Migrating users - with a twist (change AD accounts to local)

Similar Messages

• Migration Users with MD5 Passwords to Directory Server 6.1 on Solaris 10

  Hi,
  We are currently in a requirement of migrating some users to a application database to inside LDAP. Currently Application maintained the passwords in the MD5 hash form. Typical 32 digit Hex value - 41da76f0fc3ec62a6939e634bfb6a342
  Is there a way we can migrate these Users password to directory Server as-is so that they don't end up facing the prospect of resetting post migration.
  I have done some of the initial ground work but seems to be missing other critical info if at all it's possible.
  I believe it's possible to have CRYPT password policy (which directory server uses from underlying OS) as one of the plug-ins to configure in a way that underlying CRYPT utility starts to process/provide/support MD5 hashes. I got it to work, my using the below command on DSEE instance:
  dsconf set-plugin-prop -p 389 CRYPT argument:'$md5$'
  But for some reasons the MD5 hash (Sun MD5 library) provides does not match with the original hash value. It's 22 char long (as I have not specified any salt length) so I am assuming it's Base64 encoded. I have a perl script which converts the original 32-digit hex values to a base64 encoded representation (which I have also verified with other open source tools)
  Is there a way I can tweak CRYPT utility or something so that it understands typical standard MD5 hashes. (Confused between Sun MD5 and BSD (Linux) MD5 - none of them seems to match standard MD5 generated value).
  Any leads on this would be really helpful ?

  Just to reclarify or throw more information:
  a password - cleartext value - testuser1 has 32-digit HEX value as - 41da76f0fc3ec62a6939e634bfb6a342
  Same password when converted to Base64 pattern becomes - Qdp28Pw+xippOeY0v7ajQg==
  But when I use pwdhash utility in DSE after configuring CRYPT to use MD5 hashes it becomes -
  {crypt}$md5$$LiB/H70zXr3xfQPoXVuUQ1
  I used below command :
  pwdhash -D /opt/SUNWdsee/dsee6/ds6/slapd-oha-dev -s CRYPT testuser1
  Actual hash value of pwdhash is -LiB/H70zXr3xfQPoXVuUQ1 with rest of the prefix is to meet RFC standard and salt and algo name separator.
  I am wondering if Sun MD5 default uses any salt even when I haven't used or DS does it. Or if any other MD5 option is there which can be used.
  Thanks,
  Gaurav

• How can I notify other TFS users with my latest changes done to defect or workitem?

  Is there a TFS feature that would allow me to quickly notify my team about latest changes I made to the defect/workitem?
  I see the email button, but it is populated with just link to the TFS and bug description. I would like it to include my latest modification to the bug. 
  Szymon

  Hi Simon,  
  Thanks for your post.
  What’s the version of your TFS?
  Yes, you can create a below Team alert, then users in this team will receive the Bug work item alert once you edited the Bug work item
  Team Project           =     
  teamprojectname
  And          Work Item Type
      =     
  Bug
  And           Authorized As      
   <>   [Me]
  After you edited one Bug work item, all other Team members will receive the alert like below, included the changed fields in alert content:
  Work item Changed: Bug 188 - Bug test
  Team project:
  JTest-Scrum2013.4
  Area:
  \JTest-Scrum2013.4
  Iteration:
  \JTest-Scrum2013.4
  Assigned to:
  username
  State:
  Approved
  Reason:
  Approved by the Product   Owner
  Changed by:
  username
  Changed date:
  4/9/2015 11:37:20 AM
  Changed fields
  Field
  New Value
  Repro Steps
  Field
  New Value
  Old Value
  Title
  Bug test
  TC3-Bug
  Assigned To
  username
  State
  Approved
  New
  Reason
  Approved by the Product   Owner
  New defect reported
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• New user with ipod on old itunes account. How?

  I inherited a macbook with a new job. How do I restart itunes with my ipod touch without losing everything on my ipod when I sync?
  If this were a PC I could uninstall and reinstall itunes to get a fresh start that honors my current ipod, but I don't see how to accomplish this with a mac..

