Logging in from different forests

Similar Messages

• Issuing certificates for user and clients from different forest/domain

  Hello,
  at first I would like to say that I have made some researches on this forum and in the Internet overall.
  I have AD Forest with ~10 sites all over the Europe, DFL and FFL is 2008 R2, right now we are migrating site by site from old domain (samba) to AD.
  Last time I have deployed PKI based on offline root CA and 2 Enterprise acting as 2-node Failover Cluster.
  Everything in my AD Forest is OK, I mean, autoenrollment works perfect for users and computers from my forest, 
  now I need to deploy a certificate (for test) to one web-based pbx server in samba domain, there are no trusts etc. Samba domain as well as AD Forest are working on the same network, with routeable subnets in each site, so there is no problem with connectivity,
  What are possible way to achieve this goal? I mean to issue cert to client from different forest, so that this client is able to validate it, validate certificate chain and renew it when needed?
  I have Installed and Configured CE Web Service and CE Policy Web Service. Now I have configured Enrollment Policies on my virtual machine (being part of different domain), I selected username/password authentication, I am able to request certificate, I can
  see all templates which I should see, but when I try to enroll I got an error:
  (translated from my language)A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider
  My root CA cert is added to trusted publishers for computer and user node as well.
  What could be wrong? If you have any ideas or questions, please share or ask. 
  Thank you in advance.

  Everything is clear, I have Certificate Enrollment Web Services installed and configured,
  problem is what i get from certutil - TCAInfo
  ================================================================
  CA Name: COMPANY-HATADCS002-ISSUING-CA
  Machine Name: COMPANYClustGenSvc
  DS Location: CN=COMPANY-HATADCS002-ISSUING-CA,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=COMPANY,DC=COM
  Cert DN: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
  CA Registry Validity Period: 2 Years -- 2016-03-04 12:20
   NotAfter: 2019-02-14 12:44
  Connecting to COMPANYClustGenSvc\COMPANY-HATADCS002-ISSUING-CA ...
  Server "COMPANY-HATADCS002-ISSUING-CA" ICertRequest2 interface is alive (1078ms)
    Enterprise Subordinate CA
  dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_NT_AUTH
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwRevocationFreshnessTime: 18 Days, 4 Minutes, 1 Seconds
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwRevocationFreshnessTime: 18 Days, 4 Minutes, 1 Seconds
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
    Issuer: CN=HATADCS001-COMPANY-ROOT-CA
    NotBefore: 2014-02-14 12:34
    NotAfter: 2019-02-14 12:44
    Subject: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
    Serial: 618f3506000000000002
    Template: SubCA
    9e1bea4ffa648e5fe3e9f8c4be3c604c49af04e9
    Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
      CRL 02:
      Issuer: CN=HATADCS001-COMPANY-ROOT-CA
      ThisUpdate: 2014-02-14 12:16
      NextUpdate: 2024-02-15 00:36
      d7bafb666702565cae940a389eaffef9c919f07a
    Issuance[0] = 1.2.3.4.1455.67.89.5 
  CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
    Issuer: CN=HATADCS001-COMPANY-ROOT-CA
    NotBefore: 2014-02-14 11:55
    NotAfter: 2024-02-14 12:05
    Subject: CN=HATADCS001-COMPANY-ROOT-CA
    Serial: 18517ac8a4695aa74ec0c61b475426a8
    b19b85e0e145da17fc673dfe251b0e2a3aeb05e9
    Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
    Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
    Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    Issuance[0] = 1.2.3.4.1455.67.89.5 
  Exclude leaf cert:
    5b309c67a8b47c50966088a4d701c8526072c9ac
  Full chain:
    413b91896ba541d252fc9801437dcfbb21d37d91
    Issuer: CN=HATADCS001-COMPANY-ROOT-CA
    NotBefore: 2014-02-14 12:34
    NotAfter: 2019-02-14 12:44
    Subject: CN=COMPANY-HATADCS002-ISSUING-CA, DC=COMPANY, DC=COM
    Serial: 618f3506000000000002
    Template: SubCA
    9e1bea4ffa648e5fe3e9f8c4be3c604c49af04e9
  A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)
  Supported Certificate Templates:
  Cert Type[0]: COMPANYOnlineResponder (COMPANY Online Responder) -- No Access!
  Cert Type[1]: COMPANYWebServer(SSL) (COMPANY WebServer (SSL))
  Cert Type[2]: COMPANYUser(Autoenrollment) (COMPANY User (Autoenrollment))
  Cert Type[3]: COMPANYKeyRecoveryAgents (COMPANY Key Recovery Agents)
  Cert Type[4]: COMPANYEnrollmentAgent(Computer) (COMPANY Enrollment Agent (Computer))
  Cert Type[5]: COMPANYEnrollmentAgent (COMPANY Enrollment Agent)
  Cert Type[6]: COMPANYComputer(Autoenrollment) (COMPANY Computer (Autoenrollment)) -- No Access!
  Validated Cert Types: 7
  ================================================================
  COMPANYClustGenSvc\COMPANY-HATADCS002-ISSUING-CA:
    Enterprise Subordinate CA
    A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)
    Online
  CertUtil: -TCAInfo command completed successfully.
  please put some light on it because it's driving me crazy :/
  Thanks in advance
  one remark: certutil -tcainfo performed on CA directly is 100% OK, no errors regarding 
  "A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478 CERT_E_UNTRUSTEDCA)"

