Read users from User group

Hi ,
We have a user group . In which we maintained some users
In Tcode SU01 ->Environment ->User groups->Maintain
Now i have to read users related of a particular usergroup in program . Please tell me if any function module available

Hi,
try with fm SUSR_USERGROUP_READ.
Best regards.

Similar Messages

Getting error while removinf user from AD group

Hi,
In AD User process definition, there is a default taks called :Remove user from Group. This task runs after another task called Organization Name Update . Whenever, an user is moved from one org to another org, his organization gets updated in AD user form and this task"Remove user from Group" runs. The work of this task is to remove the user from old groups. BUt the task is getting rejected and i see the below error in log files.
11/07/04 00:24:17 Data AccessException:
11/07/04 00:24:17 com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_ADUSRC_GROUPNAME from UD_ADUSRC where UD_ADUSRC_KEY = Description: ORA-00936: missing expression
SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADREMOVEUSERFROMGROUP.implementation(adpADREMOVEUSERFROMGROUP.java:48)
If anybody knows the solution for this then plz let me know.
Thanks,
Kalpana.

I think the mappings and all would be correct. Here is what Kevin meant:
- Let's assume the AD user account is a part of GroupA, GroupB and GroupC
- Now on Change Organization completion if you invoke Remove user from Group then the adapter/process task has no way to know that which 3 of those groups has to be removed (or all 3 for your case)
- Alternatively if you use API's to remove the group then this task would be invoked by the original OIM process/triggers and so the actual value would be known to adapter/process task.

Remove user from multiple groups

Hello everyone, first time posting here with a question and I apologize if I'm asking in the wrong location.
To give an idea of what I'm attempting to do, I've recently been developing a vbscript that will take a nightly csv export from my student information system and either create or deactivate student accounts based upon their enrollment status. I have
this function working great now, another function I've been developing is to have accounts moved between OU's based upon the school building code assigned to students which I have working as well. The problem I'm running into right now is having students
removed from existing active directory groups when they move between OU's. Essentially what I would like to do is have the script load the users group membership into an array and then remove any groups that end with STUDENTS, below is the code I have
been working on to accomplish this but have literally hit a brick wall. If it helps all my student groups for each location runs in this fashion.
ABCD_STUDENTS
ABCE_STUDENTS
Any suggestions would be greatly appreciated.
' Student changing OU then we need to update their account to reflect appropriate group memberships.
Set UserObj = GetObject("WinNT://server.domain.net/" & ADusrname) 'This must be hardcoded to domain controller
strUserDN = DN
strUserCN = objuser.cn
'Add user to the school group if not correct
Set objGroup = GetObject(varSchoolGroup)
strUserDN = DN ' Bind to the user object.
strGroupDN = varSchoolGroup ' Specify group Distinguished Name and check for membership.
Set objADObject = GetObject("LDAP://"& strUserDN)
objmemberOf = objadobject.GetEx("memberOf")
If Not (funIsMember (GetObject("LDAP://" & strUserDN),varSchoolGroup)) Then
objmemberOf = objadobject.GetEx("memberOf")
For Each objGroup in objmemberOf
Set objGroupDelete = GetObject ("LDAP://" & objGroup)
If Mid(objgroup,7,8) = "STUDENTS" Then
msgbox "test remove"
objGroupDelete.PutEx ADS_PROPERTY_DELETE,"member",Array(strUserDN)
objGroupDelete.setinfo
subUpdateLogFile studentcounter & " - Removed from student group " & objgroup,student_guid,student_username,student_fullname,"removed group"
End If
Next
'Add user to school group
Set objGroup = GetObject(varSchoolGroup)
objGroup.PutEx ADS_PROPERTY_APPEND, "member", Array(struserdn)
objGroup.SetInfo
subUpdateLogFile studentcounter & " - Updated school group to " & student_schoolgroup_ldap,student_guid,student_username,student_fullname,"school group"
objUser.SetInfo
updated = "yes"
End If
Any suggestions would be greatly appreciated.

