Pt:treelink Select Users From Specified Group

Is there anyway to have the pt:treelink show classid="1' (users) from a specific group? I can pass a rootid="ADMIN_FOLDER_ID" and get it to only list objects in that folder id. I'm looking for something similar to pass a GroupID="X", where X is the group that I want to display users from.
Thanks,
Jon Yutzy

I'm looking for something similar to this, although without specific selecting.
I would like to popup a list of users inside a group (just to view who's in the group).
I've seen the plumtree portal itself do this while managing security access to different portal objects. You can click the group name to see who's inside. This is exactly what i'm looking for.
Considering this post was originally made a year and a half ago, has anything become of this?

Similar Messages

Bulk move users from one group to another in XI 3.1

Hi all,
I have a group that contains approximately 20,000 users. I now need to move around 7,500 of these users into a different group.
How can I do this programatically in bulk as I don't want to go through and manually change the groups of 7,500 users?
Thanks,
Chris

Hi Christian,
Assuming you would need to move users from one group to another and remove them from the previous group, you could use the attached java code.
To run the code, you would need to save it as .jsp file and paste it inside AdminTools application context.
The pre-requisite to run this code is to create a Text file with all the 7500 user names in it. The text file should contain one user per line
(example:
User1
User2
User3
You can get this information from query builder by running the below query
Select top 20000 si_name from ci_systemobjects where si_kind='user'
Initially do it for 2-3 users to text the results.
You would need to edit the jsp and modify these three lines
1.
                * Assign user to a group
               //Query for the group ID
               boQuery = "Select SI_ID From CI_SYSTEMOBJECTS Where SI_KIND='UserGroup' And SI_Name='UserGroup name'";
Above in SI_NAME, you would need to provide the usergroup name you want your users to be added to.
2.
if (boUserInfoObject.getGroups().remove(Group Id from which it has to be removed)) {
                        out.print("User removed from group successfully. ");
Above you would need to provide the id of the group you want the users to be removed from(i.e the current group from where you want them to be moved).
3.
* Path to file containing User names.
final String USER_FILE_PATH = "<Path of txt file from which list of users will be imported>";
Above you need to specify the path of the text file which contains all the user names.
Incase you require further assistance on SDKs, raise your concerns in the below space
http://scn.sap.com/community/bi-platform/java-sdk
Thanks,
Prithvi

Getting error while removinf user from AD group

Hi,
In AD User process definition, there is a default taks called :Remove user from Group. This task runs after another task called Organization Name Update . Whenever, an user is moved from one org to another org, his organization gets updated in AD user form and this task"Remove user from Group" runs. The work of this task is to remove the user from old groups. BUt the task is getting rejected and i see the below error in log files.
11/07/04 00:24:17 Data AccessException:
11/07/04 00:24:17 com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_ADUSRC_GROUPNAME from UD_ADUSRC where UD_ADUSRC_KEY = Description: ORA-00936: missing expression
SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADREMOVEUSERFROMGROUP.implementation(adpADREMOVEUSERFROMGROUP.java:48)
If anybody knows the solution for this then plz let me know.
Thanks,
Kalpana.

I think the mappings and all would be correct. Here is what Kevin meant:
- Let's assume the AD user account is a part of GroupA, GroupB and GroupC
- Now on Change Organization completion if you invoke Remove user from Group then the adapter/process task has no way to know that which 3 of those groups has to be removed (or all 3 for your case)
- Alternatively if you use API's to remove the group then this task would be invoked by the original OIM process/triggers and so the actual value would be known to adapter/process task.

