Link existing resource to Active Directory
I am working with an existing implementation of Project Server 2010 where Active Directory is used to synchronize resources. When initially implementing this environment, it was decided that most people in the department would be created as resources,
however, they would not be given the "logon to Project Server" permission (they were created manually). There have been some cases where these existing resources have later needed to have access to the server, so they are added to the necessary
AD group, and synchronized into Project Server. Due to the existing account already being in the resource pool, it creates a 2nd resource with the same name but the windows user account tagged to the end (example, Jane Doe [DOMAIN\jdoe]).
Is there any way to update the existing resource information so that Project Server knows to link that resource with the new resource in Active Directory? We have tried manually selecting "logon to Project Server" and entering the windows
user ID, but it has the same behavior (adds a second resource to the enterprise resource pool).
I understand that you can prevent active directory from synchronizing that account, but we are hoping there is a better solution that doesn't disable the inherant functionality of AD sync.
Thank you and let me know if you need additional information.
Which group you have mapped with Resource pool sync.
When you sync reosurce pool with AD in that case only resource will be added to the project server i mean to say :
The "logon to Project Server" button is unchecked
The Windows User Account is not populated
The user is not added to the out of box Team Members security group
http://technet.microsoft.com/en-us/library/gg982985(v=office.14).aspx
http://technet.microsoft.com/en-us/library/gg750243(v=office.14).aspx
these link will give you better idea.
For giving user permission you map project server group with AD groups this will give you proper access.
For resources you use resource pool sync .
No Project Server user accounts will be automatically created for resources that are added to the Enterprise Resource Pool through Active
Directory synchronization.
If you go with 2nd approach you will not face any problem in future.
Once you do resource pool sync it will create reosurces without user login.
Then you can map Project Permission group with AD group it will add user account to the users who are present in ad.
For this you have to create different- different groups in Ad as per project server group and add user as per your need in ad group. be careful do not t map project server group
with group which you are suing for resource pool mapping sync.
kirtesh
Similar Messages
-
Joining 10.8.5 with existing account to Active Directory domain
Hi-
I have a MacBook Pro that I am using as a test computer to figure out how to introduce the growing population of Mac's into our Active Directory environment in our small company. This comptuer is running OSX 10.8.5
There is a test account in AD that I will be using to connect to the windows domain. I am able to get the Laptop binded to AD, and have no problem authenticating, and seeing all the network resources required.
Here is the part that has me stumped:
Is there any way to take my existing "local" account that was configured when I began using my MBP without Active Directory and continue to use it, but logon to the laptop using my Active Directory account?
Perhaps copy all the settings and preferences from the local account ontop of the AD account on the laptop?
I have been using this laptop as my personal machine for many months and have quite a few customizations made to my deskop preferences, icon layouts, etc. This will be same case with all of the users that will soon be authenticating on the domain. We need this for centralized management of network shares, password policies, and number of other security features.
There is some limited information on the web, but nothing that I have tried really works, here's some of what i found and the difficulty that resulted.
http://community.spiceworks.com/how_to/show/37886-convert-mac-local-user-into-ac tive-directory-network-user
- The script mentioned in step 3 was not able to copy local account to the destination folder.
http://robotcloud.screenstepslive.com/s/2459/m/5322/l/112415-convert-local-accou nts-to-network-mobile-accounts
- The sudo mv /Users/USERNAME /Users/DIRUSERNAME command was not able to make the "DIRUSERNAME" directory, and did not have any effect if this directory already existed due to a prior logon.
I'm just looking for some help making it so that my users can retain their desktop layouts that they are used to, but logon to the domain using AD credentials.
Seems simple, but is pretty difficult to get done.
Thanks in advance for any help....
-AaronThis might help:
http://www.afp548.com/article.php?story=20060517222656622&query=radius -
How to migrate from existing Database Usermanagement to Active Directory?
Hello experts,
we are running a portal with more than 2000 users. So far our user management is done by the portal´s own identity management with the database as data source.
However for many reasons instead of the database we would like to use an existing company´s Active Directory (=AD) as a data source for identity management. That means that we would like only to use the AD-users and AD-groups in the portal.
All users who are in the portal´s database now you can find also in the existing company´s Active Directory. Luckily the users have the same ID both in the database and in the AD.
We know that the migration form the database to AD is a big issue since many portal objects depend on the existing structures. However because the IDs of users are identical in both systems we hope to finde a way to "override" the existing usermanagement data with the AD data without loosing the existing settings (e.g. KM-Permissions, user profiles etc.).
Generally I am asking you if you have had already experience with changing the user management´s datasource of an already "living" portal (several 1000 users) to Active Directory User Managent.
What problems can occour?
Which modifications need to be done?
Which portal´s objects are affected by the migration?
Is a migration possible at all?
I will appreciate all suggestions, remarks, ideas.
Thanks in advance.
ThomasHello experts,
the current permissions in the KM-Objects are based on both groups and users from database.
Because it is not possible to modify the Group´s Display Name in the portal´s database we would also like to use LDAP-Groups in the portal: All users and groups in the portal shall be managed by Active Directory in future.
In the Active Directory it is possible to modify the Display Name of groups. This is a necessary feature because of reorganisations of departments in our company which occur from time to time.
