Profile Manager Mavericks & Active Directory Users.

I have recently being trying to implement MDM Profile Manger to facilitate the deployment of Mavericks OSX on our domain.
We currently run a mixed environment of Windows 7 and OSX Mountain Lion. Using Workgroup Manager with Active Directory created users. The old Workgroup manager works brilliantly the way we want it to do for Snow Leopard OSX.
MDM however does not work in the same fashion. It might be my understanding of MDM that is misconstrued and that it doesn't do what I want or I'm not setting it up correctly.
MDM works fine for mobile devices. The issue is with iMac's. I can send 'device' settings to my test mac and they get automatically implemented. However if I sign on as a domain user that is assigned to a group created in MDM. None of the 'profile' settings get applied.
The test iMac I am using is first joined to AD then the OD of the MDM server.
To enroll a device on MDM. I use the OD administrator account. I then remove the device from the OD Admin account. As each iMac needs to be logged into by various users with different levels of access. So our iMacs cannot be associated to just one user account.
I then login to the test iMac using an AD user that is assigned to a User Group created on the MDM server. No User Group settings get applied to the test user.
Also which is a little weird. If I assign the test iMac device to My AD user. The profile settings get applied to the local account that I accessed profile manager to enroll the device. Even though the account is not linked to the MDM in any way.
I’m just wondering if anyone has had any success with AD users and MDM.

Hi,
first you should consult http://support.apple.com/kb/HT4837
and then you have to import the specific users. You can do this in the Server.app by adding a new user an then select not new user but instead import the user from the Active Directory. I hope this helps. It is confusing
that Lion Server does not uses the Active Directory to store the information, but instead creates a new Open Directory Master an uses augumented entries for the ADS users.
Bye

Similar Messages

  • Is it possible to switch from Office 365 online user management to Active Directory after Exchange online migration?

    If we utilize the Cutover method to migrate from on-premise Exchange (2007) to Office 365, which to my understanding will hand over user management/authentication to Office 365 online during the process, is possible to later switch from Office 365 user management
    to Active Directory (synced to a future local domain, or even possibly via AD federation single sign-on)? If so, how difficult is this process and is there any documentation available?
    Asking this because the organization  I'm working for plans to upgrade (re-do actually) its entire infrastructure. There will be a completely brand new domain/AD set up that's totally unrelated to the old one. At the same time, we also plan to migrate
    all emails (previously hosted locally on Exchange 2007) to Office 365 and get rid of local exchange. Now because we will set up new domain, we do not want to carry over the older AD to the cloud, hence we will not use the "Staged Migration". 
    So the plan is to to use "Cutover" migration first, which means all authentications will become Office 365 managed. That's fine for now. But later, after we set up our new domain and AD controller etc, we'd like to have Exchange Online switch back
    to syncing with our new on-premise AD. We'd also like to consider the AD Federation Services if it's not too complicated to set up.
    Your advice on this would be greatly appreciated!

    In principle, you cannot sync back from the cloud AD to the on-prem, yet. But you can take advantage of the soft-matching mechanism once you have the new AD in place:
    http://support.microsoft.com/kb/2641663
    Be careful though, as the moment you turn on Dirsync, all the matching users in the cloud will have their attributes overwritten. A very good idea is to do an 'export' of the cloud AD first, using the WAAD module for PowerShell and the Get-MsolUser cmdlets,
    which you can then use to compare or import data in the new on-prem AD. Some links:
    http://technet.microsoft.com/en-us/library/hh974317.aspx
    http://msdn.microsoft.com/en-us/library/azure/dn194133.aspx

  • Issue with Active Directory User Target Recon

    Hi ,
    I am facing an issue with Active Directory User Target Recon
    My environment is OIM 11g R2 with BP03 patch applied
    AD Connector is activedirectory-11.1.1.5 with bundle patch 14190610 applied
    In my Target there are around 28000 users out of which 14000 have AD account (includes Provisioned,Revoked,Disabled accounts)
    When i am running Active Directory User Target Recon i am not putting any filter cleared the batch start and batch size parameters and ran the recon job .Job ran successfully but it stopped after processing around 3000 users only.
    Retried the job two three times but every time it is stopping after processing some users but not processing all the users.
    Checked the log file oimdiagnostic logs and Connector server logs cannot see any errors in it.
    Checked the user profile of users processed can see AD account provisioned for users
    My query is why this job is not processing allthe users.Please point if i am missing some thing .
    thanks in advance

    Check the connector server load when you are running the recon. Last time I checked the connector, the way it was written is that it loads all the users from AD into the connector server memory and then sends them to OIM. So if the number was huge, then the connector server errored out and did not send data to OIM. We then did recon based on OUs to load/link all the users into OIM. Check the connector server system logs and check for memory usage etc.
    -Bikash

  • How to create "folders" in Active Directory Users and Computers?

    Hello Community
        In Windows Server 2008R2 when you go to Active Directory Users and Computer
    you will see icons of folders such as:
        -  Builtin has a folder icon
        - Computers has a folder icon
        - ForeignSecurityPrinicpals has a folder icon
        - Domain Controller as a folder icon
        - Managed Service Accounts has a folder icon
        - Users has a folder icon
        All of the above folders are visually identical.
        If you right click and select “File” –  “New”
     on any of the selections the icon
    will not look like the folder icon they have their own icons which look different
    from the "Folder" icon.
        I would like to create a “Folder” that looks just visually exactly like the ones
    mentioned above, how can I create those types of Folders in Active Directory User
    and Computers?
        Note: I would like to put users in the folders.
        Thank you
        Shabeaut

    Hi,
    you should use OUs (an OU is they type of object (folder) that is available for you to easily create.
    The object type you are asking about is a "container", and there are various reasons why an OU is more flexible (applying GPO, etc).
    Refer: Delegating Administration by Using OU Objects
    http://technet.microsoft.com/en-us/library/cc780779(v=ws.10).aspx   
    and the sub-articles:
    Administration of Default Containers and OUs
    http://technet.microsoft.com/en-us/library/cc728418(v=ws.10).aspx
    Delegating Administration of Account and Resource OUs
    http://technet.microsoft.com/en-us/library/cc784406(v=ws.10).aspx
    Also: http://technet.microsoft.com/en-us/library/cc961764.aspx
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • SMB access for Active Directory users

