Mapping AD groups to built in user groups

Hi.
I'm in the process of configuring AD authentication for OBIEE 11g. I've managed to connect to AD and pull users and groups. However, i don't understand how i can map AD groups to built-in access groups such as "BIAuthors" and "BIConsumers". When i open "Membership" tab in the list of available groups i can only see built-in groups.

Hi,
You can use dsquery and dsget commands to get all users from the groups from a specific OU in your AD as shown below,
          dsquery group "ou=testou,dc=domain,dc=com" | dsget group -members
To export the above user information to a CSV file use the below command,
dsquery group "ou=testou,dc=domain,dc=com" | dsget group -members > c:\Grpmem_testou.csv
Regards,
Gopi
JiJi
Technologies

Similar Messages

  • Group Policy Pref - Mapped Drives Not Applying to One User

    Hi All,
    I’m new to this list, so please excuse any etiquette slip ups.  
    I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
    Each of the drives is set to "update".
    As an example of the policy created XML is as follows:
    <Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
    image="2" changed="2009-11-25 05:13:58"
    uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
    ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
    thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
    path="\\ServerName\users$\%username%" label="Home (ServerName)"
    persistent="1" useLetter="1" letter="H"/></Drive>
    and
    <Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
    image="0" changed="2009-11-30 03:52:58"
    uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
    \\ServerName\apps" bypassErrors="1"><Properties action="C"
    thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
    path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
    useLetter="1" letter="J"/></Drive>
    The group policy is applied to an OU for that site. 
    All three users are in the same OU.
    All three users are also in the same “xxsitecode Users” group.
    2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
    There are no other login scripts and the user has no manually mapped drives.
    He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
    We don’t use roaming profiles
    To trouble shoot I have tried
    -    Reinstalling client side extensions
    -    Re-joining the pc to the domain
    -    Running gpupdate from the command prompt to see if any event logs are generated (none are)
    -    Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
    -    Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
    -    Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
    -    Manually checking the security on the user object in AD against one of the users who gets their drives mapped
    I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
    The Policy I’m having issues with is xxxx Mapped Drives/ Printers
    I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
    Any suggestions would be appreciated.
    Simone

