Org Tech Admin can add user from other org?
We are currently on a trial run with CIAC, and I am testing User Management with a Organization Tech Admin account (OTA).
To my suprise, when adding user and select "existing user", I can see every account currently on Cloud Portal, and even successfully add user from other organization to my orgnization.
Is there anyway so that OTA can see only the users in their own organization?
I've been able to remove the admin role from a site administrator with an OTA.
I know there are issues when you log with an user then logout and relog with another user, CIAC considers that you are still the previous user (I've encountered the issue several times in portlets in the nsapi requests). I don't know if/how those issues are related, but I'd say that logout/login issue were an user has the same rights than the previous users should be fixed.
Changing OTA rights will not change that particular issue.
For the moment, what we've done is create our own servlet for requests to the sql DB, and our own roles for most services.
Let's see what v4 has in store for us.
Similar Messages
-
SharePoint 2010 Central Admin to add users from AD from specific Department
Dear All,
I am working on SharePoint Foundation 2010. I have to add users from specific department to a particular site collection.
Please let me know if there is a way to import users from Active Directory based on the 'Department' filed in
SPCA.
Thanks.Is that okay if I share the PowerShell code? Do you have access to Active Directory and can you query information?
Refer this Link
Code
# set site collection owner for all sites...
# 1-2012
Add-PSSnapin Microsoft.SharePoint.PowerShell
# $AccountList is an array of Windows Identities in the format of $AccountList = @("DOMAIN\USERID" , "DOMAIN\USERID2")
$accountList = @(Get-ADUser -Filter {(Department -like '*Ur Needs*')})
#$AccountList = @("LAB\Jack", "Lab\tom", "Lab\dick", "lab\harry")
#this gets an array of objects representing the sites at the IIS level:
$IISSites = Get-SPWebApplication
Foreach($oneIISSite in $IISSites)
#using .Sites, we can get a list of the site collections
foreach ($SharepointSiteCollection in $oneIISSite.Sites)
write-host $SharepointSiteCollection.url -ForegroundColor Cyan
$spweb = Get-SPWeb $SharepointSiteCollection.url
#now we have the website, so lets look at each account in our array
foreach ($Account in $AccountList.samaccountname)
#lets see if the user already exists
Write-host "Looking to see if User " $account " is a member on " $SharepointSiteCollection.url -foregroundcolor Blue
$user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url -ErrorAction SilentlyContinue #This will throw an error if the user does not exist
if ($user -eq $null)
#if the user did NOT exist, then we will add them here.
$SPWeb.ALLUsers.ADD($Account, "", "", "Added by AdminScript")
$user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url
Write-host "Added user $Account to URL $SPWeb.URL" -Foregroundcolor Magenta
else
Write-host "user $Account was already in URL " $SPWeb.URL -Foregroundcolor DarkGreen
if ($user.IsSiteAdmin -ne $true)
$user.IsSiteAdmin = $true
$user.Update()
Write-host "$account has been made an admin on $SPWeb.URL" -Foregroundcolor Magenta
else
Write-host "$account was already an admin on $SPWeb.URL" -Foregroundcolor DarkGreen
$SharePointSiteCollection.Dispose()
Note:
First uncomment the second $accountlist add the user manually to test
If you have AD module installed in your SP server you can use
$accountList = @(Get-ADUser -Filter {(Department -like '*Ur Needs*')})
Regards Chen V [MCTS SharePoint 2010] -
Group Admin can add user to group but can't update user account in SAM SDK
Hi
I have created a user X and Group Y, and I have assigned the created Group Y Admin Role to user X and made user X a member of Group Y.
Now User X can create users but can't see them when doing a search.
Also if using the SDK this user attempt to add a user he created as a member of Group Y the LDAP return an error that user X dosen't have enough permissions to update the membership attribute of the new user account that he created.
Funny enough looking in the LDAP, the user is actually added as a member of the Group.
So the Group was updated correctly but the suer account is not.
Does anybody now a fix for this issue or is it fixed in any patches to SAM 7.1Hi,
Did the issue happen only for you or for multiple users?
Please login on other well worked Lync client from other computer with your Lync account to test the issue.
Please also use another well worked Lync account login your Lync client and test the issue.
You can disable your Lync account from Lync Server Control Panel and clear all SIP related information from AD, then re-enable your Lync account from Lync Server Control Panel to have a try.
Here is a similar case may help you:
http://social.technet.microsoft.com/Forums/lync/en-US/09032674-3927-4898-8f93-f3e6f3eab540/lync-2013-cannot-add-remove-or-move-contacts-or-groups-at-this-time?forum=lyncprofile
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Add users from several Active Directories in SAP BPC
Hello everybody,
Does anybody know if you can add users from several Active Directories in SAP BPC??
In affirmative case, how can you add several Active Directories in SAP BPC??
Thank you very much.
Best regards,
FernandoHi,
We almost have same issue to add users from several Active Directories.
BPC server is in Domain A. We perform to add users from Domain B. Our trusted relation between AD is Domain B approve Domain A (unidirectional).
We cannot get one user which is able to browse both AD. So we install BPC with a user which has rights to browse Domain A and we use another user in COM+ component (OsoftUSerManage) which has right to browse Domain B.