    Hi there,
    My server is an OD Master bound to AD for authentication and my institution's Kerberos realm.
    When I try to share files from the server via SMB and connect as an Active Directory user I get the following error in the logs:
    [2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
    adsverifyticket: smbkrb5_parse_name(myserver$) failed (Configuration file does not specify default realm)
    [2009/06/11 12:02:27, 1, pid=5308] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
    Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
    I've read something vague about having to Kerberize the SMB service seperately so I'm not sure if that's the problem.
    My smb.conf file is as follows:
    ; Configuration file for the Samba software suite.
    ; ============================================================================
    ; For the format of this file and comprehensive descriptions of all the
    ; configuration option, please refer to the man page for smb.conf(5).
    ; The following configuration should suit most systems for basic usage and
    ; initial testing. It gives all clients access to their home directories and
    ; allows access to all printers specified in /etc/printcap.
    ; BEGIN required configuration
    ; Parameters inside the required configuration block should not be altered.
    ; They may be changed at any time by upgrades or other automated processes.
    ; Site-specific customizations will only be preserved if they are done
    ; outside this block. If you choose to make customizations, it is your
    ; own responsibility to verify that they work correctly with the supported
    ; configuration tools.
    [global]
    debug pid = yes
    log level = 1
    server string = Mac OS X
    printcap name = cups
    printing = cups
    encrypt passwords = yes
    use spnego = yes
    passdb backend = odsam
    idmap domains = default
    idmap config default: default = yes
    idmap config default: backend = odsam
    idmap alloc backend = odsam
    idmap negative cache time = 5
    map to guest = Bad User
    guest account = nobody
    unix charset = UTF-8-MAC
    display charset = UTF-8-MAC
    dos charset = 437
    vfs objects = darwinacl,darwin_streams
    ; Don't become a master browser unless absolutely necessary.
    os level = 2
    domain master = no
    ; For performance reasons, set the transmit buffer size
    ; to the maximum and enable sendfile support.
    max xmit = 131072
    use sendfile = yes
    ; The darwin_streams module gives us named streams support.
    stream support = yes
    ea support = yes
    ; Enable locking coherency with AFP.
    darwin_streams:brlm = yes
    ; Core files are invariably disabled system-wide, but attempting to
    ; dump core will trigger a crash report, so we still want to try.
    enable core files = yes
    ; Configure usershares for use by the synchronize-shares tool.
    usershare max shares = 1000
    usershare path = /var/samba/shares
    usershare owner only = no
    usershare allow guests = yes
    usershare allow full config = yes
    ; Filter inaccessible shares from the browse list.
    com.apple:filter shares by access = yes
    ; Check in with PAM to enforce SACL access policy.
    obey pam restrictions = yes
    ; Don't be trying to enforce ACLs in userspace.
    acl check permissions = no
    ; Make sure that we resolve unqualified names as NetBIOS before DNS.
    name resolve order = lmhosts wins bcast host
    ; Pull in system-wide preference settings. These are managed by
    ; synchronize-preferences tool.
    include = /var/db/smb.conf
    [printers]
    comment = All Printers
    path = /tmp
    printable = yes
    guest ok = no
    create mode = 0700
    writeable = no
    browseable = no
    ; Site-specific parameters can be added below this comment.
    ; END required configuration.
    Any help would be much appreciated!!
    Thanks.

    I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
    [2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
    setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
    [2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
    adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
    [2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
    Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
    Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
    When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
    Not feeling the Mac OS X love tonight.
    Bill
    System is bound to active directory - green light in Directory Utility

  • Active Directory Users and Computer not displaying column data?

    I am running Windows 8.1 Enterprise with RSAT installed.  My Domain controllers are Server 2008 R2.
    I am having and issue with Active Directory Users and Computers.  Typically I will turn on Advanced Features and then add Columns for Email address and Display Name.  This for example allows me to easily export lists of users and there email
    addresses among other things.
    The issue is that on my Windows 8.1 client, the columns for Email and Display Name are empty.  It simply will not display this information.  It only displays Name, TYpe and Description.
    If I use a Windows 7 client, the information displays correctly.
    Has anyone run into this issue or heard of this problem when using ADUC on Windows 8.1?

    ADUC is an AD tool that is no longer being improved, with Microsoft now focusing on ADAC (Administrative Center). In 8.1, it has improved quite a bit since 7. You can also just try using the
    ActiveDirectory PowerShell Module, which is easy to use and fairly powerful. It can be simple to export lists, and the module for AD is included with RSAT tools.
    Example:
    Import-Module ActiveDirectory
    Get-ADUser -Filter {Manager -eq "John.Smith"} -Properties DisplayName,Mail | Export-Csv dump.csv -NoTypeInformation
    So, recommendation: either use ADAC, or PowerShell -- ADUC is part of the wave of deprecation.

  • 11gr2 Active Directory User Target Delete Recon Search Root

    Hi All,
    latest AD conector with the patch.
    Have a situation where I need to change the root or base search for the delete recon. by default it seams to want to search at the domain level but that won't work for us. Checked the doc and can't seem to find anyway to change this for the delete recon.
    Thanx in advance
    Fred

    Hi,
    The issue is still pending. I am specifying the following parameters for the scheduled job :
    Batch Size : 100
    Object Type : User
    Batch Start : 1
    Resource Object Name : AD User
    Filter : startsWith('samAccountName','c')
    Scheduled Task Name : Active Directory User Target Recon
    Incremental Recon Attribute : uSNChanged
    Search Base : <blank>
    IT Resource Name : Active Directory
    Search Scope : subtree
    Latest Token : <blank>
    Sort By : samAccountName
    Number of Batches : All
    Sort Direction : asc
    The job runs successfully but no records are reconciled into UD_ADUSER table and the job reports the following error in the logs :
    [2012-10-25T02:32:04.785-07:00] [oim_server1] [ERROR] [] [org.quartz.impl.jdbcjobstore.JobStoreCMT] [tid: QuartzScheduler_OIMQuartzScheduler-iamoimdev-v1.capgroup.com1351057898397_MisfireHandler] [userId: oiminternal] [ecid: 80eeb34d89d5ed80:-343bffe9:13a9150ba30:-8000-0000000000000005,1:24567] [APP: oim#11.1.2.0.0] MisfireHandler: Error handling misfires: Unexpected runtime exception: null[[
    org.quartz.JobPersistenceException: Unexpected runtime exception: null [See nested exception: java.lang.NullPointerException]
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3042)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.manage(JobStoreSupport.java:3789)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport$MisfireHandler.run(JobStoreSupport.java:3809)
    Caused by: java.lang.NullPointerException
    at org.quartz.SimpleTrigger.computeNumTimesFiredBetween(SimpleTrigger.java:800)
    at org.quartz.SimpleTrigger.updateAfterMisfire(SimpleTrigger.java:514)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doUpdateOfMisfiredTrigger(JobStoreSupport.java:944)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.recoverMisfiredJobs(JobStoreSupport.java:898)
    at org.quartz.impl.jdbcjobstore.JobStoreSupport.doRecoverMisfires(JobStoreSupport.java:3029)
    Edited by: IDM_newbie on Oct 25, 2012 2:38 AM

