Org Tech Admin can add user from other org?

We are currently on a trial run with CIAC, and I am testing User Management with a Organization Tech Admin account (OTA).
To my suprise, when adding user and select "existing user", I can see every account currently on Cloud Portal, and even successfully add user from other organization to my orgnization.
Is there anyway so that OTA can see only the users in their own organization?

I've been able to remove the admin role from a site administrator with an OTA.
I know there are issues when you log with an user then logout and relog with another user, CIAC considers that you are still the previous user (I've encountered the issue several times in portlets in the nsapi requests). I don't know if/how those issues are related, but I'd say that logout/login issue were an user has the same rights than the previous users should be fixed.
Changing OTA rights will not change that particular issue.
For the moment, what we've done is create our own servlet for requests to the sql DB, and our own roles for most services.
Let's see what v4 has in store for us.

Similar Messages

  • SharePoint 2010 Central Admin to add users from AD from specific Department

    Dear All,
    I am working on SharePoint Foundation 2010. I have to add users from specific department to a particular site collection.
    Please let me know if there is a way to import users from Active Directory based on the 'Department' filed in
    SPCA.
    Thanks.

    Is that okay if I share the PowerShell code? Do you have access to Active Directory and can you query information?
    Refer this Link
    Code
    # set site collection owner for all sites...
    # 1-2012
    Add-PSSnapin Microsoft.SharePoint.PowerShell
    # $AccountList is an array of Windows Identities in the format of $AccountList = @("DOMAIN\USERID" , "DOMAIN\USERID2")
    $accountList = @(Get-ADUser -Filter {(Department -like '*Ur Needs*')})
    #$AccountList = @("LAB\Jack", "Lab\tom", "Lab\dick", "lab\harry")
    #this gets an array of objects representing the sites at the IIS level:
    $IISSites = Get-SPWebApplication
    Foreach($oneIISSite in $IISSites)
    #using .Sites, we can get a list of the site collections
    foreach ($SharepointSiteCollection in $oneIISSite.Sites)
    write-host $SharepointSiteCollection.url -ForegroundColor Cyan
    $spweb = Get-SPWeb $SharepointSiteCollection.url
    #now we have the website, so lets look at each account in our array
    foreach ($Account in $AccountList.samaccountname)
    #lets see if the user already exists
    Write-host "Looking to see if User " $account " is a member on " $SharepointSiteCollection.url -foregroundcolor Blue
    $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url -ErrorAction SilentlyContinue #This will throw an error if the user does not exist
    if ($user -eq $null)
    #if the user did NOT exist, then we will add them here.
    $SPWeb.ALLUsers.ADD($Account, "", "", "Added by AdminScript")
    $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url
    Write-host "Added user $Account to URL $SPWeb.URL" -Foregroundcolor Magenta
    else
    Write-host "user $Account was already in URL " $SPWeb.URL -Foregroundcolor DarkGreen
    if ($user.IsSiteAdmin -ne $true)
    $user.IsSiteAdmin = $true
    $user.Update()
    Write-host "$account has been made an admin on $SPWeb.URL" -Foregroundcolor Magenta
    else
    Write-host "$account was already an admin on $SPWeb.URL" -Foregroundcolor DarkGreen
    $SharePointSiteCollection.Dispose()
    Note:
    First uncomment the second $accountlist add the user manually to test
    If you have AD module installed in your SP server you can use
    $accountList = @(Get-ADUser -Filter {(Department -like '*Ur Needs*')})
    Regards Chen V [MCTS SharePoint 2010]

  • Group Admin can add user to group but can't update user account in SAM SDK

    Hi
    I have created a user X and Group Y, and I have assigned the created Group Y Admin Role to user X and made user X a member of Group Y.
    Now User X can create users but can't see them when doing a search.
    Also if using the SDK this user attempt to add a user he created as a member of Group Y the LDAP return an error that user X dosen't have enough permissions to update the membership attribute of the new user account that he created.
    Funny enough looking in the LDAP, the user is actually added as a member of the Group.
    So the Group was updated correctly but the suer account is not.
    Does anybody now a fix for this issue or is it fixed in any patches to SAM 7.1

