Remove domain controller 2008 from active directory

Similar Messages

• Remove Domain Controller role from Exchange 2010 Server

  Hi team,
  There is a client with Domain Controller (2008 R2) running together with Exchange Server 2010 SP3. However there were some huge problems with Exchange and DC therefore since the best practice is to keep those roles seperately, they are in need of doing so.
  Can someone please suggest me the best approach? The server they use right now is with 16GB therefore whatever done, Exchange should be on that machine and DC on the other 6GB.
  Option 01.
  Both Exchange and DC are together
  Install new Exchange on a temporary Server and move everything make that Exchange server the only working primary
  Remove exchange from the DC server
  Promote new Additional DC and promote it with FSMO and make primary
  Demote the old DC from the 16GB server
  Install Exchange again on the 16GB server and move everything from the temporary server
  Or Option 02
  Add new additionall Domain Controller server and make it primary with GC and FSMO
  Run dcpromo to demote the old Domain controller role from where the Exchange Server too is installed
  Once DC role is removed from the exchange server, set up DNS and perform a restart, so Exchange will identify the new GC and domain controller
  Live happily ever after
  Thank You,
  Cheers!!

  Adding/Removing the DC-Role while Exchange is installed, is not supported so forget about your Option 2.
  Here's what I would do:
  1. Install a new GC/DC (move FSMO etc)
  2. Install a new temporary server for Exchange and move everthing over
  3. Decomission the old Exchange Server
  4. Demote the old Domain Controller
  5. Install Exchange on a newly freshly installed OS and move everything over from your temp server
  Martina Miskovic

• Removing Exchange 2007 from SBS 2008 (In an Exchange 2010 Coexistance Scenario) - In order to remove 2007 Mailbox Objects from Active Directory and remove the SBS2008 server completely

  I'm trying to remove Exchange 2007 from an SBS 2008 server
  (Server 2008 Standard FE).  My ultimate goal is to completely remove the SBS 2008 Server from the network environment.
  We have an Exchange 2010 Coexistence Scenario and Mailboxes/Public Folders/etc have been moved over to the 2010 mail server, on Server 2008 R2.
  I have moved all Shares, FSMO roles, DHCP, DNS, etc over to their respective servers.  We have two full blown DC's in the environment.
  I'm ready to remove Exchange 2007 from SBS 2008 and DCPROMO the server.  I can NOT seem to find a TechNet article that shows me how
  to proceed in this kind of scenario.  I am trying to use the TechNet article:
  http://technet.microsoft.com/en-us/library/dd728003(v=ws.10).aspx
  This article references Disabling Mailboxes, Removing OAB, Removing Public Folder Databases, then uninstalling Exchange using the Setup Wizard. 
  When I go to Disable Mailboxes I get the following error:
  Microsoft Exchange Error
  Action 'Disable' could not be performed on object 'Username (edited)'.
  Username (edited)
  Failed
  Error:
  Object cannot be saved because its ExchangeVersion property is 0.10 (14.0.100.0), which is not supported by the current version 0.1 (8.0.535.0). You will need a later version of Exchange.
  OK
  I really don't see why I need to Disable Mailboxes, Remove OAB and Public Folder Databases since they have been moved to 2010.  I just want
  to remove Exchange 2007 and DCPROMO this server (actually I just want to remove any lingering Exchange AD Objects referring to the SBS 2008 Server, using the easiest and cleanest method possible).
  Can someone point me in the right direction?
  Thanks!

  Hi,
  Based on your description, it seems that you are in a migration process (migrate SBS 2008 to Windows Server
  2008 R2). Now, you want to remove Exchange Server and demote server. If anything I misunderstand, please don’t hesitate to let me know.
  On current situation, please refer to following articles and check if can help you.
  Transition
  from Small Business Server to Standard Windows Server
  Removing SBS 2008 –
  Step 1: Exchange 2007
  Removing SBS 2008 – Step 2:
  ADCS
  Removing
  SBS 2008 – Step 3: remove from domain / DCPROMO
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  Hope this helps.
  Best regards,
  Justin Gu

• Remove leading zeros coming from Active Directory

  Greetings all.  Our sapusername is stored in Active Directory with leading zeros.  Is there a way to remove these zeros in the portal so SSO will work?  I have had my AD team manually remove the zeros in front of my sapusername, so I'm sure that's the issue.
  Alternately, is there a setting in R3 that would allow leading zeros?