  • MySites for non-Active Directory users

    Hi,
    we are planning to provide a collaboration farm for
    internal users (AD)
    external users (external AD, no-trust relationship)
    We plan to authenticate users via Claims/ADFS. The idea is to provide a MySite-Farm. 
    Questions
    Are there any issues with providing MySites to non-AD users?
    Are there any limitations for providing MySites to non-AD users?
    Sven

    Hi,
    According to your post, my understanding is that you wanted to create MySite for non-Active Directory users.
    Yes, it is possible to create them for non-AD users on on-premises SharePoint farms.
    You can use the ADFS authenticate to import the users to the user profile database, then create the MySite.
    If you are trusted the users to access your site or give them appropriate permissions, I don’t think there are some limitations to create MySite for non-AD users.
    Thanks,
    Jason
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Jason Guo
    TechNet Community Support

  • How to display active directory users through weblogic portal Application?

    Hi,
    Does anyone has faced this situation?
    I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
    I have two doubts on this?
    1)Is it I need to write custom code to view the active directory users in our portal?
    2)Does I need to use any jars that supports active directory authenticator?
    I would appreciate if any one can reply on this with helpfull docs/information.
    We are using BEA 8.1 SP4.
    Windows 2000.
    Surendra

    Hi,
    I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <%@ page import="java.util.Set" %>
    <%@ page import="javax.naming.Context" %>
    <%@ page import="weblogic.jndi.Environment" %>
    <%@ page import="weblogic.management.MBeanHome" %>
    <%@ page import="weblogic.management.configuration.DomainMBean" %>
    <%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
    <%@ page import="weblogic.management.security.RealmMBean" %>
    <%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
    <%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
    <%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
    <%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
    <%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
    <%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
    <%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
    <%@ page import="weblogic.management.utils.ListerMBean" %>
    <%@ page import="javax.management.MBeanException" %>
    <%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
    <%@ page import="examples.security.providers.authentication.manageable.*" %>
    <%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
    <%@ page import="weblogic.management.utils.InvalidParameterException" %>
    <%@ page import="weblogic.management.utils.NotFoundException" %>
    <%@ page import="weblogic.security.SimpleCallbackHandler" %>
    <%@ page import="weblogic.servlet.security.ServletAuthentication"%>
    <%!
    private String makeErrorURL(HttpServletResponse response,
    String message)
    return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
    %>
    <html>
    <head>
    <title>Password Changed</title>
    </head>
    <body>
    <h1>Password Changed</h1>
    <%
    // Note that even though we are running as a privileged user,
    // response.getRemoteUser() still returns the user who authenticated.
    // weblogic.security.Security.getCurrentUser() will return the
    // run-as user.
    System.out.println("------------------------------------------------------------------");
    String username = request.getRemoteUser();
    System.out.println("User name -->"+username);
    // Get the arguments
    String currentpassword = request.getParameter("currentpassword");
    System.out.println("Current password -->"+currentpassword);
    String newpassword = request.getParameter("newpassword");
    System.out.println("New password -->"+newpassword);
    String confirmpassword = request.getParameter("confirmpassword");
    System.out.println("Confirm password -->"+confirmpassword);
    // Validate the arguments
    if (currentpassword == null || currentpassword.length() == 0 ||
    newpassword == null || newpassword.length() == 0 ||
    confirmpassword == null || confirmpassword.length() == 0) { 
    response.sendRedirect(makeErrorURL(response, "Password must not be null."));
    return;
    if (!newpassword.equals(confirmpassword)) {
    response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
    return;
    if (username == null || username.length() == 0) {
    response.sendRedirect(makeErrorURL(response, "Username must not be null."));
    return;
    // First get the MBeanHome
    String url = request.getScheme() + "://" +
    request.getServerName() + ":" +
    request.getServerPort();
    System.out.println("URL -->"+url);
    Environment env = new Environment();
    env.setProviderUrl(url);
    Context ctx = env.getInitialContext();
    MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
    System.out.println("MBean home obtained....");
    DomainMBean domain = mbeanHome.getActiveDomain();
    SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
    // Sar
    EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
    System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
    RealmMBean realm = secConf.findDefaultRealm();
    System.out.println("RealmMBean obtained....");
    AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
    System.out.println("AuthProvMBean obtained....");
    // Now get the UserPasswordEditorMBean
    // This code will work with any configuration that has a
    // UserPasswordEditorMBean.
    // The default authenticator implements these interfaces
    // but other providers could work as well.
    // We try each one looking for the provider that knows about
    // this user.
    boolean changed=false;
    UserPasswordEditorMBean passwordEditorMBean = null;
    System.out.println("UserPwdEdtMBean obtained....");
    //System.out.println("Creating MSAI....");
    //ManageableSampleAuthenticatorImpl msai =
    // new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
    //System.out.println("Done....");
    for (int i=0; i<authenticators.length; i++) {
    System.out.println("### Authenticator --->"+authenticators);
    if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
    ActiveDirectoryAuthenticatorMBean adamb =
    (ActiveDirectoryAuthenticatorMBean)authenticators[i];
    System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
    String listers = adamb.listUsers("*",0);
    while(adamb.haveCurrent(listers))
    System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
    adamb.advance(listers);
    if (authenticators[i] instanceof UserPasswordEditorMBean) {
    passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
    System.out.println("Auth match ...."+passwordEditorMBean);
    try {
    // Now we change the password
    // Sar comment
    System.out.println("Password changed....");
    //passwordEditorMBean.changeUserPassword(username,
    // currentpassword, newpassword);
    changed=true;
    // Sar Comment
    catch (InvalidParameterException e) {
    response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
    return;
    catch (NotFoundException e) {
    catch (Exception e) {
    response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
    return;
    // Sar code
    LDAPAuthenticatorMBean ldapBean = null;
    UserReaderMBean urMBean = null;
    UserEditorMBean ueMBean = null;
    GroupReaderMBean gMBean = null;
    //ListerMBean lBean = null;
    try
    if (authenticators[i] instanceof LDAPAuthenticatorMBean)
    ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
    String userFilter = ldapBean.getAllUsersFilter();
    System.out.println("userFilter ="+userFilter);
    if (authenticators[i] instanceof UserEditorMBean)
    try
    System.out.println("UserEditorMBean...");
    ueMBean = (UserEditorMBean) authenticators[i];
    System.out.println("List users..."+ueMBean);
    boolean b = ueMBean.userExists("webuser");
    System.out.println("User Exists->>>"+b);
    String cursor = ueMBean.listUsers("webuser", 2);
    System.out.println("List User ----->"+cursor);
    catch(InvalidParameterException e)
    response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
    catch(java.lang.reflect.UndeclaredThrowableException e)
    response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
    e.printStackTrace();
    catch(Exception e)
    response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
    catch(Exception ex)
    ex.printStackTrace();
    response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
    return;
    if (passwordEditorMBean == null) {
    response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
    return;
    System.out.println("pwd changed ->"+changed);
    if (!changed) {
    // This happens when the current user is not known to any providers
    // that implement UserPasswordEditorMBean
    response.sendRedirect(makeErrorURL(response,
    "No password editors know about user " + username + "."));
    return;
    %>
    User <%= username %>'s password has been changed!
    <br>
    <br>
    </body>
    </html>
    Here is the console log
    User name -->webuser
    Current password -->i
    New password -->u
    Confirm password -->u
    URL -->http://localhost:7011
    MBean home obtained....
    Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
    RealmMBean obtained....
    AuthProvMBean obtained....
    UserPwdEdtMBean obtained....
    ### Authenticator --->Security:Name=myrealmDefaultAuthenticator
    Auth match ....Security:Name=myrealmDefaultAuthenticator
    Password changed....
    UserEditorMBean...
    List users...Security:Name=myrealmDefaultAuthenticator
    User Exists->>>true
    java.lang.reflect.UndeclaredThrowableException
    at $Proxy1.listUsers(Unknown Source)
    at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
    at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
    a:1006)
    at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
    at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
    at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
    ontext.java:6718)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
    64)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    Caused by: javax.management.MBeanException
    at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
    at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
    at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
    at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
    ava:988)
    at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
    at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
    ... 14 more
    ### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
    pwd changed ->true
    Can u pls let me know how to get all the entries from LDAP.
    Thanx
    Sar

