Incomplete Directory Objects import

Hi All,
We are trying to import a TPZ file (for a whole scenario).Not all objects in the scenarios are changed.Both export and the import of the TPZ files are without any error.
However,in the target directory under the imported scenario, some (random) objects are missing.
When the missing objects are seperately put into a TPZ file,the import into the target directory is successfull.
Does anyone know why this is happenning and how to fix it.
Regards,
Bikram

Hi Paul,
Plese follow the below steps while transporting objects from IR & ID.
Before exporting make sure that the objects are activated.
Perform the following to import/export ID objects.
1. To export or import directory objects, call the configuration maintenance screen of the Integration Builder.
2. Call the context menu for an object in a collaboration profile in the Integration Builder navigation tree and choose Export.or choose Tools ® Export Configuration Objects
3. Select the Transport Using File System mode and follow the wizards instructions. When selecting individual objects, you can use drag and drop to drag the objects from the navigation tree and drop them in the object selection field.
The Integration Builder saves a binary export file with the suffix tpz in the export directory of the directory server
Do not change the file name of the export file. If you do, the Integration Builder will not accept it as the appropriate file when you import.
4. To import the export file(s) to another Integration Directory, first copy or move it to the import directory of the target directory.
5. Call the configuration maintenance screen of the Integration Builder for the target directory. Choose Tools ® Import Configuration Objects...
6. Select the export file saved in the import directory by using the dialog box that appears.
If the import is successful, the export file is moved to the subdirectory /xi/directory_server/importedFiles. The objects are not activated when they are imported into the target directory. They are visible in the change list of the user who imported them.
7. Check the imported objects in the change list and adjust the configuration data to match your system landscape, if necessary.
8. Activate the change list that contains the imported objects.

Similar Messages

Error during Directory Objects Import

Hello,
I am facing an error while importing Directory objects as
Import Failed due to Business system Transfer of Objects.
Obligatory Transport Target Business system not found in Systtem Landscape
Directory. Please advise what could be the issue.
Mohit

Mohit,
In order to transport objects in the Directory, the SLD has to contain information on transport targets. This information is needed to replace systems in your transport source with their equivalent in the transport target environment. For instance, if your transport comes from development and contains a receveir determination for an IDoc coming from your ERP system called 'DEV', XI will try to replace the system 'DEV' with the equivalent in your acceptance environment ('ACC'). This informantion needs to be entered in the SLD. See [Configuring Groups and Transport Targets|http://help.sap.com/saphelp_nw04/helpdata/en/ef/a21e3e0987760be10000000a114084/frameset.htm] for more information.
Kind regards,
Koen

Error importing XI directory objects into consolidation

Hi,
I have defined a track for XI directory transports in the CMS and have successfully exported directory objects from Integration Builder. However, when I try to import it in the consolidation tab of the transport studio, I get the following error
Info:Starting Step Repository-import at 2006-03-09 23:26:04.0424 -8:00
Info:Component:sap.com/SAP-INTDIR
Info:Version :PF_IDALL_D.1
Info:1. PR is of type TCSChangeRequest
Info:export and import XI are different: http://fmsap562:50000/dir/ -> http://fmsap699:50500/dir/
Info:reading of XIb71be4e0b00311dab3f60002559f086c.cl for xichangelist b71be4e0b00311dab3f60002559f086c
Fatal Exception:com.sap.cms.tcs.interfaces.exceptions.TCSCommunicationException: communication error: XiTransportException received:
ClientServerException exception:Unable to find an associated SLD element (source element: SAP_XIIntegrationDirectory, [CreationClassName, SAP_XIIntegrationDirectory, string, Name, directory.nxl.fmsap699, string], target element type: SAP_XIIntegrationServer)
com.sap.aii.ib.core.transport.api.TransportCsException: Unable to find an associated SLD element (source element: SAP_XIIntegrationDirectory, [CreationClassName, SAP_XIIntegrationDirectory, string, Name, directory.nxl.fmsap699, string], target element type: SAP_XIIntegrationServer)
     at com.sap.aii.ibdir.server.transport.impl.postprocessing.TransportPostprocessor.postprocessTransport(TransportPostprocessor.java:240)
     at com.sap.aii.ibdir.server.transport.impl.postprocessing.DirImportPostprocessor.postprocess30Import(DirImportPostprocessor.java:101)
     at com.sap.aii.ibdir.server.transport.impl.postprocessing.InternalPostprocessingService.postprocess(InternalPostprocessingService
We use only a single SLD and I was able to do a successful transport of REPOSITORY objects in the same
environment. The problem occurs only with DIRECTORY transport. Any help appreciated
Thx
Bhaskar