Creating new groups with the new department names is not an option because one has to assign all department members to the new group again. Otherwise one need to asign the new group to the ACLs of all KM objects in question. This is a too big deal.
However, thank you for that hint Michael.
Any other experiences?
I will appreciate any ideas, foreseen problems.
Thomas -
Updating custom boolean attribute in Active Directory via OIM
The adapters delivered with the AD connector support updating standard attributes (string) and multi-value attributes, but I can't seem to figure out how to update a custom Boolean attribute in AD via OIM. The delivered Boolean fields all appear to have custom adapters (ie Account Locked, Password Never Expires, etc.)
I've tried using the delievered adpADCSCHANGEATTRIBUTE adapter, but it fails (as expected) with:
+com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : updateDetails : Attributes cannot update:[LDAP: error code 21 - 00000057: LdapErr: DSID-0C090B73, comment: Error in attribute conversion operation, data 0, v1772 ]+
Suggestions?No I don't have custom boolean attributes in AD. But I added custom attributes of other types.
When you say custom, do you mean it did not come with the out of the box AD connector, but exists in the Active Directory of your organization?
There are a few attributes in AD which look like they are boolean when you see the AD console but are actually different. Look at the link for details.
[http://support.microsoft.com/kb/305144]
Look at this post for context.
AD Provisioning - Password never expires & User must chg pwd at next logon
Thanks,
M -
"24427 Access to Active Directory failed" error in ACS 5.1
Hello,
I'm working on implementing a RADIUS authentication for wireless access with the following :
- PCs running Windows 7, protocol used is PEAP (without validating the server certificate to make it simple at first),
- AP 1252 configured to use a RADIUS server to authenticate (it's working good with an ACS server 4.2),
- ACS Server 5.1.0.44.5 running as VM connected to an AD domain and working good with VPN connections,
- AD domain running on Windows 2003 Server.
My ACS VM is working good since a couple of months for VPN (RADIUS) and administration (TACACS) remote access, both using Active Directory. Now, I'd like to use it to authenticate people connecting to a 1252 Cisco access point but I'm getting this error "24427 Access to Active Directory failed". I switched from PEAP to LEAP but this is the same.
All I can get running the expert troubleshoot
Investigating failure code: 24427 Access to Active Directory failed
Checking if Active Directory is configured
Active Directory is configured
Attempting connection to Active Directory
Connection to Active Directory was successful.
Troubleshooting completed.
Click on Show Results Summary to view results.
I followed this guide, at least for the ACS certificate section :
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
Anyone has an idea where the problem may come from?
Thanks in advance,
Vincenthey there, I ran into the same issue with 5.3 and it turned out being this bug. i came across your post looking for instructions on retrieving the logs. thanks mate.
link
Problem: Error "24495 Active Directory servers are not available"
Authentication starts failing with this error: 24495 Active Directory servers are not available. in the ACS 5.3 logs.
Solution
Check the ACSADAgent.log file through the CLI of the ACS 5.x for messages such as:Mar 11 00:06:06 xlpacs01 adclient[30401]: INFO base.bind.healing Lost connection to xxxxxxxx. Running in disconnected mode: unlatch. If you see the Running in disconnected mode: unlatch error message, this means the ACS 5.3 cannot maintain a stable connection with Active Directory. The workaround is to either switch to LDAP or downgrade the ACS to 5.2 version. Refer to Cisco bug ID CSCtx71254 (registered customers only) for more information. -
How to avoid duplicate DN exception when creating Active Directory Account
I am using OIM 9.1.0.2 to provision Active Directory accounts.
I run into issues when the DN of the user to be created already exists and I would like to know if anyone has some logic I can use to generate a different DN for new user by adding a number or something like that to the DN
Here is an example.
User 1 exists already and their DN: cn=john smith, cn=users, dc=company,dc=org
New user joins the company and his name is also john smith and he has no middle name: so system attempts to create his account as cn=john smith, cn=users, dc=company,dc=org
how can I accomplish this by making the account say cn=john smith_1, cn=users, dc=company,dc=org855640 wrote:
I run into issues when the DN of the user to be created already exists and I would like to know if anyone has some logic I can use to generate a different DN for new user by adding a number or something like that to the DN
There are two different questions:
1. How to generate a sequence of candidates for the name attribute
2. How to check if a record with the given name candidate already exists in the Active Directory, and hence try the next candidate from the sequence.
The answer for the first part is usually defined by the policy existing in your organization, in the simplest case you can append sequential integer numbers to the end of the original name.
The answer for the second question is not so simple if you use are provisioning with MSAD connector.
There are two places you can put the check:
-- in the pre-populate adapter for the UD_ADUSER_COMMONNAME field
-- in the adpADCSCREATEUSER event handler, which is responsible for new AD user record creation.
Both cases need some coding, since you have to obtain the AD connection and search AD for matching records.
Pros & cons
Placing check code in the pre-populate adapter:
Pros:
the result is visible in the form, administrator can change the pre-calculated value if he wishes
Cons:
you need to have all access to connection parameters, and establish one extra connection
this is not the way OIM is supposed to work :-(
Placing check code in the AD user creation task:
Pros:
you have all access to connection parameters, and open a connection here anyway
Cons:
the result is not present in the form, so no way for manual interaction by administrator here
BTW: this problem is not only related to DN generation, some other AD attributes (e.g. sAMAccountName, mailNickName, userPrincipalName, mail) should be unique in the AD domain scope.