• AD Resource forest access with user from different forest

  I am trying to access a AD resource forest using a user from a different forest.
  The "different forest" is the main forest used to contain all user accounts etc. This domain is trusted by the resource forest (which contains things like outlook distribution lists etc) and so I am able to log into the resource forest (using ldp.exe or the mmc ad snap-ins) with my credentials from the main forest.
  How can I replicate this in java?
  I can connect directly to the user forest with simple authentication. But I can't do the same with the resource forest (as the user does not exist on it - it is merely trusted). Is there an authentication method that will allow me to do this?
  In this organisation user accounts for the resource forest are not given out - you have to use one from the main user forest. So I have to find a work-around where I can connect with my current credentials.
  Any ideas anyone?

  Devid,
  I am facing the same problem.
  Did you get the solutions.
  I am getting exception while calling "InitialDirContext"
  "Problem searching directory: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece"                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Unable to log in from different network same domain.

  Hi, I am having difficulties with sharepoint at a different location.
  Our main site and network that our sharepoint server is on, is 10.1.0.1
  Our second site is part of our domain, and has its own DC with the ip 10.2.1.1
  Our main site and second site are connected through VPN.
  Our users at our second site can't log into sharepoint. They will browse to
  http://intranet and the windows security window asks for credentials. Users will enter their credentials but it will not accept them and keeps asking for them. They do not receive any error messages, just a blank screen.
  I have also tried adjusting the "trusted sites" options with NO SUCCESS. As well as clearing the "Enable Integrated Windows Authentication" option under advance in internet options.

  So we have two domains, DomainA and DomainB.
  You have tested your DomainA user account, which works fine from Site A, on Site B and it fails. All users from Site B also fail to authenticate.
  Can you test a user from DomainB on a machine in Site A?
  Are you able to add users from Domain B to your SharePoint sites through the people picker? That will confirm that you have AD connectivity between your SharePoint farm and the Domain B ADDS servers.
  Next time you test the login process from Domain B use a hosts file to bypass any load balancers and target a single server, then make a note of the time. That will help you to try to identify the login requests in both the windows event logs and the
  SharePoint ULS logs.
  From first impressions this sounds like an inability to authenticate from their network rather than a domain trust issue, although that may still be possible.

• Forms 10g single user log in from different computers.

  Dear All,
  I am using forms 10g and I want to stop a single user_name to log in to the application from different computers at same time trough browser. Please help me to resolve the issue....
  Thank you in advance..

  Hi,
  user_name is oracle database user name or your own application username?
  You want to restrict to only one session at a time for a particular user?
  Regards
  Yoonas

• Business Objects XI 3.0 connecting to domains from different forest

  Hi All,
  Does anyone know if BOE XI 3.0 support AD authenication with multiple AD domains which reside in different forrests?
  I found other post which mention we are now supporting it in XI 3.0 SP1 but I couldn't find any document on it.
  Thanks,
  Bobby

  3.1 or 3.0 SP1 both support multiple forests. There are rules, there must be a transitive full two way trust between the forests.
  i.e. in order to map groups the CMS needs to query the remote forest so the remote forest(s) must trust the local one.
  In order for remote users to login to the local forest they must trust the remote one(s)
  The changes were made in the AD plugin (basically we query multiple global catalogs and lookup objects by DN as opposed to SID) So there is no configuration needed in BO.
  Regards,
  Tim

• Authentication, Multiple domain,different forest lowercase domain.