  • Open Directory Active Directory users want to know Is there a method?

    Help
    Open Directory Active Directory users want to know Is there a method?
    Or can I make the Active Directory users to share on the Open Directory.
    My goal is to use our school Mac computers with SSO

    If I understand your question correctly, using Active Directory with OSX, there are a few ways this can be accomplished.
    One way is by joining each Mac directly to Active Directory. This doesn't take advantage of the additional managed preference available to OSX, but does allow AD users to authenticate on OSX. On each machine, one would open System Preferences > Accounts > Login Options > Click Join next to Network Account Server. Follow the prompts and provide the domain name of your Active Directory deployment to join the system.
    Another method is to follow the steps above, but only after extending the Active Directory Schema to support the OSX-specific managed preferences. It's a mostly harmless operation and means that you'll have a single administration interface for both OSX and Windows systems. The AD Schema information is available from Apple Support, but may also be readily available on the Internet.
    Because our Windows team preferred to not change our AD schema any more than we already had, we used a different method. We created an Open Directory Master on one of our OSX servers, then we joined it as a member server to Active Directory. Next, we join all of our OSX workstations and laptops as members to the Open Directory domain instead of to Active Directory.  This way, SSO still works.  New user accounts are added to Active Directory and all managed preferences for OSX can be managed through the native OSX Workgroup Manager tool.
    I think there are some instructions in the User Management PDF (Mac OS X Server, User Management, Version 10.6 Snow Leopard) or in the Advanced Server Admin PDF (Mac OS X Server, Advanced Server Administration, Version 10.6 Snow Leopard) but not completely certain. This page might have the docs.

  • Setting disk quota on Mac server for Active Directory users

    I'm having trouble setting disk quotas for Active Directory users with home folders on our Mac server.
    I've enabled disk quotas on the disk I'm putting home folders on, and I can set disk quotas for local users on the server just fine. But it doesn't seem to work for Active Directory users. I've tried setting disk quotas via Workgroup Manager and via the command line using edquota. But when I use the repquota command there is no quota entry for the AD user. I've run quotacheck and that didn't help either.
    I also understand there's a setquota command but there's no man page on how that works.
    Has anyone got disk quota for AD users working.
    Better still has someone got a shell or perl script for setting quotas they could post.
    Thanks
    - Cameron

    sorry.. I am soooooo stupid... I have to activate "File Sharing" as well.. for the user everything was already pre-activated, not for the AD users, I just saw the Time Machine checkbox grayed out ...

  • Can not open Active Directory Users and Computers

    Problem Reported:
    Out of the blue this has started happening:
    When I go to "Active Directory Users and Computers" I get this message.
    "MMC cannot open the file C:\WINDOWS\system32\dsa.msc.
    This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file.
    Additional information:
    This is a server that has been in use for 2+ years with active directory users that can and do login everyday.
    As far as I know the system has no backup.
    dsa.msc IS located in the system32 folder
    I am using the administrator account.
    OS:
    Microsoft Windows Server 2003 R2
    Standard x64 Edition
    Service Pack 2
    Please help with detail. Thank you.

