IFolder 3.8 dirsync created orphaned users

Similar Messages

• Powershell Script to find out Orphan Users ( Who are no longer available in AD but SharePoint) in SharePoint 2013

  Hi,
  Can you please on the above issue? I have one script which works fine for sp2010 but not sp2013 below,
  Script
  function Check_User_In_ActiveDirectory([string]$LoginName, [string]$domaincnx)
  $returnValue = $false
  #Filter on User which exists and activated
  #$strFilter = "(&(objectCategory=user)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(samAccountName=$LoginName))"
  #Filter on User which only exists
  #$strFilter = "(&(objectCategory=user)(objectClass=user)(samAccountName=$LoginName))"
  #Filter on User and NTgroups which only exists
  $strFilter = "(&(|(objectCategory=user)(objectCategory=group))(samAccountName=$LoginName))"
  $objDomain = New-Object System.DirectoryServices.DirectoryEntry($domaincnx)
  $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
  $objSearcher.SearchRoot = $objDomain
  $objSearcher.PageSize = 1000
  $objSearcher.Filter = $strFilter
  $objSearcher.SearchScope = "Subtree"
  #$objSearcher.PropertiesToLoad.Add("name")
  $colResults = $objSearcher.FindAll()
  if($colResults.Count -gt 0)
  #Write-Host "Account exists and Active: ", $LoginName
  $returnValue = $true
  return $returnValue
  function ListOrphanedUsers([string]$SiteCollectionURL, [string]$mydomaincnx)
  [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
  $site = new-object Microsoft.SharePoint.SPSite($SiteCollectionURL)
  $web = $site.openweb()
  #Debugging - show SiteCollectionURL
  write-host "SiteCollectionURL: ", $SiteCollectionURL
  Write-Output "SiteCollectionURL - $SiteCollectionURL"
  $siteCollUsers = $web.SiteUsers
  write-host "Users Items: ", $siteCollUsers.Count
  foreach($MyUser in $siteCollUsers)
  if(($MyUser.LoginName.ToLower() -ne "sharepoint\system") -and ($MyUser.LoginName.ToLower() -ne "nt authority\authenticated users") -and ($MyUser.LoginName.ToLower() -ne "nt authority\local service"))
  #Write-Host "  USER: ", $MyUser.LoginName
  $UserName = $MyUser.LoginName.ToLower()
  $Tablename = $UserName.split("\")
  Write-Host "User Login: ", $MyUser.LoginName
  $returncheck = Check_User_In_ActiveDirectory $Tablename[1] $mydomaincnx 
  if($returncheck -eq $False)
  #Write-Host "User not exist: ",  $MyUser.LoginName, "on domain", $mydomaincnx 
  Write-Output $MyUser.LoginName 
  $web.Dispose()
  $site.Dispose()
  function ListOrphanedUsersForAllColl([string]$WebAppURL, [string]$DomainCNX)
  [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") > $null
  $Thesite = new-object Microsoft.SharePoint.SPSite($WebAppURL)
  $oApp = $Thesite.WebApplication
  write-host "Total of Site Collections: ", $oApp.Sites.Count
  $i = 0
  foreach ($Sites in $oApp.Sites)
  $i = $i + 1
  write-host "Collection N° ", $i, "on ", $oApp.Sites.Count
  if($i -gt 0)
  $mySubweb = $Sites.RootWeb
  $TempRelativeURL = $mySubweb.Url
  ListOrphanedUsers $TempRelativeURL $DomainCNX
  function StartProcess()
  # Create the stopwatch
  [System.Diagnostics.Stopwatch] $sw;
  $sw = New-Object System.Diagnostics.StopWatch
  $sw.Start()
  #cls
  ListOrphanedUsersForAllColl "http://portal" "LDAP://DC=Srabon,DC=com" 
  ListOrphanedUsersForAllColl "http://portal/sites/Test" "LDAP://DC=Srabon,DC=com"  
  $sw.Stop()
  # Write the compact output to the screen
  write-host "Time: ", $sw.Elapsed.ToString()
  StartProcess
  # Can be executed with that command : "Check-SharePoint-Orphaned-Users.ps1 > orphaned_users.txt"
  srabon