With Bill. This can be done with AD and PowerShell in a couple of lines for reach item.
You are taking an incorrect approach which is making this much harder than it needs to be. Your question is also hard to understand.
Each AD usre object obtained via ADSI will have a list of groups the account is a member of. You use this to remove the user from the group. How you choose this is up to you. You can use an array or a file. You can also =just use
OU associated groups. A user then is added to all or some groups associated with the OU and removed from the groups associated with the OU by just returning the OU associated group list from the OUs.
Designing AD systems is a specialty. Once you fully understand the features and capabilities of AD these things are usually simple and painless. If the design is not done well they are painful and faulty.
We can answer specific questions. Understaning the design and capabilities of AD is mostly up to you.
Start with a tool that is designed to work well with AD like PowerShell. VBScritp is onluy useful to those who are skilled with AD and scripting in VBSdcript. From your script we can see you are a beginner at both. As Bill notes...do yourself
a favor and switch to PowerShell.
¯\_(ツ)_/¯

Bulk move users from one group to another in XI 3.1

Hi all,
I have a group that contains approximately 20,000 users. I now need to move around 7,500 of these users into a different group.
How can I do this programatically in bulk as I don't want to go through and manually change the groups of 7,500 users?
Thanks,
Chris

Hi Christian,
Assuming you would need to move users from one group to another and remove them from the previous group, you could use the attached java code.
To run the code, you would need to save it as .jsp file and paste it inside AdminTools application context.
The pre-requisite to run this code is to create a Text file with all the 7500 user names in it. The text file should contain one user per line
(example:
User1
User2
User3
You can get this information from query builder by running the below query
Select top 20000 si_name from ci_systemobjects where si_kind='user'
Initially do it for 2-3 users to text the results.
You would need to edit the jsp and modify these three lines
1.
                * Assign user to a group
               //Query for the group ID
               boQuery = "Select SI_ID From CI_SYSTEMOBJECTS Where SI_KIND='UserGroup' And SI_Name='UserGroup name'";
Above in SI_NAME, you would need to provide the usergroup name you want your users to be added to.
2.
if (boUserInfoObject.getGroups().remove(Group Id from which it has to be removed)) {
                        out.print("User removed from group successfully. ");
Above you would need to provide the id of the group you want the users to be removed from(i.e the current group from where you want them to be moved).
3.
* Path to file containing User names.
final String USER_FILE_PATH = "<Path of txt file from which list of users will be imported>";
Above you need to specify the path of the text file which contains all the user names.
Incase you require further assistance on SDKs, raise your concerns in the below space
http://scn.sap.com/community/bi-platform/java-sdk
Thanks,
Prithvi

Approval work folw while Deleting the user from user profile

Hi
I have a requirement like
I configured AD as auto provisioned.
How to configure approval workflow, when administrator deleting the user from user profile (xellerate form).
FYI, Delete task assigned as undo task for the create user task
Thanks
Edited by: user11963802 on Dec 15, 2010 2:31 AM

Create one approval workflow and create one Process Determination Rule like
If
Request Action == "Revoke"
Attach this rule with RO.
Hey sorry
I shared the information for Revoking user from target Application.
Hide Delete User button from JSP
You can create Dummy Resource with Approval workflow for Deleting User. And after getting approval you can use DeleteUser API to delete user from OIM.
Edited by: Rajiv Dewan

Deleted user from a group returned error message

I have a group [[email protected]] with serveral users on it. I deleted one user (userA) member of the group from the system. When a user B send an email to the group [email protected] a messages is returned to all of the members of the group notifying that the user is not whithin the group.
The group [email protected] is a dynamic group.
From: [email protected]
To: [email protected]
Sent: Friday, October 9, 2009 11:12:42 AM
Subject: Notificación del estado de la entrega
Este informe se refiere a un mensaje que ha enviado con los siguientes campos de encabezado:
Message-id: <[email protected]>
Date: Fri, 09 Oct 2009 11:18:06 -0500
From: "User"<[email protected]>
To: [email protected]
Subject: Test 0ne
The message can not be delivered to the next recipients:
Dirección del destinatario: [email protected]
Dirección original: [email protected]
Motivo: recipient no longer on server
- Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec 23 2008)
libimta.so 7.0-3.01 64bit (built 15:22:04, Dec 23 2008)
- Delegated Administrator 6.4-3.01 B2008-10-22
- Solaris 10 10/08 SPARC
What can be happening??

