OIM-OID! provisioning users to OID groups-QUICK HELP NEEDED

Similar Messages

• Provisioning users to AD groups in OIM 11gR2

  I could use some advice on how to resolve this issue I am having.
  Using the Active Directory connector (11.1.1.5) in our OIM 11gR2 development environment I can successfully provision OIM users to our AD resource. I have successfully run the org and group lookup recons, and provisioned users do go into the correction ou in AD.
  However when I select which groups a user should be a member of in the ADUSERC child form (via the lookup), the user is not provisioned with the correct group membership in AD.
  A separate issue is how to map the objectClass in AD in the ProvAttrMap; could anyone point me in the direction of how to go about that?
  Thanks

  The ObjectClass should be configured in this lookup Lookup.Configuration.ActiveDirectory
  Check below
  http://docs.oracle.com/cd/E22999_01/doc.111/e20347/extnd_func.htm#sthref221
  4.6 Configuring the Connector for User-Defined Object Classes

• Active Directory Group Cleanup - Help Needed

  Hi All,
  I need to clean up our Active Directory and the first stage of this is to remove any unused groups. I have been trying to work out what these are using powershell. Can anyone please provide me with a simple powershell script that will identify any AD groups
  that have no members in them? 
  Many thanks
  James

  Greetings!
  Try this:
  import-module activedirectory
  Get-ADGroup –Filter * -Properties Members | where { $_.Members.Count –eq 0 }
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or
  to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?
  Adding in: Watch out for users having customized groups (e.g groups other than Domain Users and Domain Admins) as their primary group, they will not be reflected in the member attribute and hence not be reflected in the above count, I know it's a rare case,
  but could be good to know.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• User Creation in EP 7 - Help Needed.

  Hi Guys,
  We have installed an EP 7, I would like create users in EP 7 Database. My Data Source configuration file dataSourceConfiguration_abap.xml. I have installed a WAS 6.40 JAVA + ABAP
  This means I have to create the user in ABAP, I would like to know how I can create a User in EP 7 Only and not in ABAP System, I have seen other posts where they mention that you have to create the User in ABAP First, is there a way where I can create users in EP 7 so that they remain in the EP System only.
  Please do let me know.
  Thanks,
  John.
  Message was edited by: John Bray

  Hi John,
  See my last answer in this thread: Changing DataSource Configuration using ConfigTool - Help Needed.
  The xml I have referred to probably doesn't exist on EP7 any more?! Anyhow, the change from your to another xml isn't supported in general. Check out the corresponding notes.
  Hope it helps
  Detlev

• Quick help needed on reversing the Journals

  Hi Gurus
  While importing the data from the GL_INTERFACE the REFERENCE_21 …. REFERENCE _30 are moved to REFERENCE_1 through REFERENCE_10 in the GL_JE_LINES table and the GL_IMPORT_REFERENCES table..
  When reversing a posted entry all the 10 reference fields(REFERENCE_1 through REFERENCE_10) are not copied into the new reversed GL line. Only REFERENCE _2, REFERENCE _3 and REFERENCE _5 are copied in GL_JE_LINES table.
  Is there any setup, which allows the JE reversal to populate all the reference fields in the reversed line in GL_JE_LINES table?
  Any quick help is appreciated.
  Thanks
  Isaac

  Hi all,
  I could able to get the solution for this problem.
  Oracle provides Patch 5136186 to resolve this issue in 11.5.9 and 11.5.10.
  Thanks
  Isaac

• Provision User to AD Group

  Hi,
  I have a senario where a User "U", Organizaton "O" and Group "G".
  In AD, "G" is part of "O" i.e "O" is the organizational Unit and "G" is the group defined in the organizational unit.
  When user "U" is assigned to Group "G", OIM should add the user to Group "G" in AD under organization "O".
  Is their any OOTB by which I can achieve this functionality? If not please suggest a suitable solution.
  Thanking you in advance for your response.