  Hi Srabon,
  Try this it works in SP2007, SP2010, and SP2013.
  Mod line 70: $WebAppURL="http://intranet.contoso.com" to your "http://WebApp"
  [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
  #Functions to Imitate SharePoint 2007, 2010, 2013
  function global:Get-SPWebApplication($WebAppURL)
  return [Microsoft.SharePoint.Administration.SPWebApplication]::Lookup($WebAppURL)
  function global:Get-SPSite($url)
  return new-Object Microsoft.SharePoint.SPSite($url)
  function global:Get-SPWeb($url)
  $site= New-Object Microsoft.SharePoint.SPSite($url)
  if ($site -ne $null)
  $web=$site.OpenWeb();
  return $web
  #Check if User exists in ActiveDirectory
  function CheckUserExistsInAD()
  Param( [Parameter(Mandatory=$true)] [string]$UserLoginID )
  #Search the User in ActiveDirectory
  $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
  foreach ($Domain in $forest.Domains)
  $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $Domain.Name)
  $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)
  $root = $domain.GetDirectoryEntry()
  $search = [System.DirectoryServices.DirectorySearcher]$root
  $search.Filter = "(&(objectCategory=User)(samAccountName=$UserLoginID))"
  $result = $search.FindOne()
  if ($result -ne $null)
  return $true
  return $false
  $WebAppURL="http://intranet.contoso.com"
  #Get all Site Collections of the web application
  $WebApp = Get-SPWebApplication $WebAppURL
  #Iterate through all Site Collections
  foreach($site in $WebApp.Sites)
  #Get all Webs with Unique Permissions - Which includes Root Webs
  $WebsColl = $site.AllWebs | Where {$_.HasUniqueRoleAssignments -eq $True} | ForEach-Object {
  $OrphanedUsers = @()
  #Iterate through the users collection
  foreach($User in $_.SiteUsers)
  #Exclude Built-in User Accounts , Security Groups & an external domain "corporate"
  if (($User.LoginName.ToLower() -ne "nt authority\authenticated users") -and
  ($User.LoginName.ToLower() -ne "sharepoint\system") -and
  ($User.LoginName.ToLower() -ne "nt authority\local service") -and
  ($user.IsDomainGroup -eq $false ) -and
  ($User.LoginName.ToLower().StartsWith("corporate") -ne $true) )
  $UserName = $User.LoginName.split("\") #Domain\UserName
  $AccountName = $UserName[1] #UserName
  if ( ( CheckUserExistsInAD $AccountName) -eq $false )
  Write-Host "$($User.Name)($($User.LoginName)) from $($_.URL) doesn't Exists in AD!"
  #Display Orphaned users
  $OrphanedUsers+=$User.LoginName
  # <<<UNCOMMENT to Remove Users#
  # Remove the Orphaned Users from the site
  # foreach($OrpUser in $OrphanedUsers)
  # $_.SiteUsers.Remove($OrpUser)
  # Write-host "Removed the Orphaned user $($OrpUser) from $($_.URL) "
  $web.Dispose()
  $site.Dispose()
  -Ivan

• Cause of Orphaned Users in Sharepoint

  This isn't really a problem. More of a question for best practices.
  We have a number of Orphaned users in our SharePoint environment. We have a way to remove orphaned users already. However, we want to prevent so many orphaned users from occurring again.
  I know accounts become orphaned when the user has been disabled or removed from Active Directory. Will we always have orphaned accounts or is there a best practice to prevent this.
  I ask because we inherited a bad security practice. Many users were given access to sites directly or they were added to multiple SharePoint groups. We are changing this to have Active Directory security groups inside of SharePoint groups. We set all permissions via
  Active Directory groups. When a user is disabled or deleted, their user account is removed from the AD group, thus updating the SharePoint permissions. Will this prevent the orphaned account problems.
  I think it would but then I wonder about sites or items created by the deleted user. Will this cause the orphaned account in SharePoint. I hope I am making sense. ultimately, i would like to know what exactly causes an account to become orphaned and how
  to best prevent it.
  thanks for any input.
  LSTalbot

  Item in sharepoint would not get effected when you remove the users
  However make sure that orphan users are normally older then 30 days old as per your AD policy before removing him. because after removing orphan from site incase if you require them in future, it is not possible to add him back with exact same permission.