Edited by: madhatter on Sep 7, 2012 12:02 AM -
Active Directory schema extensions
Hi
We are in a process of implementing SAP LDAP sync to manage users from MS Active Directory. SAP requires schema extension generated by RSLDAPSCHEMAEXT program to be applied to Active Directory so that report RSLDAPSYNC_USER can be identify SAP users in MS AD.
The MS AD team says that any non miscrosoft schema extensions are not supported as OIDs of the schema might conflict with other applications / patches.
Are the MS AD schema extensions generated by SAP program RSLDAPSCHEMAEXT supported / certified by Microsoft.
HarshHi Harsh,
I would like to point you also to SAP Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT.
It especially states that:
..."The text document generated by RSLDAPSCHEMAEXT was supplied and validate as part of a certification process by the directory vendor."...
that means in this case by Microsoft.
If you decide not to use the schema extension that has been supplied by Microsoft you can use attributes that are already existing in your Active Directory as Juergen already pointed out.
As an example Microsoft Exchange Server creates several additional attributes such as extensionattribute1, ... , extensionattribute15 as part of the installation process. These attributes might be an option for you if you do not want to use the schema extension suggested by RSLDAPSCHEMAEXT.
Please have in mind that the filter attribute that you will use to determine the SAP username should be indexed since this will reduce the synchronization time.
Best Regards,
André -
Integrating Active Directory LDAP in OBIEE 11g
Hi All,
I Have Configured Active Directory LDAP in OBIEE.
Steps i have Followed are,
1) configured Active Directory in providers under Scurity Releam.
2) Restarted BI Services to Load the Ldap Users.
3) login to the EM under bifoundation domain selected securitues->security configuration provider.created user.login.attr and username.attr.
4) under Credentials->oracle.bi.system map->system.user->deleted BISystemUser and Created key with the Existing name in Active Directory.
5) assigned System user to BISystem role in em.
6) in Console Roles and Polocies->Global Roles->Roles->Admin->view Role Condition (User = Active Directory User or Group=Administrators).
7) Restarted BI Server and Presentation Services.
Now I am Unable to Login to Presentation Services.
Please Reply ASAP.
Thanks and Regards
Kiran KumarKiran, Is there a specific reason for using RPD for LDAP authentication? From 11g onwards, the best practice is to use Weblogic (or external Authentication providers). Is it correct to say that for "Authentication' without proper RPD LDAP config for "USER" variable, users cannot login via presentation layer?
Cheers!
BK -
Active Directory users unable to change passwords
I have about 10 Macs running 10.4.11 that are bound to Active Directory (Windows 2000 Server).
Users see the warning that their password is about to expire. However, for users who have a local account on the machine, when they attempt to change their password via System Prefs, only the local password is changed - the Active Directory password remains unchanged.
For users who do not have a local account on the machine, this error occurs:
"You cannot change your password to the password you entered. Your system administrator may not allow you to change your password or there was some other problem with your password."
We have the following password requirements in place via Group Policy: complexity, length, min age (2 days), max age (90 days), history (last 4 remembered).
Has anyone else encountered this?
Thanks.Sign me up as well. I dont remember this being an issue before 10.5.5. I notice that it makes directory services crash and makes a crash report. I'll paste below.
Note: the time appears to be synced properly with the domain controller-BUT i can an error in the console saying:
com.apple.service_helper[6492]: launchctl: Error unloading: org.ntp.ntpd
com.apple.launchd[1] (org.ntp.ntpd): Unknown key: SHAuthorizationRight
I am able to communicate with time server via ntpq -inp
Directory Service Crash Report:
Process: DirectoryService [34]
Path: /usr/sbin/DirectoryService
Identifier: DirectoryService
Version: ??? (???)