bootbk wrote:
I have a group [[email protected]] with serveral users on it. I deleted one user (userA) member of the group from the system.
How did you "delete" one user? What was the exact change that you made?
When a user B send an email to the group [email protected] a messages is returned to all of the members of the group notifying that the user is not whithin the group.
If there is a problem with a mailing group (vs. a mailing list) then notifications are sent to all members of the group.
http://msg.wikidoc.info/index.php/Setting_Up_a_Proper_Mailing_List
The group [email protected] is a dynamic group.
What filter have you specified for the "dynamic group"?
Regards,
Shane.

Deleting user from Everyone group

Hi,
Has anyone done this?
We have a business need to delete a user from the "Portal Everyone" group and am not able to do it.
I have tried to pull up the everyone group to list the users in the said group and the "Group" iview times out and also the number of users maxes out the cache.
Further the users in this could roughly total to 40,000+.
Thoughts I have range from the following:
Is there any tweak i can do the server's cache settings to handle that high a volume of users? What/where would I be doing some like that?
Should I be doing this programatically perhaps?
Any light on the matter would be grealty appreciated.
Lastly is there a easier solution I am missing?
thanx,
ray

Hi Ray,
> Should I be doing this programatically perhaps?
This maybe would be the fastest solution. Should be something about a five-liner. Use https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/javadocs/nw04/sp12/user management engine - version 4.0/com/sap/security/api/igroup.html#removeusermember(java.lang.String) and save/commit.
Hope it helps
Detlev
PS: Please consider rewarding points for helpful answers on SDN. Thanks in advance!

Unable to remove user from SharePoint Group using PowerShell

I am trying to remove a user from a SharePoint Group using PowerShell.
I can see the user in the Site Collection as part of the SharePoint Group, however, when I attempt to run the script, I get an error message stating "Can not find the user with ID: 10"
Below is the PowerShell script that I am using:
$url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
$userName = "spfarm\sp2013_svc"
#$userName = "spfarm\spprofileimport";
$site = New-Object Microsoft.SharePoint.SPSite($url)
$web = $site.OpenWeb()
$siteGroups = $web.SiteGroups;
Clear-Host
$mySiteGroups = @();
foreach($group in $siteGroups)
Write-Host $group
$mySiteGroups += $group;
}#foreach
$members = $web.SiteGroups[$mySiteGroups[0]];
$owners = $web.SiteGroups[$mySiteGroups[1]];
$visitors = $web.SiteGroups[$mySiteGroups[2]];
#Remove the user from the specified SharePoint Group
$spUser = Get-SPUser -Identity $userName -Web $url
Write-Host $spUser.ID
Remove-SPUser -Identity $spUser -Web $url -Group $owners
$web.Update();
$web.Dispose();
Write-Host "User " $userName "removed from " $owners
Please advise.

I had to update the code to the following because Get-SPUser was not working properly:
$url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
$userName = "spfarm\spprofileimport";
$site = New-Object Microsoft.SharePoint.SPSite($url)
$web = $site.OpenWeb()
$siteGroups = $web.Groups;
Clear-Host
$mySiteGroups = @();
foreach($group in $siteGroups)
Write-Host $group
$mySiteGroups += $group;
}#foreach
$members = $web.Groups[$mySiteGroups[0]];
$owners = $web.Groups[$mySiteGroups[1]];
$visitors = $web.Groups[$mySiteGroups[2]];
#Convert the user name to an SPUser account
$spUser = $web.Site.RootWeb.EnsureUser($userName);
Write-Host $spUser.ID
Remove-SPUser -Identity $spUser -Web $url -Group $owners
$web.Update();
$web.Dispose();
Write-Host "User " $userName "removed from " $owners
Was I not using Get-SPUser correctly?