  Hi,
  I've seen the problem before and I think you only have two choices (haven't looked into if R3 can accept leading zeros)
  1. Since you are allready retrieving sapusernames from an R3 change that mapping to remove leading zeros and possibly put it in a new attribute.
  2. Create a JAAS login module which retrieves found username from the HeaderVariableLoginModule and trims leading zeros before putting the username back to shared state. This new LoginModule must be placed before the CreateTicketLoginModule.
  Note it is not very trivial to create a JAAS login module but an excellent guide can be found here http://help.sap.com/saphelp_nw2004s/helpdata/en/46/3ce9402f3f8031e10000000a1550b0/frameset.htm

• Removing an 1 way trust Active Directory Domain from SearchActiveDirectoryDomains

  One of our AD domains is being retired.  After configuration for both, we need to change to only point to one domain.  Is running the following advisable to fix?
  stsadm
  -o setapppassword
  -password ******
  stsadm
  -o setproperty
  -pn peoplepicker-searchadforests
  -pv "domain:***.**.*****.**.***,TDC\***********,**********"
  -url http://url
  iisreset
  /noforce
  Thank you,
  Mark

  Hi,
  According to your post, my understanding is that you wanted to remove an one way trust Active Directory Domain from SearchActiveDirectoryDomains.
  People Picker will only query the forests or domains that you specify in the
  peoplepicker-searchadforests property setting.
  To specify the forests or domains to be queried together with the credentials, type the following command:
  stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv
  <Valid list of forests or domains, Login name, Password> -url
  <Web application URL>
  More information:
  Configure People Picker in SharePoint 2013
  All you want to know about People Picker in SharePoint ( Functionality | Configuration
  | Troubleshooting )
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support

• Can i add a windows 2008 domain controller in a open directory  ?

  i want to add an windows 2008 r2 domain controller to a open directory .
  is this possible, and replicated all users to active directory?

  Yes, You must establish a two-way trust between the central forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the central forest.
  Also you can refer below link
  http://technet.microsoft.com/en-us/library/gg670909%28v=ocs.14%29.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical

• Best Way to Remove Server from Active Directory

  I was wondering the best practice to remove a server from AD according to Microsoft.  
  Option 1 :
  Login to server and take it off the domain and put it into a workgroup
  Then login to AD and make sure it is removed
  Confirm removal from DNS
  Option 2 :
  Login to Domain Server and manually remove
  Confirm removal from DNS
  Thanks
  Also the servers are running Windows 2008 R2

  So if its just a file server, I would just go with option 1 to ensure the cleanest removal from Active Directory?
  What would happen if I just removed it from Active Directory after powering it down?  Still a clean result?  Or is it considered best practice to take the server off the domain from the server then power it down and then remove from Active Directory?
   Please let me know and also if you want me to clarify.
  I am not sure if I understood you correctly but if you just right click the computer object in Active Directory and delete it you have to manually delete the DNS records as well or wait for scavenging period to delete the outdated DNS records.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Windows Server 2008 R2 - Active Directory Replication over DynDNS

  Hello,
  I have one server that Windows Server 2008 R2 - Active Directory / DNS
  Now some users shifted to new office with the server
  Some users still in the original place that now don't have ADDS/DNS
  i want to install one replication server in the original place to retrieve AD/DNS form new office via DynDNS
  is that possible of not?
  Best regards,

  Badr, I don't think you want AD replication occurring over the internet - even if that was possible the server would need access to all the SRV records, a records, And all the ports required for communication - See here for an exhaustive list
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx - I don't think I have to tell you how bad opening all these ports to the internet would be.
  You may want to look at Setting up a vpn or DirectAccess from the original site to the new site. This will give you more security and generally won't cost to much.
  http://technet.microsoft.com/en-us/network/dd420463.aspx
  Another thing that may work for you would be if you setup remote desktop services in the new location and had the original location remote into via a gateway server -
  http://blogs.technet.com/b/windowsserver/archive/2012/05/09/windows-server-2012-remote-desktop-services-rds.aspx as a starting point. With RDS your users would be able to access the new location from anywhere, although there would be upfront costs associated,
  licensing and server being part of them - I don't recommend turning your domain controller into an RDS server.These are just some ideas to help you with your issue

• LMS 2.6 and ACS 4.2 compatible with Windows 2008 R2 Active Directory?