Remove user from multiple groups

Hello everyone, first time posting here with a question and I apologize if I'm asking in the wrong location.
To give an idea of what I'm attempting to do, I've recently been developing a vbscript that will take a nightly csv export from my student information system and either create or deactivate student accounts based upon their enrollment status. I have
this function working great now, another function I've been developing is to have accounts moved between OU's based upon the school building code assigned to students which I have working as well. The problem I'm running into right now is having students
removed from existing active directory groups when they move between OU's. Essentially what I would like to do is have the script load the users group membership into an array and then remove any groups that end with STUDENTS, below is the code I have
been working on to accomplish this but have literally hit a brick wall. If it helps all my student groups for each location runs in this fashion.
ABCD_STUDENTS
ABCE_STUDENTS
Any suggestions would be greatly appreciated.
' Student changing OU then we need to update their account to reflect appropriate group memberships.
Set UserObj = GetObject("WinNT://server.domain.net/" & ADusrname) 'This must be hardcoded to domain controller
strUserDN = DN
strUserCN = objuser.cn
'Add user to the school group if not correct
Set objGroup = GetObject(varSchoolGroup)
strUserDN = DN ' Bind to the user object.
strGroupDN = varSchoolGroup ' Specify group Distinguished Name and check for membership.
Set objADObject = GetObject("LDAP://"& strUserDN)
objmemberOf = objadobject.GetEx("memberOf")
If Not (funIsMember (GetObject("LDAP://" & strUserDN),varSchoolGroup)) Then
objmemberOf = objadobject.GetEx("memberOf")
For Each objGroup in objmemberOf
Set objGroupDelete = GetObject ("LDAP://" & objGroup)
If Mid(objgroup,7,8) = "STUDENTS" Then
msgbox "test remove"
objGroupDelete.PutEx ADS_PROPERTY_DELETE,"member",Array(strUserDN)
objGroupDelete.setinfo
subUpdateLogFile studentcounter & " - Removed from student group " & objgroup,student_guid,student_username,student_fullname,"removed group"
End If
Next
'Add user to school group
Set objGroup = GetObject(varSchoolGroup)
objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(struserdn)
objGroup.SetInfo
subUpdateLogFile studentcounter & " - Updated school group to " & student_schoolgroup_ldap,student_guid,student_username,student_fullname,"school group"
objUser.SetInfo
updated = "yes"
End If
Any suggestions would be greatly appreciated.

With Bill. This can be done with AD and PowerShell in a couple of lines for reach item.
You are taking an incorrect approach which is making this much harder than it needs to be. Your question is also hard to understand.
Each AD usre object obtained via ADSI will have a list of groups the account is a member of. You use this to remove the user from the group. How you choose this is up to you. You can use an array or a file. You can also =just use
OU associated groups. A user then is added to all or some groups associated with the OU and removed from the groups associated with the OU by just returning the OU associated group list from the OUs.
Designing AD systems is a specialty. Once you fully understand the features and capabilities of AD these things are usually simple and painless. If the design is not done well they are painful and faulty.
We can answer specific questions. Understaning the design and capabilities of AD is mostly up to you.
Start with a tool that is designed to work well with AD like PowerShell. VBScritp is onluy useful to those who are skilled with AD and scripting in VBSdcript. From your script we can see you are a beginner at both. As Bill notes...do yourself
a favor and switch to PowerShell.
¯\_(ツ)_/¯

Select user from dual

Hi Experts,
The "select user from dual" causes "library cache: mutex X" contention. Is this normal behaviour? Any bug?
Thanks for sharing your thoughts.
Regards,
Richard