Hi Bhaskar -
You mentioned you're using single/central SLD. In your SLD, in Technical Landscape and then Technical System Type->Exchange Infrastructure, do you have corresponding entries for your DEV XI and QA XI? At a base count, there should be 12 total.
If not, for both the DEV and QA XI, do you have Technical System type - Web AS Java?
Regards,
Jin

CTS+ object-import to repository shows red status

Hi all,
we are using CTS+ for our PI systems. We are using NW7.0 SPS15 and used the HOWTO guide for SPS14 to implement CTS+.
Every thing works fine, beside, that if somebody starts a transport the cache notification for the object-import to the repository always shows an error (integration repository) the integration directory shows no problem. If the cache notification is repeated the error disappears.
Does anybody have an idea what could be the problem or how to track the error?
Thanks for your help.
Christian

Hi Hemant,
thank you for your reply.
My problem is, that note 780747 describes the problem, but does not help...
It could not be a
"Temporary connection error" because the error can be reproduced and vanishes when "Repeat cache notification" is used (other user is used).
It could not be a
"Errors during the retrieval of cache data" because there is no problem shown in the "Problems" tab.
It could be a
"Incorrect configuration" but how do I check this? The rwb shows no problems (other user used than in CTS+) and as mentioned before, there are no problems shown in "Problems" tab.
I think the problem is, because the user NWDI_CTSADM is missing some permisions to start a cache refresh, but the user owns SAP_XI_CMS_SERV_USER, SAP_XI_DEVELOPER and SAP_XI_CONFIGURATOR as described in "How Tou2026 Configure Enhanced CTS for SAP NetWeaver Exchange Infrastructure 7.0 SPS14".
So my question is, how do I start a cache notification with a special user?
How can I check whats the problem?
Thank you for you help!
Best regards
Christian

File (Directory) object problem?

Hi there. My problem is as follows. The method below is supposed to access an pre-existing directory with five previously saved test files, read in those files as account objects, add the objects to an ArrayList, then return the ArrayList. It seems to be able to create a file object representing the directory alright but it then insists that there are no files in the directory! Have I fouled up or is there some subtlety that I'm unware of? I was wondering if the fact that the account files have a .bac extenstion had something to do with it.
Here's the method, with the two lines of code where I think the problem might lie in bold print:
public ArrayList retrieveAccounts()throws IOException{
ArrayList accounts = new ArrayList();
File accDir = new File("C:" + File.separator + "accounts"); //creates a directory object
//The following S.o.p statements are for test and maintenance purposes rather than user feedback
System.out.println("Directory " + accDir.getCanonicalPath() + " opened");
System.out.println("Confirm Accounts directory exists: " + accDir.exists());
System.out.println("Directory: " + accDir.isDirectory());
String [] accFiles = accDir.list(); //gets a list of files in the directory and saves it as a String array
System.out.println("Number of files in directory: " + accDir.length());
while(i < accDir.length()){
filename = accFiles;
try{
//open layered input Streams to access the next account file in line
ObjectInputStream in = new ObjectInputStream(new FileInputStream("C:"+ File.separator + "accounts" + File.separator + filename));
account = (Account)in.readObject();
accounts.add(account);
in.close(); //closes Streams for that particular file
}catch(IOException e){System.out.println("Filing error as follows: " + e);
}catch(ClassNotFoundException e){System.out.println("Class not Found. Details: " + e); }
filename = null; //frees up reference for next file
i++;//counter increments by one
return accounts;

This is what I was trying to do minus the comments and maintence and test code:
public ArrayList retrieveAccounts()throws IOException{
ArrayList accounts = new ArrayList();
File accDir = new File("C:" + File.separator + "accounts");
String [] accFiles = accDir.list();
while(i < accDir.length()){
filename = accFiles;
try{
ObjectInputStream in = new ObjectInputStream(new FileInputStream("C:"+ File.separator + "accounts" + File.separator + filename));
account = (Account)in.readObject();
accounts.add(account);
in.close();
}catch(IOException e){System.out.println("Filing error as follows: " + e);
}catch(ClassNotFoundException e){System.out.println("Class not Found. Details: " + e); }
filename = null;
i++;
return accounts;
By the way, your the first Java programmer that I've met that doesn't like comments! :)
NOTE: Think I may have spotted where I went wrong in my code.
filename = accFiles;
Forgot to point it at the specific element of the array, like so:
filename = accFiles[i];
Thanks for your help!

How to add buisness system in Integration directory -objects

Hi All,
I created the technical systems and buisness systems. then in the integration directory, i want to check whether my business system exixts are not.
so in the integration directory,
objects--->service without party >buisness system>
in the buisness system , whatever buisness system i created the is not found.
how to add buisness system into integration directory -- objects.
Regards,
vinoth.

