No longer have appropriate privileges to "Active Directory" servers with Lion

Similar Messages

• SCVMM 2008 R2 - "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS)."

  I know this question has been asked before, but never for R2, that I can tell, and the posted fixes aren't working. I have just installed SCVMM 2008 R2 on a Windows Server 2008 R2 server, using a remote SQL 2008 SP1 database. When I attempt to connect to SCVMM, I get the following error:
  "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).
  Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS. For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=121054.
  ID: 2607"
  What I've seen online is that this is usually becuase the domain account SCVMM is running as does not have the proper permissions on the SQL database. Here's what I've confirmed:
  1) My SCVMM service account is a local admin on the SCVMM server
  2) My SCVMM service account is a dbowner on the SCVMM database in SQL
  3) My SQL service account is a dbowner on the SCVMM database in SQL
  4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still "doesn't have access to AD DS," which is obviously untrue)
  5) Neither service account is locked out
  Has anyone run in to this? It says in Technet that remote SQL 2008 is supported, as long as the SQL management studio is installed to the SCVMM server, and I installed and patched before I began the SCVMM installation. I just don't know what else to try - I have no errors in event logs, no issues during the installation itself...
  Andrew Topp

  That answer was very unhelpful fr33m4n. The individual mentions that they've received the error that points to the KB article. I currently receive the same error -- there seems to be no resolution. I've run the Microsoft VBS script to add TAUG to the WAAG
  as suggested by 331951, and that made absolutely no difference.
  1) My SCVMM service account is a local admin on the SCVMM server
  2) My SCVMM service account is a dbowner on the SCVMM database in SQL
  3) My SQL service account is a dbowner on the SCVMM database in SQL
  4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still
  "doesn't have access to AD DS," which is obviously untrue)
  The user is also a member of WAAG, the machines have delegated authority to each other. Is there any other solution?

• HT201269 My old iPhone (I no longer have) is still an active device on my iCloud backup list.  Is it safe to delete it?  Can I be sure everything on the cloud for that old device has been transferred?

  My old iPhone (I no longer have) is still an active device on my iCloud backup list.  Is it safe to delete it?  Can I be sure everything on the cloud for that old device has been transferred?

  The only way the backup from ilcoud has been transferred to a new apple device would be if YOU restored the new device with the mentioned backup. There is nothing 'safe' about you deleting this backup if in fact you have not restored the new device with this backup.
  Good luck Friend.

• Process flow - Active Directory integration with Enterprise Portal

  Hi
  I have seen number of documents/forum discussions on integrating Microsoft Active Directory (LDAP) with Enterprise Portal, but unable to find out the process flow for achieving the same.
  I have installed Enterprise Portal 6 (SP13) running on Web AS 640 (J2EE Standalone). The UME is currently configured to use Java database. (i.e datasourceconfiguration_database_only.xml)
  I intend to proceed as below for integrating with Active Directory and integrate with Windows authentication:
  1) Configure UME to use an LDAP Server as Data Source using Config Tool
  http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
  2) Configure Enterprise Portal UME i.e http://<host name>:50000/irj - System Administration - System Configuration - UM Configuration
  <b>Should I configure Data Sources & LDAP Server here as I have already configured these using J2EE Config tool (point no.1).</b>
  3) Integrate Windows authentication with EP using IISProxy module.
  I hope the above will enable me to logon to Portal without supplying username and password once you are logged on to the PC using your Windows user name and password.
  Also, any schema updates required to Activie Directory i.e What additional data is stored in A.D.
  I would appreciate your guidance on this.
  Thanks in advance,
  Chandu

  Hi Chandau,
  you wanted that some users are not taken into account by the User Management Engine (UME).
  This behavior can be established by specifying the
  ume.ldap.negative_user_filter property for the LDAP data sources in the data source configuration file. Using this property one can define that all users and accounts that
  match the defined conditions are filtered out by the UME API.
  A detailed documentation can be found in the SAP Online Help:
  http://help.sap.com/saphelp_nw04/helpdata/en/9a/f43541b9cc4c0de10000000a1550b0/
  content.htm
  In the following example of a data source configuration file for Microsoft Active Directory
  Server the attribute userPrincipalName is used as Logon ID of a portal user id (j_user).
  Here the user accounts that have one of the following Logon ID’s (index_service,
  notificator_service and cmadmin_service ) are filtered out.
  <dataSources>
  </dataSource>
  <dataSource id="CORP_LDAP">
  <privateSection>
  <ume.ldap.negative_user_filter>
  userPrincipalName=[index_service,notificator_service,cmadmin_service]
  </ume.ldap.negative_user_filter>
  </privateSection>
  </dataSource>
  </dataSources>