    Have you tried to uninstall ADUC administrative tool and re-install it again? If no, please give a try. 
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • Outlook 2003 mail delivery failed for Active Directory user

    Server 2003/Exchange2003
    We are using an outside company (Integra) to handle our email and only use Exchange for shared archived email.
    When configuring active directory users the wizard automatically sets up email entries in the format: [email protected]
    When responding to a meeting invite from outlook to a local AD user, all users receive undeliverable messages for the accounts in the format [email protected] as below...
    The example below was a bounce back when I accepted the invite.  The invite shows up on my calendar just fine.
    This message was created automatically by mail delivery software.
    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
      [email protected]
        Unrouteable address
    ------ This is a copy of the message, including all the headers. ------
    Return-path: <[email protected]>
    Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
        by arelay1 with esmtpa (Exim 4.72)
        (envelope-from <[email protected]>)
        id 1W8D9b-0001kB-24
        for [email protected]; Tue, 28 Jan 2014 10:12:56 -0800
    From: "Kevin Simmons" <[email protected]>
    To: "miguel saucedo" <[email protected]>
    Subject: Accepted: Miguel Chaperone School
    Date: Tue, 28 Jan 2014 11:13:05 -0700
    Message-ID: <398EA47278F54C9FA9CFFB725FD6C079@PK01>
    MIME-Version: 1.0
    Content-Type: text/calendar; method=REPLY;
        charset="utf-8"
    Content-Transfer-Encoding: 7bit
    X-Mailer: Microsoft Office Outlook 11
    Thread-Index: Ac8cSpjUhKBGTbBKQt+PScNbb6MWwAABfTJgAABJyYAAALiiEA==
    X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
    BEGIN:VCALENDAR
    PRODID:-//Microsoft Corporation//Outlook 11.0 MIMEDIR//EN VERSION:2.0 METHOD:REPLY BEGIN:VEVENT ORGANIZER:MAILTO:/o=PKArchitects/ou=First Administrative
      Group/cn=Recipients/cn=miguel
    DTSTART:20140206T070000Z
    DTEND:20140208T070000Z
    LOCATION:Flagstaff
    TRANSP:OPAQUE
    SEQUENCE:3
    UID:040000008200E00074C5B7101A82E00800000000102573EC0F1CCF010000000000000000100
     0000037C3D09157000340AA5D3F23F6A60078
    DTSTAMP:20140128T181305Z
    SUMMARY:Accepted: Miguel Chaperone School
    PRIORITY:5
    X-MICROSOFT-CDO-IMPORTANCE:1
    CLASS:PUBLIC
    ATTENDEE;PARTSTAT=ACCEPTED:MAILTO:[email protected]
    END:VEVENT
    END:VCALENDAR