Hi,
go to integration directory,
objects--->service without party >buisness system>
select the BS -> Right click the BS -> it show the number of BS select your business system and assign them next save.
If the your business system if it's not appear go to Environment menu -> Clear SLD Data cahce.
and do the same process again..
Regards,
Venu.

Trouble Creating a New Directory to Import into

I just upgraded to Lightroom 5 today and installed the update to 5.2 on Windows 7 64 bit. I have run into a problem I never had before. In the import module I want to create a new directory to import into. I go through the same steps I did in Lightroom 4, but when I am done, the directory does not show up on the list. I can find it in Windows Explorer, but not Lightroom. If I leave the import module and then return, the directory shows up in the Lightroom list of directories. I have tried this twice with the same result both times. Has anyone else seen this? Is there a Fix?

Thanks that works. I found that even though the new directory did not show in the Import list of directories when I created it usind the right-click method as I did in LR4, LR5 is in fact creating it and will import to it. Another odd thing is when I create the directory using the right-click, Windows Explorer method, the directory list in the Import module flickers like it is adding the new directory. However, the new directory cannot be seen.

PowerShell script : Directory object not found error in Get-ADGroupMember

I am new in powershell scripting. I am writing a script to add users in different AD Groups. while doing so I do the following:
Check if the user already exist in the group:
$mbr_exist = Get-ADGroupMember $grpname | Where-Object {$_.SamAccountName -eq $sam}
If user does not exist then add the user to the group.
When I manually run the script its runs flawless, without any errors. But when I schedule the script to run it gives an error as follows:
3/30/2015 8:32:15 AM Directory object not foundAt + $mbr_exist = Get-ADGroupMember $grpname | Where-Object {$_.SamAc ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~ Error at Line:$mbr_exist = Get-ADGroupMember
$grpname | Where-Object {$_.SamAccountName -eq $sam}
The strange thing is the user for which it throws the error is present in the group.I am not sure why this error is occurring when scheduled. Can any one please help? All the suggestions will be appreciated
Note: (The script is scheduled using Windows Task Scheduler)
try
# # Initialize the variables we will use
$status = 'false'
$drivename = "H:"
$sysdate = Get-Date -UFormat "%m_%d_%Y"
$foldername = $drivename + "\Script_Result\PowershellData"+ $sysdate
$backup_folder = "$foldername\AD_Groups_Backup"
$updatedGroup = "$foldername\Updated_AD_Groups_LogFiles"
$LogFilePath = "$foldername\Log_Update_ADGroups"+$sysdate+".log"
# # Initialize the arrays we will use
$GroupArray = @()
# # maintain log of program startup
$logdate = get-date
$logdate.ToString() + "`tStarted script to Update AD user Groups..." | Out-File -FilePath $LogFilePath
# # Create a sub folder to store the backup files
$fileexist = Test-Path $backup_folder -PathType Container
if($fileexist -ne 'False')
New-Item -ItemType Directory $backup_folder
# # Create a sub folder to store Updated AD group Log files
$fileexist = Test-Path $updatedGroup -PathType Container
if($fileexist -ne 'False')
New-Item -ItemType Directory $updatedGroup
# # Take back up of the AD groups data
Get-ADGroupMember -Identity "Group1" | Export-csv "$backup_folder\Group1_BackUP$sysdate.csv"
Get-ADGroupMember -Identity "Group2" | Export-csv "$backup_folder\Group1_BackUP$sysdate.csv"
Get-ADGroupMember -Identity "Group3" | Export-csv "$backup_folder\Group1_BackUP$sysdate.csv"
Get-ADGroupMember -Identity "Group4" | Export-csv "$backup_folder\Group1_BackUP$sysdate.csv"
(an so on..... 11 such groups )
# # Fetch AD Users data
$ADusers = Get-ADUser -filter {(EmployeeNumber -gt 1) -and (EmployeeNumber -ne "N/A") -and (Enabled -eq $true)} -Properties * | Sort-Object -Property EmployeeNumber
$ADusers.Count
foreach($u in $ADusers)
$sam = $u.SamAccountName
$empnum = $u.EmployeeNumber
$mgr = $u.mgr
$fsal = $u.'fsalary-Hourly'
$comp = $u.Company
$ofc = $u.Office
Write-Host "$sam : $empnum : $mgr :$fsal : $comp : $ofc" -ForegroundColor Yellow
$GroupArray = @()
# # Check if the user fits in any of the 11 scenarios
if($comp -eq "US")
# scenario 7
write-host "7. Add to US Employees"
$GroupArray += "US Employees"