  Syncing to a "New" Computer or replacing a "crashed" Hard Drive: Apple Support Communities

• Stsadm migrate user error

  When try to run stsadm migrate user with this entire command
  stsadm.exe -o migrateuser -oldlogin yyyy\yyyyy -newlogin xxxx\xxxxx , it is giving error that
  the specified old user could not be found...This is happening for all users
  Please suggest

  Hi,
  For the sake of  security policy,A Service Application must be configured through unique managed account which had least privilege on the farm only for this service application not for entire farm.
  And also good to have unique application pool with unique security account to get best performance of your service application.
  Murugesa Pandian.,MCTS|App.Devleopment|Configure
  This is not recommended by Microsoft. With SharePoint, there should be a single Service Account Application Pool running Service Applications (InfoPath, Search, MMS, UPA, and so forth). In addition, there should be a single Web Application Application Pool
  (in addition to a single Web Application). This minimizes overhead from each Application Pool and a copy of the required binaries being loaded into memory (for each Pool). More Application Pools translates into less performance.
  The SharePoint PG feels that having one service account running these services is not a security issue.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Change Reconciliation Account

  Hello,
  The user ask me to change Reconciliation accounts for some vendors and customers.
  I've done the following steps:
  1/ Set the u201CReconciliation Accountu201D field in the vendor master as optional field (customizing)
  2/ Define Adjustment Accounts for Changed Reconciliation Accounts (customizing)
  3/ Run Balance Sheet Adjustment Program - F101(FAGLF101 in ECC6)
  But, there is no posting, and nothing happened.
  My questions :
        - What FAGLF101 is supposed to do exactly ?
        - The vendor/customers can have open items before executing FAGLF101 ?
  Thanks you

  Hi Tarek
  I hope you have actually changed your Recon. account
  You can change the reconciliation Account in the Vendor or customer Master provided the field Status in your configuration allows changing the Reconciliation Account. Also, it is ideal that you change the reconciliation Account when the balance on the Reconciliation Account is Zero.
  To clear the reconciliation Account one option is that you create a new open item managed GL Account and use Transaction FB05 to clear each open item in the vendor Account one at a Time and post on the new open item clearing Account. Then change the reconciliation Account in the master data and then again use FB05 to post the transactions back on the vendor Account one at a time.
  Refer - Change the Reconciliation account
  Rgds,
  Zub

• Change Reconciliation Account in Vendor

  Hi,
  Can I change the Reconciliation Account in Maintain Field Status Group: Account Management ?
  The user-end ask to change the account from 120501 to 213006 acc.
  Is´t wrong ? I´m change the Asset to Passive .
  Tks,
  Sandra Amadi

  Hi Sandra,
  Yes you can do that, follow the steps mentioned below
  This would require a config change. In the definition for vendor account groups first change the recon account field from display to optional, save the data make the necessary changes to the master records in Vendor and again set the recon account field to display and save. This has to be carried out directly in production server.
  There is no need to reverse the entry of Recon Account as the Recon Account can be change in the config settings.
  Hope it helps.
  Thanks.

• CS02 - trigger mail at save with detail of changes

  Dear Sapians,
    I come through a requirement in which , i have to trigger a mail to authorized user with detail of changes done in CS02 by unauthorized user.
  I got a BADI 'BOM_UPDATE'  'CHANGE_AT_SAVE'.
  And as per my understanding change detail are in table CDHDR and CDPOS.
  And in above table data is loaded after CS02 is saved.
  So, no detail of recent changes done is reflected in CDHDR and CDPOS .
  So, I am looking for some USER-EXITS or BADI , which help me out in this scenario.
  Scenario is :--
    a).
        When changes are done in CS02 by some UNAUTHORIZED USER, changes has to be verified by AUTHORIZED USER, so change detail has to be send to AUTHORIZED USER.
  Awaiting for your reply
  Thanks,
  Jeet

  Dear
  Sorry for not discussing the whole scenario.
  Actually , If some unauthorized user gas done some changes in CS02  than BOM Status is to be '2',
                  so mail is needed to ask authorized user permission to set BOM status '1'.
  But in the same time , authorized wanna know what changes are done. and changes are recorded in cdhdr and cdpos tables which is updated after after bom is saved not in between.
  That why mail is needed.

• How do you change an used ipad to a new user with a new itunes account?