  We have succesfully configured a BOXI 3.1 SP3 to use SSO using vintela,tomcat for our domain that is on 2000 native mode.
  Let's call this one Domain1.
  In our domain there is another separate domain sitting on a 2003 domain level. (Let's call this one Domain2). They have a 2 way trust, but not transitive.
  Here is the deal:
  1- Users from domain1, where the server is configured are able to access using SSO without issues.  Users from domain2 needs to do manual logon, but using the following format:
  useraccount at DOMAIN2.COM
  If we use the domain as lowercase, login does not work even if we use the domain_realm on krb5.ini  Why?
  2- Do you think that we have to move to domain1 to 2003 native mode and configure 2 way trust in order to have SSO working on both domain that are from different forest?
  Any help would be appreciated.

  Note 1206522 seems to answer my questions, but anyway still not satisfied.

• How to copy table from database in one forest to a database in a different forest?

  Hello Community
      Using Wndows 2008 Server Enterprise there exists 2 Forests,
  each containing their own SQL Server 2008 installations, a scenario exists as follows:
       a)"Domain1" resides in "Forest1" which has SQL Server 2008 containing
           a database named "Database1" which contains a table named "Table1".
       b)"Domain2" resides in "Forest2" which also has SQL Server 2008
           but containing a database named "Database2"which contains a table
           named "Table2".
      I tried to use <domain_name>.<server_name>.<owner_name>.object
  but that syntax didn't work.
      How can I copy "Table2" from "Database2" into "Database1"
  (keeping in mind the databases are in different forests and domains)?
      Thank you
      Shabeaut

  Configuring a linked server might help you
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/329709ca-349d-490d-9b42-7443caa97364/how-to-created-linked-server-between-two-different-domains?forum=sqlsecurity
  OR
  Generate the schema with data of Table1 using scripting wizard under advance setup and execute the sql file in domain2.
  -Prashanth

• Unresponsive Firefox nessages in my gmail acct., FB acct. and FB warning log ins from a different browser...

  When I am inside my Gmail account checking my email I get the "Firefox is unresponsive" message all the time since about a couple weeks or so. I get the same when inside my FB page. And twice now I got a message from FB that tells me that s/o has logged in from a different browser and asks me to verify that it was me. I have not changed my browser. Please advise.
  Thank you :)

  Hello,
  '''Try Firefox Safe Mode''' to see if the problem goes away. [[Troubleshoot Firefox issues using Safe Mode|Firefox Safe Mode]] is a troubleshooting mode that temporarily turns off hardware acceleration, resets some settings, and disables add-ons (extensions and themes).
  '''If Firefox is open,''' you can restart in Firefox Safe Mode from the Help menu:
  * Click the menu button [[Image:New Fx Menu]], click Help [[Image:Help-29]] and select ''Restart with Add-ons Disabled''.
  '''If Firefox is not running,''' you can start Firefox in Safe Mode as follows:
  * On Windows: Hold the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
  * On Mac: Hold the '''option''' key while starting Firefox.
  * On Linux: Quit Firefox, go to your Terminal and run ''firefox -safe-mode'' <br>(you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
  When the Firefox Safe Mode window appears, select "Start in Safe Mode".
  ;[[Image:SafeMode-Fx35]]
  '''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, theme, or hardware acceleration. Please follow the steps in the [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]] article to find the cause.
  ''To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
  When you figure out what's causing your issues, please let us know. It might help others with the same problem.

• AD Migration from one domain to another domain between different Forest.

  Dear Team,
  We have a domain named "test.gov.in" .Now we want migrate all the users,computers,groups,GP ....etc in to our new domain "abc.net".Operating system of the source DC and destination Dc is same (Windows 2003 32 bit)..
  Pls provide me the steps to migrate one  domain to another domain between different forest
  Thanks
  Anurag

  Would agree with Christoffer and migrate using ADFS but before you can do this you will need to set up a trust between the two domains.  Once this has been accomplished then you can run ADMT.
  http://technet.microsoft.com/en-us/library/cc740018(v=WS.10).aspx
  Downloading ADMT is a free tool from Microsoft
  http://www.microsoft.com/en-us/download/details.aspx?id=8377
  ADMT Guide
  http://www.microsoft.com/en-us/download/details.aspx?id=19188
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.
  I think you mean ADMT and not ADFS :)
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• How come when I send a picture with iPhoto email it always send the same picture event when I choose a different picture until I log out from iPhoto

  how come when I send a picture with iPhoto email it always send the same picture event when I choose a different picture until I log out from iPhoto

  Why? Because something is wrong.
  As a Test:
  Hold down the option (or alt) key and launch iPhoto. From the resulting menu select 'Create Library'
  Import a few pics into this new, blank library. Is the Problem repeated there?

