List of users with user group

Similar Messages

• Where do I see Sharepoint user with no group or permission in the UI ?

  Hello All -
  The powershell cmdlet 'New-SPUser' has only 2 mandatory parameters UserAlias and Web. Group and PermissionLevel are not required.
  This means I can create a user with no group or no permission level. However UI does not allow this to happen, it forces you to select either one (group or permission level).
  My question is where do I see the user in UI which was created using powershell without any group or permission level ? The reason I ask is UI when it displays user, a group is always selected.
  Thanks!

  You should be putting the "_catalogs/users/detail.aspx" section into your url. For example if you were to go into your site settings page your url might start as:
  "http://manju.sharepoint.domain.com/sites/manjuTest/_layouts/settings.aspx"
  and it should become:
  http://manju.sharepoint.domain.com/sites/manjuTest/_catalogs/users/detail.aspx

• Listing of Users with associated Groups

  Is there an easy way to generate a listing of APEX users and their associated groups? I know how to get the current user and how to determine what groups they are part of, but am looking for a simple query I can run to generate a complete list of Users and their associated groups.
  Thanks

  if you want to return the application groups that a user is assigned to, you can use the WWV_FLOW_GROUP_USERS intersection table. For example;
  SELECT group_name
  FROM wwv_flow_group_users
  WHERE user_id = (SELECT user_id
  FROM wwv_flow_users
  WHERE user_name ='MRITTMAN')
  would list out all of the groups that the user 'MRITTMAN' belongs to
  So to get all users and their groups, remove the where clause..
  (You will need read rights to the view, some dba's deny read rights to these objects in the name of security..)
  Thank you,
  Tony Miller
  Webster, TX

• Initial Load - AS ABAP - getting only user with a group

  Hi,
  when i start initial load, i just get users with groups. Is that standard?
  Br,
  Philip

  First of all - you'll need to familiarize yourself with the database for effective learning and debugging. I'm talking about the MS-SQL or Oracle-DB where you installed the IC-schema. It often helps me to understand whats going on behind the scenes.
  Secondly - I read some of your posts - I would advise you to install the dispatcher and everything on the server where the DB is hosted - at least as long as you're in development. The MMC can still be on your local pc/laptop, although some things won't work well there (Import, Dispatcher-Status, ...). This'll ease things a lot I suppose.
  About the service-user... SAP delivers a role you can import into PFCG (SAP_BC_SEC_IDM_.SAP-File in misc-folder of installation media). This role should be sufficient for your communication user, is updated every now and then and contains only the necessary permissions. Maybe you'll have to extend it (Z_SAP_) in case you want to read special tables not supported by the SAP framework (e.g. license data).
  I can hardly believe that the current role assigned to your user only has permissions to users with groups != empty
  By now I have no clue why you only see users in IdM with groups assigned in SU01... look up the SQL-table I mentioned if there are more users.
  BR
  Michael

• Deployment of Acrobat 7.0 Pro using Zenworks on users with user only privileges

  I'm ready to just slam this Server !!! ... I've created an Adobe .MST (slient install)
  After the installer start, i get "You do not have sufficient privileges to run this installer setup will now terminate".
  All the IDES users have either (Power User or User) privileges ...
  Is there a Work Around???
  all files are saved on Novell Network
  Server called= Goofy
  Volume= Disney

  It is interesting that you say it is an Adobe bug (or at least that is the implication I got). Part of the problem with VISTA has been that there are a lot of programs that do not work. That is also why many businesses and individuals are still using XP and refused to upgrade. VISTA has a service pack out, but I hear it still has lots of problem. MS has fixed VISTA where there own software was concerned, such as putting the help system back in that they had removed. I am not trying to say that VISTA is not the way to go, but that the blame for things not working should not be put on other software developers.
  The $1500 must be for CS, since an upgrade to AA8 from AA7 is only $159. In today's market, AA7 is actually an old man with AA8 being out for quite a while. Six months ago you could still get XP Pro for about $190. I understand it is now almost $800, but I really don't track the prices. I am getting a new machine with VISTA on it in a week or two and plan to look at it a bit (called give it a chance). However, I fully expect to remove VISTA and install XP Pro. To me, that cost is a lot better than upgrading all of my software because of the changes in Windows.
  So which system has the bug, Adobe or VISTA. I think you will find a lot of folks who say it is VISTA (that is not to say that Adobe doesn't have some issues also). Hope you get your system working satisfactorily.