  How do you cange a used ipad to a new user with a new itunes account?

  plug your ipad to your computer, open your itunes, click on the ipad icon, at the first page there is an option to "restore" ipad to its factory settings, click it. Don't remove USB connection, wait until it finishes wiping the data and it should place a new window that asks you to register the ipad.
  There you go, your iPad is sync with your itunes account under your name, its best to also use "Find my iPad" just in case it gets lost, you can track it from your computer. Very handy tool and its free!
  But if you want the data that is in the iPad, back up it first and sync the content to your library before restoring it to its factory settings
  Have a great day and enjoy your iPad

• I can not find migrated user, apps, files...after restore with migration assistant

  Hi, I have a MacPro, with mavericks. I have to change the hard disk because it failed, and now I want to restore my system.
  I have a copy in another disk, made with time machine. I used the migration assistant, the system recognized the copy;
  I'm interested in restore all the system, the users, the applications, and all the information, then I selected all and the migration apparently
  works because there are not error messages or nothing wrong, the only issue is that the current user has the same name of the user in the backup,
  then the assistant asked if I want both users, I choose to keep only the one in the backup, after a while (1-2 hours). I logout, and with surprise there are not any users created.
  I have to login as single user, reset the password for root, to be able to login into the computer again, and I can´t find the migrated user, or the applications, or the files.
  I am looking in the forums, and help pages, but I can´t find the solution. Thanks in advance

  Thanks Eric, the migration of applications, worked (by choosing only this item ), I created a new user, try using time machine to restore the user, but appeared  the message  file ".journal" already exists, and didn't work; so I decided to transfer the data manually. Now I hope the things will work out.

• Change configuration of a user with another user

  Hi gurus,
  I would like to know if it is possible to change the configuration of users with an admin user.
  For example. I don't have the pass of user A. Meanwhile, I nedd to change the layout of an appraisal document, a specif portal configuration for that user. Is it possible to change that configuration with my user.
  I asking this becausa I'm doing maintenance of SAP portals and some users don't give access to their accounts for privacy reasons. Do you have any ideia if it is possible?
  My specific case is HCM. I need to change add an entry to a layout of an user but I can not access to his account. It may look nonsense, but sometimes it happens.
  Thanks and best regards.

  HI,
  It is possible to change the configuration of users with an admin user.,as such only if  you have administrator rights.If u wan tto change the appraisal document with the specified user if suppose you are saying that user a is not there ,admin user can be used for editing the particular document ,where in all the information can be there with administrator .
  Regards
  Ashwin Chandra GIrmaji

• Double prompts for Exchange 2013 migrated users: "The microsoft exchange administrator has made a change that requires you to restart outlook"

  I have Exchange 2010 SP3 in my environment and am migrating to Exchange 2013. Whenever a mailbox is migrated, the Outlook 2013 client will prompt the user with a "the exchange administrator has made a change that requires you to restart
  Outlook". When the user does so, he or she is prompted again. After he or she closes and reopens Outlook for the second time, the issue is gone permanently.
  I've seen a number of other posts about repeated prompts like this but I haven't yet found one or someone gets exactly 2 prompts for each client and no more.
  A couple of pieces of information that may be relevant:
  1. On exchange 2013, the authentication method for the internal host name is NTLM
  2. I have not yet migrated public folders from Exchange 2010. I plan to do that after the mailbox migration is complete.
  Thanks in advance for your help.

  Hi,
  From your description, after mailboxes are moved from Exchange 2010 to Exchange 2013, users receive the following prompt when opening Outlook.
  The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook.
  In order to solve this issue, you need to apply the Outlook update that is described in KB 2863911.
  For your reference:
  Outlook 2013 cannot connect after an Exchange Server 2010 mailbox is moved to Exchange Server 2013
  https://support.microsoft.com/kb/2934750?wa=wsignin1.0
  Hope this can be helpful to you.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Amy Wang
  TechNet Community Support

• Changing administrator user name or short name in accounts, OS upgrade

  I just inherited an older MacBook Pro. (15-inch, 2.16GHz Intel Core Duo, OSX 10.4.11).
  I was able to change most account info, however former user's short name still appears as the short name in adm account and in the home page sidebar. How can I change this? (I understand there is a third party utility -- Change Short Name -- that claims to easily do this, but I'm reluctant to use any third party app if there is a Apple-endorsed way to accomplish the task.)
  Do I need to set up a new administrator account on the computer in order to delete his info?
  Also, eventually, I need to delete a lot of programs and files from computer. Bloated. My first thought is to simply do a clean reinstall since there's really nothing on the computer that I need. (However the original install discs were lost in a move, and I'll need to contact Apple for replacement.) I've read post advising against this approach because of the number of updates needed and due to uncited problems. Has anyone experienced any problems with this approach on this model -- before I purchase old install discs.
  Is better option to purchase Snow Leopard. I have it installed on Mac Pro at work. I like it and have not experienced any problems. Anyone experience problems with SL on this model of MBP.
  Thanks in advance for the help.