Hi Gokhan,
Thanks for your quick reply. We are using Oracle 11g Release 1.
Thanks in advance.
Regards,
Richard
Additional information:
SQL
INST_ID ADDRESS HASH_VALUE SQL_ID COMMAND_TYPE PIECE SQL_TEXT
1 070000007DD06B78 225524178 d6vwqbw6r2ffk 3 0 SELECT USER FROM DUAL
wait event:
P1 P1TEXT P2 P2TEXT P3 P3TEXT SPID PROCESS EVENT WAIT_CLASS
225524178 idn 0 value 57 where 18772088 819426 library cache: mutex X Concurrency
225524178 idn 0 value 57 where 17711190 823330 library cache: mutex X Concurrency
225524178 idn 4.0802E+12 value 57 where 16851142 1237006 library cache: mutex X Concurrency
mutex_sleep_history ( based on P1-idn)
BLOCKING
INST_ID MUTEX_IDENTIFIER SLEEP_TIMESTAMP MUTEX_TYPE GETS SLEEPS REQUESTING_SESSION SID LOCATION MUTEX_VALUE P1 P1RAW P2 P3 P4 P5
1 225524178 30-APR-11 06.25.28.323644 PM Cursor Pin 895106 38 981 950 kkslce [KKSCHLPIN2] 000003B600000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.05.143394 PM Cursor Pin 861746 45 969 981 kkslce [KKSCHLPIN2] 000003D500000000 0 00 0 0 0
1 225524178 30-APR-11 05.26.44.973728 PM Cursor Pin 839251 33 950 980 kkslce [KKSCHLPIN2] 000003D400000001 0 00 0 0 0
1 225524178 30-APR-11 04.50.46.454100 AM Cursor Pin 135508 4 988 971 kkslce [KKSCHLPIN2] 000003CB00000000 0 00 0 0 0
1 225524178 30-APR-11 06.20.57.143668 PM Cursor Pin 864272 52 969 970 kkslce [KKSCHLPIN2] 000003CA00000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.51.204080 PM Cursor Pin 863854 39 950 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 04.54.08.571772 PM Cursor Pin 809666 22 950 928 kkslce [KKSCHLPIN2] 000003A000000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.49.394176 PM Cursor Pin 864774 29 969 950 kkslce [KKSCHLPIN2] 000003B600000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.21.093950 PM Cursor Pin 869850 39 950 981 kkslce [KKSCHLPIN2] 000003D500000000 0 00 0 0 0
1 225524178 30-APR-11 05.27.24.592958 PM Cursor Pin 810896 35 969 980 kkslce [KKSCHLPIN2] 000003D400000000 0 00 0 0 0
1 225524178 30-APR-11 04.50.01.705574 AM Cursor Pin 116153 12 969 971 kksLockDelete [KKSCHLPIN6] 0000000000000001 0 00 0 0 0
1 225524178 30-APR-11 06.20.58.644283 PM Cursor Pin 866494 94 981 970 kkslce [KKSCHLPIN2] 00 0 00 0 0 0
1 225524178 30-APR-11 06.25.23.269811 PM Cursor Pin 892968 28 981 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 04.54.29.441458 PM Cursor Pin 807424 29 950 928 kkslce [KKSCHLPIN2] 000003A000000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.49.421368 PM Cursor Pin 869598 39 969 950 kkslce [KKSCHLPIN2] 000003B600000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.33.891107 PM Cursor Pin 891374 36 969 981 kkslce [KKSCHLPIN2] 000003D500000000 0 00 0 0 0
1 225524178 30-APR-11 05.26.01.979042 PM Cursor Pin 837950 25 970 980 kkslce [KKSCHLPIN2] 000003D400000000 0 00 0 0 0
2 225524178 29-APR-11 11.30.24.124146 PM Cursor Pin 18857 134 1027 1002 kkslce [KKSCHLPIN2] 000003EA00000000 0 00 0 0 0
2 225524178 29-APR-11 11.36.33.932762 PM Cursor Pin 2128672 3562 959 1010 kkslce [KKSCHLPIN2] 000003F200000001 0 00 0 0 0
2 225524178 29-APR-11 11.35.30.576728 PM Cursor Pin 2161583 5145 1010 994 kkslce [KKSCHLPIN2] 000003E200000001 0 00 0 0 0
2 225524178 29-APR-11 11.30.17.443374 PM Cursor Pin 37186 3 944 946 kkslce [KKSCHLPIN2] 000003B200000000 0 00 0 0 0
1 225524178 30-APR-11 06.21.09.475763 PM Cursor Pin 864712 29 950 970 kkslce [KKSCHLPIN2] 000003CA00000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.25.829483 PM Cursor Pin 895066 38 950 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 05.47.15.303972 PM Cursor Pin 858702 34 950 0 kkslce [KKSCHLPIN2] 00 0 00 0 0 0
1 225524178 30-APR-11 06.25.55.444597 PM Cursor Pin 865178 32 981 950 kkslce [KKSCHLPIN2] 000003B600000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.51.559740 PM Cursor Pin 864136 39 969 981 kkslce [KKSCHLPIN2] 00 0 00 0 0 0