• Workflow to populate "Assigned to User" with AD group of the "Assigned to User" is empty or Null to user is empty.

  I am updating roles and would like to use the [me] and [my group] tokens for views.  I am planning on updating all the templates to specify an ad group in the "Assigned to User" field that corresponds to the appropriately selected support
  group.  I would like to avoid having the "Assigned to User" blank (this could happen either via using a generic template, or when re-assigning workitems) so I think I need a workflow to remediate any workitems that have no Assigned to Users.
   There does not seem to be an easy way to do this just with a workflow configuration.  Do I need to create a workflow with the authoring tool?  Can I create a workflow that will compare a support group (enumeration?) and assign an appropriate
  AD group?

  probably the easiest way to do this would be to create a console workflow that runs on create (or update, if you want this to be reoccurring) and checks for the looks for the Display Name of the Assigned to user. This would only be populated if there was
  a legitimate user, and would be null otherwise.
  you could create console workflows for each support group (i.e. If Supportgroup = NumberA and AssignedtoUser.Displayname is blank) that applies a template that contains the correct user or group for that support group enum.
  other options are available, so let us know what you're ideal conditions are.

• Create user with User ID like A123456.

  Hi,
  We have requirement that all user ID must be starting with alphabet and than appended with six digits like Z345678.
  So, please suggest how can we force in create user page the above restriction. And if user violates this rule we want to generate error message.
  Thanks

  Hi,
  There are two option to achieve the same....
  First one to let the user enter the user id in the fomat, and make the adapter which will check the whether the userid in desired format or not, and if any user voilate that error message will be displayed.
  Just go through the design guide to know more about the erros and how we can put in the adpters.
  Second option, let the user enter any id and genetate the user id through entity adapter under pre-insert as per desired format.
  Let me know if you have any question for the same.
  Regards
  Alabhya Goel

• Can I create another User with user privileges in RV042 V3?

  Hello to all, good day!
  I am just wondering if it is possible to have two user accounts in Cisco RV042 V3 (Firmware:
  v4.1.1.01-sp (Dec 6 2011 20:03:18). User accounts to mean that one user can access the router with an administrative level access can do all the changes and management of the router's configurations and settings while another user can only do viewing of the system summary tab and connect and manage the simple configuration to connection to the ISP in both WANs, like setting up the connection type and release/renew the ip address for dynamic ip assigned by the ISP DHCP server.
  Thank you.

  RV042 only supports one administrator account with the current firmware. Newer products such as RV110W and RV220W support multiple user accounts.

• List of materials with valid Group Counters (No. of valid routing variant)

  Hi,
  do you know, how to get a list of the materials together with the information, what Group Counter is currently valid? That means if a material have 3 variants of routings, to show for example that the variant number 3 is currently valid.
  Thank you in advance.
  Ivana

  Hi Sankaran,
  this is a great tip. I tried it but it seems that our engineering has some "strange" rules for creating of the group counters. There were several group counters for one material that had the same Valid From date:-( I will have to discuss with them, why they do so.
  However thank you very much for your help. I´m satisfied what I got from the C223 transaction.
  Have a nice day.
  Ivana