Pt:treelink Select Users From Specified Group

Is there anyway to have the pt:treelink show classid="1' (users) from a specific group? I can pass a rootid="ADMIN_FOLDER_ID" and get it to only list objects in that folder id. I'm looking for something similar to pass a GroupID="X", where X is the group that I want to display users from.
Thanks,
Jon Yutzy

I'm looking for something similar to this, although without specific selecting.
I would like to popup a list of users inside a group (just to view who's in the group).
I've seen the plumtree portal itself do this while managing security access to different portal objects. You can click the group name to see who's inside. This is exactly what i'm looking for.
Considering this post was originally made a year and a half ago, has anything become of this?

Moving users from One Group to another

Hi Guys,
I am looking for a script which will allow me to move users from One ADGroup to another ADGroup. I have checked ther scripts which are currently present. However, none of them if fixing my issue.
Details:
I have Different locations and users moves from one location to another location and same thing happens as they gets moved from one Tower to another Tower (Like From TOWER A to Tower B). Also users gets promoted and most of the time they are in bulk.We also
have 2 domains one is parent and another is child domain.
So, I hope above information is making sense and also I Completely new to PS so after going to lot of scripts i asking for help on this. I hope I can gets this sorted out as soon as possible as my work is piling up.

You are asking a lot of questions about AD. Do you know how to do this in AD with D tools?
There is no magic way to guess at what you need. I recommend that you start by learning AD and PowerShell. There are good resources here:
http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx
¯\_(ツ)_/¯

Remove user from multiple Group

Hi All,
Can any one help me on this .
we have around 100 different SSLVPN AD security groups. Need a script or command to remove 790 users
from all these groups.
we have list of user in excel sheet we want to remove from group only.
Regards, Triyambak

Hi,
Just checking in to see if the suggestion was helpful. Please let us know if you would like further assistance.
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Regards, Yan Li

Scheduling users from work group manager

I am curious how much control can you have in scheduling users or groups to when they can log on to a machine. I have a biology lab and I wanting to implement group policies that would allow/disallow login based on user ID or Group ID. Is anyone doing this with success. What I am thinking of doing in the future is create user based on a text file and then they will only be allowed to login if there are in a certain sections hours. I think I could group the users into section groups and apply the schedule to the group.
Thanks...

Hi RGrimmes,
Based on your description, I understand that you want to deploy printers via Workgroup Manager. Please refer to following articles and check if
can help you.
Managed Client: How to manage printer options
Managing printers via Workgroup Manager and MCX
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this
information.
However, for Workgroup Manager software, I suggest that you should contact Apple Support or post the question in
Apple Support Communities.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Script Help - Adding Users from AD Group to Computer Object Attribute

Environment:
Computer Objects have the following name convention - USERNAME-INV#-PC. An example is TEST1-54321-D. There is a GPO in place that adds any user populated under the managedBy attribute in a computer object to the administrators group for that computer
object.
Scenario:
Create "Local PC Admin" group
When user TEST1 gets added to the "Local PC Admin" group, a powershell script that runs on an hourly scheduled task goes out and finds any computer object (that is not a server) that has TEST1 in its name. For example, TEST1-54321-D for desktop
and TEST1-98765-L for laptop.
It then adds the user to the managedBy attribute of the computer object and appends the text "added as local admin on <currentdate>" to the computerobject description.
If TEST2 is added to the group later, the script should see that TEST1 has already been added and only add TEST2 to the managedBy attribute to the appropriate computer as well as the "added as local admin on <currentdate>".
Still thinking how this can be automated when a user is removed from the "Local PC Admin" group.
Can somebody please find holes in this scenario or suggest a better method to approach this?