• Orphan users and deleting logins but not users

  Hello there,
  First off I'm sorry if this was already posted. I've researched for the last two hours and can't seem to find the answer I'm looking for.
  So its to my understanding then when you delete a Server Login, if you have a user that uses that Login and THAT LOGIN only, once you delete the login the user is now an orphan user.
  I've been running the orphan user sp (
  USE <database_name>;
  GO;
  sp_change_users_login @Action='Report';
  GO;
  but recently I've deleted a login, the user still exists on the database, but it should now be an orphan user right? I know for a fact this user is not in any other group, and it should be an orphan user. So why isn't it? :(

  Hi Krystina,
  Your question may be that sp_change_users_login didn't detect an orphan user scenario? If so, I would recommend checking sys.server_principals and sys.database_principals to verify for certain (and if you have a reproduction of the exact issue, please post
  here).
  Here is a demo that walks through the by-design behavior (dropping login will not equate to dropping a user, and that user will be an orphaned user).  
  USE [master]
  GO
  -- Create the login
  CREATE LOGIN [TestUser] WITH PASSWORD=N'Test!!1234',
  DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF;
  GO
  -- Create a database
  CREATE DATABASE [Test];
  GO
  -- Create the user in that database
  USE [Test]
  GO
  CREATE USER [TestUser] FOR LOGIN [TestUser] WITH DEFAULT_SCHEMA=[dbo];
  GO
  -- Drop the * login * (not user)
  DROP LOGIN [TestUser];
  -- You should no longer see this long at the SQL Server instance (server) scope
  SELECT [SP].[name], [SP].[principal_id], [SP].[sid], [SP].[type],
         [SP].[type_desc], [SP].[is_disabled], [SP].[create_date],
         [SP].[modify_date], [SP].[default_database_name],
         [SP].[default_language_name], [SP].[credential_id]
  FROM sys.[server_principals] AS [SP]
  WHERE name = 'TestUser';
  -- But we didn't drop the user, so you * should * still see it within the database (by-design)
  USE [Test];
  GO
  SELECT [DP].[name], [DP].[principal_id], [DP].[type], [DP].[type_desc],
         [DP].[default_schema_name], [DP].[create_date], [DP].[modify_date],
         [DP].[owning_principal_id], [DP].[sid], [DP].[is_fixed_role]
  FROM sys.[database_principals] AS [DP]
  WHERE name = 'TestUser';
  -- And your orphan proc call will report it as well
  EXEC sp_change_users_login @Action='Report';
  Best Regards, Joe Sack, MVP, SQL MCM | SackHQ.com

• Error while creating new user in Oracle 11i EBS

  I am getting following error while creating new user. How solve this issue?
  “Unable to load java class % specified profile option SIGNON_PASSWORD_CUSTOM. Please verify that the class exists and that it implements the java interface oracle.apps.fnd.security.PasswordValidation”.

  Following is the text from Note for Custom Password Validation logic:
  Customers who wish to use their own password validation logic may do
    so by writing their own Java classes that implement the
    oracle.apps.fnd.security.PasswordValidation Java interface.  The
    interface requires 3 methods to be implemented:
    1) public boolean validate(String user, String password)
      - This method takes a username and password, and then returns true
    or false, indicating whether the user's password is valid or invalid,
    respectively.
    2) public String getErrorStackMessageName()
      - This method returns the name of the message to display when the
    user's password is deemed invalid (i.e., the validate() method returns
    false).
    3) public String getErrorStackApplicationName()
      - This method returns the application shortname for the
    aforementioned error message.
    After writing the Java class to perform customized password
    validation, the customer must then set the value of the profile option
    SIGNON_PASSWORD_CUSTOM to be the full name of the class.  If, for
    example, the name of the Java class is
    oracle.apps.fnd.security.AppsPasswordValidation, then the value of the
    SIGNON_PASSWORD_CUSTOM profile option must be
    oracle.apps.fnd.security.AppsPasswordValidation.  Note that AOL/J
    will attempt to load this class dynamically.  Hence it is necessary to
    make the class accessible by AOL/J.  This means that in Forms, the
    class must first be loaded into the database using the loadjava
    command.
  You will need to apply the following patches for 11.5.1:
     1344802
     1363919
     1472974
     1351004
     1377615
  You will need to apply the following patches for 11.5.2:
     1377615

• Error WHile creating a User in Hyperion Planning

  HI,
  Please someone guide since im facing this problem for a longtime.
  I created a user in Planning webpage and refreshed the security filters.
  When i tried to login using planning webinterface, it showed an error "User priscila_monsanto does not exist in the domain or the password is incorrect"
  And i could able to find an exception in the file"Hyperion Planning-err.log" present in Jrun path of the planning server.
  And when i logged into the admin console for the plannng cube, i found user anme in the security-->users field and there is no filters assigned to the user.
  Please help me.
  Thanks,
  Prabhu MSL

  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
  This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
  So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
  The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
  While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
  Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
  And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
  Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
  And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
  And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited.

