NEED TO DETERMINE USERS THAT HAVE LOGGED IN WITH A SPECIFIC ROLE

Similar Messages

• Portlet to display all users that have manager defined as currently displayed user profile

  I need to create a portlet such that when a user finds a user's profile they see all of the users defined with manager set to the value of the profile user's employeeNumber.
  Example:
  (Think a directory of employees)
  John searches and finds user named Jack. He sees Jack's name, phone number, address, etc in the General Information section. Then he also sees a section (Portlet) that lists all of Jack's direct reports. John clicks on one of Jack's direct reports (Sam), to find this person's phone number.
  The Direct Reports portlet would be a search portlet that finds all of the users that have a mangerID property set to the value of Jack's employeeNumber property and displays them sorted by LastName.
  I need some direction on where to start for this.
  It seems like I need to use the Plumtree Server API in order to search for all of the user objects and sort them on a particular property, .e.g IPTObjectManager.Query Method (Int32, Int32, Int32, Int32, Int32, Object[][])
  A crawler seems out because, I guess that would require creating a folder for every user in the system? If I create a single folder I would need a binary tree structure to the folder. (Has anybody done this?)
  I am concerned about the performance related to performing this search each time a user examines a user's profile.
  Can somebody direct me to an example of a search "Portlet"? All of the examples I see are of searching external information like Google, or use PRC (do not see how that would be implemented in a portlet), or use EDK (external and does not seem to be able to do this).

  You don't need one workflow per user when a filtered view can do this for you.  If the manager's list is the parent calendar, I'm assuming that he'll be at least using the person look-up column.
  Whether this feeds through the MyCalendar or stays where it is, you can use the [Me] parameter within the filter on a new view.  This will then return the assigned holiday filtering against the account that is logged in.
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• Enumerate the users that have access to a particular directory

  Hi, my name is Jennifer and I have been searching for an answer to my problem through several blogs. The problem is that I have a Directory of which I want to not only retrieve the users\groups that have access to it but also enumerate through the groups
  to list actual users. The groups part is the main issue here. If I use get-acl, I can return any number of particular Active Directory groups that have access, however, I need to list the users inside this group and get-acl will not output an object I can
  work with. I thought I could do something like this (which I may have seen on this forum before):
  get-acl "C:\NestedGroupTest" | %{$_.access} \ ft -property identityreference
  This will return the groups\users that have access. Example:
  Domain\OU
  NT Authority\system
  Builtin\users
  ETC...
  I have tried exporting this output to a file and then trying to use get-adgroupmember (which obviously will not work on the non-AD groups) but the objects are of the wrong type so basically nothing in the Active Directory module will work...
  This seems like such a simple issue but it is causing me grief to no end...please help

  I can't guarantee that this will work in all cases, but it seems to work on my test domain. Warning: it's very slow and inefficient. It requires
  this module (get the 3.0 test version), but you can modify the foreach block's code somewhat to get it to work with Get-Acl. 
  Get-Item C:\NestedGroupTest | Get-AccessControlEntry | ForEach-Object { $PropertyNames = $null }{
  if (-not $PropertyNames) {
  # We need to copy the property. This will get a list
  # of the properties on each ACE when it encounters
  # the first ACE (since the rest of this is so ineffecient,
  # we can feel good that we saved some work by doing this)
  $PropertyNames = $_ | Get-Member -MemberType Properties | select -exp Name
  # Create a new hashtable that will be used to create a PSObject
  $NewObjectProps = @{}
  foreach ($CurrentProperty in $PropertyNames) {
  $NewObjectProps.$CurrentProperty = $_.$CurrentProperty
  # Check to see if this SID belongs to an AD group
  Write-Verbose ("Current principal: {0}" -f $_.Principal)
  try {
  $Group = Get-ADGroup -Filter { SID -eq $_.SecurityIdentifier } -ErrorAction Stop
  catch {
  # Write a warning or something?
  if ($Group) {
  Write-Verbose " -> Group, so looking up members"
  $Users = $Group | Get-ADGroupMember -Recursive | select @{N="Principal"; E={$_.SID.Translate([System.Security.Principal.NTAccount])}}, @{N="SecurityIdentifier"; E={$_.SID}}
  else {
  Write-Verbose " -> Not an AD group"
  $Users = $_ | select Principal, SecurityIdentifier
  # Go through each user/non-translated group, modify two
  # hashtable properties, and create the new PSObject
  $Users | ForEach-Object {
  $NewObjectProps.SecurityIdentifier = $_.SecurityIdentifier
  $NewObjectProps.Principal = $_.Principal
  $NewObject = New-Object PSObject -Property $NewObjectProps
  # This will make the new object show the module's custom formatting:
  $NewObject.pstypenames.Insert(0, "PowerShellAccessControl.Types.AdaptedAce")
  $NewObject
  That should resemble the output that Get-AccessControlEntry would give you, but AD groups have been translated to users. If you pipe that to Export-CSV, you'd have plenty of information for each ACE, including the path, principal, security identifier, access
  mask, etc. You could also pipe that to Select-Object and just ask for certain properties (try it with these properties: Path, Principal, AccessMask, AccessMaskDisplay, AppliesTo).
  You can also use the Get-AccessControlEntry function's parameters to do some filtering on the ACEs that are returned (maybe you only want ACEs with FullControl, or ACEs that were not inherited...)
  Give it a shot and let me know if it works for you. If you need more explanation of what's going on in the foreach-object process block, let me know and I'll try to help. It can be modified to work with version 2.1 of my module, and with Get-Acl.