Code Type: X86 (Native)
Parent Process: launchd [1]
Date/Time: 2008-12-05 16:38:09.091 -0800
OS Version: Mac OS X 10.5.5 (9F33)
Report Version: 6
Exception Type: EXCBADACCESS (SIGSEGV)
Exception Codes: KERNINVALIDADDRESS at 0x00000000c018096b
Crashed Thread: 2
Thread 0:
0 libSystem.B.dylib 0x94a734a6 machmsgtrap + 10
1 libSystem.B.dylib 0x94a7ac9c mach_msg + 72
2 com.apple.CoreFoundation 0x948ef0ce CFRunLoopRunSpecific + 1790
3 com.apple.CoreFoundation 0x948efd54 CFRunLoopRun + 84
4 DirectoryService 0x000173ff main + 2767
5 DirectoryService 0x00016912 start + 54
Thread 1:
0 libSystem.B.dylib 0x94a734a6 machmsgtrap + 10
1 libSystem.B.dylib 0x94a7ac9c mach_msg + 72
2 com.apple.CoreFoundation 0x948ef0ce CFRunLoopRunSpecific + 1790
3 com.apple.CoreFoundation 0x948efd54 CFRunLoopRun + 84
4 DirectoryService 0x000235bc CPluginRunLoopThread::ThreadMain() + 222
5 ...ectoryServiceCore.Framework 0x00167f83 DSCThread::Run() + 39
6 ...ectoryServiceCore.Framework 0x0016818e DSLThread::_RunWrapper(void*) + 84
7 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
8 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 2 Crashed:
0 libobjc.A.dylib 0x94de1688 objc_msgSend + 24
1 ...oryService.Active Directory 0x00305eaf -[ADSPluginNode changePassword:recordName:oldPassword:newPassword:] + 767
2 ...oryService.Active Directory 0x003415ee BaseDirectoryPlugin::DoSimplePasswordChange(sBDPINodeContext*, __CFString const*, tDataBuffer*) + 682
3 ...oryService.Active Directory 0x00340b76 BaseDirectoryPlugin::DoAuthentication(sDoDirNodeAuth*, char const*, CDSAuthParams&) + 718
4 ...oryService.Active Directory 0x00346aca BaseDirectoryPlugin::ProcessRequest(void*) + 1376
5 ...oryService.Active Directory 0x0030ebae ADSPlugin::ProcessRequest(void*) + 66
6 ...oryService.Active Directory 0x0033fc5c _ProcessRequest(void*, void*) + 92
7 DirectoryService 0x00002d8d CRequestHandler::HandlePluginCall(sComData**) + 775
8 DirectoryService 0x00003b48 CRequestHandler::HandleRequest(sComData**) + 82
9 DirectoryService 0x0002ec71 dsmigdo_apicall + 543
10 DirectoryService 0x00060df4 Xapicall + 407
11 DirectoryService 0x00060aa0 DirectoryServiceMIG_server + 109
12 DirectoryService 0x00026d08 dsmigdemux_notify(mach_msg_headert*, machmsg_headert*) + 86
13 libSystem.B.dylib 0x94ae8ed3 machmsgserver + 343
14 DirectoryService 0x000237f5 CMigHandlerThread::ThreadMain() + 303
15 ...ectoryServiceCore.Framework 0x00167f83 DSCThread::Run() + 39
16 ...ectoryServiceCore.Framework 0x0016818e DSLThread::_RunWrapper(void*) + 84
17 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
18 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 3:
0 libSystem.B.dylib 0x94a7a68e _semwaitsignal + 10
1 libSystem.B.dylib 0x94acb8e0 pthreadcondtimedwait$UNIX2003 + 72
2 ...ectoryServiceCore.Framework 0x00168409 DSEventSemaphore::WaitForEvent(long) + 191
3 DirectoryService 0x00043200 CSearchPlugin::CheckNodes(tDirPatternMatch, int*, DSEventSemaphore*) + 1120
4 DirectoryService 0x000432f9 CSearchPluginHandlerThread::ThreadMain() + 101
5 ...ectoryServiceCore.Framework 0x00167f83 DSCThread::Run() + 39
6 ...ectoryServiceCore.Framework 0x0016818e DSLThread::_RunWrapper(void*) + 84
7 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
8 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 4:
0 libSystem.B.dylib 0x94a7a68e _semwaitsignal + 10
1 libSystem.B.dylib 0x94acb8e0 pthreadcondtimedwait$UNIX2003 + 72
2 ...ectoryServiceCore.Framework 0x00168409 DSEventSemaphore::WaitForEvent(long) + 191
3 DirectoryService 0x00043200 CSearchPlugin::CheckNodes(tDirPatternMatch, int*, DSEventSemaphore*) + 1120
4 DirectoryService 0x000432f9 CSearchPluginHandlerThread::ThreadMain() + 101
5 ...ectoryServiceCore.Framework 0x00167f83 DSCThread::Run() + 39
6 ...ectoryServiceCore.Framework 0x0016818e DSLThread::_RunWrapper(void*) + 84
7 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
8 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 5:
0 libSystem.B.dylib 0x94aa3f66 kevent + 10
1 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
2 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 6:
0 libSystem.B.dylib 0x94ac35e2 select$DARWIN_EXTSN + 10
1 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
2 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 7:
0 libSystem.B.dylib 0x94ab61d5 syscall + 5
1 ...ectoryServiceCore.Framework 0x00167f83 DSCThread::Run() + 39
2 ...ectoryServiceCore.Framework 0x0016818e DSLThread::_RunWrapper(void*) + 84
3 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
4 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 8:
0 libSystem.B.dylib 0x94a734a6 machmsgtrap + 10
1 libSystem.B.dylib 0x94a7ac9c mach_msg + 72
2 libSystem.B.dylib 0x94ad0dc1 machmsg_serveronce + 318
3 DirectoryService 0x00023768 CMigHandlerThread::ThreadMain() + 162
4 ...ectoryServiceCore.Framework 0x00167f83 DSCThread::Run() + 39
5 ...ectoryServiceCore.Framework 0x0016818e DSLThread::_RunWrapper(void*) + 84
6 libSystem.B.dylib 0x94aa46f5 pthreadstart + 321
7 libSystem.B.dylib 0x94aa45b2 thread_start + 34
Thread 2 crashed with X86 Thread State (32-bit):
eax: 0x0028c030 ebx: 0x94fa606b ecx: 0x94e7d334 edx: 0xc018094b
edi: 0x00000001 esi: 0x00600fe0 ebp: 0xb01027e8 esp: 0xb0102678
ss: 0x0000001f efl: 0x00010206 eip: 0x94de1688 cs: 0x00000017
ds: 0x0000001f es: 0x0000001f fs: 0x0000001f gs: 0x00000037
cr2: 0xc018096b
Binary Images:
0x1000 - 0x10ffff +DirectoryService ??? (???) <4c56e8e1e57b70096f86b84a52d49c0a> /usr/sbin/DirectoryService
0x160000 - 0x16eff3 com.apple.DirectoryServiceCore.Framework 3.5.5 (3.5.5) <29a684df6d0a0fafe87aeabaa5ca72c9> /System/Library/PrivateFrameworks/DirectoryServiceCore.framework/Versions/A/Dir ectoryServiceCore
0x19b000 - 0x19dffc apop.so ??? (???) <af168e2e8b86c66628d8b1d44b646cb7> /usr/lib/sasl2/apop.so
0x1a1000 - 0x1a9fff digestmd5WebDAV.so ??? (???) <192fc897aeea8b4c8fe66dcef8137a95> /usr/lib/sasl2/digestmd5WebDAV.so
0x1ca000 - 0x1ccfff libanonymous.2.so ??? (???) <161902c9ed78dce78b61125c7c155f0f> /usr/lib/sasl2/libanonymous.2.so
0x1e3000 - 0x1e5ffc libcrammd5.2.so ??? (???) <c917c89eefddcfcacf48c939c3af12aa> /usr/lib/sasl2/libcrammd5.2.so
0x1e9000 - 0x1f2ffb libdigestmd5.2.so ??? (???) <c8595204acd0e7cb362b33d008693019> /usr/lib/sasl2/libdigestmd5.2.so
0x1f6000 - 0x1fafff libgssapiv2.2.so ??? (???) <a47ee23249e7c36aee418a6e7fd3a502> /usr/lib/sasl2/libgssapiv2.2.so
0x300000 - 0x358ffc com.apple.DirectoryService.Active Directory 1.6.3 (1.6.3) <aeaf0f5bed2b48a776a4567154f3fa66> /System/Library/Frameworks/DirectoryService.framework/Resources/Plugins/Active Directory.dsplug/Contents/MacOS/Active Directory
0x377000 - 0x38ffe2 dhx.so ??? (???) <8144ab11b8201f120dc87f3ec57d0714> /usr/lib/sasl2/dhx.so
0x39e000 - 0x3a0ffc login.so ??? (???) <03d28ec908a6ed9abee1b25fe87716ef> /usr/lib/sasl2/login.so
0x3a4000 - 0x3abffc libotp.2.so ??? (???) <0b7c8cd165835331c586e49465ef1186> /usr/lib/sasl2/libotp.2.so
0x3b5000 - 0x3b7ffc libplain.2.so ??? (???) <5992f1149ff6cc7fadafa2bfd4ecc00a> /usr/lib/sasl2/libplain.2.so
0x3bb000 - 0x3c0ffc libpps.so ??? (???) <31fe03649320e2f8b5404b179684d23a> /usr/lib/sasl2/libpps.so
0x3c6000 - 0x3c9fff mschapv2.so ??? (???) <5c0fc0400a600f7c2d29ecbf95bc6017> /usr/lib/sasl2/mschapv2.so
0x3cd000 - 0x3cfffc shadow_auxprop.so ??? (???) <b90c297da0fdf1bf0252ea496fbe83f2> /usr/lib/sasl2/shadow_auxprop.so
0x3d5000 - 0x3d7ffd smb_lm.so ??? (???) <b0e54904b8dcecaa7d98c39841d03528> /usr/lib/sasl2/smb_lm.so
0x3db000 - 0x3ddffc smb_nt.so ??? (???) <f927d77c27a795c0e7bb8478a47b83ed> /usr/lib/sasl2/smb_nt.so
0x3e1000 - 0x3e4ff0 smb_ntlmv2.so ??? (???) <a31a5d3a2184c97ecb945c6cbd308da9> /usr/lib/sasl2/smb_ntlmv2.so
0x3f8000 - 0x3f9fff com.apple.odlocate 1.1 (1.1) <58ace87ddfcba42df58856cabf3b6633> /System/Library/KerberosPlugins/KerberosFrameworkPlugins/ODLocate.bundle/Conten ts/MacOS/ODLocate
0x436000 - 0x437ffc com.apple.KerberosHelper.LKDCLocate 1.1 (1.0) <cec0029c7e0345fee6e22aac185376c7> /System/Library/KerberosPlugins/KerberosFrameworkPlugins/LKDCLocate.bundle/Cont ents/MacOS/LKDCLocate
0x8fe00000 - 0x8fe2da53 dyld 96.2 (???) <14ac3b684fa5a31932fa89c4bba7a29b> /usr/lib/dyld
0x90315000 - 0x9039cff7 libsqlite3.0.dylib ??? (???) <6978bbcca4277d6ae9f042beff643f7d> /usr/lib/libsqlite3.0.dylib
0x91d29000 - 0x91d54fe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib
0x91d55000 - 0x9202fff3 com.apple.CoreServices.CarbonCore 786.6 (786.6) <5682aae1e2cf5ae750d5a4dea98c084c> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonC ore.framework/Versions/A/CarbonCore
0x922cf000 - 0x92313feb com.apple.DirectoryService.PasswordServerFramework 3.0.3 (3.0.3) <8135bb4f34a3bf02b8c2ca869fe33a42> /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordS erver
0x92793000 - 0x92812ff5 com.apple.SearchKit 1.2.1 (1.2.1) <3140a605db2abf56b237fa156a08b28b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchK it.framework/Versions/A/SearchKit
0x92891000 - 0x928a7fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/DictionaryServices
0x928a8000 - 0x928dffff com.apple.SystemConfiguration 1.9.2 (1.9.2) <8b26ebf26a009a098484f1ed01ec499c> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfi guration