if($mgr -eq "Y")
Write-Host "1. ADD to US MAnagers"
$group = "US Managers"
$GroupArray += $group
if(($fsal -eq "Hourly") -and ($ofc -ne "Canton"))
Write-Host "3. Add to US Hourly (excluding Canton)"
$group = "US Hourly (excluding Canton)"
$GroupArray += $group
if(($fsal -eq "Hourly") -and ($ofc -eq "Canton"))
write-host "4. Add to US Canton Hourly"
$group = "US Canton Hourly"
$GroupArray += $group
if(($fsal -eq "Salaried") -and ($ofc -eq "Corporate" -or $ofc -eq "Landis Lakes 1" -or $ofc -eq "Landis Lakes 2"))
Write-Host "5. Add to US Salaried Corporate"
$group = "US Salaried Corporate"
$GroupArray += $group
if(($fsal -eq "Salaried") -and ($ofc -ne "Corporate" -and $ofc -ne "Landis Lakes 1" -and $ofc -ne "Landis Lakes 2"))
Write-Host "6. Add to US Salaried Plant"
$group = "US Salaried Plant"
$GroupArray +=$group
elseif($comp -eq "canada")
# scenario 9
write-host "9. Canada Employees"
$GroupArray += "Canada Employees"
if($mgr -eq "Y")
Write-Host "2. Add to Canada Managers"
$group = "Canada Managers"
$GroupArray += $group
if($fsal -eq "Hourly")
Write-Host "10. Add to Canada Hourly"
$group = "Canada Hourly"
$GroupArray += $group
if($fsal -eq "Salaried")
Write-Host "11. Add to Canada Salaried Plant"
$group = "Canada Salaried Plant"
$GroupArray += $group
elseif($ofc -eq "Corporate" -or $ofc -eq "Landis Lakes 1" -or $ofc -eq "Landis Lakes 2")
Write-Host "8. Add to Corporate Employees"
$GroupArray += "Corporate Employees"
write-host "Final Group List" -ForegroundColor Green
$grplen = $GroupArray.Length
#$GroupArray
$grplen
for($i= 0; $i -lt $grplen; $i++)
$grpname = $GroupArray[$i]
write-host "$sam will be added to Group : $grpname" -ForegroundColor Magenta
# # Check if the user is already present in the Group
$mbr_exist = Get-ADGroupMember $grpname | Where-Object {$_.SamAccountName -eq $sam}
if($mbr_exist -eq $null)
# #Add user to US Managers group
Add-ADGroupMember -Identity $grpname -Members $sam
Write-Host "1. User $sam is added to $grpname group" -ForegroundColor Green
# # documenting the user list that are added to this group
$grpmbr = New-Object PSObject
$grpmbr | Add-Member -MemberType NoteProperty -Name "EmployeeNumber" -Value $empnum
$grpmbr | Add-Member -MemberType NoteProperty -Name "SamAccountName" -Value $sam
$grpmbr | Add-Member -MemberType NoteProperty -Name "Name" -Value $u.Name
$grpmbr | Add-Member -MemberType NoteProperty -Name "DistinguishedName" -Value $u.DistinguishedName
$grpmbr | Add-Member -MemberType NoteProperty -Name "mgr" -Value $mgr
$grpmbr | Add-Member -MemberType NoteProperty -Name "Company" -Value $comp
$grpmbr | Add-Member -MemberType NoteProperty -Name "Salary/Hourly" -Value $fsal
$grpmbr | Add-Member -MemberType NoteProperty -Name "Office" -Value $ofc
$grpmbr | Add-Member -MemberType NoteProperty -Name "ADGroup" -Value $grpname
$grpmbr | Export-Csv "$updatedGroup\ADUsers_To_Group($grpname)_$sysdate.csv" -Append -NoTypeInformation
else
Write-Host "Member $sam already exist in $grpname group" -ForegroundColor Red
$logdate = get-date
$logdate.ToString() + "`tCompleted script to Update Update AD Groups..." | Out-File -FilePath $LogFilePath -Append
$status = 'true'
return $status
catch
$err_lineno = $error[0].InvocationInfo.ScriptLineNumber
$err_line = $error[0].InvocationInfo.Line
$ExceptionMessage = $_.Exception.Message
#$ExceptionMessage
$error_info = $error[0].ToString() + $error[0].InvocationInfo.PositionMessage
Write-Host "$error_info " -ForegroundColor Red
$FailedItem = $_.Exception.ItemName
if($ExceptionMessage)
$logdate.ToString() + "`t $error_info " | out-file "$foldername\ErrorLog_Update_AD_Groups$sysdate.log" -append
"Line Number: $err_lineno . `nError at Line: $err_line" | out-file "$foldername\ErrorLog_Update_AD_Groups$sysdate.log" -append
#Invoke-Item "C:\ErrorLog.log"
$status = 'false'
return $status

Hi mdkelly, Sorry for such a late reply (due to credential issues).
I am using Windows task scheduler to schedule the task. I am given the administrator access to the server (Windows Server 2012). So I think I set to run the script under system account.
My apologies for asking this, am I missing something while scheduling the script through task scheduler? how to check if the scheduled task is running under who's credentials? How to pass my (admin) credentials, so that the script execution won't face
a problem? Any suggestion on the above questions will be helpful. (I tried to search on net for the questions but didn't get any conclusive answers)
Thanks in advance.

