Multiple group policies

Hi
I have a problem.
As an example, I have a Windows group policy with a single setting for Windows Update that I have associated with the Workstations Folder. Let's say the "Configure Automatic Updates" = Enabled.
Then I create another policy with the same setting but with state disabled, which I associate with a workstation group or workstation.
The problem now is that the policy setting that is associated with the workstation group/workstation does not win over the other policy setting below (Workstations Folder).
I thought that group policies closest to the workstation object would apply. Any way to control this or is there another solution?
Thanks in advance
Andreas

bump
"CCPS" wrote in message
news:I5yTv.6708$[email protected] l.com...
I hope you get an answer. I have posted the exact same issue but the
policies assigned were cumulative against the user and never got a response.
"briland" wrote in message news:[email protected]..
Hi
I have a problem.
As an example, I have a Windows group policy with a single setting for
Windows Update that I have associated with the Workstations Folder.
Let's say the "Configure Automatic Updates" = Enabled.
Then I create another policy with the same setting but with state
disabled, which I associate with a workstation group or workstation.
The problem now is that the policy setting that is associated with the
workstation group/workstation does not win over the other policy setting
below (Workstations Folder).
I thought that group policies closest to the workstation object would
apply. Any way to control this or is there another solution?
Thanks in advance
Andreas
briland
briland's Profile: https://forums.novell.com/member.php?userid=2124
View this thread: https://forums.novell.com/showthread.php?t=478918

Similar Messages

SSL Multiple Tunnel Groups with Multiple group policies

Hello folks.
Have a query and cant seem to find an answer on the web.
I have configured SSL Clientless VPN on a lab ASA5510, using 2 tunnel groups, one for enginneers and one for staff, mapped to 2 different group policies, each with different customisation. I have mapped the AD groups to the tunnel groups using both ACS and now LDAP (currently in use), both working successfully, using group lock and LDAP map of IETF-Radius-Class to Group name ensures engineers get assigned to the engineers tunnel group and staff get mapped to the staff tunnel group only.
The question i have is....is there a way to use a single tunnel group to map the user based on AD group which will then use the correct Group-policy (1 tunnel group to multiple group-polciies). I have seen examples of doing this with different URLs but want to know if they can all use the same URL and avoid using the drop down list using aliases.
It may be a simple "No" but it would be nice to know how to do it without using the URLs or drop down list. Users are easily confused ......

Easy. Disable the drop-down list, and use the authentication-server (LDAP or Radius) in the DefaultWEBVPNGroup. By default when you browse to the ASA, it will be using the DefaultWEBVPNGroup. Let LDAP or Radius take care of the rest.
You will get the functionality you are looking for.
HTH
PS. If this post was helpful, please rate it.

Several Group policies on user

Is it possible to have several windows group policies on a user?
If it is a general gpo associated to the container, and a another to a user
or a group a user is member of, which one will be the effective? The closest
to the user or a mix of all of them?
I have done like that and get strange errors.
/Leif

Thanks Rolf!
Exactly the answer I wanted.
Must also thank you again for the tip on how to distribute certificates with
GPO.
It works great!
Regards
Leif
"Rolf Lidvall" <[email protected]> skrev i meddelandet
news:W1ike.670$[email protected]..
> Group Policies are additive and they apply in the order
> you have set in your Search Policy Search Order:
> http://www.novell.com/documentation/...k.html#a777rvi
> "Additive Group Policies:
> Group policies are now additive. This means that settings from multiple
> Group policies are cumulatively effective, rather than individually.
> Settings from multiple Group policies can affect users and workstations.
> Policies start with the local Group policy settings and are applied in
> reverse of the policy search order. This means that a setting in a policy
> applied first has lowest priority and its value is overwritten by any
> other
> policy with the same setting.
> Security settings are not additive; they are set by the last effective
> policy."
>
> See also:
> http://www.novell.com/documentation/...a/a779n8h.html
>
> Regards
> Rolf Lidvall
> Swedish Radio (Ltd)
> NSC SysOp
>
>

Using multiple AAA group policies

I am using the IETF class 25 option on ACS 4.x for VPN access. It's working well but I'd like to the best way to assign mutiple policies for a group.
For example I'd like to give group A users only IPSEC access and group B users IPSEC and SSL. IPSEC access will be indentical so I prefer not to create another profile and share the policy name.
Thanks

hmmm...
so u r saying you want to lock the user in a tunnel group? you can push the group-lock attribute in that case.
or is it like you want to push more than one group-policy to a user? if so, then i don't think you can do that. i.e. assign multiple group-policy to a user connecting to a tunnel-group is not possible.
how many tunnel-groups you have? and what is it exactly that you want to achieve?
Regards,
Anisha
P.S.: Please mark this thread as resolved if you feel your query is answered.