But it is not working : we encounter an issue (access denied) in web administration by adding users from Domain B.
Any idea ?
Env. : BPC 5.1 SP6 -
LDAP authentication in AD (users from other trusted domain)
Hi
I have two domain: my - DOMAINA.LOCAL and other trusted - DOMAINB.LOCAL
I use LDAP authentication in AD for authentication users (AnyConnect).
Now, I need to authenticate few users from other trusted domain (DOMAINB.LOCAL).
I do not want direct connect with the domain contoller in the trusted domain.
My domain controller (DOMAINA.LOCAL), can authenticate users from other trusted domain (if I use username "DOMAINB\userindomainb"), if I try to connect by RDP client to some server (for example, to my domain controller).
But if I try to test aaa-server authentication from ASA
I get error.
I think, I must use username like "DOMAINB\userindomainb" but this not work.
Help me please.
Thanks!
My config:
aaa-server ADA protocol ldap
aaa-server ADA (inside) host 10.0.0.1
ldap-base-dn dc=domaina, dc=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn cn=Cisco ASA, ou=ServiceAccounts, ou=Services, dc=domaina, dc=local
server-type microsoftHello!
I see in console (debug LDAP):
Request for [email protected] returned code (10) Referral
Does ASA support authentication via LDAP referrals?
I read old thread:
https://supportforums.cisco.com/discussion/11132591/cisco-asa-and-ldap-authentification
And see: CSCsj32153 Symptom:the ASA/PIX doesn't currently support LDAP Referall searches.
But I use:
Cisco Adaptive Security Appliance Software Version 9.2(3)
Device Manager Version 7.3(3)
Compiled on Mon 15-Dec-14 05:10 PST by builders
System image file is "disk0:/asa923-smp-k8.bin"
Thanks! -
Not possible to add individuals from other sales orgs into activities
We are completing the upgrade of our web ic from version 4.0 sp 6 to crm 2007 sp4. In our 4.0 system usesr were able to create activities and add employees from other business units without issue. Since our upgrade to 2007 we now have the issue that if a user working in one specific sales org wants to add an employee of another sales org as an attendee or as a towards awareness in our activities within the web ic the system complains. It stops the user from adding the employee stating that the BP number in question is not valid for this sales org. No furtherinformation is available. How can we switch this off?
Just to be clear neither our org sturcture nor our org determination proceedures have changed within our transactions used within the web ic's have changed during the upgrade.
Thanks in advance
EddieHi eddie,
This mioght be an authorization issue, check for the authorization of the role you are using
thanks regards
Raj -
Can retrieve users from some sub OUs and from other sub OUs cann't
hi,
I am using Windows 2003 Active Directory Server and Jndi to access that in my application. I am using follwing code to retrieve all Users from a aprticular OU.
ctx = new InitialDirContext(environment);
SearchControls ctls = new SearchControls();
ctls.setSearchScope(2);
String attrs[] = {
"sn", "givenName", "userPrincipalName"
ctls.setReturningAttributes(attrs);
String filter = "(&(objectClass=*))";
String serachCriteria[] = {"User Container", "Admin Leads,OU=Administration,OU=User Container"};
for(int i = 0; i < serachCriteria.length; i++)
StringBuffer searchString = new StringBuffer("OU=");
searchString.append(serachCriteria);
searchString.append(",DC=india,DC=mycompany,DC=com");
for(NamingEnumeration answer = ctx.search(searchString.toString(), filter, ctls); answer.hasMoreElements();)
SearchResult searchResult = (SearchResult)answer.next();
....................and so on
as can be observed in the bold text above, I have to specify the path of sub OU to retrieve users under that. Whereas apart from this sub OU, it is retrieving users from others sub OUs. The problem is, the code can access users from some OUs but not from other sub OUs
Can anybody help?
regards,
ZaidActive Directory has a very rich access control model.
Perhaps it may not have occurred to you, that you do not have list access rights to the child3 & child9 organizational units ?
You may have access rights to all the leaf objects contained in child3 & child9, which explains why you can retrieve all the leaf objects when you explicitly bind to them, however you may not have list access rights to child3 & child9 which explains why you can't bind to it when iterating through parent1.
What happens if you simply perform a one level search on parent1, using a filter (objectClass=organizationalUnit) ?
If it doesn't retrieve child3 & child9, then perhaps you do not have list access rights for those two ou's. -
I am logged on to a wifi and can see files from other users on this network. Can they see my files as well?
Yes and no. It depends on your settings.
Go into "System Preference" and click on "Sharing"
If you have services checked such as "File Sharing" then others can see your computer on the network. But you really don't need to worry because others would need your username and password to have access to your files.
What you see are just computers annousing themselfs on the network. To have access to said computers, Username and Passwords are required.
Hope this helps -
Hi,
I am unable to open input scheduled from server root folder and also from input form folder on some system while they can be open from others system.
Please advice.
Thanks in advanceHi Hengye,
While opening , it dont give any error. When I try to open it , it takes some time to load then nothing happen.However I can open it on other system but not on mine my collegue and user system.