    What's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
    Also, Jorke asked me to post the gpresult /z .
    Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001
    Created On 10/02/2010 at 2:19:34 PM
    RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
    OS Type:                     Microsoft Windows XP Professional
    OS Configuration:            Member Workstation
    OS Version:                  5.1.2600
    Domain Name:                 DOMAIN
    Domain Type:                 Windows 2000
    Site Name:                   SITECODE
    Roaming Profile:            
    Local Profile:               C:\Documents and Settings\USER.DOMAIN
    Connected over a slow link?: No
    COMPUTER SETTINGS
        CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
        Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
        Group Policy was applied from:      XXXXXADC.DOMAIN.com.au
        Group Policy slow link threshold:   500 kbps
        Applied Group Policy Objects
            Allow Remote Assistance
            au-mdwsus
            Default Domain Policy
            Legal Notice
            Proxy Settings
            Logon as service, operating system
            AU-WSUS
            Desktop Background & Home Page
            Reg Permissions for default desktop
            Local Admin & Local Power Users
        The following GPOs were not applied because they were filtered out
            SITECODE Mapped Drives/ Printers
                Filtering:  Not Applied (Empty)
            Local Group Policy
                Filtering:  Not Applied (Empty)
            AVD Rollout
                Filtering:  Disabled (GPO)
        The computer is a part of the following security groups:
            BUILTIN\Administrators
            Everyone
            Debugger Users
            BUILTIN\Users
            NT AUTHORITY\NETWORK
            NT AUTHORITY\Authenticated Users
            MACHINENAME$
            Domain Computers
            CERTSVC_DCOM_ACCESS
        Resultant Set Of Policies for Computer:
            Software Installations
                N/A
            Startup Scripts
                GPO: Desktop Background & Home Page
                    Name:         image.bat
                    Parameters:  
                    LastExecuted: 7:55:34 PM
                    Name:         swiftdesktop.vbs
                    Parameters:  
                    LastExecuted: 7:55:35 PM
            Shutdown Scripts
                N/A
            Account Policies
            Audit Policy
            User Rights
            Security Options
            Event Log Settings
            Restricted Groups
            System Services
            Registry Settings
            File System Settings
            Public Key Policies
                N/A
            Administrative Templates
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
                GPO: au-mdwsus
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: au-mdwsus
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: au-mdwsus
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
                GPO: Desktop Background & Home Page
                    Setting: Software\Policies\Microsoft\Internet Explorer\Security
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: au-mdwsus
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
                    State:   Enabled
                GPO: AU-WSUS
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
                    State:   Enabled
                GPO: au-mdwsus
                    Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
                    State:   Enabled
                GPO: Allow Remote Assistance
                    Setting: Software\policies\Microsoft\Windows NT\Terminal Services
                    State:   Enabled
    USER SETTINGS
        CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
        Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
        Group Policy was applied from:      XXXXXADC.DOMAIN.com.au
        Group Policy slow link threshold:   500 kbps
        Applied Group Policy Objects
            Allow Remote Assistance
           **** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
            Default Domain Policy
            Proxy Settings
            **** Desktop Background & Home Page - has Gp Pref's that should apply
            Local Admin & Local Power Users
        The following GPOs were not applied because they were filtered out
            AU-WSUS
                Filtering:  Not Applied (Empty)
            Legal Notice
                Filtering:  Disabled (GPO)
            Reg Permissions for default desktop
                Filtering:  Not Applied (Empty)
            Logon as service, operating system
                Filtering:  Not Applied (Empty)
            Local Group Policy
                Filtering:  Not Applied (Empty)
            au-mdwsus
                Filtering:  Not Applied (Empty)
            AVD Rollout
                Filtering:  Disabled (GPO)
        The user is a part of the following security groups:
            Domain Users
            Everyone
            Offer Remote Assistance Helpers
            BUILTIN\Administrators
            BUILTIN\Users
            NT AUTHORITY\INTERACTIVE
            NT AUTHORITY\Authenticated Users
            LOCAL
            Computer Account Operators
            Internet Users
            SITECODE Users
            DOMAIN-Public Folders Administrators
            All Email Users
            DOMAINSWIFTEMAIL
            Domain Admins
            Offer Remote Assistance Helpers
            WSUS Administrators
            DHCP Administrators
            CERTSVC_DCOM_ACCESS
        Resultant Set Of Policies for User:
            Software Installations
                N/A
            Public Key Policies
                N/A
            Administrative Templates
                N/A
            Folder Redirection
                N/A
            Internet Explorer Browser User Interface
                GPO: Proxy Settings
                    Large Animated Bitmap Name:      N/A
                    Large Custom Logo Bitmap Name:   N/A
                    Title BarText:                   N/A
                    UserAgent Text:                  N/A
                    Delete existing toolbar buttons: No
            Internet Explorer Connection
                HTTP Proxy Server:   Proxy:port
                Secure Proxy Server: Proxy:port
                FTP Proxy Server:    Proxy:port
                Gopher Proxy Server: Proxy:port
                Socks Proxy Server:  Proxy:port
                Auto Config Enable:  Yes
                Enable Proxy:        Yes
                Use same Proxy:      Yes
            Internet Explorer URLs
                GPO: Proxy Settings
                    Home page URL:           N/A
                    Search page URL:         N/A
                    Online support page URL: N/A
            Internet Explorer Security
                Always Viewable Sites:     N/A
                Password Override Enabled: False
                GPO: Proxy Settings
                    Import the current Content Ratings Settings:      No
                    Import the current Security Zones Settings:       No
                    Import current Authenticode Security Information: No
                    Enable trusted publisher lockdown:                No
            Internet Explorer Programs
                GPO: Proxy Settings
                    Import the current Program Settings: No

  • User mapping for groups doesn't work

    Hi,
    I have a problem with the user mapping for groups. When I select "User Mapping for System Access" I get the error message "There are no systems available for user mapping for the selected principal." There are some hints, what the reason could be, but I think I checked them all. For the single users in the group, the User mapping works without problems. Does anybody know what the reason for this problem could be? We are running SAP EP 7.0.
    Kind regards,
    Dominik

    Hi,
    It seems that the system you are pointing to is a delta link linking to "nowhere" and the source system has been deleted.
    The main reason for the problem is that the delta link system refers to a system that (no longer) exists.
    Try recreating the delta link's base system with the same location in the PCD and correct attributes.
    Hope this helps.
    Regards
    Srinivasan T

  • Mapping LDAP Groups to SAP Roles

    Hi there,
    i am trying to build up a synchron usermanagement with a LDAP-Server between EP, Web AS Java and Web AS ABAP.
    My thought is to administrate the users in the LDAP-Directory. The users will be assigned to groups.
    In EP and Web AS Java its no problem to assign these groups to roles and then just change the Users in the LDAP-Group and reach a synchron usermanagement.
    In Web AS ABAP it seems impossible to assign roles to groups.
    <b>The question is, is it possible to map ldap groups with the ldap connector of the web AS ABAP to Roles in an ABAP System?</b>
    Or is there another way to administrate users in different systems?
    Thanks alot for your answers,
    stefan