1 225524178 30-APR-11 05.27.34.686745 PM Cursor Pin 829040 41 969 980 kkslce [KKSCHLPIN2] 000003D400000000 0 00 0 0 0
1 225524178 30-APR-11 04.50.18.400633 AM Cursor Pin 145131 9 981 971 kkslce [KKSCHLPIN2] 000003CB00000001 0 00 0 0 0
1 225524178 30-APR-11 06.19.32.917632 PM Cursor Pin 890128 26 969 970 kkslce [KKSCHLPIN2] 000003CA00000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.37.957065 PM Cursor Pin 895320 31 950 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 04.54.50.437123 PM Cursor Pin 811647 29 980 928 kksLockDelete [KKSCHLPIN6] 000003A000000002 0 00 0 0 0
1 225524178 30-APR-11 06.25.55.273357 PM Cursor Pin 895588 31 981 950 kkslce [KKSCHLPIN2] 000003B600000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.44.996870 PM Cursor Pin 895490 21 950 981 kkslce [KKSCHLPIN2] 000003D500000000 0 00 0 0 0
1 225524178 30-APR-11 05.26.37.849250 PM Cursor Pin 806046 54 969 980 kkslce [KKSCHLPIN2] 000003D400000000 0 00 0 0 0
1 225524178 30-APR-11 04.50.44.632959 AM Cursor Pin 131970 8 1026 971 kksLockDelete [KKSCHLPIN6] 000003CB00000002 0 00 0 0 0
1 225524178 30-APR-11 06.21.09.033790 PM Cursor Pin 863064 82 969 970 kkslce [KKSCHLPIN2] 000003CA00000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.52.360874 PM Cursor Pin 892624 30 981 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 04.54.42.089257 PM Cursor Pin 810719 33 950 928 kkslce [KKSCHLPIN2] 000003A000000001 0 00 0 0 0
1 225524178 30-APR-11 06.25.49.124653 PM Cursor Pin 880220 41 969 950 kkslce [KKSCHLPIN2] 000003B600000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.55.200082 PM Cursor Pin 892892 25 950 981 kkslce [KKSCHLPIN2] 000003D500000000 0 00 0 0 0
1 225524178 30-APR-11 05.26.12.258306 PM Cursor Pin 807380 46 969 980 kkslce [KKSCHLPIN2] 000003D400000000 0 00 0 0 0
1 225524178 30-APR-11 04.50.35.378955 AM Cursor Pin 148328 5 1026 971 kkslce [KKSCHLPIN2] 000003CB00000000 0 00 0 0 0
1 225524178 30-APR-11 06.21.02.330949 PM Cursor Pin 890826 22 969 970 kkslce [KKSCHLPIN2] 000003CA00000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.54.174086 PM Cursor Pin 894814 40 981 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 05.04.04.939530 PM Cursor Pin 815446 39 970 0 kkslce [KKSCHLPIN2] 00 0 00 0 0 0
1 225524178 30-APR-11 06.25.44.907603 PM Cursor Pin 880618 30 981 950 kkslce [KKSCHLPIN2] 00 0 00 0 0 0
1 225524178 30-APR-11 06.25.55.372206 PM Cursor Pin 895540 29 969 981 kksLockDelete [KKSCHLPIN6] 000003D500000002 0 00 0 0 0
1 225524178 30-APR-11 05.25.55.586330 PM Cursor Pin 835508 34 950 980 kkslce [KKSCHLPIN2] 000003D400000000 0 00 0 0 0
1 225524178 30-APR-11 06.20.30.675408 PM Cursor Pin 891070 34 950 970 kkslce [KKSCHLPIN2] 000003CA00000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.38.179841 PM Cursor Pin 871418 22 981 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 04.54.49.932627 PM Cursor Pin 810910 37 950 928 kkslce [KKSCHLPIN2] 000003A000000000 0 00 0 0 0
1 225524178 30-APR-11 08.37.35.814288 AM Cursor Pin 321836 18 980 935 kkslce [KKSCHLPIN2] 000003A700000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.55.064435 PM Cursor Pin 862588 39 969 950 kkslce [KKSCHLPIN2] 000003B600000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.47.679395 PM Cursor Pin 869738 24 969 981 kkslce [KKSCHLPIN2] 000003D500000000 0 00 0 0 0
1 225524178 30-APR-11 06.19.38.696734 PM Cursor Pin 863078 62 950 970 kkslce [KKSCHLPIN2] 00 0 00 0 0 0
1 225524178 30-APR-11 06.25.53.295681 PM Cursor Pin 862882 39 981 969 kkslce [KKSCHLPIN2] 000003C900000000 0 00 0 0 0
1 225524178 30-APR-11 04.54.53.425947 PM Cursor Pin 810954 40 980 928 kkslce [KKSCHLPIN2] 000003A000000000 0 00 0 0 0
1 225524178 30-APR-11 06.25.35.785176 PM Cursor Pin 879221 35 981 950 kkslce [KKSCHLPIN2] 000003B600000001 0 00 0 0 0
1 225524178 30-APR-11 06.25.02.448874 PM Cursor Pin 869070 29 969 981 kkslce [KKSCHLPIN2] 000003D500000000 0 00 0 0 0
1 225524178 30-APR-11 05.25.45.707055 PM Cursor Pin 838490 24 970 980 kksl
..