• The problem is this: In the phase "Create Java Users"

  Hello,
  I am installing Solution Manager 4.0 Release 2 (with Red Hat Enterprise Linux Server release 5.1 and Oracle 10 and my java version is: j2sdk1.4.2_14) The problem is this: In the phase "Create Java Users" I get the next error
  WARNING 2009-02-13 14:53:22
  Execution of the command "/usr/sap/PTS/DVEBMGS00/exe/jlaunch UserCheck.jlaunch com.sap.security.tools.UserCheck /tmp/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/lib:/tmp/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install/sharedlib:/tmp/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/install -c sysnr=00 -c ashost=sap-vpmn -c client=001 -c user=DDIC -c XXXXXX -a checkCreate -u SAPJSF -p XXXXXX -r SAP_BC_JSF_COMMUNICATION_RO -message_file UserCheck.message" finished with return code 2. Output:
  java.lang.ClassNotFoundException: com.sap.security.tools.UserCheck
  at com.sap.engine.offline.FileClassLoader.findClass(FileClassLoader.java:691)
  at com.sap.engine.offline.FileClassLoader.loadClass(FileClassLoader.java:600)
  at com.sap.engine.offline.FileClassLoader.loadClass(FileClassLoader.java:578)
  at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:79)
  INFO 2009-02-13 14:53:22
  Removing file /tmp/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/dev_UserCheck.
  INFO 2009-02-13 14:53:22
  Removing file /tmp/sapinst_instdir/SOLMAN/SYSTEM/ORA/CENTRAL/AS/dev_UserCheck.clone.
  ERROR 2009-02-13 14:53:22
  CJS-30196
  ERROR 2009-02-13 14:53:22
  FCO-00011 The step createJSF with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|1|0|NW_CI_Instance|ind|ind|ind|ind|11|0|NW_CI_Instance_Doublestack|ind|ind|ind|ind|3|0|createJSF was executed with status ERROR .
  Thanks & Regards

  Hi,
  This problem normally arises with the wrong combination of JDK and OS and for the Linux machines, its better to use IBM Java instead of SUN java
  I remember that I have solved this type of problem by using lower version of IBMJava2-AMD64-142-SDK-1.4.2-10.0.x86_64.rpm which is SR10. You can download this version from
  http://www.ibm.com/developerworks/java/jdk/linux/download.html
  go to download _12 and then just change the sr12 to sr10 in the header url....
  FCO-00011 The step createJSF with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|1|0|NW_CI_Instance|ind|ind|ind|ind|11|0|NW_CI_Instance_Doublestack|ind|ind|ind|ind|3|0|createJSF was executed with status ERROR .
  with the higher versions of java for 64bit systems create serious stack over flow problems.....
  what I suggest you is to start reinstallating SolMan after installing IBM java sr10 version...
  Regards,
  Naveen.

• Unable to enable security and create admin user after reset - px4-300d

  Our px4-300d became inaccessible a few days ago.  I couldn't get to any shares from any machine, and I couldn't get to the admin console.  When I checked the unit, there was no indication that anything was wrong (ie - the panel didn't show any failure, I didn't get any emails indicating a failure, and there were no lights offering a clue to what was wrong).  However the unit was completely frozen...the buttons on the front would not scroll through the different information on the panel.
  I attempted to reset the device using the pinhole on the back, but the device wouldn't respond, so I had to power it down using the button on the front.  When I tried to power it back up, it would come on for about one second, then immediately power off.  I pulled all 4 drives out and powered it on again without any drives.  This time it came up completely and I got a message on the panel that drives were missing.  I started putting the drives in one at a time and the device recognized them all and I was able to login to the admin console.  However, all the shares were missing and I received an email that the Storage Pool was degraded.  I rebooted the device from the admin console and when it came back up, it started reconstruction.  After a few hours, it completed, but I still had no shares and couldn't create any new shares.  I also did not see any of my users, including the admin account I was logged in with.  I tried to create a new user, and also tried creating a user I knew existed and neither one worked.  The screen would just flash but nothing would show up.  At this point, I decided to try to reset using the pinhole on the back of the device to reset the admin user so I could just create a new one.  So, now I'm stuck at the 'Enable Security' screen.  Every time I try to create an admin account, it just flashes and returns me to the same 'Enable Security' window.  
  Now what?
  Solved!
  Go to Solution.