• List all AD users with memberof

  Hi I have got this script and it works fine, but I cant add the memberof groups for each user. 
  On Error Resume Next
  Const ADS_SCOPE_SUBTREE = 2
  Const ADS_UF_ACCOUNTDISABLE = &H0002
  Const ADS_UF_PASSWD_NOTREQD = &H0020
  Const ADS_UF_PASSWD_CANT_CHANGE = &H0040
  Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
  Const ADS_UF_SMARTCARD_REQUIRED = &H40000
  'Set RootDSE
  Set objRootDSE = GetObject("LDAP://rootDSE")
  strDomain = objRootDSE.Get("defaultNamingContext")
  strADPath = "LDAP://" & strDomain
  'wscript.Echo strADPath
  Set objDomain = GetObject(strADPath)
  'wscript.echo "objDomain: " & objDomain.distinguishedName
  Set objConnection = CreateObject("ADODB.Connection")
  Set objCommand = CreateObject("ADODB.Command")
  objConnection.Provider = "ADsDSOObject"
  objConnection.Open "SAURON"
  Set objCommand.ActiveConnection = objConnection
  objCommand.Properties("Page Size") = 1000
  objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
  objCommand.CommandText = _
  "SELECT Name, description, sAMAccountName, st, postalCode, co, l, profilePath, homeDrive, distinguishedName,userAccountControl FROM '"& strADPath &"' WHERE objectCategory='user'"
  Set objRecordSet = objCommand.Execute
  objRecordSet.MoveFirst
  Set objFSO = CreateObject("scripting.filesystemobject")
  Set logStream = objFSO.opentextfile("C:users\dom.adm.pa\desktop\domainusers.csv", 8, True)
  logStream.writeline("Name,Description,sAMAccountName,st,postalCode,co,l,Account Disabled,Password Required,User Changable Password,Password Expires,Login Count,Last Login,Last Password Change,Created,Modified")
  Do Until objRecordSet.EOF
  strDN = objRecordset.Fields("distinguishedName").Value
  Set objUser = GetObject ("LDAP://" & strDN)
  If objRecordset.Fields("userAccountControl").Value AND ADS_UF_ACCOUNTDISABLE Then
  Text = "Yes"
  Else
  Text = "No"
  End If
  If objRecordset.Fields("userAccountControl").Value AND ADS_UF_PASSWD_NOTREQD Then
  Text = Text & ",No"
  Else
  Text = Text & ",Yes"
  End If
  If objRecordset.Fields("userAccountControl").Value AND ADS_PASSWORD_CANT_CHANGE Then
  Text = Text & ",No"
  Else
  Text = Text & ",Yes"
  End If
  If objRecordset.Fields("userAccountControl").Value AND ADS_UF_DONT_EXPIRE_PASSWD Then
  Text = Text & ",No"
  Else
  Text = Text & ",Yes"
  End If
  logStream.writeline(objRecordset.Fields("Name").Value & ","_
  & objRecordset.Fields("description").Value & ","_
  & objRecordset.Fields("sAMAccountName").Value & ","_
  & objRecordset.Fields("st").Value & ","_
  & objRecordset.Fields("postalCode").Value & ","_
  & objRecordset.Fields("co").Value & ","_
  & objRecordset.Fields("l").Value & ","_
  & objUser.logonCount & ","_
  & objUser.LastLogin & ","_
  & objUser.PasswordLastChanged & ","_
  & objUser.whenCreated & ","_
  & objUser.whenChanged & ","_
  Loop
  logStream.Close

  Are you looking for members:
  1) in a specific group, or
  2) list all users and all their direct groups, or
  3) get a complete list of all groups a user is a memberof, to include nested?
  I would recommend using Powershell.  It's made for this type of thing.  Some of the Cmdlets you can check are:
  List all users with all groups:
  Get-ADUser -filter * -properties memberof | select samaccountname,memberof
  List all members of a group:
  Get-ADGroupmember <groupname> -recursive
  Get all groups a member is nested in:
  Get-ADAccountAuthorizationGroup <username> | ft name
  - Chris Ream -
  **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**

• Report of Users and their groups

  Hi Experts,
  Is there a way to extract all the Hyperion Planning Users and the groups they belong in Hyperion 11.1.2.1 version? I need an excel file having the users and groups.
  Thanks
  Kannan.