• Tutorial: Azure Active Directory integration with Igloo Software

  Click reply and tell us what you think:
  Tutorial: Azure Active Directory integration with Igloo Software
  Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

  Hello
  Can you be little clear, what you have tested with Airwatch MDM cloud?.. which scenarios?.. 
  1) Device Enrollment ?
  2) Access to Airwatch console?
  3) Access to Airwatch self service portal?
  By following the steps We do not get it working at all. by the way some of the steps in this tutorial are unclear and outdated;  
  I finally personally figured out how things should look like, and  make it work but only with Device Enrollment scenarios from the mobile devices itself. not from the pc and browsers or from the Access panel.

• Active directory Integration with OBIEE

  Hi all,
  Can any one send me a link for active directory integration with OBIEE.
  I have imported the users succesfully and I was able to login to analytics as an AD user.
  But SSO is not possible. Kindly help me over this.
  Thanks,
  Haree.

  Thanks for reply veeravalli.
  Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
  But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
  Thanks,
  Haree

• I have a 2nd gen Mac book air with Lion. The hard disk has filled up even though i keep my data , music etc on hard drive . I used disk inspector to find where problem was and it is 20GB in the hidden files under the user directory can i resolve this ?

  I have a 2nd Gen MAc book Air with Lion .  The 60GB hard disc has quickly filled up despite me keeping most of my data on a portable hard drive .  I used disk inspector to locate the problem but found that it was was in 20 GB of hidden files in my user directory .  Is this correct and is there anything i can do about it ? Using disk inspector you can not see individual hudden diretories or files. I did unhide them but there is a mass of diretories etc and so no way i could see if this is one or multiple files using the space. Library System and  Applications are at 4 3 and 3 GB respectvely.  The data I actually keep on there is 9GB    Thanks for any help

  I think the problem is Quick Time Player. I am using OS 10.6.8 by the way.
  I tried it out again.
  I had about 26 GB of space before I played an .avi video.
  After the movie started to play (it was slow to load), I got a warning message that my startup disk was full. I opened Disk Utility and it told me I had no space left (about 20 MB or something like that was left).
  I watched to the end of the movie.
  Then I quit Quicktime Player.
  And I shut down the computer.
  I turned on the computer and checked Disk Utility. I have about 26 GB of space.
  I think for some reason Quicktime Player uses up a lot of the disk space when it runs movies that are problematic. This movie I was watching did not open with vlc.
  I normally use vlc to watch movies.
  Probably it doesn't use up this much space when the movie is OK.
  I think there's a problem with this particular movie. It is about 50 MB so it's not that big a file. I watch .smi subtitles with it. The Quicktime Player automatically loads the subtitle file in this case because the subtitle file has the same name as the movie file.
  I watched about 10 movie files from the same series that I downloaded together and did not have any problem watching them. I watched them on vlc. But this latest movie had problems I think (as I repeat). It did not load on vlc even though I waited for a minute, and normally movies load instantly on vlc. 
  So I think that movie file caused problems. It made QT player use up a lot of hard disk space.
  I had better avoid watching that movie in the future. I don't want it to wreck my hard drive.
  So to sum up, everything is back to normal. I have the hard disk space that I should have. However, I am scared of damaging my hard drive due to shonky movie files that eat up all the space when they are played using QT player, and so I will not watch those files in the future, as I do not know why the files do that.

• Can Microsoft active directory integrated with Oracle Applications

  Hi,
  Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
  Manish

  Hi,
  It is possible, please refer to the following documents for details.
  Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
  Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
  Regards,
  Hussein

• Integrate other directory servers with access manager

  How to integrate other directory servers with access manager ?

  Please read the Access Manager admin guide at http://docs.sun.com/app/docs/doc/819-4670/6n6qardvq
  Any further questions regarding this integration, post them to the AM forum at http://forums.sun.com/forum.jspa?forumID=770

• My MacBook Pro, 1.83 GHz Intel Core Duo gives me an error message during Lion install. My Intel Duo Core is not an Intel Duo Core and cannot install Lion.  I already have Snow Leopard what is the problem with Lion?

  My MacBook Pro, 1.83 GHz Intel Core Duo gives me an error message during Lion install. My Intel Duo Core is not an Intel Duo Core and cannot install Lion.  I already have Snow Leopard what is the problem with Lion?

  You need a "Core 2 Duo" for lion, and I'm guessing you only have a "Core Duo"  My wife's macbook is also a "Core Duo" and has Snow Leapord, but cannot install Lion.....