Select user from dual with oid + oss ?

Implementing a solution for global user administration, authentication and application schema mapping, will it break the simple but efficient possibility to do a 'select user from dual' ?
If it is possible which value will we get, a global user identifier from the directory or something else ?
Thanks in advance for your help

Actually we authenticate user using internal database users. Each user depending on his enterprise role will have a set of synonyms deployed to map the application schema. It is complex to handle a large set of users schema. With OSS it seem to be possible to authenticate user using an external LDAP directory (OID) and to map this user to an application schema switch user's enterprise role.
But I want to evaluate the impact of deployeing such solution, because our application use some 'select user from dual' single query to track user activity in some manner (this can be done using triggers or pl/sql api that do this job). If it is possible to have an unique user identifier in the database session context, even using external authentication and schema mapping of OSS we'll have less impact on the application. Else we'll have to change some API signatures to handle this user identifier.
Context is :
- use LDAP external functionalities provided with OSS to increase user management at an enterprise level ... single sign-on is our goal ,-)
- use schema mapping to reduce our complexity of schema management. One schema foreach role rather than one schema per user.
So, will we be able to individually know which user have the session in the database, rather than the shared schema name. If it is possible, the impact on our application will be really minor ...
Thanks in advance for your help. If someone who read this lines have such system deployed and can try the 'select user from dual', I'll be glad on the answer that the database will give ,-)

AD Integration with UCM 11g - Selecting users from multiple OU

Hi All,
I have integrated AD with UCM 11g and able to login with AD username/password to UCM application.
The one problem I face, the users of this application are scattered in different OUs in AD. Like OUs are created for different locations and users are present in that OU. I'm unable to select all the users of this application from different OU's.
Like the users are present in below OUs.
OU=Users,OU=America,DC=compnay,DC=net
OU=Users,OU=Canada,DC=compnay,DC=net
In User Base DN - What should i give? When i give any one of the above I get the users properly.
Also is it possible to select users by querying a security group in AD and getting all the members (Users) of it. Because in our application we have only three roles (mapped to the corresponding three security group in AD), and all users of this application are assigned one of that role. So, I could get all the users by querying the security group. But I do not know if that is possible.
Please advise.
Kind Regards,
Selvam S

Hi Selvam,
Just put User Base DN: DC=compnay,DC=net
This will pull all users from both OU, along with some unwanted entries like computers on the domain. Another, possibly silly proposal, would be to create two Ldap authenticators with different User Base DN. Both should be on the top of authenticators list with Sufficient flags.
Regards,
Boris