  If you are using access policies, and the O value is also used for a group membership rule, you could add the child table entry for G to the access policy and the user would automatically get this value. You can also have a task that runs after user creation on the AD User process definition that has logic to say if O=XYZ, then using the addProcessFormChildData, insert the G=XYZ intot he child table. You can also have a task that runs on "Organization Updated" that recalculates the log, and removes the old and adds the new.
  All this stuff is possible with the APIs.
  -Kevin

• Deploying Files with Group Policy - Help Needed

  Hi,
  I am trying to use group policy to deploy files and folders to our server estate. The policy I have created first creates a folder on each server's C drive and then coppies a set of files to this folder from a network share. The folder creation works fine
  but the files copy fails. In the Application logs on the servers it displays the following error:
  The computer 'ILMT' preference item in the 'GPO - Servers_Production_ALL {CC026B58-FA3B-4399-AA00-AE8E844B2B47}' Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
  Can anyone advise what exactly does not have access here? I don't know what I need to enable to get this to work.
  Can anyone help?
  Many thanks
  James

  The copy is on a file server share. presumably if I just give everybody read access to the share that would suffice?
  No it won't.
  "Sharing" requires several actions:
  a) create the folder
  b) share the folder
  c) grant NTFS permissions on the folder
  I think you've neglected action (c).
  For your scenario, you need to grant the "server computers" read permissions to the folder.
  You can add individual computer accounts, or a group, or "domain computers".
  (In a similar way, you could grant access to a user, a group, or "domain users")
  [if you need everybody (users) *AND* everything (computers), you could grant permissions to "authenticated users" since that principal includes *BOTH* users and also computers]
  Note that "domain computers" and "authenticated users" include all types of domain member computers, i.e. servers, workstations, etc.
  Also, note that granting a "computer account" access to a folder or share, does *NOT* mean that a user account on that computer can access the remote share, i.e. permission is granted to the computer account, and a logged-in user account on
  that computer does not inherit any kind of access to the remote share by virtue of being logged in.
  This means that the computer can access the share but the user cannot access the share. Because the computer account is an identity/principal of it's own accord.
  [None of which really has anything to do with Group Policy at all - it's how Windows does file sharing and ACLs... ;)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Quick help needed (putting text on a .mov)

  OK, I have never used this program before and I am looking for a quick solution:
  After importing a film in .mov format the text looks fuzzy and awful. The text is simply white on a black background. The whole film has been imported and shows up as one clip.
  Can I make a still picture in Photoshop with the text and put it on top of the part with the fuzzy text in iMovie? How would I go about that? Is there another way to put clean looking text over the old fuzzy one?
  Thanks in advance for any help!

  If the text track was created using QuickTime Pro and then converted to "video" the results will vary greatly and the quality will never be the same as the QuickTime version.
  QuickTime text tracks are vector graphics (scale without distortion) and they look clear, clean and crisp.
  But when you "convert" them to "video" they not only lose the vector graphics but get rendered with some ugly results.
  Many QuickTime users are not aware that text tracks can even be converted to "video" format.
  I started with a Karaoke style QuickTime file with MIDI instruments:
  http://homepage.mac.com/kkirkster/.Public/blackbird_text.qtl
  Then I converted it to "video" and added a varying color background to show the quality degradation:
  http://homepage.mac.com/kkirkster/.Public/blackbird.qtl
  The MIDI audio was also converted to AAC audio which balloons the file size from 9 KB's to nearly 4 MB's.
  Basic results?
  Don't convert text to video.
  Add text tracks after export from iMovie using QuickTime Pro if the files will be viewed on a computer or served from the Web:
  http://homepage.mac.com/kkirkster/Lemon_Trees/
  As an example.

• We have recently upgraded to 7.0.1. - Quick help needed

  We have recently upgraded to 7.0.1.
  We have a problem after upgradation.
  Issue is : When user clicks on the portal favourites, his left side navigation is disappearing.
  Can someone suggest me the solution.
  Appreciate quick response.

  Hi,
  Please check SAP Note: 1402146
  Regrads
  Deb

• Some quick help needed with certificates and split brain dns.