• Trying to update software on my imac but saying i do not have appropriate privileges

  I am trying to update my software on my mac and it is saying that I am unable to do so because I do not have the appropriate privileges. 

  So we know more about it...
  At the Apple Icon at top left>About this Mac, then click on More Info, then click on Hardware> and report this upto but not including the Serial#...
  Hardware Overview:
  Model Name: iMac
  Model Identifier: iMac7,1
  Processor Name: Intel Core 2 Duo
  Processor Speed: 2.4 GHz
  Number Of Processors: 1
  Total Number Of Cores: 2
  L2 Cache: 4 MB
  Memory: 6 GB
  Bus Speed: 800 MHz
  Boot ROM Version: IM71.007A.B03
  SMC Version (system): 1.21f4
  Office for Mac 2011 system requirements
  Show All
  The following table lists the minimum hardware and software requirements for installing Microsoft Office for Mac 2011.
  Component
  Minimum requirement
  Processor
  Intel only
  Operating system
  Mac OS X v10.5.8 or later
  Memory
  1 GB of RAM or more
  Hard disk
  2.5 GB of available hard disk space
  Have you tried applying the big 1058 combo?
  Repair Permissions afterwords, reboot.
  1058 Combo Update, 10.5.8...
  http://support.apple.com/downloads/Mac_OS_X_10_5_8_Combo_Update

• Active Directory integration with Service Desk and Busines Partners

  We have populated the business partners in Service Desk with data from Windows Active Directory, but this was a one-time import.
  At the moment if there are any changes to Active Directory then the business partner records need to be updated manually.
  Does anybody know if anyway to integrate Active Directory with the business partner records in Service Desk?
  Thanks
  Simon

  This was also our problem.
  We have multiple user sources (an LDAP, ADS, different SAP systems). I'm not aware of any automated way of doing that.
  If you want to use issue management/service desk all the users need to also be created as SU01-users to be able to use the workcenters. The SU01-Users have also to be assigned to the appropriate business partner. There is no automation for this.
  For us this drawback was so big that we stopped using the service desk.
  Markus

• Query Active Directory + Problem with thumbnailPhoto

  Hi<o:p></o:p>
  I have a problem and I don’t know if it is my SQL Query, so here goes
  <o:p></o:p>
  I have a view on my SQL server that Queries our Active Directory. I can see that there is data in the table.<o:p></o:p>
  But when I try to use the Image in some C# code I get an error on 60% of the images with the exception header missing or corrupted.
  My view is built with this Query:
  select
  * from
  openquery
  ADSI,'SELECT sAMAccountName, mail, title, displayName, telephoneNumber, mobile, sn, givenName,  department, thumbnailPhoto
  FROM ''LDAP:[REMOVED]''
  WHERE objectCategory = ''Person''
  Do you have any idea where the problem is? The photos shows up fine in Outlook, SharePoint, lync etc. I’m pretty sure that the C# code works correctly. Hope you can help.
  Regards
  If only I had time to learn everything I wanted ...