Office 365 Group Policies question

We initially deployed Office 365 with updates turned off so about half of our users have an old version of Office 365. We want to now manage the updates using the new group policies for O365. I read this statement ...In
order for these four new policy settings to work, you will need to have at least the April 2014 build of Office 2013 Click-to-Run (Build 15.0.4605.1003) and download the latest Administrative templates files (ADMX/ADML).
Does this mean that the version on the PC has to have at least the April 2014 build to use the policies? If that's true how would I go about updating the users who have automatic updates turned off. there are a couple of thousand users.

Does this mean that the version on the PC has to have at least the April 2014 build to use the policies? If that's true how would I go about updating the users who have automatic updates turned off. there are a couple of thousand users.
Yes.
Depending on how you deployed/deploy Office365ProPlus, and, the tools/techniques available to you in your environment, there are some options.
a) re-deploy Office365ProPlus to the computers. Use the latest build version.
b) check the relevant registry settings, and if correction is needed, deploy the correct registry settings.
These articles may help you to determine which of the multiple scenarios you have to deal with:
http://community.office365.com/en-us/f/156/t/220142.aspx
http://blogs.msdn.com/b/modonovan/archive/2014/04/09/office-365-pro-plus-fails-to-update-or-fails-with-error-code-30088-27.aspx
http://social.technet.microsoft.com/Forums/office/en-US/4369357e-5de9-4755-8f2c-33ae948b14fb/manually-triggering-updates-in-office-2013?forum=officeitpro
http://blogs.technet.com/b/office_resource_kit/archive/2013/06/17/automating-quick-repairs-in-office-365-proplus.aspx
http://blogs.technet.com/b/odsupport/archive/2014/03/03/the-new-update-now-feature-for-office-2013-click-to-run-for-office365-and-its-associated-command-line-and-switches.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

ACS USER IN MULTIPLE GROUP

Dear all
I have an ACS running 4.2 ver.We have integrated this with AD as well.
We had created some groups in acs for vpn and its is dynamically mapped with respective department.Its working fine know.
We have designed wireless implementation here with dynamic vlan assignment.
This is not working beacause user is already a member of one group in acs.I know that i can edit that group and do the wireless parameter settings.
But i would like to know wheather the user can be a member of multiple group or user will be associated with first group.
If we have an option for the user to be in a multliple group how can we do this.
If any one has faced this issue pls reply me at the earliest.
regards
-Danish

Its a bit long winded, but by using multiple Network Access Policies (NAP) in ACS 4.2 you can create specific windows group mappings per NAP.
The NAP is selected dynmically by NAS IP, or NDG or any content within the incoming RADIUS packet. So usually its possible to match on something. NAPs may also have chunks of re-usable RADIUS attributes (Shared Radius Authorisation Components) which can be used instead of setting RADIUS attributes at group level - can reduce the management overhead.
Its not a perfect solution, but should get to where you need to be without having to upgrade.
Facing an ACS audit? Find out how aaa-reports! can help at www.extraxi.com

Belong to Multiple Access Policies

Hello,
I am curious about everyone else's experience with access policies being maintained by groups, and some users belonging to multiple groups and multiple access policies. Example:
John Doe belongs to group1 and group2
Order
1
AccessPolicyA
Selected groups: group1
Blocks access to URL xyz.com
2
AccessPolicyB
Selected groups: group2
Allows access to URL xyz.com
Will the WSA check all access policies that John Doe authenticates to? Or will it stop and use the first access policy that he hits, in this example AccessPolicyA?

It is a bit of a hassle, but we had to reorder our access policies thinking in a top down approach as well.
Also you can create AD global security groups specifically for Internet access if you'd like. Prefix it with something that makes sense so they are all together in AD. We use IG- (IG stands for Internet Group). So we have AD groups called IG-RestrictedInternet or IG-SocialMedia.
If your in Restricted intenret, your totally restricted except for a few sites we allow. If your not in a group you have general internet access except for time wasting stuff like facebook. If your in IG-SocialMedia then you have all the general internet access PLUS social media like facebook, linkedin, etc... This is usually given to marketing or HR people.
So while annoying, there are ways to think about how to handle this. I can see your point say you are a Manager of the marketing department. Well you might be in an AD group for marketing as well as an AD group for management. In this case our Management policy would come above the marketing policy. So if your not doing specific groups then you can just order them by employee position hierarchy with usually management / hr on top.