[Forum FAQ] Using PowerShell to assign permissions on Active Directory objects

As we all know, the
ActiveDirectoryAccessRule class is used to represent an access control entry (ACE) in the discretionary access control list (DACL) of an Active Directory Domain Services object.
To set the permissions on Active Directory objects, the relevant classes and their enumerations are listed as below:
System.DirectoryServices.ActiveDirectoryAccessRule class:
http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectoryaccessrule(v=vs.110).aspx
System.DirectoryServices.ActiveDirectoryRights
class:
http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectoryrights(v=vs.110).aspx
System.Security.AccessControl.AccessControlType class:
http://msdn.microsoft.com/en-us/library/w4ds5h86(v=vs.110).aspx
System.DirectoryServices.ActiveDirectorySecurityInheritance class:
http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectorysecurityinheritance(v=vs.110).aspx
In this article, we introduce three ways to get and set the ACE on an Active Directory object. In general,
we use Active Directory Service Interfaces (ADSI) or
Active Directory module cmdlets
with the Get-Acl and Set-Acl cmdlets to assign simple permissions on Active Directory objects. In addition, we can use the extended rights and GUID settings to execute
more complex permission settings.
Method 1: Using ADSI
1. Get current permissions of an organization unit (OU)
We can use the PowerShell script below to get current permissions of an organization unit and you just need to define the name of the OU.
$Name = "OU=xxx,DC=com"
$ADObject = [ADSI]"LDAP://$Name"
$aclObject = $ADObject.psbase.ObjectSecurity
$aclList = $aclObject.GetAccessRules($true,$true,[System.Security.Principal.SecurityIdentifier])
$output=@()
foreach($acl in $aclList)
$objSID = New-Object System.Security.Principal.SecurityIdentifier($acl.IdentityReference)
     $info = @{
'ActiveDirectoryRights' = $acl.ActiveDirectoryRights;
'InheritanceType' = $acl.InheritanceType;
'ObjectType' = $acl.ObjectType;
'InheritedObjectType' = $acl.InheritedObjectType;
'ObjectFlags' = $acl.ObjectFlags;
'AccessControlType' = $acl.AccessControlType;
'IdentityReference' = $acl.IdentityReference;
'NTAccount' = $objSID.Translate( [System.Security.Principal.NTAccount] );
'IsInherited' = $acl.IsInherited;
'InheritanceFlags' = $acl.InheritanceFlags;
'PropagationFlags' = $acl.PropagationFlags;
$obj = New-Object -TypeName PSObject -Property $info
$output+=$obj}
$output
In the figure below, you can see the results of running the script above:
Figure 1．
2. Assign a computer object with Full Control permission on an OU
We can use the script below to delegate Full Control permission to the computer objects within an OU:
$SysManObj = [ADSI]("LDAP://OU=test….,DC=com") #get the OU object
$computer = get-adcomputer "COMPUTERNAME" #get the computer object which will be assigned with Full Control permission within an OU
$sid = [System.Security.Principal.SecurityIdentifier] $computer.SID
$identity = [System.Security.Principal.IdentityReference] $SID
$adRights = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll"
$type = [System.Security.AccessControl.AccessControlType] "Allow"
$inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
$ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$inheritanceType #set permission
$SysManObj.psbase.ObjectSecurity.AddAccessRule($ACE)
$SysManObj.psbase.commitchanges()
After running the script above, you can check the computer object in Active Directory Users and Computers (ADUC) and it is under the Security tab in OU Properties.
Method 2: Using Active Directory module with the Get-Acl and Set-Acl cmdlets
You can use the script below to get and assign Full Control permission to a computer object on an OU:
$acl = get-acl "ad:OU=xxx,DC=com"
$acl.access #to get access right of the OU
$computer = get-adcomputer "COMPUTERNAME"
$sid = [System.Security.Principal.SecurityIdentifier] $computer.SID
# Create a new access control entry to allow access to the OU
$identity = [System.Security.Principal.IdentityReference] $SID
$adRights = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll"
$type = [System.Security.AccessControl.AccessControlType] "Allow"
$inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
$ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$inheritanceType
# Add the ACE to the ACL, then set the ACL to save the changes
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl "ad:OU=xxx,DC=com"
Method 3: Using GUID setting
The scripts above can only help us to complete simple tasks, however, we may want to execute more complex permission settings. In this scenario, we can use GUID settings to achieve
that.
The specific ACEs allow an administrator to delegate Active Directory specific rights (i.e. extended rights) or read/write access to a property set (i.e. a named collection of attributes) by
setting ObjectType field in an object specific ACE to the
rightsGuid of the extended right or property set. The delegation can also be created to target child objects of a specific class by setting the
InheritedObjectType field to the schemaIDGuid of the class.
We choose to use this pattern: ActiveDirectoryAccessRule(IdentityReference, ActiveDirectoryRights, AccessControlType, Guid, ActiveDirectorySecurityInheritance, Guid)
You can use the script below to
assign the group object with the permission to change user password on all user objects within an OU.
$acl = get-acl "ad:OU=xxx,DC=com"
$group = Get-ADgroup xxx
$sid = new-object System.Security.Principal.SecurityIdentifier $group.SID
# The following object specific ACE is to grant Group permission to change user password on all user objects under OU
$objectguid = new-object Guid
00299570-246d-11d0-a768-00aa006e0529 # is the rightsGuid for the extended right User-Force-Change-Password (“Reset Password”)
class
$inheritedobjectguid = new-object Guid
bf967aba-0de6-11d0-a285-00aa003049e2 # is the schemaIDGuid for the user
$identity = [System.Security.Principal.IdentityReference] $SID
$adRights = [System.DirectoryServices.ActiveDirectoryRights] "ExtendedRight"
$type = [System.Security.AccessControl.AccessControlType]
"Allow"
$inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "Descendents"
$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$objectGuid,$inheritanceType,$inheritedobjectguid
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl "ad:OU=xxx,DC=com"
The figure below shows the result of running the script above:
Figure 2．
In addition, if you want to assign other permissions, you can change the GUID values in the script above. The common GUID values are listed as below:
$guidChangePassword
= new-object Guid ab721a53-1e2f-11d0-9819-00aa0040529b
$guidLockoutTime
= new-object Guid 28630ebf-41d5-11d1-a9c1-0000f80367c1
$guidPwdLastSet
= new-object Guid bf967a0a-0de6-11d0-a285-00aa003049e2
$guidComputerObject
= new-object Guid bf967a86-0de6-11d0-a285-00aa003049e2
$guidUserObject
= new-object Guid bf967aba-0de6-11d0-a285-00aa003049e2
$guidLinkGroupPolicy
= new-object Guid f30e3bbe-9ff0-11d1-b603-0000f80367c1
$guidGroupPolicyOptions
= new-object Guid f30e3bbf-9ff0-11d1-b603-0000f80367c1
$guidResetPassword
= new-object Guid 00299570-246d-11d0-a768-00aa006e0529
$guidGroupObject
= new-object Guid BF967A9C-0DE6-11D0-A285-00AA003049E2
$guidContactObject
= new-object Guid 5CB41ED0-0E4C-11D0-A286-00AA003049E2
$guidOUObject
= new-object Guid BF967AA5-0DE6-11D0-A285-00AA003049E2
$guidPrinterObject
= new-object Guid BF967AA8-0DE6-11D0-A285-00AA003049E2
$guidWriteMembers
    = new-object Guid bf9679c0-0de6-11d0-a285-00aa003049e2
$guidNull
= new-object Guid 00000000-0000-0000-0000-000000000000
$guidPublicInformation
= new-object Guid e48d0154-bcf8-11d1-8702-00c04fb96050
$guidGeneralInformation
= new-object Guid 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
$guidPersonalInformation = new-object Guid 77B5B886-944A-11d1-AEBD-0000F80367C1
$guidGroupMembership
= new-object Guid bc0ac240-79a9-11d0-9020-00c04fc2d4cf
More information:
Add Object Specific ACEs using Active Directory Powershell
http://blogs.msdn.com/b/adpowershell/archive/2009/10/13/add-object-specific-aces-using-active-directory-powershell.aspx
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