    Well it looks like none of our outlook installations actually are accessing the exchange email, nor are we able to send to those email addresses even though they exist.  I have 2 email inboxes in Outlook, 1 is the Integra inbox - works fine.  The
    other is called Mailbox - UserName - populated with folder that are and always have been empty.  If I send an email to myself at [email protected]  I get the following bounce back.
    This message was created automatically by mail delivery software.
    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
      [email protected]
        Unrouteable address
    ------ This is a copy of the message, including all the headers. ------
    Return-path: <[email protected]>
    Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
        by arelay2.integra.engr with esmtpa (Exim 4.72)
        (envelope-from <[email protected]>)
        id 1WBtMM-0005N1-Gr
        for [email protected]; Fri, 07 Feb 2014 13:53:18 -0800
    Reply-To: <[email protected]>
    From: "Kevin Simmons" <[email protected]>
    To: <[email protected]>
    Subject: test
    Date: Fri, 7 Feb 2014 14:53:18 -0700
    Message-ID: <F708D49EB6A64BE69891BF9C7B528529@PK01>
    MIME-Version: 1.0
    Content-Type: multipart/related;
        boundary="----=_NextPart_000_0050_01CF2414.572804A0"
    X-Mailer: Microsoft Office Outlook 11
    Thread-Index: Ac8kTwKRc8hlRKNXSlye9E4r5UyfJQ==
    X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
    This is a multi-part message in MIME format.
    ------=_NextPart_000_0050_01CF2414.572804A0
    Content-Type: multipart/alternative;
        boundary="----=_NextPart_001_0051_01CF2414.572804A0"
    ------=_NextPart_001_0051_01CF2414.572804A0
    Content-Type: text/plain;
        charset="us-ascii"
    Content-Transfer-Encoding: 7bit
    test
    Thanks!
    Kevin Simmons
    Project Manager
    4515 S McClintock Dr. Suite 206
    Tempe, Arizona 85282
    p 602 283 1620
    f 602 283 1621
    c 480 702 9687
    [email protected]
    ------=_NextPart_001_0051_01CF2414.572804A0
    Content-Type: text/html;
        charset="us-ascii"
    Content-Transfer-Encoding: quoted-printable
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Dus-ascii" = http-equiv=3DContent-Type> <META name=3DGENERATOR content=3D"MSHTML 11.00.9600.16476"></HEAD> <BODY>
    <DIV><FONT size=3D2 face=3DArial><SPAN=20 class=3D831025321-07022014>test</SPAN></FONT></DIV>
    <DIV>&nbsp;</DIV><?xml:namespace prefix =3D "o" ns =3D=20 "urn:schemas-microsoft-com:office:office" /><o:SmartTagType=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
    name=3D"PostalCode"></o:SmartTagType><o:SmartTagType=20
    namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
    name=3D"State"></o:SmartTagType><o:SmartTagType=20
    namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
    name=3D"City"></o:SmartTagType><o:SmartTagType=20
    namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
    name=3D"place"></o:SmartTagType><o:SmartTagType=20
    namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
    name=3D"Street"></o:SmartTagType><o:SmartTagType=20
    namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
    name=3D"address"></o:SmartTagType>
    <STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in = 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; =
    mso-paper-source: 0; }
    P.MsoNormal {
        FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
    mso-style-parent: ""; mso-pagination: widow-orphan; =
    mso-fareast-font-family: "Times New Roman"
    LI.MsoNormal {
        FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
    mso-style-parent: ""; mso-pagination: widow-orphan; =
    mso-fareast-font-family: "Times New Roman"
    DIV.MsoNormal {
        FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
    mso-style-parent: ""; mso-pagination: widow-orphan; =
    mso-fareast-font-family: "Times New Roman"
    SPAN.GramE {
        mso-style-name: ""; mso-gram-e: yes
    DIV.Section1 {
        page: Section1
    </STYLE>
    <DIV class=3DSection1>
    <P class=3DMsoNormal align=3Dleft><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks!</SPAN></P> <P class=3DMsoNormal>&nbsp;</P> <P class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Kevin=20 Simmons</SPAN></P> <P
    class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Project=20 Manager</SPAN></P> <P class=3DMsoNormal><o:p>&nbsp;</o:p></P>
    <P class=3DMsoNormal><IMG src=3D"cid:831025321@07022014-2937" = width=3D130 height=3D130=20 v:shapes=3D"_x0000_i1025"></P> <P class=3DMsoNormal><?xml:namespace prefix =3D "st1" ns =3D=20 "urn:schemas-microsoft-com:office:smarttags"
    /><st1:Street=20 w:st=3D"on"><st1:address w:st=3D"on"><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">4515 S McClintock Dr. = Suite=20 206</SPAN></st1:address></st1:Street></P>
    <P class=3DMsoNormal><st1:place w:st=3D"on"><st1:City w:st=3D"on"><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Tempe</SPAN></st1:City><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">, <st1:State=20 w:st=3D"on">Arizona</st1:State> <st1:PostalCode=20 w:st=3D"on">85282</st1:PostalCode></SPAN></st1:place></P>
    <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">p</SPAN></SPAN><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1620</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">f</SPAN></SPAN><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1621</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">c</SPAN></SPAN><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 480 702 9687</SPAN></P> <P class=3DMsoNormal><SPAN=20
    style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">[email protected]</SPAN></P></DIV>
    <DIV>&nbsp;</DIV></BODY></HTML>
    ------=_NextPart_001_0051_01CF2414.572804A0--
    ------=_NextPart_000_0050_01CF2414.572804A0
    Content-Type: image/jpeg;
        name="image002.jpg"
    Content-Transfer-Encoding: base64
    Content-ID: <831025321@07022014-2937>
    /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a
    HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy
    MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACCAIIDASIA
    AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
    AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
    ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
    p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA
    p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+HwEA
    AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
    BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
    U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
    uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3
    uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3++iii
    gAooooAKKKKACq97dGzg81bae4O4DZAoLfXkjirFFAHltr8ZNKtPtNteadrU00V1OhZbdCABIwA+
    +OgwPwqf/hdmg/8AQI13/wABk/8Ai68juv8AkL6t/wBhG5/9GtTKxdVp2PKqY+cJuKS0PfvB
    +Xiwe
    JdNFylnqHlyXE4WaeNVVVEjYU4bqBgdO1dZXA/Bz/knsP/X5c/8Ao1q76tkepF3SYUUUUDCiiigA
    ooooAKKy9S1yz017ZZJ4B5twIWLzKuzIJyc/T9ak/t3R/wDoK2P/AIEJ/jQBoUVjXfibTLc2yxX1
    nM006Q4W4XKhu/XtWvHIkqB43V1PdTkUAOoqhqWqRad9nDFC0s6QkFwpUMcZq6jpIu5GVh6g5oAd
    RRRQB8sXX/IX1b/sI3P/AKNamU+6/wCQvq3/AGEbn/0a1Mrkl8TPnK/8WXqz2z4Of8k9h/6/Ln/0
    a1d9XA/Bz/knsP8A1+XP/o1q76upbH0MPhQUUUEgDJOAKZQUVU0/UYNTt2uLUs0O8qshXAkx/Evq
    voe+OKG1G3GqLpysz3JjMjKi5Ea9ix7Z7euD6GgC3RRRQB5X8atNsF8N2EosbYSy6pH5jiJd
    voe+z5R8
    5OOa8g/s2x/58rf/AL9L/hXtPxs/5FXS/wDsKRf+gSV4vPMfMECZyeWK9ceg9/ft+VYVdzyce5e0
    ST6EKCHT9Rsbuy06zlmtrlJNskYEZx/C2Oo9q3L7Xtd1NDHdarNFbEki0sP9GgXPbamCfxJrHkiY
    JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+0SwjdK7HlYogf4yASSeFHJ7VMXJ6IypTqztTgz
    JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+nbyD
    SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+amvZZfh/aaZZWRtlXSzLdQx+TaHd/F
    SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+96R2
    yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+ecqnO1j2Jzz0J6Vp7N9Gdbwc0rxm7nPa
    yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+F8Tv
    E2hsqXzjW7MdVmwlwo/2XAw30YfjXsvhvxRpXivTftulXBdVO2WJxtkhb+669j/PtmvmaONWVsxy
    W8qMUkjPDRupwykeoIIq3pesal4a1ePV9OkC3CYVweEuE/55yD09G7GlGo07MzoYyUZclUS6/wCQ
    vq3/AGEbn/0a1MqG3vV1GS7vVjaIXF3PL5b9U3SMcH3GamrKXxM4K/8AFl6s9s+Dn/JPYf8Ar8uf
    /RrV31cD8HP+Sew/9flz/wCjWrvWZUUsxCqBkknAArqWx9DD4UDMqKWYhVAySTgAV8/eNvFv9uX0
    1hoWo6iukgss9x9sc/aieqoCeIx69+3HW98QPiA/ieSXR9HlZNEUlZ7hDg3hHVVP/PP1P8X068no
    +j6h4i1aPR9HjUzkAyysP3dtH/eb+i96zlN35YnFiMRJy9lR3J9Gi8U+INVi0bRtd1nztoMk
    +hv5P
    LtY+m5sH8l7/AEr3bRPB1pokMQTUNUuJwyyTTTXjkzuMfM4zg5wOOmOKn8K+FdO8I6OthYKW
    LtY+Zjvn
    uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+EdOdui6nGT/AN8SV4zaRMkW+Ufv
    uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+pPmf
    2J7fhXsnxvCS+E9MTcP+QrETg+ivXkeR6isKu55OYv30vIr3sqwQCZ/uowY/QV7r8KfDDaL4
    2J7fhXsnxvCS+E9MTcP+QrETg+Ttb2
    9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+dfUt1fpZ3FhAqqVuZjDndjYAjN
    9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+n/x3
    H41VJaXNcuguRyK3iD/V6d/2EIP/AEKtK5toby2kt7iMSQyLtZT3FZfiB0MenfOv/H/B3/2quajq
    K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+06TR/HMsUuSbuISFz/wAtSvAf6suAfVkY96wSARgj
    K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+Ir0z
    44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+fJuU8xP95eo/LH
    44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+5VqV
    Q1PC/ZJ/4orhOfZvlP8AOrryLGAzfdzgn0+tQ9Tmn7yUj234PMqfDuNmIVRd3JJJwAPNauJ+IHxA
    bxNJJo+kTFNFVik9wpwbwjqqn/nn6n+L6deStPE2oXPg1PDcG6200XE73Mit811ukYhBjomO
    bxNJJo+vr06
    daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+oeItWj0fR41M5AMsrD93bR/3m/o
    daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+vevo
    Twr4V07wjo62FgpZmO+e4fmSd+7Mf6dAOBXL/By50h/CLWtlAIdSt5MakGO55JT0kJ7qw6en
    Twr4V07wjo62FgpZmO+e4fmSd+I7V6
    JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+G9PuYrC2ilk1WMPIkQDNlXzk98mvKPs0H
    JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+/PGP
    /vkV7F8cE8zwjpyZxnU4xn0+SSvHLaYzQgtgSL8rj0Ydawq7nk5hfnTXYjljtoJ7KV4YvLS8gL5U
    Y2+Yuc+2K+k73wlpM11p8kOk6eEhnLyjyFG5fLdcdOeSp/CvmzUYRc2hgPHmELn0zX0J8N/E
    Y2+Yuc+2K+x8Q+
    EbE3T/6fDEEmB6vtO0t+YIPuPpVUnpY2y+d4OJNrvh3RY47DZpNku6+hU4gUZBbp0qzqnhLSrm2i
    S20iwV1uIXb9yo+VZFLdvQGrXiD/AFenf9hCD/0KtZ3WNGd2CqoyWJwAPWtT0Dxr4z2Ok2Nt
    S20iwV1uIXb9yo+4fs7
    SxtIJ571pG8uJVJRIznoOmWFebfZoP8AnjH/AN8iul+Imqtr3jwT5PkWdsEhQjoHOQT7sPm+jLXP
    1z1X7x4uPnerZdDM1OGER20SxIGluEUYXsDk/oKvPbxPEYtoEZPzKvAPsaoA/bdcRwcw2qEj0LNw
    D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+qnqPQg1dr0fwp4Th8X/B1bPcsV7D
    D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+e3Mt
    ncEf6uUStjP+yehHoa83AmjklguYWguoHMU8LdY3HUf4HuMVU421N8VQ5LTWz/MvaHrl34X1
    ncEf6uUStjP+6DWr
    NWfyxsuYFP8Ar4SeV/3h1X3HvX0npuo2ur6bb6hYzLNa3EYkjkXoQa+X67b4YeLf+Ef1caHeyY0v
    UJM27MeILg/w+yv+jfWqpz6M3wOIt+6l8j3Siiitz1QooooA81+Nn/Iq6X/2FIv/AECSvF5YzHJ5
    yHbnhj2+p9q9o+Nn/Iq6X/2FIv8A0CSvH6wq7nkZg7VF6FWaYARCQGM+YvXofoa6Pwj4ki8N
    yHbnhj2+p9q9o+6o32
    qd4dOuH3/aYvmazlxjeV/ijYAB19ge1c89tcyXFpbWMPnyz3CRxwbgu5j0AJ4H48U65VLG6NtqNo
    9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+jD6E1
    9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+R8Ye
    OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+9NMW
    OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+n2YZ
    pPIQsdzvKwLMfUk8k1o6qtodkswjy+6ncsPdNJPNcXlyJ7y5kaadxyXduuAO3YDsAKakN5qN
    pPIQsdzvKwLMfUk8k1o6qtodkswjy+1BY2
    ls8tzcvsht1+9Kff+6o6k+laug+Gtc8TOq6JpjC3Y4N7cIYoFHqCRl/oor2/wX4C0/whA0oc
    ls8tzcvsht1+9Kff+6o6k+laug+3mqT
    DE97IoDEf3UH8K+w/HNTGDbuzGjhZ1Jc9TT8z53srOWx+1W1wyPcRXMscrp0Zlcrx7cce1Wq
    DE97IoDEf3UH8K+fdf8
    hfVv+wjc/wDo1qZWct2cdf8Aiy9T2z4Of8k9h/6/Ln/0a1Y3xa8IEqfFmnREywoF1GJBzJEO
    hfVv+kgH9
    5O/qv0FbPwc/5J7D/wBflz/6Nau9ZQ6lWAKkYII4IrptdWPe5FOnyy2aPlUEMoZSCpGQR3FNliSe
    JopBlWGDXR+N/CZ8HeIPKgQ/2RfMz2Tdom6tCfp1X247Vz9c0k4ux4NWnKjPlZ7Z8MPGT+IN
    JopBlWGDXR+LbSt
    Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+80fVLXVtOYLe2jbkBOFkU/ejb2Yce3B7V9IeHdes/
    Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+Euh2
    2q2LHypl5RvvRsOGRvQg5FdEJcyPZwuI9tDXdGpRRRVnUea/Gz/kVdL/AOwpF/6BJXj9ewfGz/kV
    dL/7CkX/AKBJXj9YVdzx8x/iL0Lug/8AI4eHf+wpB/OvpW8sbTUIDBe2sFzCesc0YdT+Br5q0H/k
    cPDv/YUg/nX07V0vhOrL/wCF8ziNV+FvhO7MDW/h3T42FwjS7E8vKZ+YfLWvp/gXwppcgksvD2mx
    SDo/2dSw/EjNHh3xpovim/1Sy0u4eSbTZfKnDJtGckZX1GVPNc3qfxq8IaRqt5pt098J7SVoZdls
    SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+B9jfTPpWLN478OQeEU8UPqSf2TIPklAOWb
    SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+ONoX
    ruyCMexql4X+JnhvxdNc2+nTzpdW8Zle3uItjlB/EB3HT86AMG2+Dei3P2i4vbnWI55bqZyF
    ruyCMexql4X+JnhvxdNc2+vOCD
    IxB6dxg/jU//AApXw1/z/a1/4G//AFq6K08daLe+CpfFkLTnS4ldmJiw+Fbafl+oqtd/Ejw/Zm3E
    rXWZ9M/tVNsJP7jGf++valZEOnB6tIk8G+Eo/DVgIIri/Ecc85SGW43qVaRtrEY6kYP1rqq81tfj
    n4Nu7yK1ibUDLK6xqDanqTgZ5qfVPjT4R0jVrzTLlr/7RaTNDLstiwDKcHBzTLOh8SeDNO8U2k9v
    qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+/tSO5GVkCagxViDjcPY9cdRnFdDe/Efw5p3h
    qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+Oz8S
    XVzLFZXv/HvGYz5spyRgJ+H0qnY/FjwrqPh7UdZgnuPK07b9pgaEiZAzBQdvcZPUGlZEuMXuin/w
    pbwr/wA9tW/8Dnq3pXw+tvDN6i6Rdap9huWJuYvtzAq+OJPfptI+h7Gqel/Gvwjq+q2um2rX5uLm
    ZYYw1qQNzHAyc8danv8A4x+DtO1+TSJrycyRTCCa4SEmGJ84IZvY9SMiiyBRitkd9RSAhlDK
    ZYYw1qQNzHAyc8danv8A4x+DtO1+QQRk
    Ed6KZR5t8bP+RV0v/sKRf+gSV4/XsvxK0TXvENjYWEB02NDqSNC0jyZOFfG7C+npXH/8Kh8Y
    Ed6KZR5t8bP+f8/e
    hf8Afyb/AOJrKpByeh52Mw9SrNOC6HL6D/yOHh3/ALCkH86998ca8PDPgrVtW3ASQQN5We8jfKn/
    AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+JPCbeMtHtLDWbjyEhuluJY7Q5SYLn
    AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+CksM
    455qqaaVmb4SlKnT5Zb3PD/hdr+h6J458ORabePLJqdi1pqgdGUC5LF1OT15IXI9PerMniHxX4a1
    Lx/qGiaZp91pqatILuS4Qu0RJIBCgjK888GvafFHgjTPE2n21uf9BltrlLmG4to1Do6dO3TmjSfB
    Gn6Y3iHfLJdRa7O81zHKBtG4EFRjtyas6jyWDQrXSofhZpst3DqGm3N9NdSSqP3UkrbWQAHsM4wf
    f6V6pq1v4VXxfFNOLdfExsJBbDcQ7RYbPA4P8XXnrWbB8J9JXwR/wi11fXlzaxTm4tJ2KrLat/sE
    D1J6+pqTwt8MNP8ADmoXWp3Gp3+q6pPCYBd3sm5o4z2X/GgDxrSZPHQ+B90lpBpJ8M+VNvdy
    D1J6+pqTwt8MNP8ADmoXWp3Gp3+ftG3
    ed2OcZznHFdt4cAPxL8CgjI/4RJP5Gu4sfh5Y2Hw6m8GJe3LWkqSIZ2C+YN7Fj2x3qWw8B2Wn+IN
    H1dLy4aXS9MGmxowXa6D+I8daAOd8Hov/C7PHo2rgR2mOOnyVy3h0eOD4w8bf8IpForwf2vJ
    H1dLy4aXS9MGmxowXa6D+5x1D
    du3ZONu3tivV9L8J22leLta8RR3Mzz6qsQkibG1Ni4GO/wCdcjffBuC61rUdTtvFWuWDX9w1xLFa
    zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+0/Nu2A+gAI+grtrS28KJ48v3thbjxK9
    zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+qv2p
    VJ3mLIwSOn93nr0rM1L4Y6fq3hjTdKu9T1F7zTWZ7XVfN/0lGJyfm7jp+Qq14L+H2n+DZby7S7u9
    Q1O8x9ovbt90jAdB7D/PYUAYPw2Rf+E3+IXyjjVFxx04auM+y6p4e0rXLzRBpPinwJPdS3F7bsds
    0YyC4zwcqMc89M4r2DQPClt4f1fXNRguJpZNXuRcSq4GEIzwuO3PeuRv/grpF3qt1PBq+qWenXk3
    nXemQTbYZWzkjHYH9O2KAPQtLmtrjSbOazXbayQI8K4xhCoKj8sUVYhhjt4I4YUCRRqERR0UAYAo
    oAcVVsblBwcjI6GloooARlVsblBwcjI6GloooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP
    /9k=
    ------=_NextPart_000_0050_01CF2414.572804A0--
    beyond that - the Global Address Book does not update!

