft.SharePoint.SPSite($url)
$web = $site.OpenWeb()
$siteGroups = $web.Groups;
Clear-Host
$mySiteGroups = @();
foreach($group in $siteGroups)
Write-Host $group
$mySiteGroups += $group;
}#foreach
$members = $web.Groups[$mySiteGroups[0]];
$owners = $web.Groups[$mySiteGroups[1]];
$visitors = $web.Groups[$mySiteGroups[2]];
#Convert the user name to an SPUser account
$spUser = $web.Site.RootWeb.EnsureUser($userName);
Write-Host $spUser.ID
Remove-SPUser -Identity $spUser -Web $url -Group $owners
$web.Update();
$web.Dispose();
Write-Host "User " $userName "removed from " $owners
Was I not using Get-SPUser correctly? -
Project Server 2013 - Remove user from resource pool via sync
Hello everyone,
has anyone managed to configure their Project Server 2013 box with a resource pool sync that will actually remove user from the resource pool (disable "User can be assigned as resource" or deactivate users) when the user is removed from the AD
group(s)?
Setup: Single box, SQL 2012 SP1, SharePoint/Project Server 2013 + PU March + CU April. 2 PWA instances, 1 in SharePoint and 1 in Project permission mode. Tried on 2 different machines (different setup, accounts, domains).
Proceedings:
Create AD user U, AD group G. Add U to G.
Go to PWA, setup resource pool sync with G, sync.
U is now in the resource pool, has no PWA permissions.
Remove U from G. Resync resoure pool.
U is still in resource pool, still a resource, still active, can still be assigned as resource.
Adding U back to G an repeating the whole spiel with a resource pool and a PWA group sync of G will result in U being added and removed from the user list (as expected), and U being added but not removed from the resource pool.
Having read
http://technet.microsoft.com/en-us/library/gg982985.aspx and
http://technet.microsoft.com/en-us/library/gg750243.aspx, there does not seem to be an omission on my part.
The first article states:
Note:
The corresponding Project Server User Account is not deactivated based on this synchronization. If the same Active Directory user is configured to synchronize with a Project Server security group, the Project Server user account will be inactivated when
that synchronization occurs. For more information, see
Best practices to configure Active Directory groups for Enterprise Resource Pool synchronization in Project Server 2013.
Unfortunately, this deactivation either does not seem to occur even with a PWA group sync or I misunderstood the article.
So, did anyone manage to setup their resource pool sync in a way, that new resource will be added, but also be removed from the resource pool?
Kind regards,
AdrianHi Adrian,
you tried to sync the same AD group that you used for the resource pool sync also with a Project Server permission group?
And on removal of the user of the AD group the project user/resource is not deactivated? Only removed from the group
Regards
Christoph
Hi Christoph,
even though I might have tried that before, I tried it again in several constellations. It didn't change anything. The the user will be properly added to and removed from the PWA group whenever I remove them from the AD group, the use will also stay active
(but cannot logon without permissions). However, the user will always remain in the resource pool, i.e. the "User can be assigned as resource." checkbox will remain unless it is cleared manually.
Having re-read the technet articles, none of the scenarios actually seem to descibe or address the process that I require, or maybe I'm just misunderstanding. Let me just try to outline the core issue:
Add user to AD group. Sync AD group with resource pool. User is now a PWA resource and PWA user.
Remove user from AD group, but do not deactivate/delete user from AD.
(Magic happens!)
User cannot be assigned as ressource in PWA.
So, is there anything to make this step 3 happen, or is it just not possible to sync users out of the resource pool anymore unless they are deleted/deactivated in AD?
Kind regards,
Adrian -
How to set users from AD as UCM administrators
Hi
I need to set group from Active Directory as UCM administrators
We have configured AD provider on WLS and group named MyGroup in AD
I created role MyGroup in UCM and users from this AD group can login to UCM.
I tried to create credentials map named "MyMap" with "MyGroup,admin" values,
add "ProviderCredentialsMap=MyMap" to <domain>/ucm/cs/data/providers/jpsuserprovider/provider.hda
and restart UCM
But it not works.
Please advice
Thanks
LeonLeon wrote:I created role MyGroup in UCM and users from this AD group can login to UCM.Try removing the role "MyGroup" you've defined in UCM from the User Admin applet. It's not needed in this case. The "MyGroup" should just "come over" from AD as a role, if you've configured the WLS AD provider correctly.
Otherwise the mapping itself looks ok.
Maybe you are looking for
-
Fat32 External Hard Drive does NOT mount on Windows XP Pro under boot camp
I have a gateway 160gb portable external HDD. When it came pre-formatted in NTFS. It mounted on Windows XP under boot camp or Vmware Virtual machine very well. I then formatted it under HFS+ to use it with superduper. Now that I want to convert it ba
-
I've been having an issue transferring some of my song files in itunes via homesharing from my "old computer" an ibook G4 to my "new computer" a MacBook Pro. I've been able to transfer the majority of the songs; however, when i try to import certain
-
Telephone/bt exchange to home hub...
what kind of difference does this make? i've had bt broadband for nearly a fortnight now after moving to a new property and switching from aol, stats are as follows... . Best Effort Test: -provides background information. Download Speed 0.13 Mbps 0
-
In the default bootstrap.css I got from Visual Studio, I have the following CSS: filter: alpha(opacity=65); That is an IE8 extension, and I have to accept that the CSS does not validate. However, I also get a parsing error from the validator, that is
-
Stopping Cmd-F1 doing what it does.
I'm on a multi-monitor iMac. I use Cmd-1 as a shortcut, since Safari lets you access your bookmarks bar as Cmd-1, Cmd-2 etc... Every now and then, I miss the '1' and press 'F1' by mistake, and oh no - Finder reorganises all my carefully arranged appl