  [Adding a new user account to your computer|http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh168.html] You just need to make sure that the new account is set to be an administrator account. Then you log into the new account and remove the old account from there. There shouldn't be any implications to doing this but it is always a good idea to make sure you have a fully bootable (cloned) backup before doing modifications.
  As mentioned before, ideally you should just wipe wipe the drive and start afresh. This ensures any corrupt files, or hidden files, are removed. However, you will need the installer disc to do this. Since you no longer have the Tiger one it might be worth just going for Snow Leopard. However, one advantage to getting replacement original discs from Apple is they contain special software for diagnosing problems on your specific model computer that isn't in a retail set of discs.
  Cloning And Backup Tools
  A bootable clone is an exact copy of your drive which is capable of booting your computer. Making a copy of your computer which is capable of actually starting the computer requires special copying procedures. Some people just back up data files but if you have problems you have to reinstall all your operating system and all your applications. With a bootable clone you just start up from the backup drive and clone back everything.
  To copy files from one hard drive to another hard drive you can use:
  [CarbonCopy Cloner|http://www.bombich.com/software/ccc.html] (donationware)
  [SuperDuper|http://www.shirt-pocket.com/SuperDuper/SuperDuperDescription.html] (shareware)
  [IBackup|http://www.grapefruit.ch/iBackup/index.html] (free)
  The Restore function of Disk Utility included in OS X. [Kappy's directions|http://discussions.apple.com/message.jspa?messageID=8799711#8799711]
  [Tri-Backup (commercial)|http://www.tri-edre.com/english/tribackup.html] (payware)
  [Silverkeeper|http://www.lacie.com/silverkeeper> (free) - version 2 has some issues (references: [1|http://www.macintouch.com/readerreports/backup/index.html#d12jan2009],
  [2|http://www.macintouch.com/readerreports/backup/index.html#d13jan2009]) and it is recommended Tiger users stick with 1.1.4.
  [Kappy's Backup Software Recommendations|http://discussions.apple.com/message.jspa?messageID=9065665#906 5665]
  [Overview of Mac OS X Backup Programs|http://8help.osu.edu/1247.html]

• Macbook crash when trying to autorize user with system admin account  in maverick

  macbook crash when trying to autorize user with system admin account  in maverick,
  Please help

  Hi Frank,
  Please refer to following operations and check if can help you.
  1.
  wmic /node:"HOSTNAME" /user:"ADMIN_USER" /password:"PASSWORD" logicaldisk
  Please replace HOSTNAME with IP address, then monitor the result.
  2. Please open Control Panel, select User Accounts and click Manage another account. Then select the user account which you will use in WMIC command. Then please select Change
  the account type and check if you have set it as Administrator. If no, please set it as Administrator and check if this issue still persists.
  3. Please refer to the following thread and check if can help you.
  WMI
  Remote "Access Denied"
  If this issue still persists, please let me know the edition information of Windows OS that this issue occurred
  in. Meanwhile, you described “The user account is a member of Administrators.” Would you please let me summarily know how operate?
  Hope this helps.
  Best regards,
  Justin Gu

• How to migrate Apex users with existing passwords.