    Hi,
    Did the issue happen only for you or for multiple users?
    Please login on other well worked Lync client from other computer with your Lync account to test the issue.
    Please also use another well worked Lync account login your Lync client and test the issue.
    You can disable your Lync account from Lync Server Control Panel and clear all SIP related information from AD, then re-enable your Lync account from Lync Server Control Panel to have a try.
    Here is a similar case may help you:
    http://social.technet.microsoft.com/Forums/lync/en-US/09032674-3927-4898-8f93-f3e6f3eab540/lync-2013-cannot-add-remove-or-move-contacts-or-groups-at-this-time?forum=lyncprofile
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Add users from several Active Directories in SAP BPC

    Hello everybody,
    Does anybody know if you can add users from several Active Directories in SAP BPC??
    In affirmative case, how can you add several Active Directories in SAP BPC??
    Thank you very much.
    Best regards,
    Fernando

    Hi,
    We almost have same issue to add users from several Active Directories.
    BPC server is in Domain A. We perform to add users from Domain B. Our trusted relation between AD is Domain B approve Domain A (unidirectional).
    We cannot get one user which is able to browse both AD. So we install BPC with a user which has rights to browse Domain A  and we use another user in COM+ component (OsoftUSerManage) which has right to browse Domain B.
    But it is not working : we encounter an issue (access denied) in web administration by adding users from Domain B.
    Any idea ?
    Env. : BPC 5.1 SP6

  • LDAP authentication in AD (users from other trusted domain)

    Hi
    I have two domain: my - DOMAINA.LOCAL and other trusted - DOMAINB.LOCAL
    I use LDAP authentication in AD for authentication users (AnyConnect).
    Now, I need to authenticate few users from other trusted domain (DOMAINB.LOCAL).
    I do not want direct connect with the domain contoller in the trusted domain.
    My domain controller (DOMAINA.LOCAL), can authenticate users from other trusted domain (if I use username "DOMAINB\userindomainb"), if I try to connect by RDP client to some server (for example, to my domain controller).
    But if I try to test aaa-server authentication from ASA
    I get error.
    I think, I must use username like "DOMAINB\userindomainb" but this not work.
    Help me please.
    Thanks!
    My config:
    aaa-server ADA protocol ldap
    aaa-server ADA (inside) host 10.0.0.1
     ldap-base-dn dc=domaina, dc=local
     ldap-scope subtree
     ldap-naming-attribute sAMAccountName
     ldap-login-password *****
     ldap-login-dn cn=Cisco ASA, ou=ServiceAccounts, ou=Services, dc=domaina, dc=local
     server-type microsoft

    Hello!
    I see in console (debug LDAP):
    Request for [email protected] returned code (10) Referral
    Does ASA support authentication via LDAP referrals?
    I read old thread:
    https://supportforums.cisco.com/discussion/11132591/cisco-asa-and-ldap-authentification
    And see: CSCsj32153  Symptom:the ASA/PIX doesn't currently support LDAP Referall searches. 
    But I use:
    Cisco Adaptive Security Appliance Software Version 9.2(3)
    Device Manager Version 7.3(3)
    Compiled on Mon 15-Dec-14 05:10 PST by builders
    System image file is "disk0:/asa923-smp-k8.bin"
    Thanks!