• Portal users who have logged in during a specified time interval ?

  Hi,
  I need to know all the users who have logged in to the portal during a specific interval of time e.g during the last 10 days. Is there any provision to write code using UME api ?
  Any help would be highly appreciated and rewarded.
  Thanks & Regards,
  Sudhir

  Hi Jaga, Thanks for your reply.
  This is what i needed.
       Vector v=new Vector();
       IUserAccountFactory uaf = UMFactory.getUserAccountFactory();
       IUserAccountSearchFilter userAccountSearchFilter=uaf.getUserAccountSearchFilter();
       userAccountSearchFilter.setLoggedInBetween(fromDate,toDate);
       ISearchResult sr = uaf.search(userAccountSearchFilter);
       while(sr.hasNext())
                       IUserAccount ua = uaf.getUserAccount((String)sr.next());
            IUser tmp = ua.getAssignedUser();
            v.add(tmp);

• PowerShell - List all users that have access to a particular SPLIstItem

  Hi there,
  In PowerShell - how to list all users that have access to a particular SPLIstItem?
  Thanks so much in advance.

  Hi frob,
  According to your description, my understanding is that you want to list all users who have access to a particular SharePoint list item via PowerShell.
  You can use the following PowerShell command:
  $web = Get-SPWeb http://sp/sites/First
  $list=$web.Lists["listV2"]
  $item=$list.Items | where {$_['ID'] -eq 1}
  $item | Select -ExpandProperty RoleAssignments |Select {$_.Member.DisplayName}, {$_.Member.LoginName}, RoleDefinitionBindings
  In the above command, you need to change the web URL to your site's URL, change “listV2” to the name of your list, and change the ‘1’ to the ID of the list item.
  The result looks like:
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Assigning View permission to all the users that have been selected in contact selector - SP 2010, InfoPath 2010

  I have a SharePoint InfoPath 2010 browser form with item level security. Only submitter
  and approvers has access to the form.  This form contains a people picker that is populated with the names of attendees
  for the meeting they attended (which
  I am able to store in Field2 below). I want to allow attendees to be able to view (grant view permission) the InfoPath form. Field 2 has the users in form of domain\user1;domain\user2; etc. Following the below step, I am getting error when I ADD or REPLACE
  permission on current item. How do I go about assigning view permission to all the users that have been selected in contact selector?
  Jitu

  Hi ,
  i understand that the text box and the people picker hold multiple user names and you want to grant user permission based on the user in the text box.
  I have a test based on your description,the results are: When there are multiple users in the text box, the workflow will throw an error'Error Occurred'.It is the same with the people picker column.
  You need to limit the peopel picker to only allow to select one user,in this way the text box will only hold one user.Then you can use the people picker or the text box to grant user permission.
  Thanks,
  Entan Ming
  Entan Ming
  TechNet Community Support

• IDM 6.0 - List users that have exclusions

  For some individuals within a role, we are excluding the Active Directory resource. So what is the easiest way to generate a list of these users that have this exclusion?

  Jim:
  You are referring to creating forms, in IdM parlance. The specific form you are referring to is called a "User Form". When you create an administrator, you can associate a particular user form with that administrator.
  The default user form is called "Tabbed User Form". The easiest way to customize a form is to copy the existing one and remove anything you do not need.
  In the v6.0 manuals, there is a deployment example in "Deployment Overview" manual. Las step for the LDAP deployment is the cutomization of some of the admin forms. That should help.
  It is pretty straightforward once you get the hang of it, but it takes some time to get there.
  Cheers,
  GB

• Users that have hit their Throttling limit

  Need to be able to get a list of users that have hit their RecipientRateLimit set in the default Throttling Policy.