Multiple Groups?

Dumb question, I've not read the docs all the way just yet.
In ZCM can you have workstations (devices) be in more than one group?
For example, have a group for ZPM that's sorted via IP (like in the standalone ZPM where there's a system group sorted via IP network segment)
But ALSO have a group in ZCM (like Windows XP, etc.) for regular non-ZPM Bundles, policies etc.
I am assuming that there's some sort of priority/precedence if you were to have multiple groups and somehow assigned conflicting things to multiple groups (we don't intend for that to happen).

kjhurni,
>In ZCM can you have workstations (devices) be in more than one group?
Just tested it and you can. I didn't test which would have priority, like
if the group had policies associated. Probably doesn't matter much in a
bundle group though.
Jared Jennings
Senior Systems Architect, Data Technique, Inc.
http://www.datatechnique.com
My Blog and Wiki with Tips, Tricks, and Tutorials
http://jaredjennings.org
Twitter@ jaredljennings

ASA 5505 VPN Group Policies (RADIUS) and tunnel group

I have a single ASA firewall protecting a small private developing network, and I need it in order to access remotely to two distinct network spaces both of wich are VLAN tagged: 1 is LAN and 3 is management. Each net has its own IP address space and DNS server.
I'd like to set up Anyconnect to land on lan 1, and SSL VPN in order to see the IPMI and management websites sitting on VLAN 3. In order to make things "safer" I have found a free OTP solution, OpenOTP, and I decided to implement it on a virtual machine, setting up a radius bridge to allow user authentication for VPN. I can pass wichever attribute I'd like to using this radius bridge (for example "Class" or "Group-Policy" or whatever is included in the radius dictionaries).
Actually all I need is quite simple. I have to segregate my remote users in 2 groups, one for Anyconnect, and one for SSL based on the radius response from authentication. (I don't need authorization nor accounting) I'm no Cisco Pro, what I've learnt is based on direct "on the field" experience.
I'm using two radius users for testing right now, one is called "kaisaron78" associated to a group policy "RemoteAC" and a second one called "manintra" associated to a group policy called "SSLPolicy". "kaisaron78" after logging in should only see the Anyconnect "deployment portal", while "manintra" should see the webvpn portal populated with the links specified in the URL list "Management_List". However, no matter what I do, I only see the default "clean" webvpn page. This is an example of "sh vpn-sessiondb webvpn" for both users..
Session Type: WebVPN
Username     : kaisaron78             Index        : 1
Public IP    : 172.16.0.3
Protocol     : Clientless
License      : AnyConnect Premium
Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
Bytes Tx     : 518483                 Bytes Rx     : 37549
Group Policy : RemoteAC               Tunnel Group : DefaultWEBVPNGroup
Login Time   : 10:59:33 CEDT Mon Aug 18 2014
Duration     : 0h:00m:23s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : c0a801fa0000100053f1c075
Security Grp : none
Asa5505# sh vpn-sessiondb webvpn
Session Type: WebVPN
Username     : manintra               Index        : 2
Public IP    : 172.16.0.3
Protocol     : Clientless
License      : AnyConnect Premium
Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
Bytes Tx     : 238914                 Bytes Rx     : 10736
Group Policy : SSLPolicy              Tunnel Group : DefaultWEBVPNGroup
Login Time   : 11:01:02 CEDT Mon Aug 18 2014
Duration     : 0h:00m:05s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : c0a801fa0000200053f1c0ce
Security Grp : none
As you can see, it seems like the policies are assigned correctly by radius attribute Group-Policy. However, for example you'll notice no vlan mapping, even if I have declared them explicit in group policies themselves. This is the webvpn section of the CLI script I used to setup remote access.
! ADDRESS POOLS AND NAT
names
ip local pool AnyConnect_Pool 192.168.10.1-192.168.10.20 mask 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_27
subnet 192.168.10.0 255.255.255.224
access-list Split_Tunnel_Anyconnect standard permit 192.168.1.0 255.255.255.0
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
! RADIUS SETUP
aaa-server OpenOTP protocol radius
aaa-server OpenOTP (inside) host 192.168.1.8
key ******
authentication-port 1812
accounting-port 1814
radius-common-pw ******
acl-netmask-convert auto-detect
webvpn
port 10443
enable outside
dtls port 10443
anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
anyconnect profiles AnyConnect_Profile_client_profile disk0:/AnyConnect_Profile_client_profile.xml
anyconnect enable
! LOCAL POLICIES
group-policy SSLPolicy internal
group-policy SSLPolicy attributes
vpn-tunnel-protocol ssl-clientless
vlan 3
dns-server value 10.5.1.5
default-domain value management.local
webvpn
url-list value Management_List
group-policy RemoteAC internal
group-policy RemoteAC attributes
vpn-tunnel-protocol ikev2 ssl-client
vlan 1
address-pools value AnyConnect_Pool
dns-server value 192.168.1.4
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_Anyconnect
default-domain value home.local
webvpn
anyconnect profiles value AnyConnect_Profile_client_profile type user
group-policy SSLLockdown internal
group-policy SSLLockdown attributes
vpn-simultaneous-logins 0
! DEFAULT TUNNEL
tunnel-group DefaultRAGroup general-attributes
authentication-server-group OpenOTP
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group OpenOTP
tunnel-group VPN_Tunnel type remote-access
tunnel-group VPN_Tunnel general-attributes
authentication-server-group OpenOTP
default-group-policy SSLLockdown
!END
I had to set up DefaultWEBVPNGroup and RAGroup that way otherwise I couldn't authenticate using radius (login failed every time). Seems like in ASDM the VPN_Tunnel isn't assigned to AnyConnect nor to Clientless VPN client profiles. Do I have to disable both default tunnel groups and set VPN_Tunnel as default on both connections in ASDM ? I know I'm doing something wrong but I can't see where the problem is. I'm struggling since may the 2nd on this, and I really need to finish setting this up ASAP!!!!
Any help will be more than appreciated.
Cesare Giuliani