• Java.util.logging: write to one log file from many application (classes)

  I have a menuapp to launch many applications, all running in same JVM and i want to add logging information to them, using java.util.logging.
  Intention is to redirect the logginginfo to a specific file within the menuapp. Then i want all logging from all applications written in same file. Finally, if needed (but i don't think it is), i will include code to write logging to specific file per app (class). The latter is probably not neccessary because there are tools to analyse the logging-files and allow to select filters on specific classes only.
  The applications are in their own packages/jars and contain following logging-code:
          // Redirect error output
          try {
              myHandler = new FileHandler("myLogging.xml",1000000,2);
          } catch (IOException e) {
            System.out.println("Could not create file. Using the console handler");
          myLogger.addHandler(myHandler);
          myLogger.info("Our first logging message");
          myLogger.severe("Something terrible happened");
          ...When i launch the menuapplication, it writes info to "myLogging.xml.0"
  but when i launch an application, the app writes info to "myLogging.xml.0.1"
  I already tried to leave out the creation of a new Filehandler (try/catch block in code above) but it doesn't help.
  Is it possible to write loginfo to same specific file?

  You should open/close it somehow at every write from different processes.
  But I personally prefer different file names to your forced merging, though.

• Are admins in different forests automatically adminis in the other forest after a trust is created?

  Hello Community
      In Windows Server when you have a ForestA containing an admin and a ForestB containing
  an admin, if a trust relationship between ForestA and ForestB is created will the admins have
  administrative privileges in each others forest by default after the trust relatioship is created or does the
  admin in one forest have to explicitly give the admin in the other forest admin privileges?
      Thank you
      Shabeaut

  Hi,
  Administrators won’t become administrators of another forest after forest trust is created. Actually, forest trust only provides a secure channel to allow authentication flow across forests, while it doesn’t assign any privileges/permissions
  to administrators/users from the other forest.
  In addition, Domain Admins group is a Global group, which means that it only contains members from the local domain, therefore, we can’t add users from another forest into Domain Admins group of the local forest.
  More information for you:
  How Domain and Forest Trusts Work
  http://technet.microsoft.com/en-us/library/cc773178(v=WS.10).aspx
  Understanding Groups
  http://technet.microsoft.com/en-us/library/dd861330.aspx
  What's the different between builtin local/administrators and Domain Admins in AD 2003?
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/7866aacc-d6b8-412e-ab1e-69d152d1c7c4/whats-the-different-between-builtin-localadministrators-and-domain-admins-in-ad-2003?forum=winserverDS
  Best Regards,
  Amy

• How do i get my contacts from different resources to icloud?

  My contacts comes from different resources (gmail.com, icloud), How do i get my contacts from before icloud into icloud?

  Welcome to the Apple community.
  If you deleted your contacts from your contacts app, they will also be deleted in iCloud.
  However if you deleted your account or simply turned contacts syncing off, you should be able to log back into your account or re-enable contacts syncing and they would repopulate your contacts app.
  Could you perhaps tell us which of these you have done.

• Capturing log files from multiple .ps1 scripts called from within a .bat file

  I am trying to invoke multiple instances of a powershell script and capture individual log files from each of them. I can start the multiple instances by calling 'start powershell' several times, but am unable to capture logging. If I use 'call powershell'
  I can capture the log files, but the batch file won't continue until that current 'call powershell' has completed.
  ie.  within Test.bat
  start powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > a.log 2>&1
  timeout /t 60
  start powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > b.log 2>&1
  timeout /t 60
  start powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > c.log 2>&1
  timeout /t 60
  start powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > d.log 2>&1
  timeout /t 60
  start powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > e.log 2>&1
  timeout /t 60
  start powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > f.log 2>&1
  the log files get created but are empty.  If I invoke 'call' instead of start I get the log data, but I need them to run in parallel, not sequentially.
  call powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > a.log 2>&1
  timeout /t 60
  call powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > b.log 2>&1
  timeout /t 60
  call powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > c.log 2>&1
  timeout /t 60
  call powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > d.log 2>&1
  timeout /t 60call powershell . \Automation.ps1 %1 %2 %3 %4 %5 %6 > e.log 2>&1
  Any suggestions of how to get this to work?