  Hi,
  We are planning to upgrade CORP Domain from Windows 2003 Active Directory Schema to Windows 2008 R2 Active Directory Schema.
  I wanted to know if the following applications which are installed on windows (domain member servers) are compatible with windows 2008 server R2 schema?
  CiscoWorks LAN Management Solution 2.6
  Cisco Secure Access Control System 4.2
  Cisco Fabric Manager 1.5
  Any help is much appreciated!

  - CiscoWorks LAN Management Solution 2.6 - Not supported and this software is EOS-EOL.
  www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/prod_end-of-life_notice0900aecd80532c07.html
  - Cisco Secure Access Control System 4.2 - Not supported either:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/install.html#wp1041324
  - Cisco Fabric Manager 1.5 - Was not able to find anything for version 1.5 and not really familiar with this product.  However, according to the below not even version 4.2(7d) supports 2008:
  www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/fm/release/notes/20325_10.html#wp657668

• How do I get info from Active Directory and use it in my web-applications?

  I borrowed a nice piece of code for JNDI hits against Active Directory from this website: http://www.sbfsbo.com/mike/JndiTutorial/
  I have altered it and am trying to use it to retrieve info from our Active Directory Server.
  I altered it to point to my domain, and I want to retrieve a person's full name(CN), e-mail address and their work location.
  I've looked at lots of examples, I've tried lots of things, but I'm really missing something. I'm new to Java, new to JNDI, new to LDAP, new to AD and new to Tomcat. Any help would be so appreciated.
  Thanks,
  To show you the code, and the error message, I've changed the actual names I used for connection.
  What am I not coding right? I get an error message like this:
  javax.naming.NameNotFoundException[LDAP error code 32 - 0000208D: nameErr DSID:03101c9 problem 2001 (no Object), data 0,best match of DC=mycomp, DC=isd, remaining name dc=mycomp, dc=isd
  [code]
  import java.util.Hashtable;
  import java.util.Enumeration;
  import javax.naming.*;
  import javax.naming.directory.*;
  public class JNDISearch2 {
  // initial context implementation
  public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
  public static String MY_HOST = "ldap://99.999.9.9:389/dc=mycomp,dc=isd";
  public static String MGR_DN = "CN=connectionID,OU=CO,dc=mycomp,dc=isd";
  public static String MGR_PW = "connectionPassword";
  public static String MY_SEARCHBASE = "dc=mycomp,dc=isd";
  public static String MY_FILTER =
  "(&(objectClass=user)(sAMAccountName=usersignonname))";
  // Specify which attributes we are looking for
  public static String MY_ATTRS[] =
  { "cn", "telephoneNumber", "postalAddress", "mail" };
  public static void main(String args[]) {
  try { //----------------------------------------------------------        
  // Binding
  // Hashtable for environmental information
  Hashtable env = new Hashtable();
  // Specify which class to use for our JNDI Provider
  env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
  // Specify the host and port to use for directory service
  env.put(Context.PROVIDER_URL, MY_HOST);
  // Security Information
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, MGR_DN);
  env.put(Context.SECURITY_CREDENTIALS, MGR_PW);
  // Get a reference toa directory context
  DirContext ctx = new InitialDirContext(env);
  // Begin search
  // Specify the scope of the search
  SearchControls constraints = new SearchControls();
  constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
  // Perform the actual search
  // We give it a searchbase, a filter and the constraints
  // containing the scope of the search
  NamingEnumeration results = ctx.search(MY_SEARCHBASE, MY_FILTER, constraints);
  // Now step through the search results
  while (results != null && results.hasMore()) {
  SearchResult sr = (SearchResult) results.next();
  String dn = sr.getName() + ", " + MY_SEARCHBASE;
  System.out.println("Distinguished Name is " + dn);
  // Code for displaying attribute list
  Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
  if (ar == null)
  // Has no attributes
  System.out.println("Entry " + dn);
  System.out.println(" has none of the specified attributes\n");
  else // Has some attributes
  // Determine the attributes in this record.
  for (int i = 0; i < MY_ATTRS.length; i++) {
  Attribute attr = ar.get(MY_ATTRS);
  if (attr != null) {
  System.out.println(MY_ATTRS[i] + ":");
  // Gather all values for the specified attribute.
  for (Enumeration vals = attr.getAll(); vals.hasMoreElements();) {
  System.out.println("\t" + vals.nextElement());
  // System.out.println ("\n");
  // End search
  } // end try
  catch (Exception e) {
  e.printStackTrace();
  System.exit(1);
  My JNDIRealm in Tomcat which actually does the initial authentication looks like this:(again, for security purposes, I've changed the access names and passwords, etc.)
  <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
  connectionURL="ldap://99.999.9.9:389"
  connectionName="CN=connectionId,OU=CO,dc=mycomp,dc=isd"
  connectionPassword="connectionPassword"
  referrals="follow"
  userBase="dc=mycomp,dc=isd"
  userSearch="(&(sAMAccountName={0})(objectClass=user))"
  userSubtree="true"
  roleBase="dc=mycomp, dc=isd"
  roleSearch="(uniqueMember={0})"
  rolename="cn"
  />
  I'd be so grateful for any help.
  Any suggestions about using the data from Active directory in web-application.
  Thanks.
  R.Vaughn