Ok, it makes sense.
Last question then I'll try and report any success / failure. In this Cisco webpage, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html#wp1661512 there's a list of supported radius attributes. Actually I'm using number 25 Group-Policy, in order to get the correct group policy assigned to users. I see, in that list an attribute 146 Tunnel-Group-Name. Will it work out for the purpose you explained in the previous post ? I mean, if I set up two tunnel groups instead of 1, 1 for anyconnect with its own alias and its own url, and 1 for SSL VPN again with its own alias and url, do you think that using that attribute will place my users logging in into the correct tunnel group ?
Thank you again for your precious and kind help, and for your patience as well!
Cesare Giuliani

No data found message w/multiple group by

I am doing a report that has multiple group by and not sure where the code needs to go so it will bring back No data found for the report. Can anyone help me out?
group ROW by GRANDTOTAL
group by EMP_NAME
Employee Name: EMP_NAME
group by CASE_MGMT_TEAM_CD
Team: CASE_MGMT_TEAM_CD
group by ACTIVITY_ID
Activity: ACTIVITY_ID (Following is a Table)
Process Date     Amount     Count
F PROCESS_DT 9,990.00 9,990 E
Total by Activity:     9,990.00 9,990
end by ACTIVITY_ID
end by CASE_MGMT_TEAM_CD (Following is a Table)
Total for Employee <?EMP_NAME?>:     999,990.00 999,990
end by EMP_NAME (Following is a Table)
Grand Total:     9,999,990.00 9,999,990
end ROW by GRANDTOTAL

Take a look at this: http://winrichman.blogspot.com/2009/05/no-data-found.html
Thanks!

How can I configure FireFox security setting globally for all users on a PC? Is there something I can do in group policies or throught the registry to insure all users have the same settings?

Our Bank's core processor has rewritten their product to run in a web browser. Their browser of choice is Firefox 3.6. The specifications from our core processor specify specific security and settings parameters that must be adhered to by all users for their product to run properly. Is there a way to globally configure these settings via the registry or group policies to insure everyone who logs in to a given workstation opens Firefox with the same settings? Thank you for any assistance you can provide - Steve Gish, First Bank Kansas.
== User Agent ==
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