    Hi
    in this case u have to use the concept of central user administration. use the following links
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/events/asug-biti-03/cua with sap webas, ldap and third party software
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/events/sap-teched-04/user management and authorizations overview.pdf
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/nw/dotnet/integration of sap central user administration into microsoft active directory.pdf
    hope this helps u to get fair bit of idea
    don,t forget to give points
    With regards
    subrato kundu

  • Mapping EUS groups to shared schema

    Hi, everybody
    Has anybody done such thing ? I tried to map "cn=test_group,cn=groups,dc=test,dc=com" to schema GLOBAL_SCHEMA by ESM on target database but it silently skip my action. Moreover, I haven't found in documentation any mention about mapping groups to shared schema.
    I'm using OID version 10.1.4.0.3 running on RHEL4/x86 and Database 10.2.0.4 running on Solaris 10/SPARC.

    Hi, everybody one more time
    I've just comprehend the idea. There is no sense in mapping directory groups to shared schema. I've made the following experiment:
    1. created mapping of arbitrary user to GLOBAL_USER by esm
    2. modified attribute 'orcldbdistinguishedname' of entry which corresponds mapping I had made at point 1. In my case it was 'cn=mapping0,cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=test,dc=com'
    to value 'cn=test_group,cn=groups,dc=test,dc=com' by ldapmodify
    3. added someone to group 'test_group'
    4. tried to login to target database as user who had been added to group 'test_group' at point 3
    5. got ORA-01017: invalid username/password; logon denied
    The point is: There were no changes in DIT when you change membership of users in any group. LDAP server doesn't create new user's entry down below 'cn=test_group,cn=groups,dc=test,dc=com', instead it add attribute 'uniquemember' to corresponding group entry. This attribute contains dn of user's entry who is member of this group. So, there is no possibility of mapping directory groups to shared schema. The only way to emulate such behavior is to create something like cn=group1,cn=users,dc=test,dc=com ... cn=groupN,cn=users,dc=test,dc=com and sort out users to those entries manually. However, drawback of such solution is one to one relationship among users and "groups", but anyway it's better than nothing.

  • How to access the mapping of Groups and Roles in the JAVA Application

    We have mapped the EJB roles with the groups through the Visual Administrator. We have developed the SSO. We have developed the application through which we are creating the user and role and mapping that role with the created user. The created role is saved in some LDAP directory. The second application in which ejb methods are mapped with some security roles.The LDAP roles we are getting in Netweaver as groups and we can perform the mapping of the deployed ejb roles with the group.Now for the logged in user we want to get the roles mapped with it so that we can give/deny the access to the methods from EJB as per the role of that user .How we will get the access to the mappings of the roles with the group in the application, if I know the LDAP roles mapped with the user (since these roles are accessible as groups in the NetWeaver)
    For e.g.  From application created the user with the role as "manager". This role is stored in iPlanet directory.
    This directory is mapped in the Netweaver.The manager role is displayed as the group in the Netweaver.
    Created the EJB application with the method "displayTheAccountDetails() with the role as "ManagerRole"
    This role is mapped with the manager group. Now we are having the details about the logged in user and the LDAP roles mapped to it (maneger role). How I will get the access to the details that for this group which ejb role is mapped in the application. So depending on that I can allow/deny the access to the ""displayTheAccountDetails()" method to the logged in user.

    Do you, guys, work together?
    See the last answer in this thread: How database works in UCM?

  • Is it possible dynamcially mapping AD groups ?

    boxi31  sp2  >  2003 sql server  > tomcat 5.5
    Is it possible to map AD accts as only an authentication point and not manually map the winAD groups manually withi the CMC.
    I have only done the typical config;
    Mapped AD Member Groups
    Add AD Group (Domain\Group):    "manually add group"
    secWinAD:CN=XXX OU=XXX,OU=XXX,DC=XXX,DC=XXX
    etc...
    I was told cognos can do this,  so I'm assuming BO can also,  but I have no idea how?
    Thoughts?

    Hi Michael,
    I moved to the correct forum: Admin and Auth.
    I don't know if I understand correctly the question. I assume that you want to add AD user accounts directly. The answer is we can only map AD groups. You can decide when the account is added:
    - When you update the AD plugin: all the account in that group are created
    - When the users log in: only users that log in to BOE will create their account.
    Regards,
    Julian

  • Maps app not working on Network Users

    Maps app not working on network users on client machines?, is everyone having same issue?, Thanks in Advance

    Sometimes it does, sometimes it does not. I assume we're talking about network users with home folders on a remote volume…
    The only thing I could do about it was to inform Apple…

  • Mapping attributes at time of Xellerate User Recon.