  Hi,
  I have some tests in my environment. If the recipients are more than the number of recipients in a day you have set, then this message can't be sent actually, an error (such as "The message can't be sent right now" or "This message can't be
  sent") will occur when you click Send. So the send action can't be finished. Based on my knowledge, Exchange has no built-in function to get the list of users who hit their RecipientRateLimit.
  Here is a blog for your reference.
  Some mysteries of Throttling Policy: Recipient Rate Limit
  http://blogs.technet.com/b/fun_with_powershell/archive/2013/10/04/some-mysteries-of-throttling-policy-recipient-rate-limit.aspx
  Hope my clarification can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• We have two users that have been using Creative Cloud for almost a year. Recently, sometime in the last 4ish weeks, the users can no longer run Creative Cloud apps. (Yes, our subscription is paid.) Error simply says administrator access is required

  We have two users that have been using Creative Cloud for almost a year. Recently, sometime in the last 4ish weeks, the users can no longer run Creative Cloud apps. (Yes, our subscription is paid.) Error simply says administrator access is required to install. The apps have already been installed. The users cannot run them unless they are in the local admin group.Using "Run as admin" does not work. It gives the same error.
  I have opened a case with adobe support and was basically told to suck it up and put the users in the admin group. Actually, what was said was that it is "mandated that the users have administrative rights". 
  There are a couple of things wrong with this. It was working for both users until recently - a recent required creative cloud update. The users have never been local admins yet the apps were working (poorly, but working).
  We are in an enterprise environment and users simply do not have administrative rights on the computers.
  I have changed permissions on all adobe folders, granting users or authenticated users modify or full control rights, did the same in whatever Adobe registry HKLM keys I could find. Nothing has allowed the users to run the apps - unless they are put in the local admin group.
  Someone has to have a fix for this. Adobe apps have proved to have far too many vunerabilities to even entertain the idea of elevating user rights. I can't imagine that enterprise environments are allowing this.
  Any help or suggestions are greatly appreciated.

  Jeff,
  Thank you for your response. The users in question are "standard" domain users. We do not reduce users permissions below the standard level.
  The apps do not load with their current standard user permissions.
  The thing that makes this odd, is that up until recently they did this issue with cloud apps. The only way I can make it work for them now is to put them in the local administrator group on their pc's - which is not going to happen.
  This is what they now see. As I said before, this was not a problem up until recently they would see all their available apps. If I put them in the local admin group the apps are listed without having to install. Everything is there, just not accessible to the user.

• Data view web part to display the most frequently accessed pages based on the user that is logged in

  I am working on a project in which I would like to display the top 5 most accessed pieces of content as links, based on the user that is logged in. Our MOSS 2007 implementation has subsites for all regions that we do business in, as an example North, South, East, and West. When a user visits the North region homepage, I would like a web part to display:
  Hello, <username>, here is a listing of your most accessed content:
  Link to One
  Link to Two
  Link to Three
  Link to Four
  Link to Five
  So each user would get a customized list based on their content access. We are not using my sites, but these would not work as we want the list to display on the home page of the region site.
  I am thinking that a data view may work here, but I am not sure. Any help is greatly appreciated.

  If you are running MOSS you may want to take a look at the Relevant Documents web part too.
  http://office.microsoft.com/en-us/sharepointserver/HA102410251033.aspx
  The Relevant Documents Web Part helps you create a personalized view of the documents that you create, check out, and change. In a large Document Center, the Web Part can save you time and effort by making files easier to find and use. The following figure shows the Web Part:

• CM 2012 System Discovery " Only discover computers that have logged onto Domain in given period of time"

  Hello,
   CM 2012 now has a options " Only discover computers that have logged onto Domain in given period of time". Which Active directory property it looks into. is it looking into lastpwset or some other properties. Please let me know the details of
  this option, specifically what properties it looks into to find out the information.
  Thank you

  That would be the LastLogonTimeStamp Attribute for the computer account.
  http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• How to Use PowerShell to Delete FIM Users That Have a Null attribute name

  FIM Community Information Center Article
  Wiki Page:
  How to Use PowerShell to Delete FIM Users That Have a Null <attribute name>
  Go to the FIM Community Information Center
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