You can try:
*http://kb.mozillazine.org/Locking_preferences

Office 2013 group policies - not working

I'm using Office 2013 Pro Plus SP1 (volume license) on a Windows 7 Pro machine [both are 32 bit]. While I have Server 2003, it's configured to work with Windows 7 and Office 2013 Group Policy templates. I use RSAT on a Win 7 computer to
create/manage the Group Policies.
Since we're not using Office 365, I'm trying to block some of those features, as well as disabling the Office Start screens.
Thinking that SP1 might be the problem, I downloaded the group policy templates for SP1 and copied them to the server.
If I create a policy (Office_2013_settings), with a few settings, like "Block singing into Office". In Group Policy, I disabled the Computer Configuration, leaving the User Configuration enabled. If I force group policy on the target
computer and look at RSOP, I see the computer configuration settings disabled, but nothing for the user configuration, although it's enabled in the policy.
If I put a junk policy entry on the computer configuration and enable both policies on the backend, force group policy on the computer, and look at RSOP, under computer configuration, I see the Office_2013_settings policy, but the policy still doesn't appear
in the user configuration. If I scroll to the bottom of the file, where I can see other Administrative templates and their settings, my Office_2013_settings aren't visible.

I have created a group policy with a few settings, and applied to my own computer. It seems to be very nice to me. Please first check the apply status on the client site based on the GPSVC.log
Thinking the issue might be on the way how you create/manage the Group Policies on Windows Server side. Please check the model of how you deploy your group policy, on a domain or OU level? Loopback Merge or Replace? This might affect whether the user
would receive all settings from GPO applied to User or Computer. This article might be useful to you:
http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
This might be an issue on Windows server side, you may need to post your question to below forum to get more suggestions:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver

Multiple Groups in Radius

HI all -
Quick questions that will be easy for all you experts. I am using Juniper Steel-belted Radius for Remote Access Authenticaion off of our Concentrator right now. I want to start deploying 802.1x for vlan assignment and login authentication for the network boxes.
I have been looking around here, and have deducted that Radius has difficulties when you have the same username in multiple groups. Currently, the domain group VPNUSERS is allowing remote access, and that pretty much encompasses all the 1000+ employess for the company. For login authentication, I added a check list for the VPNUSERS (to ensure not everyone can login into my switches) group on the radius server to only allow requests from that of the concentrator, but if I create a new AD group (NETADMINS), put the users that will be allowed to login to the individual network devices, add that group as a user on the radius box, I am receiving an authentication failed error.
Is this because those usernames are currently being denied because those usernames are also a part of the VPNUSERS group, which is failing authentication because the attributes don't match according to the check list? Is there anyway around this without having multiple radius server groups on the network. Thanks for the help.

Not all RADIUS servers are created equal... which one are you talking about?