  Hi Latheesh
  I've tried with this script:
  SELECT ISNULL(ROW_NUMBER() OVER ( ORDER BY department ), -999) 'id' ,
  CONVERT(NVARCHAR(25), givenName) AS Fornavn ,
  CONVERT (NVARCHAR(50), sn) AS Efternavn ,
  CONVERT(CHAR(5), UPPER(SUBSTRING(mail, CHARINDEX(mail, N'@'),
  CHARINDEX(N'@', mail)))) AS 'initialer' ,
  CONVERT(NVARCHAR(255), mail) AS Mail ,
  CONVERT(NVARCHAR(75), title) AS Stilling ,
  CONVERT(NVARCHAR(120), department) AS Afdeling ,
  CONVERT(NVARCHAR(13), telephoneNumber) AS Fastnet ,
  CONVERT(NVARCHAR(13), mobile) AS Mobil ,
  CASE WHEN userAccountControl = 2 THEN 'Account is Disabled'
  WHEN userAccountControl = 16 THEN 'Account Locked Out'
  WHEN userAccountControl = 17
  THEN CONVERT (VARCHAR(48), 'Entered Bad Password')
  WHEN userAccountControl = 32
  THEN CONVERT (VARCHAR(48), 'No Password is Required')
  WHEN userAccountControl = 64
  THEN CONVERT (VARCHAR(48), 'Password CANNOT Change')
  WHEN userAccountControl = 512 THEN 'Normal'
  WHEN userAccountControl = 514 THEN 'Disabled Account'
  WHEN userAccountControl = 544
  THEN 'Account Enabled - Require user to change password at first logon'
  WHEN userAccountControl = 8192
  THEN 'Server Trusted Account for Delegation'
  WHEN userAccountControl = 524288
  THEN 'Trusted Account for Delegation'
  WHEN userAccountControl = 590336
  THEN 'Enabled, User Cannot Change Password, Password Never Expires'
  WHEN userAccountControl = 65536
  THEN CONVERT (VARCHAR(48), 'Account will Never Expire')
  WHEN userAccountControl = 66048
  THEN 'Enabled and Does NOT expire Paswword'
  WHEN userAccountControl = 66050
  THEN 'Normal Account, Password will not expire and Currently Disabled'
  WHEN userAccountControl = 66064
  THEN 'Account Enabled, Password does not expire, currently Locked out'
  WHEN userAccountControl = 8388608
  THEN CONVERT (VARCHAR(48), 'Password has Expired')
  ELSE CONVERT (VARCHAR(248), userAccountControl)
  END AS 'Disabled' ,
  CONVERT(NVARCHAR(75), givenName + ' ' + sn) AS 'DisplayName' ,
  CONVERT (VARBINARY(MAX), thumbnailPhoto) AS 'Photo'
  INTO ##adTemptable
  FROM openquery
  ADSI,'SELECT sAMAccountName, mail, title, displayName, telephoneNumber, mobile, sn, givenName, department, thumbnailPhoto,userAccountControl
  FROM ''[REMOVED]''
  WHERE objectCategory = ''Person''
  WHERE department IS NOT NULL
  But i still gets the same error on MANY rows
  OLE DB provider 'ADsDSOObject' for linked server 'ADSI' returned truncated data for column '[ADsDSOObject].thumbnailPhoto'. The actual data length is 6846 and truncated data length is 4000.
  OLE DB provider 'ADsDSOObject' for linked server 'ADSI' returned truncated data for column '[ADsDSOObject].thumbnailPhoto'. The actual data length is 7006 and truncated data length is 4000.
  OLE DB provider 'ADsDSOObject' for linked server 'ADSI' returned truncated data for column '[ADsDSOObject].thumbnailPhoto'. The actual data length is 6496 and truncated data length is 4000.
  If only I had time to learn everything I wanted ...

• Automate the creation of Active Directory users with organization/address information

  On one of our Domain Controllers we regularly have to create new users with fully populated organisation/address information, as they use a server-side application which appends email signatures at the end of all of their emails created from this information.
  At the moment we have to fill this information out manually and it can sometimes cause inconsistencies if the information is not uniform or is typed incorrectly.
  Is there any way to automate this/do it in bulk?

  This is another Powershell script that can be used:
  http://www.wictorwilen.se/how-to-use-powershell-to-populate-active-directory-with-plenty-enough-users-for-sharepoint
  Note that you have two ways to do that:
  Create a new User account Provisioning script and include the Street update as part of it
  Have a daily scheduled script that will run against your users OUs and update the Street address for user accounts having it wrong or missing
  From my point of view, option 2 would be the best as it will make a Bulk update and Bulk correction if required.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Creating active directory users with dscl

  Our mac workstations (OSX 10.8) are bound to a 2008 Active Directory server.  We are attempting to use some existing dscl scripts on the mac client computer to create Active directory users.  We can successfully read and change AD attributes of an existing user with dscl, but creating new users or new attributes for an existing user gives us an error.  Here are some examples.
  SUCCESSFUL READ OF AD USER ATTRIBUTE:
  root# dscl -u administrator  "/Active Directory/CXAD/All Domains" -read /Users/jholmes SMBHomeDrive
  Password:
  SMBHomeDrive: H:
  root#
  SUCCESSFUL DELETE OF ABOVE USER ATTRIBUTE
  root# dscl -u administrator  "/Active Directory/CXAD/All Domains" -delete /Users/jholmes SMBHomeDrive
  Password:
  root#
  FAILED ATTEMPT AT RE-CREATING THE DELETED ATTRIBUTE
  root# dscl -u administrator "/Active Directory/CXAD/All Domains" -create /Users/jholmes SMBHomeDrive
  Password:
  <main> attribute status: eDSInvalidRecordType
  <dscl_cmd> DS Error: -14130 (eDSInvalidRecordType)
  root#
  The same error occurs when attempting to create a new user.  Any ideas?  Thanks in advance for any suggestions.

  In the end I could not find them; account info is ONLY stored locally in Open Directory when they have mobile accounts.
  However, I found I could migrate their user directories in Terminal via ditto ( I connected the old macs via Firewire Target mode) , and when they log in all their stuff and settings are there.
  the command is: ditto /Volumes/<old mac hard drive>/Users/<username> /Users/<username>