  I run exch 2010 and have one cas server(srv03).  I have split brain dns configured and working in my system.  I got a new certificate this year because of the new regulations that won't allow .internal names in the san portion of an ssl cert.
   I have followed several tids on the internet and still when I tried to implement it today the outlook clients started getting a popup that says [the name on the certificate is invalid or does not match the name of the site]  At the top of this popup
  is srv03.abccorp.internal which is what it was before.
  The certificate is for mail.abccorp.com and also includes autodiscover.abccorp.com and srv03.abccorp.com.  
  When I run [Get-clientAccessServer | fl Name,AutoDiscoverServiceInternalUri] the name and the Url is correct and has the .com value.
  When I run the test email autoconfiguration from my Outlook icon, and look at the log, Autodiscover URL found through SCP, is correct and it says Succeeded at the end.  In the results tab however the Server, Availability Service, OOF URL are still showing
  the .internal instead of .com.  The Internal OWA, External OWA and the OAB are correctly displaying the .com.  What commands do I need to run to change these as they seem to be the problem.
  I wasted a lot of time chasing the autodiscover before I found out about this test in outlook and realized the autodiscover url was correct. :-)
  I have two days left on my old cert that has both .com and .internal SANs so I rolled that back into service so the users stop getting messages.  Any help would be appreciated.

  Hi OTS,
  You can run the following command to Change the InternalUrl attribute of the EWS:
  Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.abccorp.com/ews/exchange.asmx
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Niko Cheng
  TechNet Community Support

• Query using Group by - help needed

  I am having a query as follows:
  select id_nbr, stop_nbr, street || city || state, count(sub_stop_nbr)
  from details where created_date = ' 22-Jul-08';
  As group by clause is missing it is giving errors.
  But when I add group by to this query, I have to add all selected values.
  How can I add the concatenatd values here.
  Is there any other way rather than writing as :
  (select id_nbr, stop_nbr, street || city || state, count(sub_stop_nbr)
  from details where created_date = ' 22-Jul-08'
  group by id_nbr, stop_nbr, street || city || state)

  so where is the problem in writing:
  select id_nbr, stop_nbr, street || city || state, count(sub_stop_nbr)
  from details
  where created_date = ' 22-Jul-08'
  group by id_nbr, stop_nbr, street || city || state
  ????

• Demoting a DC and Group policy, help needed.

  Hi all,
  so we have 3 domain controllers, lets say dc1,dc2 and dc3. We have the 3rd line assistance from another company, they have advised the following.... 
  SO the stages will be
  1) Can you please go through all the GPO's in DC3 and consolidate what you need and what you do not need, you need to extensively cross reference this with DC1 and DC2, this is something you have to do. As I will not know what you need and what you do
  not. You can do this by logging into each domain controller and opening up the settings of each GPO and cross referencing.
  2) Once the above is done, we will consolidate the GPO's to a central repository in your domain
  3) Backup Sysvol directory and Netlogon folder in DC3
  3) Proceed to dcpromo DC3 out of the domain
  4) Test connectivity if clients to the AD
  5) Add the additional Server options
  6) All of the above can be done during office hours.
  it was my understanding (perhaps wrongly) that the group policies were not on the individual Domain Controllers but in Sysvol and as such replicated anyway?
  any advice would be very much appreciated.

  > I am being told that our Group policies are different across different
  > Domain Controllers and to my knowledge that's impossible as we have
  > discussed it should be in the replicated Sysvol.
  Ok, that's a common problem. Fix it and you will be fine:
  http//support.microsoft.com/kb/2218556 (for DFS-R Replication of Sysvol)
  http://support.microsoft.com/kb/315457 (for NTFRS replication)
  > I'm a bit lost on the central repository aspect but prior to saying it
  > makes no sense I just wanted to check my understanding, especially with
  > an MVP!
  I agree. Talking of a "central repository" fro group policy doesn't make
  sense, because group policy from the very beginning lives in AD and
  sysvol, which both are kind of "central repository". Seems they don't
  really know what they're talking about :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Function Group - CUOV; Help needed

  Hi All,
  I am designing a Function module which will be used by a Variant function (LO-Variant configuration). The function Group CUOV has the list of standard function modules. But I am not bale to create successful test data for any of them. I had asked SAP to help me with the function Module documentation, but they said no since the function modules are not RELEASED.
  Now, If, any of you have worked with these function modules, please share your code/ideas.
  ~ Guru