0x92964000 - 0x929adfef com.apple.Metadata 10.5.2 (398.22) <a6b676925dd832780daf991e79adfebd> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadat a.framework/Versions/A/Metadata
0x929ae000 - 0x929bcffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib
0x92a17000 - 0x92aa3ff7 com.apple.LaunchServices 290 (290) <61af37aac50984d220dd176f777e3b72> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchS ervices.framework/Versions/A/LaunchServices
0x92aa4000 - 0x92bdcff7 libicucore.A.dylib ??? (???) <3d8fdaf51c2664ab620f1688203caf26> /usr/lib/libicucore.A.dylib
0x939bf000 - 0x939c3fff com.apple.OpenDirectory 10.5 (10.5) <e7e4507f5ecd8c8cdcdb2fc0675da0b4> /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/OpenDirect ory
0x93ecd000 - 0x93ed1fff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib
0x93f4d000 - 0x93f4dffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x94105000 - 0x94123fff libresolv.9.dylib ??? (???) <a8018c42930596593ddf27f7c20fe7af> /usr/lib/libresolv.9.dylib
0x94124000 - 0x941a8fe3 com.apple.CFNetwork 339.5 (339.5) <c6565c13b0356e1d4bb99a68398d558b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwo rk.framework/Versions/A/CFNetwork
0x94569000 - 0x94619fff edu.mit.Kerberos 6.0.12 (6.0.12) <da7253e3fb7e47e46cb46d47ed320ffc> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x9485e000 - 0x9487cff3 com.apple.DirectoryService.Framework 3.5.5 (3.5.5) <4b81063df189bc462f012a169474fcbc> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryServi ce
0x9487d000 - 0x949affff com.apple.CoreFoundation 6.5.4 (476.15) <e2869ad6dc1dd289f21b305b0bea9158> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x94a0c000 - 0x94a13fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib
0x94a14000 - 0x94a71ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib
0x94a72000 - 0x94bd2ff3 libSystem.B.dylib ??? (???) <98fc91f31f185411ddc46d3225e9af55> /usr/lib/libSystem.B.dylib
0x94dcc000 - 0x94eacfff libobjc.A.dylib ??? (???) <7b92613fdf804fd9a0a3733a0674c30b> /usr/lib/libobjc.A.dylib
0x94ead000 - 0x94ebcfff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib
0x94f87000 - 0x94f8effe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib
0x94fa0000 - 0x9521bfe7 com.apple.Foundation 6.5.6 (677.21) <5cfa0aa8b9b43193955d601ba6c2591a> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x952ea000 - 0x9539cffb libcrypto.0.9.7.dylib ??? (???) <69bc2457aa23f12fa7d052601d48fa29> /usr/lib/libcrypto.0.9.7.dylib
0x953fd000 - 0x95421feb libssl.0.9.7.dylib ??? (???) <c7359b7ab32b5f8574520746e10a41cc> /usr/lib/libssl.0.9.7.dylib
0x95422000 - 0x954dcfe3 com.apple.CoreServices.OSServices 226.5 (226.5) <2a135d4fb16f4954290f7b72b4111aa3> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServi ces.framework/Versions/A/OSServices
0x95ca1000 - 0x95e6ffff com.apple.security 5.0.4 (34102) <f01d6cbd6a0f24f6c13952ed448e77d6> /System/Library/Frameworks/Security.framework/Versions/A/Security
0x966ac000 - 0x966bdffe com.apple.CFOpenDirectory 10.5 (10.5) <6a7f55108d77db7384d0e2219d07e9f8> /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/Frameworks /CFOpenDirectory.framework/Versions/A/CFOpenDirectory
0x96d5e000 - 0x96e3fff7 libxml2.2.dylib ??? (???) <1baef3d4972ee789d8fa6c1fa44da45c> /usr/lib/libxml2.2.dylib
0x96e40000 - 0x96e6ffe3 com.apple.AE 402.2 (402.2) <e01596187e91af5d48653920017b8c8e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.fram ework/Versions/A/AE
0x96e70000 - 0x96e94fff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib
0x96e95000 - 0x96e9dfff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x96f06000 - 0x96f91fff com.apple.framework.IOKit 1.5.1 (???) <324526f69e1443f2f9fb722cc88a23ec> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x96f93000 - 0x96fc5fff com.apple.LDAPFramework 1.4.5 (110) <cc04500cf7b6edccc75bb3fe2973f72c> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib -
Pulling "cn=Users" account data from Active Directory issue
I'm using the following general syntax:
ldapsearch -h <active directory server> -p 389 -D "CN=Administrator,CN=Users,dc=ORACLE,dc=COM" -b "DC=ORACLE,DC=COM" -s base objectclass=*
What I get is only "cn=System" output. Any ideas to get the "cn=Users" data?? I can authenticate users in other ways using the Oracle LDAP tools through the same "active directory server". So it's not a matter of it not existing in the Active Directory Server. Also, there is no password right now for the "Administrator" account; so it's not a matter of including/excluding the "-w" option.