The ActiveDirectoryAccessRule has more than one constructor, but yes, you've interpreted the one that takes six arguments correctly.
Those GUIDs are different (check just before the first dash). Creating that ACE will create an empty GUID for InheritedObjectType, though, because you're telling it to apply to the Object only ([System.DirectoryServices.ActiveDirectorySecurityInheritance]::None).
Since the ACE will only apply to the object, there's no need to worry about what types of objects will inherit it.
If you've got time, check out
this module. It will let you view the security descriptors in a much friendlier format. Try both version 3.0 and the version 4.0 preview:
Sample version 3.0:
# This is going to be kind of slow, and it will take a few seconds the first time
# you run it because it has to build the list of GUID <--> Property/Class/etc objects
Get-ADGroup GroupY |
Get-AccessControlEntry -ObjectAceType member -InheritedObjectAceType group -ActiveDirectoryRights WriteProperty
# Same as the previous command, except limit it to access granted to GroupX
Get-ADGroup GroupY |
Get-AccessControlEntry -ObjectAceType member -InheritedObjectAceType group -ActiveDirectoryRights WriteProperty -Principal GroupX
Here's version 4.0. It's way faster than 3.0, but it's missing the -ObjectAceType and -InheritedObjectAceType parameters on Get-AccessControlEntry (don't worry, when they come back they'll be better than in 3.0):
Get-ADGroup GroupY |
Get-AccessControlEntry
Get-ADGroup GroupY |
Get-AccessControlEntry -ActiveDirectoryRights WriteProperty
Get-ADGroup GroupY |
Get-AccessControlEntry -ActiveDirectoryRights WriteProperty -Principal GroupX
# You can do a Where-Object filter until the parameters are added back to Get-AccessControlEntry:
Get-ADGroup GroupY |
Get-AccessControlEntry -ActiveDirectoryRights WriteProperty |
where { $_.AccessMask -match "All Prop|member Prop" }
Get-ADGroup GroupY |
Get-AccessControlEntry -ActiveDirectoryRights WriteProperty |
where { $_.ObjectAceType -in ($null, [guid]::Empty, "bf9679c0-0de6-11d0-a285-00aa003049e2") }
Get-ADGroup GroupY |
Get-AccessControlEntry -ActiveDirectoryRights WriteProperty |
where { $_.AccessMask -match "All Prop|member Prop" -and $_.AppliesTo -match "group"}
That's just for viewing. Version 3.0 can add and remove access, or you can use New-AccessControlEntry to replace your call to New-Object, and you can still use Get-Acl and Set-Acl. The benefit to New-AccessControlEntry is that you can do something like this:
New-AccessControlEntry -Principal GroupX -ActiveDirectoryRights WriteProperty -ObjectAceType member -InheritedObjectAceType group #-AppliesTo Object