  Batch files are sequential by design (batch up a bunch of statements and execute them). Call doesn't run in a different process, so when you use it the batch file waits for it to exit. From CALL:
  Calls one batch program from another without stopping the parent batch program
  I was hoping for the documentation to say the batch file waits for CALL to return, but this is as close as it gets.
  Start(.exe), "Starts a separate window to run a specified program or command". The reason it runs in parallel is once it starts the target application start.exe ends and the batch file continues. It has no idea about the powershell.exe process
  that you kicked off. Because of this reason, you can't pipe the output.
  Update: I was wrong, you can totally redirect the output of what you run with start.exe.
  How about instead of running a batch file you run a PowerShell script? You can run script blocks or call individual scripts in parallel with the
  Start-Job cmdlet.
  You can monitor the jobs and when they complete, pipe them to
  Receive-Job to see their output. 
  For example:
  $sb = {
  Write-Output "Hello"
  Sleep -seconds 10
  Write-Output "Goodbye"
  Start-Job -Scriptblock $sb
  Start-Job -Scriptblock $sb
  Here's a script that runs the scriptblock $sb. The script block outputs the text "Hello", waits for 10 seconds, and then outputs the text "Goodbye"
  Then it starts two jobs (in this case I'm running the same script block)
  When you run this you receive this for output:
  PS> $sb = {
  >> Write-Output "Hello"
  >> Sleep -Seconds 10
  >> Write-Output "Goodbye"
  >> }
  >>
  PS> Start-Job -Scriptblock $sb
  Id Name State HasMoreData Location Command
  1 Job1 Running True localhost ...
  PS> Start-Job -Scriptblock $sb
  Id Name State HasMoreData Location Command
  3 Job3 Running True localhost ...
  PS>
  When you run Start-Job it will execute your script or scriptblock in a new process and continue to the next line in the script.
  You can see the jobs with
  Get-Job:
  PS> Get-Job
  Id Name State HasMoreData Location Command
  1 Job1 Running True localhost ...
  3 Job3 Running True localhost ...
  OK, that's great. But we need to know when the job's done. The Job's Status property will tell us this (we're looking for a status of "Completed"), we can build a loop and check:
  $Completed = $false
  while (!$Completed) {
  # get all the jobs that haven't yet completed
  $jobs = Get-Job | where {$_.State.ToString() -ne "Completed"} # if Get-Job doesn't return any jobs (i.e. they are all completed)
  if ($jobs -eq $null) {
  $Completed=$true
  } # otherwise update the screen
  else {
  Write-Output "Waiting for $($jobs.Count) jobs"
  sleep -s 1
  This will output something like this:
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  Waiting for 2 jobs
  When it's done, we can see the jobs have completed:
  PS> Get-Job
  Id Name State HasMoreData Location Command
  1 Job1 Completed True localhost ...
  3 Job3 Completed True localhost ...
  PS>
  Now at this point we could pipe the jobs to Receive-Job:
  PS> Get-Job | Receive-Job
  Hello
  Goodbye
  Hello
  Goodbye
  PS>
  But as you can see it's not obvious which script is which. In your real scripts you could include some identifiers to distinguish them.
  Another way would be to grab the output of each job one at a time:
  foreach ($job in $jobs) {
  $job | Receive-Job
  If you store the output in a variable or save to a log file with Out-File. The trick is matching up the jobs to the output. Something like this may work:
  $a_sb = {
  Write-Output "Hello A"
  Sleep -Seconds 10
  Write-Output "Goodbye A"
  $b_sb = {
  Write-Output "Hello B"
  Sleep -Seconds 5
  Write-Output "Goodbye B"
  $job = Start-Job -Scriptblock $a_sb
  $a_log = $job.Name
  $job = Start-Job -Scriptblock $b_sb
  $b_log = $job.Name
  $Completed = $false
  while (!$Completed) {
  $jobs = Get-Job | where {$_.State.ToString() -ne "Completed"}
  if ($jobs -eq $null) {
  $Completed=$true
  else {
  Write-Output "Waiting for $($jobs.Count) jobs"
  sleep -s 1
  Get-Job | where {$_.Name -eq $a_log} | Receive-Job | Out-File .\a.log
  Get-Job | where {$_.Name -eq $b_log} | Receive-Job | Out-File .\b.log
  If you check out the folder you'll see the log files, and they contain the script contents:
  PS> dir *.log
  Directory: C:\Users\jwarren
  Mode LastWriteTime Length Name
  -a--- 1/15/2014 7:53 PM 42 a.log
  -a--- 1/15/2014 7:53 PM 42 b.log
  PS> Get-Content .\a.log
  Hello A
  Goodbye A
  PS> Get-Content .\b.log
  Hello B
  Goodbye B
  PS>
  The trouble though is you won't get a log file until the job has completed. If you use your log files to monitor progress this may not be suitable.
  Jason Warren
  @jaspnwarren
  jasonwarren.ca
  habaneroconsulting.com/Insights