Security nightmare? How so? Regular domain users cannot modify the "managedBy" computer object attribute.
The "Local PC Admin" group would be a ADUC security group. The Help Desk and Network Admins would be the only ones that can either add users to the group or directly modify the "managedBy" computer object attribute.
The Group Policy that runs against the desktops/laptops looks to see if the managedBy attribute of the computer object is populated. If so, it adds that user as a local admin to their workstation/laptop and removes any other user/group not specified
and given local admin rights. This would only be done for a handful of users (those in the Local PC Admin group) that need admin access ; in other words, the attribute would only be populated for a few computer objects and not the entire organization.
If it is not populated, it does nothing and leaves the default admins on it.
More info on how the GPO works here: http://fbinotto.blogspot.com/2014/01/making-user-object-set-in-managedby.html

Read input from user and strore in ztable

Hai,
    could you please give some examples of How to read the input data from user and store in Ztable.
Thanks

Hi Prasanna,
If i understood your requirement correctly,
The below code will insert record in DB table as soon as you enter the value in two fields and press enter button .
Go through the below code,
<b>In Layout</b>
<%@page language="abap"%>
<%@extension name="htmlb" prefix="htmlb"%>
<htmlb:content design="design2003">
<htmlb:page title = "first page ">
    <htmlb:form>
      <htmlb:inputField id="field1"/>
      <htmlb:inputField id="field2"/>
      <htmlb:button       id="submitButton" text = "Press Me"
                          onClick       = "myClickHandler" />
    </htmlb:form>
</htmlb:page>
</htmlb:content>
<b>In Oninputprocessing event</b>
CLASS CL_HTMLB_MANAGER DEFINITION LOAD.
DATA: event TYPE REF TO CL_HTMLB_EVENT.
data : begin of wa,
         matnr type mara-matnr,
         ersda type mara-ersda,
         end of wa.
event ?= CL_HTMLB_MANAGER=>GET_EVENT( runtime->server->request ).
IF event->id = 'submitButton' AND event->event_type = 'click'.
    DATA: data TYPE REF TO CL_HTMLB_INPUTFIELD.
    DATA: data1 TYPE REF TO CL_HTMLB_INPUTFIELD.
    data ?= CL_HTMLB_MANAGER=>GET_DATA( request = runtime->server->request
                                           name     = 'inputField'
                                           id       = 'field1'
    IF data IS NOT INITIAL.
     value = data->value.
      wa-matnr = data->value.
    ENDIF.
    data1 ?= CL_HTMLB_MANAGER=>GET_DATA( request = runtime->server->request
                                           name     = 'inputField'
                                           id       = 'field2'
    IF data1 IS NOT INITIAL.
     value = data->value.
      wa-ersda = data1->value.
    ENDIF.
   insert into ZAZAZ_BSP CLIENT SPECIFIED values wa.
ENDIF.
Regards,
Azaz Ali.
Don't forget to reward points.

How to stop users not in any group and users from other groups accessing sites they have no permission to access on top link bar?

Hello Community
    Using SharePoint 2010 Server and UI, a web application
was created with subsites.
    The subsites have unique permissions and Owner, Member
and Visitor groups.
    The problem is however even if a user does not exist
in a group that user can access the top link bar/navigation
bar and its sub sites.
    Also any user in any group can access any top link bar/navigation bar and its subsites.
    How do you enforce that if a user is not in a group
they are denied access the top link bar/navigation bar and its
subsites?
    Thank you
    Shabeaut

If you are using the built in SharePoint navigation links, SharePoint will automatically hide links to sites that a given user doesn't have access to.
The problem is, it sounds to me like you have a fixed top link bar that lists the content and if a user doesn't have access, the link still shows up.
You may want to look at how the top link bar was encapsulated in the design of the page. If it isn't wrapped in the permissions provider code, that could be the problem.
I trust that answers your question...
Thanks
C
|
RSS |
http://crayveon.com/blog |
SharePoint Scripts | Twitter |
Google+ | LinkedIn |
Facebook | Quix Utilities for SharePoint

Read users from User group

Similar Messages

Maybe you are looking for