  Hello Kannan,
  Yes, a clean list of Users with their Groups...
  Nothing standard. Strange...
  You might see if this export has something you can use. I do not recall it from the vast amount of detail exported here. The file will be generated on the server, so you might need somebody to pick it up and give it to you.
  MaxL command
  export security_file to data_file "essbase_security_file.txt";
  The alternative is to query the Planning repository. Maybe somebody has experience with this?
  Regards,
  Philip

• In CCM, Associate User with All Phones

  This is 1 of 2 threads I am starting.
  1. (this thread) asks for guidance in associating a User with all IP Phones in order for them to obtain authentication before allowing XML to be pushed to them.
  2. (in a separate thread) asks for guidance in issuing the push to the IP Phone, regarding getting the base64 User:Password inserted into the HTTP pkt.
  Thread 1:
  I want to push a CiscoIPPhoneExecute to IP Phones. I am having trouble authenticating. I know that in order to authenticate (UserID,Password) I must add a User (with User ID and Password) to CCM and associate it with all IP Phones. My CCM ver is System version: 5.1.1.2000-2.

  How do you want to do that? Manually or do you want to write a software that does it automatically?
  To do it automatically you need AXL. First you need to look up which devices your application user is already associated with.. you run the following query (taken directly from productive java code):
  private String getDeviceAssociationSqlString(String ctiUser)
  StringBuilder sb = new StringBuilder();
  sb.append("SELECT dev.name FROM device dev INNER JOIN applicationuserdevicemap adm ON adm.fkdevice = dev.pkid AND tkuserassociation = 1 ");
  sb.append("INNER JOIN applicationuser a ON a.pkid = adm.fkapplicationuser AND a.name='" + ctiUser + "'");
  return sb.toString();
  You do an executeSqlQuery with that query and parse the results (the response will look something like
  SEP123SEP124/row>..
  Then you look up all devices, e.g. by sending a query like
  SELECT name FROM device WHERE name LIKE 'SEP%'
  (the where clause is to only include IP phones..the device table also contains gateways, analog ports, etc. and we don't want that.. not that this query includes third party sip phones which doesn't make too much sense.. but it won't cause any problems either.. I know because we run that code on a system with third party sip phones).
  Then you do a delta between the two lists and if the second query yielded more results than the first, you need to associate the application user with that phone. There's no direct way in AXL (there used to be in CCM4 but no longer in CCM5+ because we now use application users.. you could theoretically use end users where you can still use updateUser, however it's not a good idea to mix application and regular users).
  So.. you need to update the SQL database directly.. and run executeSqlUpdate via axl. The query to add phone deviceName to application user ctiUser is:
  private String getAddDeviceAssociationSqlString(String deviceName)
  StringBuilder sb = new StringBuilder();
  sb.append("INSERT INTO applicationuserdevicemap (fkapplicationuser, fkdevice, tkuserassociation) VALUES((SELECT pkid from applicationuser WHERE name = '");
  sb.append(config.ctiUser);
  sb.append("'), (SELECT pkid FROM device WHERE name = '");
  sb.append(deviceName);
  sb.append("'), 1)");
  return sb.toString();
  This also works on CCM6, and most likely on CCM7 (I haven't had any projects with 7 yet but at first glance I haven't spotted any major changes like in between CCM5 and CCM6 (the extension mobility stuff has completely changed between those releases).
  And if you do it manually.. just go to your application user, and have have the device association right there.. press the select more phones button, search for all phones whose name starts with sep, check them all, and submit.