  • Not possible to add individuals from other sales orgs into activities

    We are completing the upgrade of our web ic from version 4.0 sp 6 to crm 2007 sp4.  In our 4.0 system usesr were able to create activities and add employees from other business units without issue.  Since our upgrade to 2007 we now have the issue that if a user working in one specific sales org wants to add an employee of another sales org as an attendee or as a towards awareness in our activities within the web ic the system complains.  It stops the user from adding the employee stating that the BP number in question is not valid for this sales org.  No furtherinformation is available.  How can we switch this off? 
    Just to be clear neither our org sturcture nor our org determination proceedures have changed within our transactions used within the web ic's have changed during the upgrade.
    Thanks in advance
    Eddie

    Hi eddie,
    This mioght be an authorization issue, check for the authorization of the role you are using
    thanks regards
    Raj

  • Can retrieve users from some sub OUs and from other sub OUs cann't

    hi,
    I am using Windows 2003 Active Directory Server and Jndi to access that in my application. I am using follwing code to retrieve all Users from a aprticular OU.
    ctx = new InitialDirContext(environment);
    SearchControls ctls = new SearchControls();
    ctls.setSearchScope(2);
    String attrs[] = {
    "sn", "givenName", "userPrincipalName"
    ctls.setReturningAttributes(attrs);
    String filter = "(&(objectClass=*))";
    String serachCriteria[] = {"User Container", "Admin Leads,OU=Administration,OU=User Container"};
    for(int i = 0; i < serachCriteria.length; i++)
    StringBuffer searchString = new StringBuffer("OU=");
    searchString.append(serachCriteria);
    searchString.append(",DC=india,DC=mycompany,DC=com");
    for(NamingEnumeration answer = ctx.search(searchString.toString(), filter, ctls); answer.hasMoreElements();)
    SearchResult searchResult = (SearchResult)answer.next();
    ....................and so on
    as can be observed in the bold text above, I have to specify the path of sub OU to retrieve users under that. Whereas apart from this sub OU, it is retrieving users from others sub OUs. The problem is, the code can access users from some OUs but not from other sub OUs
    Can anybody help?
    regards,
    Zaid

    Active Directory has a very rich access control model.
    Perhaps it may not have occurred to you, that you do not have list access rights to the child3 & child9 organizational units ?
    You may have access rights to all the leaf objects contained in child3 & child9, which explains why you can retrieve all the leaf objects when you explicitly bind to them, however you may not have list access rights to child3 & child9 which explains why you can't bind to it when iterating through parent1.
    What happens if you simply perform a one level search on parent1, using a filter (objectClass=organizationalUnit) ?
    If it doesn't retrieve child3 & child9, then perhaps you do not have list access rights for those two ou's.

  • I am logged on to a wifi and can see files from other users on this network.  Can they see my files as well?

    I am logged on to a wifi and can see files from other users on this network.  Can they see my files as well?

    Yes and no. It depends on your settings.
    Go into "System Preference" and click on "Sharing"
    If you have services checked such as "File Sharing" then others can see your computer on the network. But you really don't need to worry because others would need your username and password to have access to your files.
    What you see are just computers annousing themselfs on the network. To have access to said computers, Username and Passwords are required.
    Hope this helps

  • Unable to open templates from server input form folder and server root folder from some system while the same can be open from others system

    Hi,
    I am unable to open input scheduled from server root folder and also from input form folder on some system while they can be open from others system.
    Please advice.
    Thanks in advance

    Hi Hengye,
    While opening , it dont give any error. When I try to open it , it takes some time to load then nothing happen.However I can open it on other system but not on mine my collegue and user system.
    Please advice.
    Thanks.

  • I have an iphone 4s.  I have a mac computer and a pc.  Most of my itunes library is on my pc, but when I try to add music to my phone from my library on the pc, it won't let me do it.  I CAN add music from my library that is on my mac, same account.

    I have an iphone 4s.  I have a mac computer and a pc.  Most of my itunes library is on my pc, but when I try to add music to my phone from my library on the pc, it won't let me do it.  I CAN add music from my library that is on my mac, same account.  My husband has the same problem with his iphone 4, but only uses pc.