  Hi Guys,
  Our apex env finally getting a upgrade from 3.1.1 to 4.1.1 (I know, it's been overdue for years)
  Some of our apps use 'Application Express' authentication, and have few hundreds users in Apex (and users belong to diff user groups).
  The issue is, the 4.1.1 env is set up on a brand new server and DB, we want to migrate these users with their existing passwords from the 3.1.1 env.
  I tried exporting the workspace, and the users are exported as below,
       begin
       wwv_flow_fnd_user_api.create_fnd_user (
       p_user_id => '10592934818556549584',
       p_user_name => 'TEST',
       p_first_name => 'a',
       p_last_name => 'b',
       p_description => '',
       p_email_address=> '[email protected]',
       p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
       p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
       p_group_ids => '10592435401495787816:',
       p_developer_privs=> '',
       p_default_schema=> 'TEST',
       p_account_locked=> 'N',
       p_account_expiry=> to_date('201212040000','YYYYMMDDHH24MI'),
       p_failed_access_attempts=> 0,
       p_change_password_on_first_use=> 'Y',
       p_first_password_use_occurred=> 'N',
       p_allow_access_to_schemas => '');
       end;
  when I run this in 4.1.1 I had to modify it to the new format as below,
  also changed the p_group_ids to new user group but kept the password the same
       begin
       wwv_flow_fnd_user_api.create_fnd_user (
       p_user_id => '',
       p_user_name => 'TEST',
       p_first_name => 'a',
       p_last_name => 'b',
       p_description => '',
       p_email_address=> '[email protected]',
       p_web_password => 'E92903DEAD135E6E86BD6B64544D2BD9',
       p_web_password_format => 'HEX_ENCODED_DIGEST_V2',
       p_group_ids => '1399416797653068:',
       p_developer_privs=> '',
       p_default_schema=> 'TEST',
       p_account_locked=> 'N',
       p_account_expiry=> to_date('201209041006','YYYYMMDDHH24MI'),
       p_failed_access_attempts=> 0,
       p_change_password_on_first_use=> 'Y',
       p_first_password_use_occurred=> 'N',
  p_allow_app_building_yn=> 'N',
  p_allow_sql_workshop_yn=> 'N',
  p_allow_websheet_dev_yn=> 'N',
  p_allow_team_development_yn=> 'N',     
  p_allow_access_to_schemas => '');
       end;
  the result was that the user is created fine, but the password is not valid.
  Anyone knows how to export apex users with existing password to a new server?
  Thanks.
  Edited by: Danny on 3/12/2012 20:51

  Hi,
  Not sure why you say
  when I run this in 4.1.1 I had to modify it to the new format as below, If you just run the workspace export sql it should create the Workspace, Groups and Users
  The signature of the procedure is below. See the highlighted lines.
  procedure create_fnd_user (-- Description:
  -- This procedure allows for programatic and bulk creation of users.
  -- Example:
  -- From sqlplus logged in as the privileged flows user, first
  -- ensure that the security group id is set properly, then create
  -- your users.
  <b> -- begin wwv_flow_security.g_security_group_id := 20; end;</b>
  -- begin
  -- for i in 1..10 loop
  -- wwv_flow_fnd_user_api.create_fnd_user(
  -- p_user_name => 'USER_'||i,
  -- p_email_address => 'user_'||i||'@mycompany.com',
  -- p_web_password => 'user_'||i) ;
  -- end loop;
  -- commit;
  -- end;
  -- Arguments:
  -- p_user_id numeric primary key of user
  -- p_user_name the username the user uses to login
  -- p_first_name informational only
  -- p_last_name informational only
  <b> -- p_web_password the unencrypted password for the new user</b>
  -- p_group_ids A colon delimited list of group IDs from the table wwv_flow_fnd_user_groups
  -- p_developer_privs A colon delmited list of developer privs, privs include:
  -- ADMIN:BROWSE:CREATE:DATA_LOADER:DB_MONITOR:EDIT:HELP:MONITOR:SQL:USER_MANAGER
  -- p_default_schema A valid oracle schema that is the default schema for use in browsing and
  -- creating flows
  -- p_allow_access_to_schemas A colon delimited list of oracle schemas that the user is allowed to
  -- parse as. If null the user can parse as any schema available to the company.
  -- This does not provide privilege it only resticts privilege, so listing a schema
  -- does not provide the privilege to parse as a schema, it only restricts that user
  -- to that list of schemas.
  -- p_attributes_XX These attributes allow you to store arbitary information about a given user.
  -- They are for use by flow developers who want to extend user information.
  <b> -- p_web_password_format Identifies the format of the web password.
  -- The range of values is CLEAR_TEXT, HEX_ENCODED_DIGEST, DIGEST </b>
  -- p_person_type "E" marks the user as external
  -->
  Note there is no HEX_ENCODED_DIGEST, DIGEST_V2 listed. It may work, but not obvious from the signature.
  Cheers,