• Failed to sync user with identity native://nvid=9236b494f1ddf8ca:-7297b89f:

  Hi,
  I have created a native user in hyperion share services 11.1..2.1 and provisioned him as a planner for one planning application.The issue is getting errors when i am giving access to dimension members in planning application.
  Below are the errors:
  1)failed adding users and groups
  2)Failed to sync user with identity native://nvid=9236b494f1ddf8ca:-7297b89f:132610f37e3:-7e0f?USER with user provisioning. Check Planning log for details
  Regards,
  Ra

  Hi,
  I have seen this though maybe not in the same context, I will describe what I saw..
  Migrated planning database, updated sid for native users...
  1 native was fine logging into the planning app, the other user got "Failed to sync with user provisioning. Check Planning log for details"
  The sid was correct so it wasn't a problem on the planning side, what I did notice was in the EAS console the user did not exist, usually when you first log into planning it will check if the users exists in essbase, if they don't then it adds the user as a planning user to essbase.
  What I did was add the user in HSS as having essbase server access, then refreshed security in EAS, the user now appeared in EAS as an essbase user.
  Then tried to log into planning and suddenly the user could connect with no problems.
  So then I removed the essbase server access for the user in HSS and refreshed security in EAS, the user was gone, tried to log into planning and logged in with no problems.. Migrated identities in Planning.... Back in EAS the user was now in there as a Planning user...
  I don't know if this the same problem but you could try playing around with the essbase security and see what happens.
  Cheers
  John

• Hyperion Planning - Failed to sync with user provisioning. Check planning

  Hi All,
  I'm trying to configure Hyperion Planning to user an external user repository (OID) but when i try to login with an OID user i get the following error :
  "Failed to sync with user provisioning. Check planning log for details"
  I'm not hyperion expert so please excuse any school boy mistakes.
  Use Case : login to Hyperion Planning using an OID user
  Setup:
  1)     User created in OID
  2)     Use Provisioned in HSS with planning roles
  3)     User can login to HSS
  4)     Able to login with Native user with the exact same roles
  5)     Version 11.1.2
  6) Can only see native user in EAS..
  I've googled away and tried various things:
  1) Run provisionUsers script :
  Loaded Version of Essbase RTC: 0xb1200
  [Wed Jan 25 09:39:04 GMT-06:00 2012] Planning successfully notified HBR repository.
  Wed Jan 25 09:39:41 GMT-06:00 2012 :: [Wed Jan 25 09:39:41 GMT-06:00 2012] Plann
  ing: Synchronizing the following users with user provisioning: [XXX]
  Wed Jan 25 09:39:41 GMT-06:00 2012 :: Planning: Error occurred while synchronizing: Errors occured during syncrhonization: [com.hyperion.css.CSSIllegalArgumentE
  xception: EPMCSS-251046: Invalid principal.]
  2) Bouncing servers
  Any help would be great.
  Thanks,
  Oz

  Hi,
  Have you updated the datasources for each of the planning applications, you will need to update the password and probably recycle planning app server.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Accounts being created with administrative group rights