Unable to remove user from SharePoint Group using PowerShell

I am trying to remove a user from a SharePoint Group using PowerShell.
I can see the user in the Site Collection as part of the SharePoint Group, however, when I attempt to run the script, I get an error message stating "Can not find the user with ID: 10"
Below is the PowerShell script that I am using:
$url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
$userName = "spfarm\sp2013_svc"
#$userName = "spfarm\spprofileimport";
$site = New-Object Microsoft.SharePoint.SPSite($url)
$web = $site.OpenWeb()
$siteGroups = $web.SiteGroups;
Clear-Host
$mySiteGroups = @();
foreach($group in $siteGroups)
Write-Host $group
$mySiteGroups += $group;
}#foreach
$members = $web.SiteGroups[$mySiteGroups[0]];
$owners = $web.SiteGroups[$mySiteGroups[1]];
$visitors = $web.SiteGroups[$mySiteGroups[2]];
#Remove the user from the specified SharePoint Group
$spUser = Get-SPUser -Identity $userName -Web $url
Write-Host $spUser.ID
Remove-SPUser -Identity $spUser -Web $url -Group $owners
$web.Update();
$web.Dispose();
Write-Host "User " $userName "removed from " $owners
Please advise.

I had to update the code to the following because Get-SPUser was not working properly:
$url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
$userName = "spfarm\spprofileimport";
$site = New-Object Microsoft.SharePoint.SPSite($url)
$web = $site.OpenWeb()
$siteGroups = $web.Groups;
Clear-Host
$mySiteGroups = @();
foreach($group in $siteGroups)
Write-Host $group
$mySiteGroups += $group;
}#foreach
$members = $web.Groups[$mySiteGroups[0]];
$owners = $web.Groups[$mySiteGroups[1]];
$visitors = $web.Groups[$mySiteGroups[2]];
#Convert the user name to an SPUser account
$spUser = $web.Site.RootWeb.EnsureUser($userName);
Write-Host $spUser.ID
Remove-SPUser -Identity $spUser -Web $url -Group $owners
$web.Update();
$web.Dispose();
Write-Host "User " $userName "removed from " $owners
Was I not using Get-SPUser correctly?

Script Help - Adding Users from AD Group to Computer Object Attribute

Environment:
Computer Objects have the following name convention - USERNAME-INV#-PC. An example is TEST1-54321-D. There is a GPO in place that adds any user populated under the managedBy attribute in a computer object to the administrators group for that computer
object.
Scenario:
Create "Local PC Admin" group
When user TEST1 gets added to the "Local PC Admin" group, a powershell script that runs on an hourly scheduled task goes out and finds any computer object (that is not a server) that has TEST1 in its name. For example, TEST1-54321-D for desktop
and TEST1-98765-L for laptop.
It then adds the user to the managedBy attribute of the computer object and appends the text "added as local admin on <currentdate>" to the computerobject description.
If TEST2 is added to the group later, the script should see that TEST1 has already been added and only add TEST2 to the managedBy attribute to the appropriate computer as well as the "added as local admin on <currentdate>".
Still thinking how this can be automated when a user is removed from the "Local PC Admin" group.
Can somebody please find holes in this scenario or suggest a better method to approach this?

Security nightmare? How so? Regular domain users cannot modify the "managedBy" computer object attribute.
The "Local PC Admin" group would be a ADUC security group. The Help Desk and Network Admins would be the only ones that can either add users to the group or directly modify the "managedBy" computer object attribute.
The Group Policy that runs against the desktops/laptops looks to see if the managedBy attribute of the computer object is populated. If so, it adds that user as a local admin to their workstation/laptop and removes any other user/group not specified
and given local admin rights. This would only be done for a handful of users (those in the Local PC Admin group) that need admin access ; in other words, the attribute would only be populated for a few computer objects and not the entire organization.
If it is not populated, it does nothing and leaves the default admins on it.
More info on how the GPO works here: http://fbinotto.blogspot.com/2014/01/making-user-object-set-in-managedby.html

Remove user from multiple Group

Hi All,
Can any one help me on this .
we have around 100 different SSLVPN AD security groups. Need a script or command to remove 790 users
from all these groups.
we have list of user in excel sheet we want to remove from group only.
Regards, Triyambak

Hi,
Just checking in to see if the suggestion was helpful. Please let us know if you would like further assistance.
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Regards, Yan Li