  • 10.7.4 Web Access for Active Directory Users

    Does anyone know how to permantly set the AuthType in Web Services to Basic ?
    The reason I ask is I have a web site I want to protect and allow active directory users access to it.
    I have added the users to a local group, added the group to the Who Can Access option.
    Local users can log in but not Active Directory.  If I edit the conf file for the site in /etc/apache2/sites and change the AuthType from Digist to Basic it works fine until I change something in the server app then the conf file gets rewritten.
    Dan

    I am now having the same problem - a Windows server trying to access a file share on the Mac Server is presented with the same error message in the log files:
    [2009/06/29 21:34:56, 2, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:setupnew_vcsession(1260)
    setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
    [2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/libads/kerberosverify.c:ads_verifyticket(428)
    adsverifyticket: smbkrb5_parsename(vifile$) failed (Configuration file does not specify default realm)
    [2009/06/29 21:34:56, 1, pid=485] /SourceCache/samba/samba-187.8/samba/source/smbd/sesssetup.c:replyspnegokerberos(340)
    Failed to verify incoming ticket with error NTSTATUS_LOGONFAILURE!
    Workgroup manager can read from Active Directory - seems to be jiving correctly - my server (SMB) is in Domain Member mode...
    When I try to access system from \\UNC command, I am presented with username/password prompt and nothing works.
    Not feeling the Mac OS X love tonight.
    Bill
    System is bound to active directory - green light in Directory Utility

  • Cannot log into DTR with Active Directory User

    Greetings,
    I have set up and installed JDI correctly.  I can log into /devinf, the cbs, cms and sld systems with no problem using both Administrator and my JDI.Administrator that I assigned to an Active Directory user.  I can log into the DTR using a user from the database (i.e. Administrator), however, when trying to access the DTR with an Active Directory user, I get the following message:
    500   Internal Server Error
      SAP J2EE Engine/6.40 
      Application error occurred during the request procession.
      Details:   Error [javax.servlet.ServletException: Group found, but unique name "businessUnit.all.guests" is not unique!], with root cause [com.tssap.dtr.server.deltav.InternalServerException: Group found, but unique name "businessUnit.all.guests" is not unique!].  The ID of this error is
    Exception id: [0012798F81680042000000090000165C0003FE9AA3C0B86B].
    This group exists in multiple domainshowever, this has not caused us any issues to date with our portal and other pieces of SAP WASit's only this DTR error. 
    Any help is greatly appreciated.
    Thanks,
    Marty

    Hi Marty,
    In the document available at the link enclosed below, there is a part that explains how to configure DTR so that it always uses "Unique-IDs".
    http://help.sap.com/saphelp_nw04/helpdata/en/20/f4a94076b63713e10000000a155106/frameset.htm
    It is mentioned that this is valid for LDAP, but the information is applicable for Active Directory as well.
    Regards,
    Manohar

Maybe you are looking for