  Have you run side-by-side metrics on this?
  I've run the Delete Object method and your script against similar data sets and yours appears to take a fair bit longer. I'd have to re-run in identical circumstances, a few times, to really say for sure, but my initial impression is that it will take hours
  longer.
  I guess the point is somewhat moot anyway, as for me the bit that generally takes longest is the actual query, rather than the deletions.
  Boy how I wish I could just enter something into the FIM Portal directly that would blast out a bunch of users matching a query. One day...
  FIMSpecialist.com | MCTS: FIM 2010 | Now Offering
  ECMA1->ECMA2 Upgrade Services

• I am considering installing the latest version of OS X Mountain Lion but am concerned by the number of users that have had severe problems. Has Apple sorted this out?

  I am considering installing the latest version of OSX Mountain Lion but am concerned by the number of users that have had severe problems. Has Apple sorted this out?

  As I told you, you have to do some steps before upgrading to OS X Mountain Lion.
  First of all, make a backup of your files using Time Machine and/or Carbon Copy Cloner. If you make both, good, but if you only make one, it's OK, too.
  OS X Lion and OS X Mountain Lion aren't compatible with PowerPC applications, so you have to check if your applications are compatible > http://www.roaringapps.com If you have to update an application, do it before upgrading, because the Mountain Lion installer moves unsupported applications to a separate folder.
  After doing that, open Disk Utility, select "Macintosh HD" in the sidebar and repair permissions. Then, verify the disk to check if it's OK. If everything is right, just open the App Store and purchase OS X Mountain Lion

• Query: to view all users that have been created for access to a database

  Hi,
  Is there a command syntax that we could give to see all the users who have been created for access to a particular database. I want to view all the users that have been created using sql* plus.
  can anyone help or is it impossible?
  Thanks

  This is for begging:
  [email protected]> select grantee, privilege from dba_sys_privs where privilege like '%CREATE%SESSION%
  2 /
  GRANTEE PRIVILEGE
  A CREATE SESSION
  AA CREATE SESSION
  U1 CREATE SESSION
  U2 CREATE SESSION
  BD1 CREATE SESSION
  DBA CREATE SESSION
  EMI CREATE SESSION
  MOB CREATE SESSION
  ODM CREATE SESSION
  OHP CREATE SESSION
  SEC CREATE SESSION
  SYS CREATE SESSION
  TU1 CREATE SESSION
  TU2 CREATE SESSION
  U01 CREATE SESSION
  XDB CREATE SESSION
  MOBI CREATE SESSION
  OHP4 CREATE SESSION
  PFAY CREATE SESSION
  UD01 CREATE SESSION
  UR01 CREATE SESSION
  ADHOC CREATE SESSION
  BATCH CREATE SESSION
  DEBUG CREATE SESSION
  DEV01 CREATE SESSION
  HRAPP CREATE SESSION
  MDSYS CREATE SESSION
  MOBI2 CREATE SESSION
  SKING CREATE SESSION
  SPACE CREATE SESSION
  UPASS CREATE SESSION
  WKSYS CREATE SESSION
  CTXSYS CREATE SESSION
  ORDSYS CREATE SESSION
  PRAC01 CREATE SESSION
  RTABLE CREATE SESSION
  CONNECT CREATE SESSION
  Than you have to select also all the users that have granted roles with this privilege
  this will give you the full set of users who can connect
  Best Regards
  Krystian Zieja / mob

• Are there any good DVD authoring programs for Mac now that Apple has discontinued DVD Studio and iDVD? I need to make DVDs that have interactive menus and such (Final Cut X and Compressor 4's DVD option is a little cheap). Any ideas?

  Are there any good DVD authoring programs for Mac now that Apple has discontinued DVD Studio and iDVD? I need to make DVDs that have interactive menus and such (Final Cut X and Compressor 4's DVD option is a little cheap and doesn't provide any kind of professional DVD authoring). Any ideas?

  This comes up a lot these days.
  Practically speaking, there are really four options for the Mac platform: Toast (<$100),  Adobe Premier Productiom ($1,600 to buy or $50/month to rent),  find a copy of Final Cut Studio from 3rd  party (+/- $1,000 new) or a boxed edition of iLife to get iDVD ($50 - $90 on Amazon new).
  The other question everyone has is how many OS versions before iDVD or FCS breaks? No one knows, but Apple has said they're no longer supporting these legacy apps. Of course, no one is mandated to upgrade to a new OS unless they buy a new computer. So if it works on a system, stay with it as long as it makes sense.
  Good luck.
  Russ