Moving a functional jsp and jar file to new directory breaks import?

Simply put - how can I "move" or "copy" a functional JSP directory from the root of my site to a subdirectory
of the same site and have it continue to work?
here are the details:
I have a site where the functional JSP content resides like so ...
c:\site\itworkshere\thetestfile.jsp
c:\site\itworkshere\WEB-INF\web.xml
c:\site\itworkshere\lib\thejarfile.jar
c:\site\itworkshere\classes\props.properties
but when I copy the"itworkshere" directory to c:\site\newdirectory\itworkshere
and try to load thetestfile.jsp page in my browser, I get ...
thetestfile$jsp.java:6: Package com.corporatename.module.io not found in import.
I know that the module.io classes are in thejarfile.jar, but for some reason, now that I've put the files
in a new directory, the import is failing (simple import directive in thetestfile.jsp) And - yes - the .jar
file is there in the new subdirectory.
I am a newbie with jsp and just need to copy the files to new location and have them continue to work.
Do I have to recompile the .jar with some sort of adjustments? I poked around and I don't see any assumptions about the directory structure in the build. The behavior leads me to believe that the build is assuming something
about its location in the directory tree.
Hope this question is clear and I appreciate any direction you can provide to steer me where to look/modify
the necessary changes so I can move the .jsp's and .jar and not break them.

Thanks for the suggestions and insights. I have made some progress.
a context path of "/newdirectory/itworkshere" and a docBase of "./newdirectory/itworkshere" has resolved
the .jsp include problem.
However this seems a bit counter-intuitive to me considering that the default root context which is "" stands
at the appBase which in my case is C:\Site. Since the default does not explicitly refer to the "itworkshere" directory,
I'd expect that the newly added Context element would not have to either ---- BUT --- it does require that I include "itworkshere" in the context path and docBase (where I would expect ./newdirectory would have been sufficient since the default works that way) ... am I missing something?
Now I havethe next odd behavior - the Servlet which resides in "itworkshere\WEB-INF\lib" is not loading when I put the appropriate URL in --> /newdirectory/itworkshere/DataCrunchingServlet
I checked the web.xml file and it has the appropriate servlet-name and url-pattern (relative references)
Furthermore I did a test where I simply rename the original working instance directory and again --- the URL is failing to find the servlet!!! (and yes I stopped/started Tomcat) It is as if the servlet can only be found in the originally installed scenario.
I am extremely puzzled that the behaviors seem to indicate an assumption about the path structure, but the web.xml file is set up correctly.
Help help!!! and Thank you.l

Use Oracle directory object in SQL*loader?