    My husband and I are using the same iTunes account on all mac & pc computers, but the libraries are different on each machine.  We always manually manage our music (no auto sync).  iTunes is up to date on the PCs.  My husband uses our joint iTunes account on his pc, but once again, has a different collection in his library from those on the other machines.  He can't load any music from his PC to his iphone 4.  I can load music from my mac library to my iphone 4s, but cannot load from my pc library to my iphone 4s.  How can I switch my main library that it syncs with from the mac to the pc?
    Thanks

  • Is there a way i can add music from my iphone to itunes without paying

    is there a way i can add music from my iphone to itunes without paying

    If the content was purchased via iTunes, either redownload it via iTunes on the computer or transfer purchases from the device tot he computer.  With the device connected, select File > Transfer Purchases.
    If the content was not purchased via iTunes, copy it from the computer that it was originally synced to the device to the new computer.

  • C# Code that can add user directly to the AD through custom share Point form

    Hi
    Here is my requirement. Can anyone resolve??? 
    Trying to build a Visual web Part in which system administrator can add user directly to the AD through custom share Point form.
    Please help in doing this...

    Hi
    Use DirectoryEntries.Add Method
    https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx
    Or
    www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
    Or.
    www.morgantechspace.com/2013/10/create-new-active-directory-user-in-c.html?m=1
    Regards, Rajendra Singh If a post answers your question, please click Mark As Answer on that ost and Vote as Helpful http://sharepointundefind.wordpress.com/

  • How i can add music from my computer to my i5c

    how i can add music from my computer to my i5c

    Use iTunes on your computer to sync music to your iPhone.
    See: http://support.apple.com/kb/ht1386

  • Migrating users from other partitions

    I'm dealing with "Epic Stupid" in how Apple handles something in 10.4.
    My hard drive developed a few bad blocks. It's becoming unusable because apparently those bad blocks are directly under certain key files, because it's hard to do much without getting "stun locked" by the gorram beach ball.
    Anyway, my disk has a second partition on it which was unused. I went ahead and formatted that partition, wrote the partition with zeros (which I hope had the effect of flagging all bad blocks), and installed OS X 10.4.10 from the DVD's.
    Naturally the system comes up and treats me like I'm a completely new user of MacOS. It allows me to import users from other partitions -- but here's the problem. It wants to migrate the users, which would be great for preserving disk permissions - but then it wants to COPY ALL THEIR DATA. That's ridiculous. Their data is already on the other partition. I want to copy the identities but not all their data.
    How am I supposed to do that? Import the user identities and tie it back to the UID that's on the other partition so <user X> can access <user X>'s data?
    By the way, other than that, putting the boot OS on the new partition is working great. No beach balls unless I touch the other partition.

    Yeah I know Virtually all of my data is copied off already. I say "virtually" because the backup was piecemeal, and I'm
    a) not 100% sure I got everything and
    b) not looking forward to hand-reassembling my entire environment from scratch. I.E. I don't relish reloading all my songs into iTunes and resetting play counts to zero, having it forget which podcasts I've listened to, etc. etc.
    I would prefer if possible to get one "coherent" backup and it appears the problem partition is no longer reliably bootable.

  • I cannot send email - error message as follows : 'The sender address (my email address) was rejected by the server smtp.tiscali.co.uk.' I can send email from other apple devices, and the email settings are identical. Any ideas?

    For some reason I cannot send email - all was working fine, but now I get the following error message when I try to send email:
    'The sender address (my email address) was rejected by the server smtp.tiscali.co.uk'
    I can receive incoming mail ok and I can send email from other Apple devices. The problem seems confined to my Mac Book Pro.
    Ant ideas?

    Hello there, Pablo639.
    The following Knowledge Base article offers up some great steps for troubleshooting mail issues on your Mac:
    OS X Mail: Troubleshooting sending and receiving email messages
    http://support.apple.com/kb/TS3276
    Thanks for reaching out to Apple Support Communities.
    Cheers,
    Pedro.

Maybe you are looking for