  If you are unable to get into it you will not be able to do the factory reset. You can try booting in buy removing one disk at a time. If you are still unable to then tech support should be able to supply you with the imager and try flashing it. I would keep it at 4.0.8 also,

• Error in phase creating java users during installation!!

  Hi,
  We are getting error at step "Creating java Users" while installing NW 2004s SR1  non unicode dual stack on HP Ux Pa Risc 64 bit with database Oracle 10g.
  Erro logs of file /tmp/sapinst_instdir/NW04S/SYSTEM/ORA/CENTRAL/AS/sapinst_dev.log are as:
  ==================================================================================================
  ERROR      2011-07-21 13:20:37
             CJSlibModule::writeError_impl()
  CJS-30197  . For more details see output of logfile:
  TRACE      [iaxxejsbas.hpp:460]
             EJS_Base::dispatchFunctionCall()
  JS Callback has thrown unknown exception. Rethrowing.
  ERROR      2011-07-21 13:20:37 [iaxxgenimp.cpp:736]
             showDialog()
  FCO-00011  The step createJSF with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|1|0|NW_CI_Instance|ind|ind|ind|ind|11|0|NW_CI_Instance_Doublestack|ind|ind|ind|ind|2|0|createJSF was executed with status ERROR .
  =================================================================================================
  Also please note that we have already 1 instance (dual stack) on same host and that is running fine.
  Could someone please assist us in proceeding further.
  Regards
  Joy Garg

  Hi,
  Issue gets resolved by  extracting manualy from JAVA_DVD_DIR/J2EE_OSINDEP/J2EEINSTALL.SAR to SAPINST install directory using SAPCAR. The path of this install directory is:/tmp/sapinst_instdir/NW04S/SYSTEM/ORA/CENTRAL/AS/install as:
  > pwd
  /tmp/sapinst_instdir/NW04S/SYSTEM/ORA/CENTRAL/AS/install
  > SAPCAR -xvf /SW/NW_2004s_SR1Java_based_SW_Comp/J2EE_OSINDEP/J2EE-INST/J2EEINSTALL.SAR
  Once we have extracted the J2EEINSTALL.SAR relaunch SAPINST again and the installation continue.
  Regards
  Joy garg
  Once you will have extracted the J2EEINSTALL.SAR please launch SAPINST again and the installation will continue.

• How to create a user in J2ee UME, if LDAP configured?

  Hi SAP Gurus,
  I have a question for my J2EE engine. We configured LDAP for user storage, so that our User can use there normal LDAP user ID. Now I want to create an administrative user like J2EE_ADMIN or Administrator, these are standard users and present in the UME of the J2EE engine since the installation of my portal.
  But when I go to the user admin and want to create this new admin user, I got an error message, that Im not able to create it.
  I also try to create the user via the Visual Admin and the J2EE Useradmin.
  So my question is, how can create this new user in the UME and NOT in the LDAP???
  Thanks.

  Hi Marcel Haberland ,
  If your idea is to have single Sign on , I would say the process is to create the user in LDAP itself that will be the single point of entry ,  Since the UME is configured and connected to LDAP normally with read permission your best bet will be to create the user in LDAP.
  SSO with  is configured to all your backend syst ( trusts needs to be configured between Java/Portal to all your backend systems  by Basis team), also the ids needs to exist in all the backends.
  Now to come back to your question:
  If you can login to UME of portal/Java , and create the user do not expect it to appear on your LDAP
  mainly because LDAP will never be configured in a Enterprise project  as bidirectional ( ie Read/Write ), it will be readonly.
  Also if the Basis/Portal team allow you the option to create the user in UME , they will have to restart the machine everytime you need to point to a  different data source , but I dont know if this is the case in EHP4 versions, because SAP claims with EHP4 downtimes are almost nullified.
  Edited by: Franklin Jayasim on Jun 29, 2010 6:59 PM
  Edited by: Franklin Jayasim on Jun 29, 2010 7:02 PM