Any suggestions??
Thanks.I recommend you to post this here:
Forums Home » Oracle Technology Network (OTN) » Products » Application Server » Oracle Internet Directory
Identity Manager
Joel Pérez
http://otn.oracle.com/experts -
Active Directory Volume Activation Services Forest Prep on 2003 Functional Level?
Hello,
Please can anyone tell me if I can perform the steps outlined below when I have a mix of 2003 R2 and 2008 R2 domain controllers currently running on 2003 Functional Level.
My aim is to get AD Volume Activation Services running without needing to install a 2012 R2 DC and upgrade all my 2003 R2 DCs (which I have no control of), though I accept the schema update is a requirement for the AD Volume Activation Services aspect, where
as KMS will still work?
(http://social.technet.microsoft.com/Forums/windowsserver/en-US/99e94b1c-fe8a-4224-954b-2126994c9d0f/how-do-i-activate-kms-on-2012-in-a-2008-r2-domain?forum=winserver8setup)
Steps to make this work:
Copy ALL files from <win2012 DVD>\support\adprep folder to a folder on server holding FSMO role for Forest/Domain
Run "adprep.exe /forestPrep"
Run "adprep.exe /domainPrep /forceReplicate"
Join 2012 server that VAS will be installed on to domain
Follow instructions, as needed, in VAS 2012 test lab guide here: http://technet.microsoft.com/en-us/library/hh831794.aspx
Thanks,
PeterHi,
As far as I know this role should be installed on Windows 2012, so without Windows 2012, we cannot do this.
AD DS must be at the schema level of Windows Server 2012 or newer to store activation objects. Domain controllers running earlier versions of Windows Server can activate clients after their schemas have been updated using the Windows Server 2012 version
of Adprep.exe.
Please go through the below links for more details:
Active Directory-Based Activation vs. Key Management Services
https://blogs.technet.com/b/askpfeplat/archive/2013/02/04/active-directory-based-activation-vs-key-management-services.aspx
Volume Activation Overview
http://technet.microsoft.com/en-us/library/hh831612.aspx
Regards,
Yan Li
Regards, Yan Li -
11gr2 Active Directory User Target Delete Recon Search Root
Hi All,
latest AD conector with the patch.
Have a situation where I need to change the root or base search for the delete recon. by default it seams to want to search at the domain level but that won't work for us. Checked the doc and can't seem to find anyway to change this for the delete recon.
Thanx in advance
FredHi,
The issue is still pending. I am specifying the following parameters for the scheduled job :
Batch Size : 100
Object Type : User
Batch Start : 1
Resource Object Name : AD User
Filter : startsWith('samAccountName','c')
Scheduled Task Name : Active Directory User Target Recon
Incremental Recon Attribute : uSNChanged
Search Base : <blank>
IT Resource Name : Active Directory
Search Scope : subtree
Latest Token : <blank>
Sort By : samAccountName
Number of Batches : All
Sort Direction : asc
The job runs successfully but no records are reconciled into UD_ADUSER table and the job reports the following error in the logs :
[2012-10-25T02:32:04.785-07:00] [oim_server1] [ERROR] [] [org.quartz.impl.jdbcjobstore.JobStoreCMT] [tid: QuartzScheduler_OIMQuartzScheduler-iamoimdev-v1.capgroup.com1351057898397_MisfireHandler] [userId: oiminternal] [ecid: 80eeb34d89d5ed80:-343bffe9:13a9150ba30:-8000-0000000000000005,1:24567] [APP: oim#11.1.2.0.0] MisfireHandler: Error handling misfires: Unexpected runtime exception: null[[
org.quartz.JobPersistenceException: Unexpected runtime exception: null [See nested exception: java.lang.NullPointerException]
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3042)
at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.manage(JobStoreSupport.java:3789)
at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.run(JobStoreSupport.java:3809)
Caused by: java.lang.NullPointerException
at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStoreSupport.java:944)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSupport.java:898)
at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3029)
Edited by: IDM_newbie on Oct 25, 2012 2:38 AM -
I need display a control depending of the user logged in the SO exists on a active directory specific group. Is it possible?
The form is design in Adobe LiveCycle ES4,
THANKSHi Damion,
As far as I understand, you are adding two Directory providers in a single LiveCycle domain. One of the directory provider (DC2 and which has a 15 minute delay) overrides the user/groups added by the other. Currently, there is no support in LiveCycle to add a failover domain controller. You can contact Adobe support and they help you file a feature request.
Temporarily, you may delete DC2 directory provider from the domain to prevent this but that would not give you any failover advantage.
Thanks,
Neerav -
Retrieving Active Directory infomation from SQL Server
Dear All
We have a requirement to load active directory users and user groups into a SQL Server database. Looking at the information available it seems you need to create a Linked Server of type 'Active Directory Service Interfaces'. Creating a linked server will
be a problem for out customers so I was wondering if there was another way of doing it. I will accept all ideas no matter how odd :D
Thanks
PeterPlease refer the below link for incremental loading of data from AD:
http://beyondrelational.com/modules/2/blogs/557/posts/15401/incremental-dl-porting-in-sql-server-querying-ldap-to-get-the-users-belongs-to-a-dl-group-in-sql-ser.aspx -
Active sync with Active Directory. activeSync.password
AD - OS - Win2k3
IDM -6.0SP1
I am using active sync with Active Directory.