  I think you'll have better luck with this question in the Discoverer forum.
  Discoverer

• Advanced Group Sorting Help Needed

  In a previous thread,I was able to great two levels of hierarchy:
  1) Group by Case Worker
     2) All clients that pertained to their caseload (assigned client)
  The initial problem was, it was pulling duplicate records because each client had multiple instances of treatment plans, but I was more concerned about the most recent begin date. within Section Expert > Details, I use the following formula
  {AZCLPLAN.BEG_DATE} <> maximum ({AZCLPLAN.BEG_DATE}, {CDCLIENT.CASE_NUM})
  This successfully pulled the most recent treatment plan for the client record, ignoring all previous records. However, the case worker wants to see their caseload sorted by which treatment plans are ending first (AZCPLAN.END_DATE). When I add a new group END_DATE, move it up the hierarchy for sorting, it breaks my duplicate record sort rule.
  In laymen terms, after the report strips the duplicates only showing the most recent records, I want to do a sort by dates thereafter. how is this possible?

  I tried adding Record Sort Expert. By default the two hierarchy groups are locked at the top tiers. The 3rd item is solely the record file: ..END_DATE set to ascending.
  Under the Caseworker Group (highest tier) , next group in line is CASE_NUM. therefore, once a group is in place, it trumps anything below it (currently sorted by chart/case number). I tried changing the Group Expert > CASE_NUM to "original order" , but no luck.

• Quick help needed

  I am running the following sql
  SELECT OWNER,TABLE_NAME,INDEX_NAME FROM DBA_INDEXES WHERE OWNER NOT IN ('OSDBA','SYS','SYSTEM','OUTLN','TSMSYS','DBSNMP','SYSMAN') ORDER BY 1,2,3
  The output is as follows.
  ROOT TIMESHEET_REJECT_HISTORY TIMESHEET_REJECT_HISTORY_PK
  ROOT USER_ACCOUNT PK_USER_ACCOUNT
  ROOT USER_CARD PK_USER_CARD
  ROOT USER_COMPANY PK_USER_COMPANY
  ROOT USER_DEFAULT_VIEWS PK_USER_DEFAULT_VIEWS
  ROOT USER_PREFERENCES USER_PREFERENCES_PK
  ROOT USER_TRACKING USER_TRACKING_PK
  ROOT VACATION PK_VACATION
  ROOT VIEWS_LIST PK_VIEWS_LIST
  ROOT VIEWS_LIST SYS_IL0000015078C00005$$
  ROOT VIEW_COLUMN_MAPPINGS PK_VIEW_COLUMN_MAPPINGS
  I need output as
  ROOT RESUMES_TRASH_180407 SYS_IL0000015017C00048$$
  SYS_IL0000015017C00049$$
  SYS_IL0000015017C00056$$
  RESUME_ADDITIONAL_RESUMES RESUME_ADDITIONAL_RESUMES
  SYS_IL0000015026C00010$$
  RESUME_ADDITIONAL_SKILLS PK_RESUME_ADDITIONAL_SKILLS
  RESUME_EXPERIENCE PK_RESUME_EXPERIENCE
  SYS_IL0000015032C00004$$
  SYS_IL0000015032C00005$$
  RESUME_INDUSTRY PK_RESUME_INDUSTRY
  SYS_IL0000015038C00007$$
  I want to get in sqlplus
  - at user break and table break the name to be displayed.
  Do i need to write plsql for this ?

  Like..
  SQL> select decode(row_number() over(partition by deptno order by job,ename),1,deptno) deptno,
    2      decode(row_number() over(partition by deptno,job order by ename),1,job) job,
    3     ename
    4  from emp;
      DEPTNO JOB       ENAME
          10 CLERK     MILLER
             MANAGER   CLARK
             PRESIDENT KING
          20 ANALYST   FORD
                       SCOTT
             CLERK     ADAMS
                       SMITH
             MANAGER   JONES
          30 CLERK     JAMES
             MANAGER   BLAKE
             SALESMAN  ALLEN
                       MARTIN
                       TURNER
                       WARD
  14 rows selected.
  In sqlplus u can ise break command