Please advice.
Thanks. -
I have an iphone 4s. I have a mac computer and a pc. Most of my itunes library is on my pc, but when I try to add music to my phone from my library on the pc, it won't let me do it. I CAN add music from my library that is on my mac, same account. My husband has the same problem with his iphone 4, but only uses pc.
My husband and I are using the same iTunes account on all mac & pc computers, but the libraries are different on each machine. We always manually manage our music (no auto sync). iTunes is up to date on the PCs. My husband uses our joint iTunes account on his pc, but once again, has a different collection in his library from those on the other machines. He can't load any music from his PC to his iphone 4. I can load music from my mac library to my iphone 4s, but cannot load from my pc library to my iphone 4s. How can I switch my main library that it syncs with from the mac to the pc?
Thanks -
Is there a way i can add music from my iphone to itunes without paying
is there a way i can add music from my iphone to itunes without paying
If the content was purchased via iTunes, either redownload it via iTunes on the computer or transfer purchases from the device tot he computer. With the device connected, select File > Transfer Purchases.
If the content was not purchased via iTunes, copy it from the computer that it was originally synced to the device to the new computer. -
C# Code that can add user directly to the AD through custom share Point form
Hi
Here is my requirement. Can anyone resolve???
Trying to build a Visual web Part in which system administrator can add user directly to the AD through custom share Point form.
Please help in doing this...Hi
Use DirectoryEntries.Add Method
https://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx
Or
www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
Or.
www.morgantechspace.com/2013/10/create-new-active-directory-user-in-c.html?m=1
Regards, Rajendra Singh If a post answers your question, please click Mark As Answer on that ost and Vote as Helpful http://sharepointundefind.wordpress.com/ -
How i can add music from my computer to my i5c
how i can add music from my computer to my i5c
Use iTunes on your computer to sync music to your iPhone.
See: http://support.apple.com/kb/ht1386 -
Migrating users from other partitions
I'm dealing with "Epic Stupid" in how Apple handles something in 10.4.
My hard drive developed a few bad blocks. It's becoming unusable because apparently those bad blocks are directly under certain key files, because it's hard to do much without getting "stun locked" by the gorram beach ball.
Anyway, my disk has a second partition on it which was unused. I went ahead and formatted that partition, wrote the partition with zeros (which I hope had the effect of flagging all bad blocks), and installed OS X 10.4.10 from the DVD's.
Naturally the system comes up and treats me like I'm a completely new user of MacOS. It allows me to import users from other partitions -- but here's the problem. It wants to migrate the users, which would be great for preserving disk permissions - but then it wants to COPY ALL THEIR DATA. That's ridiculous. Their data is already on the other partition. I want to copy the identities but not all their data.
How am I supposed to do that? Import the user identities and tie it back to the UID that's on the other partition so <user X> can access <user X>'s data?
By the way, other than that, putting the boot OS on the new partition is working great. No beach balls unless I touch the other partition.Yeah I know Virtually all of my data is copied off already. I say "virtually" because the backup was piecemeal, and I'm
a) not 100% sure I got everything and
b) not looking forward to hand-reassembling my entire environment from scratch. I.E. I don't relish reloading all my songs into iTunes and resetting play counts to zero, having it forget which podcasts I've listened to, etc. etc.
I would prefer if possible to get one "coherent" backup and it appears the problem partition is no longer reliably bootable. -
For some reason I cannot send email - all was working fine, but now I get the following error message when I try to send email:
'The sender address (my email address) was rejected by the server smtp.tiscali.co.uk'
I can receive incoming mail ok and I can send email from other Apple devices. The problem seems confined to my Mac Book Pro.
Ant ideas?Hello there, Pablo639.
The following Knowledge Base article offers up some great steps for troubleshooting mail issues on your Mac:
OS X Mail: Troubleshooting sending and receiving email messages
http://support.apple.com/kb/TS3276
Thanks for reaching out to Apple Support Communities.
Cheers,
Pedro.
Maybe you are looking for
-
The touchpad has a built in feature where when i move my finger over the far right, it scrolls instead of using the mouse. It has been faultless with everything before now, but doesnt work on webpages in Firefox 4, but does in pdfs open within firefo
-
Since the last update, I am not able to access my itunes music on my computer. Help
Since the last update, I am not able to access my itunes music on my computer. I have an error message, The song could not be used because the file could not be found. Would you like to locate it. HELP!!
-
Once MRP done,Sales Order cannot be changed
Hi All, I have requirement that once the MRP has done then Sales Order should not be changed. Sceanrio: Marketing people will change SO line items after MRP run done. A lock is required in such a way that once MRP is run, SO line items should not be
-
Adopting LR3 - A Few Questions
This one is long winded and I'm somewhat of a noob to the Adobe LR/PS world so I appreciate your patience with me... I'm in the process of switching from a PC to a 2010 Mac Mini (2.6Mhz / 4GB / 320GB HD) primarily for working with digital photographs
-
Work Center specific Authorization
Hi all, My specific requirement is we have 7 various plants and each plant having 2 work centers and planner groups like one is for Elect and other is Mech. Now my client wants that particular plant only have the authorization for its particular work