Form for Active Sync make with Wizard Active Sync.
Make user in AD with correct password.Excecute StartActiveSync.
User not make in Lighthouse.
In log file appears the following:
<WavesetResult>
<ResultItem type='error' status='error'>
<ResultError throwable='com.waveset.exception.PolicyViolation'>
<Message id='PL_POLICY_VIOLATION_HEADER'>
<String>password</String>
<String>Lighthouse User</String>
</Message>
<Message id='PL_STRING_MIN_CHARACTERS'>
<String>4</String>
</Message>
<StackTrace>com.waveset.exception.PolicyViolation: Policy Violation (password on Lighthouse User):
Must contain at least 4 valid characters.
at com.waveset.policy.StringQualityPolicy.check(StringQualityPolicy.java:1090)
at com.waveset.provision.PolicyProcessor.checkPolicy(PolicyProcessor.java:716)
at com.waveset.provision.PolicyProcessor.checkLighthousePasswordPolicy(PolicyProcessor.java:651)
at com.waveset.provision.PolicyProcessor.checkPasswordPolicies(PolicyProcessor.java:574)
at com.waveset.provision.PolicyProcessor.checkAccountPolicies(PolicyProcessor.java:232)
at com.waveset.provision.Provisioner.checkPolicies(Provisioner.java:1102)
at com.waveset.view.UserViewer.checkPolicies(UserViewer.java:1559)
at com.waveset.view.UserViewer.checkPoliciesAndConstraints(UserViewer.java:1415)
at com.waveset.view.UserViewer.checkinView(UserViewer.java:1159)
at com.waveset.object.ViewMaster.checkinView(ViewMaster.java:725)
at com.waveset.sync.IAPIUserImpl.submitCreate(IAPIUserImpl.java:559)
at com.waveset.sync.IAPIUserImpl.submit(IAPIUserImpl.java:657)
at com.waveset.adapter.ADSIResourceAdapter.processUpdates(ADSIResourceAdapter.java:1419)
at com.waveset.adapter.ADSIResourceAdapter.getAndProcessChanges(ADSIResourceAdapter.java:1456)
at com.waveset.adapter.ADSIResourceAdapter.poll(ADSIResourceAdapter.java:1546)
at com.waveset.adapter.SARunner.doRealWork(SARunner.java:268)
at com.waveset.task.Executor.execute(Executor.java:159)
at com.waveset.task.TaskThread.run(TaskThread.java:119)
</StackTrace>
</ResultError>
</ResultItem>
</WavesetResult>
2006-11-09T13:19:07.904+0500: lastname: Bogdanov9, accountId: Bogdanov9, objectGUID: <GUID=fb4016ebb4851b43af59763d6094932d>, isDisabled: false, identity: cn=Alexey L. Bogdanov9,ou=Users,ou=Test,dc=aut,dc=tst, uSNChanged: 78587, firstname: Alexey, AccountLocked: false, fullname: Alexey L. Bogdanov9, Initials: L
Policy Violation (password on Lighthouse User):
Must contain at least 4 valid characters.
But, when i use sample active sync form from ...sample/forms/ActiveDirectoryActiveSyncForm user make in Ligthhouse with password change12345.
Logicaly, from this code:
<Field name='waveset.password'>
<Comments>
Make up a password for accounts that are being
created. This makes it a constant
</Comments>
<Disable>
<neq>
<ref>feedOp</ref>
<s>create</s>
</neq>
</Disable>
<Expansion>
<cond>
<notnull>
<ref>activeSync.password</ref>
</notnull>
<ref>activeSync.password</ref>
<s>change12345</s>
</cond>
</Expansion>
</Field>
I think password from AD not put in to activeSync.
Why?
With MBR
Bogdanov Alexey.--I think password from AD not put in to activeSync.
--Why?
You cannot change the user's password from the activeSync RA. The password is encrypted in Active Directory and you can't decrypt it.
You can read the Idm Resources Reference - Active Directory. There's a table with all the supported fields; the userPassword field is write-only.
If you want to take the AD password and send it to IDM, you want to use Password Sync.
Good luck
Maybe you are looking for
-
DVD-Rs no longer load, DVD+Rs get error message
Hi everyone, I'm having some trouble with my Superdrive. Long story short, ever since I tried to use a DVD+R in the drive it's stopped recognizing DVD-Rs (spits them out without even loading them into the finder) and it refuses to burn DVD+Rs (I get
-
Playing ipad2 video on external monitor
I have a built-in (into back of headrests) dvd player in car, want to play ipad2 video content but the only inputs are mini-usb (5pin) and 3.5mm aux, can this be done?
-
Top navigation buttons are not moving in Css
My problem is that my top navigation bar is sticking to a logo picture at the top even after i told it to {clear:both:} but it didnt move.. And i dont know why it isnt moving away, because i also applied it to go from left to right and that worked. i
-
Hi , I have just bought a brand new HP laserjet p1102 and a brand new toner cartridge, and within litterally 50 sheets being printed it says I am out of toner. Please tell me what I must do to get this working again, because clearly I am not out of t
-
BAPI for Order Change - Company Code
Hi, Which is the BAPI for Order change? Suppose the order is Open, Can i change the company code of the order?