Hi All,
We have a bunch of flatfiles that need to be read on a daily basis. We are using SQL*loader to read these files into Oracle.
The files arrive into a different directory every day ( /filesDDMMYY/ ). We now manually copy these files into the static directory which is pointed to in our ctl file. I was wondering if it's possible to use an Oracle Directory object to point to these data files, in stead of the pysical directory we use now?
Now we use: INFILE './sources/mydata.txt' , but I would like to make this a dynamic refrence to a directory with a different name
I searched the documentation and the internet quite extensively, but can not get an answer if it's possible to use directory objects in conjunction with sql loader.
Any help or suggestions would be appriciated.
Greetz,
Toin.
Message was edited by:
Toin ~ corrected typo

you can remove the INFILE parameter from the CTL files, and instead specify it on the command line (DATA=./sources...).
obviously this would still require changing every ctl file, but you would only need to do it once, not everytime you change a directory.
of course, the shell script which runs sqlldr would need to change. however, you could make the shell script more robust, by having it connect to sqlplus to look up the actual directory path from ALL_DIRECTORIES, and then use that when calling sqlldr.

Create directory object on a client machine

hey guys .. can i craete a directory object on a different machine_that is connected to the network_ other than the server machine from where i run the em?
& if so , how do i provide its path through the em?

If it is on the machine where EM Agent is installed, this may be possible. You can create a job (using OSCommand command). As part of the OS Command job, you can do 'mkdir'. Ofcourse, you will need to provide EM Agent credentials.

Directory object on $APPLCSF/$APPLOUT

Hi,
My requirement is to fetch a xml file from concurrent program output directory $APPLCSF/$APPLOUT and update some tables based on it.
In order to read the file I need to have a directory object created on the same.
Can I create a directory object on $APPLCSF/$APPLOUT?
Is this not recommended?
I just need to read it from a job submitted thru dbms_job.
Please let me know your views.
Thanks.
Edited by: Chit on Mar 15, 2012 2:10 AM

Chit wrote:
Okay. Here is my requirement.
I am in Oracle apps R12 and db 11g.
I have a concurrent program with no mandatory parameters.
I need to email POs to suppliers. I am using BIPublisher for it. I should not email POs twice.
For this I have done the following:
Written a PLSQL code which will
1. Generate xml for bursting
2. Launch bursting program
So far so good. Now when it comes to duplicate email handling part, the complexity comes in.
I need to do the following for it.
1. Generate xml for bursting - parent request
2. Launch bursting program - child request
3. Wait for bursting program to complete - parent request
4. Fetch the xml status file generated by bursting report, and update the POs with bursting report status. - parent request
Since step3 waits for step2 to complete, step2 always fails with 'File o1234.out is not accessible'. I can understand that since parent is not complete (and whose out file is locked) and child is requesting for parent's out file, it errors.
So I thought of handling step 3 and 4 thru dbms_job, so that step2 completes successfully.
For step4, I need to access the out file of step2, for which I need a directory object created on $APPLCSF/$APPLOUT which will allow me to read that file and update the status back.
Please let me know if you need more info.Why is your directory name specified with environment variables?

BFILENAME and Directory object

Hi, I have a question about BFILENAME function. I can't find any other multimedia related topic so I decide to post it here, please help if you know the answer.
I have following procedure:
PROCEDURE test
(name IN varchar2:= 'a.jpg' )
IS
v_pix_source BFILE;
BEGIN
v_pix_source := BFILENAME('C_TEMP', name);
IF DBMS_LOB.FILEEXISTS(v_pix_source) = 1
THEN
DBMS_OUTPUT.PUT_LINE('EXIST');
ELSE
DBMS_OUTPUT.PUT_LINE('NOT EXIST');
END IF;
END test;
C_TEMP IS A DIRECTORY object WITH PATH 'c:\temp\' .
I keep getting 'NOT EXIST' when I call this procedure while the jpg file is there. I have tried 'c:\temp' too but it didn't work either.
But this does work:
INSERT INTO lob_table
VALUES(1, bfilename('c:\temp\','a.jpg'));
So it seems that the directory object is giving me trouble. This has nothing to do with privileges because I am using a DBA account to run the procedure.
Any help will be appreciated!
null

I don't know if a DBA account has the read directory privilege for directories that he didn't create. Try grnting the read directory privilege to the user.
SQL> grant read on directory C_TEMP to my_user;
null

Unable to activate PI - Integration Directory Objects

Hi Guys,
i am unable to activate PI - Integration Directory Objects.
when i'm trying to activate its taking too much time,then no response.
can any one pls help me on how to resolve this issue.
Thanks,
Siva.

Hi Siva,
Check with your basis guys.
In most cases, this is due to memory overflow error. They should free the memory which some interface or logs is holding up.
Most of these problems are solved by simply restart of the server.
I strongly suspect that some log file might be growing which would have consumed all memory.
Regards
Krish.

Incomplete Directory Objects import

Similar Messages

Maybe you are looking for