• How to create many user in the same database

  hi
  my question is "How to create many user in the same database(application)?"
  for example, i have students, teachers, and staffs user using my application.
  i can create many users to use the same application right?, how ^^''' ???
  (right now i can only create application and then it shows every data in my DB
  but i want it to show only the data for the user who login to that application)
  Thanks.
  ps. i'm newbie, please help T^T

  You need to create a user table within your application that maintains their privileges. If you have LDAP you could use this for authorisation otherwise the table would handle that as well (store passwords etc). Your reports etc would then be filtered on information from this table.
  Check out some of the sample applications to see how authorisation and access is implemented (Online store is one). The how-to on the issue tracking system should also have some useful pointers.
  http://download-west.oracle.com/docs/cd/B31036_01/doc/appdev.22/b28839/issue_track.htm#BABBGBJG
  cheers,
  Ron

• How to create a user in UME Database using web dynpro java custom application

  Hi,
  Can you please suggest me how to create a user in UME Database using web dynpro java custom application.
  My Requirement is user can register his/her user id in SAP Portal 7.3 UME database.
  Please suggest me.
  Thanks and Regards,
  Amit

  Hi Amit,
  Generated Documentation (Untitled)
  This is what you're looking for, there's no real cook-book -- though Amey mentioned there might be some material on SDN, perhaps some tutorials.
  You should be looking into com.sap.security.api.IUserFactory, methods newUser(String) which gives you and IUserMaint and commitUser(IUserMaint, IUserAccount) -- IUserAccount can be obtained using com.sap.security.api.IUserAccountFactory, method newUserAccount(String)
  Hope it helps,
  D.

• How do I create new user table in program and then access it?

  I am writing an application where I check for the existence of user objects when the add on starts and run the setup if the objects do not exist. I can create the user tables and fields but after the setup completes these objects still are not visible.
  If the user objects exist when the add on is first run everything is detected correctly.
  When a user object is added in SAP the user is eventually prompted to restart so I suspect something needs to happen prior to the add on being able to use the new fields.
  Does the add on need to wait for the DI Server to perform some action? Do I need to just quit the add on's class and rerun it, disconnect and reconnect to the company, or get a new Application and/or company object?
  What I want to do is figure out a way for the add on to automatically run the configuration if the user tables and fields do not exist yet and then kick off the regular add on code. I haven't seen anyone else's code so I don't know what is recommended or required here.
  Thanks for any assistance!

  I found that the add on can validate the existance of the user fields if I disconnect from the company object, set the SAPbouiCOM.Application and SAPbobsCOM.Company objects to null, set the new application, context, and company objects, and reconnect once more.
  HOWEVER...
  I still have to wait for the client to be restarted manually before I can run any of the form I added to the menu.
  So, I'd still like to know what the best practice is here. Should I just exit after setting up the tables and tell the user to restart SAP?

• Creating second user account on TC. No separate folder and security issues

  Hi,
  I've had my TC for some time, and after some start-up triuble all is working very nicely now.
  That is, until I wanted to set up the TC for my girlfriends backups too. On my mac, i created a user account for the TC, and i see two folders when i connect to the TC: "Timecapsule" and "MyAccountName". Now when i did the same on the other Macbook, i get only the "Timecapsule" account, not a folder (or sharepoint) with her account name. Also, I saw that as the sparsebundle files are on the 'main' sharepoint, it is possible to access both from both computers, wierd.
  Any thoughts on how I can use 1 TC for 2 computers with 2 sharepoints for both?
  So, on my own computer i would have a general folder and a personal folder, on the other the same...
  Help much appreciated!

  To clarify: When i connect to the TC, i mount two volumes, but on the other Macbook, I only get the main volume, not the specific user volume.

• How to create the user on Internet Application Server(IAS) control console

  Hi All,
  My Client is asking me for How to create the user on Internet Application Server(IAS) control console 10.1.2( 10g release 2).
  If anyone have the document for How to Create the User on Internet Application Server (IAS) console 10g release 2 , then please send me the document and help me out from this Concern.
  Regards,
  Yadav@intelli.
  Edited by: 851080 on Apr 8, 2011 6:31 PM

  Are you using OID? Can you provide more details about your iAS environment?