How to add multiple groups in a single user in ldap

I have problem with ldap ,Please clarify the following problem.
My request is --> send the multiple groups at a time with single user.
My code contain single user and single group is working.
Please see the source file ,please solve my problem. i tried , but i did not get.
package com.ldap;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
* This class provides methods for the user management
* @author sudhakar
public class LdapUserMgr {
     public final static String USER_ID = "uid";
     public final static String COMMONNAME = "cn";
     public final static String SURNAME = "sn";
     public final static String MEMBEROF = "wlsMemberOf";
     public final static String MEMBEROF1 = "wlsMemberOf";
     public final static String PASSWORD = "userpassword";
     public final static String EMAIL = "mail";
     * This method creates new user in the embedded ldap registry
     * @return
     * @throws Exception
     public void createUser() throws Exception {
          DirContext ctx = getLDAPConnection();
          String userId="sudhakar";
          String userName="sudhakar";
          String userRole="Assessor";
          String password="sudhakar123";
          String email="[email protected]";
          try{
                    Attributes attrNew = new BasicAttributes(true);
                    Attribute objclass = new BasicAttribute("objectclass");
                    String group = "ou=groups,ou=myrealm,dc=sudhakar_domain";
                    String people = "ou=people,ou=myrealm,dc=sudhakar_domain";
                    // add all the object classes required for the user profile
                    objclass.add("top");
                    objclass.add("person");
                    objclass.add("organizationalPerson");
                    objclass.add("inetOrgPerson");
                    objclass.add("wlsUser");
                    // put all the attributes required as part of the user profile
                    // add object classes
                    attrNew.put(objclass);
                    // add user Id
                    attrNew.put(USER_ID, userId);
                    // add user common name
                    attrNew.put(COMMONNAME, userName);
                    // add user surname
                    attrNew.put(SURNAME, userName);
                    // prepare the group path for the user
                    String role = COMMONNAME + "=" + userRole + "," + group;
                    // add user to a group
                    attrNew.put(MEMBEROF,role);
                    System.out.println("user role is "+role);
// i want to pass multiple user roles at a time
                    // add user password
                    attrNew.put(PASSWORD, password);
                    // add user mail Id
                    attrNew.put(EMAIL, email);
                    // Prepare the query string to add the user to the embedded ldap
                    String query = USER_ID + "=" + userId+ "," + people;
                    System.out.println("user query is "+query);
                    // add the user to the LDAP directory
                    ctx.createSubcontext( query, attrNew );
                    System.out.println("user" + userId+ "created");
          catch ( NameAlreadyBoundException nabe ){
               System.out.println(nabe.getMessage());
               throw new NameAlreadyBoundException("User by this name already exits");
          catch (NamingException namEx) {
               System.out.println(namEx.getMessage());
          catch(Exception ex){
               System.out.println(ex.getMessage());
          finally{
               closeLDAPConnection(ctx);
     public DirContext getLDAPConnection() throws Exception{
          DirContext ctx = null;
          try{
               Hashtable<String,String> env = new Hashtable<String,String>();
               env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
               env.put(Context.PROVIDER_URL, "ldap://192.168.100.84:7030/");
               env.put(Context.SECURITY_AUTHENTICATION, "simple");
               env.put(Context.SECURITY_PRINCIPAL, "cn=Admin");
               env.put(Context.SECURITY_CREDENTIALS,"admin");
               // Create the initial directory context
               ctx = new InitialDirContext(env);
     return ctx;
          catch (AuthenticationException authEx){
               System.out.println(authEx.getMessage());
          throw new AuthenticationException("Authentication failed");
          catch (NamingException namEx) {
               System.out.println(namEx.getMessage());
          throw new NamingException("Naming Exception");
          catch(Exception ex){
               System.out.println(ex.getMessage());
          throw new Exception("Exception Occured");
     * This method closes the LDAP connection
     * @param ctx
     public void closeLDAPConnection(DirContext ctx){
          try{
               ctx.close();
          catch(NamingException nex){
               System.out.println(nex.getMessage());
          catch(Exception ex){
               System.out.println(ex.getMessage());
     public static void main(String s[])throws Exception{
          LdapUserMgr ldapUserMgr = new LdapUserMgr();
          ldapUserMgr.createUser();
Edited by: sudhakar_kavuru on Jun 16, 2009 1:58 AM

Hi Sudhakar,
try some thing like this.Here I have enclosed the code snippet.
     String query = USER_ID + "=" + user.getUserId()+ "," + people;
                    // add the user to the LDAP directory
//                    ctx.createSubcontext( query, attrNew );
                    Attribute att1 = new BasicAttribute(MEMBEROF);
                    String roleName=user.getUserRoleList().get(0);
                    String role1 = COMMONNAME + "="+roleName+"," + group;
                    att1.add(role1);
                    attrNew.put(att1);
                    DirContext dirContext =ctx.createSubcontext( query, attrNew );
                    for (int i = 1; i < user.getUserRoleList().size(); i++) {
                         Attributes att2 = new BasicAttributes();
                         String roleNameStr=user.getUserRoleList().get(i);
                         log.debug("roleNameStr--->"+roleNameStr);
                         String role2 = COMMONNAME + "="+roleNameStr+"," + group;
                         log.debug("role2-->"+role2);
                         att2.put(MEMBEROF,role2);
                         dirContext.modifyAttributes("", DirContext.ADD_ATTRIBUTE, att2);
                    }

How do I send mail to multiple groups simultaneously in Mavericks?

Recently updated to Mavericks, and I used to be able to just add a contact group to the BCC field. I can still add a contact group to the BCC field, as I have searched up till this point, but my issue is adding multiple groups into these fields. I thought a solution might be to make one huge group, but I use different groups for different things constantly, and combine and alter them continuously.
How on earth is it that I can no longer email multiple groups simultaneously? There has to be something I'm missing!!

I did this and the recipient gets an email From: Me and To: Me.
If you are sending email to multiple recipients by bcc, the recipients should not be able to see the other recipients you are sending the mail to. However, they will see who the email is from which is you!
What is confusing me is how are your recipients getting your email if it's not addressed to them but to yourself?
Have you tried rebuilding Mail?
Which version of OS & Mail are you using? Asking because your system profile is showing you are using Snow Leopard yet, you posted in the ML forum.

Multiple group policies

Similar Messages

Maybe you are looking for