  Hello,
  The server is a Windows 2003 R2 Enterprise fully patched used for Shared Hosting purposes.  It runs Hsphere control panel.  I am trying to identify how the following hack is happening. 
  1) There are users being created with Administrative group rights.   Below is the EventViewer log for the user creation:
  User Account Created:
       New Account Name:    username
       New Domain:    PCNAME
       New Account ID:    PCNAME\username
       Caller User Name:    PCNAME$
       Caller Domain:    DOMAINNAME
       Caller Logon ID:    (0x0,0x3E7)
       Privileges        -
   Attributes:
       Sam Account Name:    username
       Display Name:    <value not set>
       User Principal Name:    -
       Home Directory:    <value not set>
       Home Drive:    <value not set>
       Script Path:    <value not set>
       Profile Path:    <value not set>
       User Workstations:    <value not set>
       Password Last Set:    <never>
       Account Expires:    <never>
       Primary Group ID:    513
       AllowedToDelegateTo:    -
       Old UAC Value:    0x2DAB2B0
       New UAC Value:    0x2DAB2B0
       User Account Control:    -
       User Parameters:    <value not set>
       Sid History:    -
       Logon Hours:    <value changed, but not displayed>
  There exists entries as well where the primary group ID is changed to the Administrative group, but I am omitting such.
  2) I tried to identify what Caller Logon ID:    (0x0,0x3E7) means.  I found out from here:
   http://blog.joeware.net/2013/01/14/2667/ that I can use LogonSessions.exe to identify it.
  Output from LogonSessions.exe is pasted below (snippet):
  [0] Logon session 00000000:000003e7:
      User name:    DOMAINNAME\PCNAME$
      Auth package: NTLM
      Logon type:   (none)
      Session:      0
      Sid:          S-1-5-18
      Logon time:   9/11/2014 12:41:53 PM
      Logon server:
      DNS Domain:   
      UPN:          
          4: System
        316: smss.exe
        364: csrss.exe
        392: winlogon.exe
        440: services.exe
        452: lsass.exe
        628: svchost.exe
        756: LMAgent.exe
        840: svchost.exe
       1000: spoolsv.exe
       1252: avagent.exe
       1268: camWMIAgent.exe
       1324: cissesrv.exe
       1380: cpqrcmc.exe
       1404: vcagent.exe
       1440: svchost.exe
       1480: HsQuotas.exe
       1740: inetinfo.exe
       1780: EmailAgent.exe
       1856: snmp.exe
       1884: sysdown.exe
       1920: smhstart.exe
       2192: svchost.exe
       2388: cmd.exe
       2396: hpsmhd.exe
       2444: cqmgserv.exe
       2464: cqmgstor.exe
       2484: HSphere.exe
       2596: wmiprvse.exe
       2676: cmd.exe
       2684: rotatelogs.exe
       2692: cmd.exe
       2700: rotatelogs.exe
       2732: searchindexer.exe
       2812: hpsmhd.exe
       2824: cqmghost.exe
       2852: svchost.exe
       3044: cmd.exe
       3052: rotatelogs.exe
       3080: cmd.exe
       3088: rotatelogs.exe
       5452: svchost.exe
       5596: GravitixService.exe
       7392: csrss.exe
       7232: winlogon.exe
       6888: csrss.exe
       9832: winlogon.exe
      10388: wawrapper.exe
      10352: cpqnimgt.exe
       9496: msiexec.exe
       6068: w3wp.exe
       4748: webalizer.exe
  3) I also learned from http://support.microsoft.com/kb/243330/en-us that   Sid:          S-1-5-18 means:
  SID: S-1-5-18
  Name: Local System
  Description: A service account that is used by the operating system
  That is all great info, but I am not sure I can put together what I have learned to attempt and get closer towards identifying how in the world users are being created and then being assigned administrative group rights.
  I am a Linux person mostly, but I am comfortable following a properly explained thread regarding windows 2003 R2 Enterprise issues.
  The server is fully patched and it is running Lumension security product.  What's more, Norman Malware tracker, tdskiller.exe (Kaspersky) and McAfee rootkitremover.exe have been run without any apparent Malware/Virus infection
  Hope someone with advanced admin skills can advise.
  Thank you

  Hi,
  You mentioned that, “I am trying to identify how the following hack is happening”, would you please tell us that why did you think the event represent a hacking behavior?
  In a Shared Server Hosting environment, the underlying hosting control panel tool (Hsphere in this case) should be creating only virtual FTP users with a specific group.  So no users with Administrative group should be ever created.  If this happens,
  it constitutes a breach of server security=positive hacking attempt.
  >how in the world users are being created and then being assigned administrative group rights.
  In addition, would you please be more specific about this question? Did you find the event message on a domain joined machine?
  I want to be able to understand in full how/what process is allowing users to be created with Admin rights.  In other words, I want to know what IP was used to issue the command, if ASP.net was used (abused in this case), or anything else related to
  it so that we can patch this particular hole.
  Best Regards,
  Amy