    Hi All,
    I am doing mapping in process from for xellerate User and one of the field for mapping is "identity" . I am not sure what this field indicate and when it is used.Also, there is no field called "Password" in mapping. I am doing trusted reconciliation.
    Thanks,
    Ankit

    Thanks.
    but when I do reconciliation and map some attribute to identity as password , I can't log on with that attribute value.
    Not sure how it work if I need to set password at recon. Any solution for that?
    - Ankit

  • Built-in users table

    Hello,
    I want to build an authentication function based on the built-in users table, some thing like:
    (select * from (appex-user) where user=&varialble and password=&varialbes)
    How can I do that?
    Edited by: Najla on Jan 16, 2013 8:34 AM

    Hi,
    you can build table like
    CREATE TABLE  "USER_LOGIN"
       (     "USER_NAME" VARCHAR2(50) NOT NULL ENABLE,
         "USER_PASS" VARCHAR2(50))and use function like this
    create or replace FUNCTION  "AACU_F" (
    p_username IN VARCHAR2,
    p_password IN VARCHAR2)
    RETURN BOOLEAN IS
    BEGIN
    FOR c1 IN (SELECT 1
    FROM USER_LOGIN
    WHERE UPPER(USER_NAME) = UPPER(p_username)
    AND UPPER(USER_PASS) = UPPER(p_password))   
    LOOP
    RETURN TRUE;
    END LOOP;
    RETURN FALSE;
    END;now change your Authentication Schemes
    Scheme Type : custom
    in Authentication Function Name : use the function name you created (AACU_F) .
    Abo Yahya

  • Built-In Users-group is suddenly gone on folder security tab.

    Dear forum-members,
    I have got a problem with folder-permissions (acl) on a Windows 2003 Server with Terminal Services (Citrix).
    The application "Sybase" is installed on the D-drive (disk). A thrid party application needs Sybase to communicate through the sql.ini with the database. All terminal server users needs read permissions on the Sybase install directory to
    use the sql.ini.
    Normally every new folder on a server has the Builtin Administrators-group and System account "Full-Control" permissions and the Builtin Users-group had "Read en List" permissions. Now on the Sybase folder only the Builtin Administrators-group
    en System account are at the security tab, but
    not the Builtin Users-group.
    When I manually set the Builtin Users-group with read permissions it okay, but after a while the Builtin Users-group is gone/deleted/removed. There is no signal that a person, proces or action removes the permissions for the Builtin Users-group. I set
    Auditing on the folder, but with no result. I know for sure there is no GPO (Group Policy) that removes this group.
    For now I have a dirty solution to run a scheduled task every 10 minutes that run xcalcs to set the permissions. A tried a GPO to set the permissions, after a reboot the group policy doesn't apply (only after a gpupdate /force).
    Does some one of you has another proper/nice solution to force the read permissions on the Sybase folder for the Builtin Users-group?
    Thanks in advance.
    Greetings, Sidney

    Hi Shaon,
    Thank you for your reply.
    The 'third party app' is APP-V sequenced and not in production yet, so only some test users are using the app.
    I did a test today to use Domain Users instead of Builtin Users, but the same problem. After a reboot only the Builtin Administrators and SYSTEM has permission on the Sybase installation folder and Domain Users (& Builtin Users) were automatically
    removed again.
    We have 6 terminal (citrix) servers and all of them has the same problem, so it's not server related.
    Could it be an issue with the way how Sybase is packaged (it's a silence install through our deployment application)?
    Before I do the next test: Will it help to force the rights (replace permissons) from the upper folder to the sub-folder(s)? (force the inheritance)
    Greetings, Sidney

  • File Server Migration - For ORG A Forest to ORG B Forest ( Need to create and Map Security Group automatically on new Migrated Folders - Please Help

    I have two forest With Trust works Fine .
    I have file server in ORG – A ( Forest ) with 2003 R2 Standard
    I have a File server in ORG  - B ( Forest ) With Windows server 2012 ( New Server for Migration )
    I have 1000 + folders with each different permission sets on ORG-A. We are using Security groups for providing permission on the share Folders on ORG A
    I need to Migrate  all the folders from ORG – A to ORG – B.
    I am looking for an automated method of creating Security Groups on AD during the Migration, Once the Migration is Done, I can add the required users to the security groups manually.
    Example.
    Folder 1 on ORG – A has Security Group Called SEC-FOLDER1-ORGA
    I need an automated method of Copying the files to ORG – B and Creating a new security Groups on ORG –B Forest with the same permission on parent and child Folders. I shall Add the users manually to the Group.
    Output Looks Like
    Folder 1 on ORG – B has Permission called SEC-FOLDER1-ORGB ( New Security Group )
    Also I need a summarized report of security Group Mapping, Example – Which security Group on ORGA is mapped with Security Group Of ORGB