Deleting user from Everyone group

Hi,
Has anyone done this?
We have a business need to delete a user from the "Portal Everyone" group and am not able to do it.
I have tried to pull up the everyone group to list the users in the said group and the "Group" iview times out and also the number of users maxes out the cache.
Further the users in this could roughly total to 40,000+.
Thoughts I have range from the following:
Is there any tweak i can do the server's cache settings to handle that high a volume of users? What/where would I be doing some like that?
Should I be doing this programatically perhaps?
Any light on the matter would be grealty appreciated.
Lastly is there a easier solution I am missing?
thanx,
ray

Hi Ray,
> Should I be doing this programatically perhaps?
This maybe would be the fastest solution. Should be something about a five-liner. Use https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/javadocs/nw04/sp12/user management engine - version 4.0/com/sap/security/api/igroup.html#removeusermember(java.lang.String) and save/commit.
Hope it helps
Detlev
PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance!

Anonymous - SELECT user FROM DUAL;

I am trying to populate a table field LAST_UPDATED_BY VARCHAR(15) through an APEX Form with the following valid trigger:
CREATE OR REPLACE TRIGGER "bi_EMPLOYEES"
BEFORE INSERT ON employees
FOR EACH ROW
BEGIN
SELECT USER
INTO :new.last_update_by
FROM DUAL;
END;
The field gets populated with the value: ANONYMOUS after clicking the Apply Changes button. Can anyone tell me why?

<<:new.last_update_by := NVL( v('APP_USER'), USER);>>
Just to confirm, will this trigger statement also populate the DB USER on an import or insert when not using the APP?

Moving users from One Group to another

Hi Guys,
I am looking for a script which will allow me to move users from One ADGroup to another ADGroup. I have checked ther scripts which are currently present. However, none of them if fixing my issue.
Details:
I have Different locations and users moves from one location to another location and same thing happens as they gets moved from one Tower to another Tower (Like From TOWER A to Tower B). Also users gets promoted and most of the time they are in bulk.We also
have 2 domains one is parent and another is child domain.
So, I hope above information is making sense and also I Completely new to PS so after going to lot of scripts i asking for help on this. I hope I can gets this sorted out as soon as possible as my work is piling up.

You are asking a lot of questions about AD. Do you know how to do this in AD with D tools?
There is no magic way to guess at what you need. I recommend that you start by learning AD and PowerShell. There are good resources here:
http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx
¯\_(ツ)_/¯

Scheduling users from work group manager

I am curious how much control can you have in scheduling users or groups to when they can log on to a machine. I have a biology lab and I wanting to implement group policies that would allow/disallow login based on user ID or Group ID. Is anyone doing this with success. What I am thinking of doing in the future is create user based on a text file and then they will only be allowed to login if there are in a certain sections hours. I think I could group the users into section groups and apply the schedule to the group.
Thanks...

Hi RGrimmes,
Based on your description, I understand that you want to deploy printers via Workgroup Manager. Please refer to following articles and check if
can help you.
Managed Client: How to manage printer options
Managing printers via Workgroup Manager and MCX
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this
information.
However, for Workgroup Manager software, I suggest that you should contact Apple Support or post the question in
Apple Support Communities.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

How to stop users not in any group and users from other groups accessing sites they have no permission to access on top link bar?

Hello Community
    Using SharePoint 2010 Server and UI, a web application
was created with subsites.
    The subsites have unique permissions and Owner, Member
and Visitor groups.
    The problem is however even if a user does not exist
in a group that user can access the top link bar/navigation
bar and its sub sites.
    Also any user in any group can access any top link bar/navigation bar and its subsites.
    How do you enforce that if a user is not in a group
they are denied access the top link bar/navigation bar and its
subsites?
    Thank you
    Shabeaut

If you are using the built in SharePoint navigation links, SharePoint will automatically hide links to sites that a given user doesn't have access to.
The problem is, it sounds to me like you have a fixed top link bar that lists the content and if a user doesn't have access, the link still shows up.
You may want to look at how the top link bar was encapsulated in the design of the page. If it isn't wrapped in the permissions provider code, that could be the problem.
I trust that answers your question...
Thanks
C
|
RSS |
http://crayveon.com/blog |
SharePoint Scripts | Twitter |
Google+ | LinkedIn |
Facebook | Quix Utilities for SharePoint

Pt:treelink Select Users From Specified Group

Similar Messages

Maybe you are looking for