    Hi,
    I think you can try ADMT to migrate your user group to target domain/forest first. Once user groups are migrated, you can use Robocopy to copy files with permission - that permission will continue be recognized in new domain as you migrated already. 
    Migrate Universal Groups
    http://technet.microsoft.com/en-us/library/cc974367(v=ws.10).aspx
    If you have any feedback on our support, please send to [email protected]

  • Raw XML from Oracle once BI Publisher report is mapped and grouping in Word

    Hello,
    Once you have uploaded your BI Publisher report, mapped it out, etc. Does anyone know how you can still view the raw XML data, similar to what you loaded into word BI Publisher originally?
    And separately does anyone know the best way to group things in word when creating your template? I need to group off of year and then SGL but am having trouble doing this.
    Thanks,
    Jon

    XMl data will be shown under "Data' in the output layout drop down box

  • Mapping Roles/Groups between Oracle EBS R12 and OBIEE 11g

    Hi,
    We are implementing OBIEE 11g with Oracle EBS R12 as source system. Also we are using Out of the box RPD for Oracle EBS R12.
    But we are facing lot of challenges to map OBIEE 11g groups and EBS roles and responsibilities. We do not have prior experience with EBS as source system.
    Can anyone tell how to map between obiee groups with Oracle E-Business suit R12
    Is there any document link or notes regarding this.
    Any information regarding this will be a great help.
    Thanks in advance

    Hi,
    I am also looking for the solution to implement SSO of OBI 11g with EBS r12, what i understand from your post that you have configured SSO between OAM and EBS R12.
    Below is the link to configure SSO between EBSR12 and OBI 11g.
    http://www.astcorporation.com/images/PDFs/White_Papers/2012/AST_White_Paper-EBS-OBIEE_11g_Integration.pdf
    I want one clarification from you , once you read the above article what is your opinion do we require OAM integration if we want only EBS SSO with OBI11g ? I am bit confused in this ?
    Whats the use of OAM in this integartion ?
    Can you please help me.
    Thanks in Advance.
    Regards,
    Tarang Jain

  • Mapping Roles/Groups between OBIEE 11g and Oracle EBS R12

    Hi,
    We are implementing OBIEE 11g with Oracle EBS R12 as source system. Also we are using Out of the box RPD for Oracle EBS R12.
    But we are facing lot of challenges to map OBIEE 11g groups and EBS roles and responsibilities. We do not have prior experience with EBS as source system.
    Can anyone tell how to map between obiee groups with Oracle E-Business suit R12
    Is there any document link or notes regarding this.
    Any help regarding this will really save us.
    Thanks in advance

    Please read:
    Integrating with EBS Suite Security: http://docs.oracle.com/cd/E28280_01/bi.1111/e16364/ebs_actions.htm#BIEIT1321
    As I understand you need to create a Connection Pool to your EBS database. I think that would be a serious security aspect for the integration to work over two different networks. But I don't think it's impossible.
    Domain Prerequisites is another challenge in this scenario.
    More specifically: http://docs.oracle.com/cd/E28280_01/bi.1111/e16364/ebs_actions.htm#CHDHCAFD

Maybe you are looking for

  • How do you "rip" ipod music into your itunes..PLEASE READ!

    Yeah, a while back ago, all my music got deleted, i kept what i had on my ipod in fear that if i plugged it back up all my m usic would be gone for good. So i ask you, is there any way to plug in your ipod, and all the info be in your playlist, kinda

  • Photoshop CC will not open any files nor create new ones.

    The program itself opens, and I can select different tools to use, but it will not let me make files or open old ones. My Photoshop is purchased through my school for my college classes.

  • Vendor TDS Error

    Dear All, Whenever i post vendor payment posting. if i clik witholding tax tab i am getting this error Withholding tax information missing from line. item. how to avoid this error. girija

  • Need info on language key

    Problem Scenario : There is a requirement to display the language key in the BW report. It is known that only the text of the master data can be displayed in the language that is chosen at the time of login. Please let me know if there is any way to

  • Fill color color on its own

    Hi! I'm having an issue on my Illustrator CC 2014. When I double click over the Fill color box, on the tool box, to change it, it show a tottaly different color. e.g I have a green object: 85.10.100.0 I try to edit this color by doubble cliking over