  By this time you probably have already solved this, but I think the problem is that the Search Base is relative to the attachment point specified with the PROVIDER_URL. Since you already specified "DC=mycomp,DC=isd" in that location, you merely want to set the search base to "". The error message is trying to tell you that it could only find half of the "DC=mycomp, DC=isd, DC=mycomp, DC=isd" that you specified for the search base.
  Hope that helps someone.
  Ken Gartner
  Quadrasis, Inc (We Unify Security, www -dot- quadrasis -dot- com)

• User profiles from Active directory when loggedin then userdisplay, useredit shows blank white screen in SharePoint 2013

  User profiles from Active directory when loggedin then userdisplay, useredit shows blank white screen in SharePoint 2013 
  I can login with the these AD users and AD direct import is working just fine. We are not using UPS.
  With admin user when I click on the user it shows up proper data. But when I login with the same user it does not show me userdisplay/useredit and shows blank data. Also another strange thing is when I add new item in list with these AD users created by
  modified by is blank and its really strange. I checked user information list, tried to rerun user sync with direct AD import option but no success.
  MCTS Sharepoint 2010, MCAD dotnet, MCPDEA, SharePoint Lead

  Hi Amit,
  According to your description, my understanding is that the page is blank when the use accessed /_layouts/15/userdisp.aspx and the created by field was blank when the user created a new list item in SharePoint 2013.
  I tested the same scenario per your post, however I cannot reproduce your issue.
  For troubleshooting this issue, I recommend to verify the things below:
  Check the permission of the user in the corresponding site collection to see if he can access /_layouts/15/userdisp.aspx.
  Delete the user from AD and SharePoint, then re-add the user to AD and grant proper permission to the user in SharePoint to see if the issue still occurs.
  Did this issue occur with all the users? Add a new user in AD and test the same scenario.
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• How to set in Windows 8.1 the Account Picture from Active Directory

  Hello All,
  In my company I have uploaded the photos for
  each employees in
  Active Directory using a powershell script that set the attribute
  thumbnailphoto.
  This is useful for images in Lync and Outlook,
  now I want to use these pictures
  to sync with the account picture
  in Windows 8.1 but I haven't found anything in internet that helps me
  for this.
  I hope someone can help me,
  Thanks!

  Hi,
  You can try the steps in following article:
  Using Pictures from Active Directory
  http://msitpros.com/?p=1036
  This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore,
  Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you
  completely understand the risk before retrieving any software from the Internet.
  For your reference, here is the similar thread with different method:
  http://social.technet.microsoft.com/Forums/en-US/d6e7b2c3-c343-4900-a01d-24bfb30357b6/is-there-a-solution-to-set-user-account-picture-from-active-directory-thumbnailphoto-attribute-in?forum=w8itproinstall
  Hope these would be helpful.
  Kate Li
  TechNet Community Support

• How to create two domains name in one active directory domain service .server 2012 ??

  Hi there 
  I want to try sharepoint foundation and office web apps server .
  I installed server 2012 sharepoint found 2013 sql server 2012 and create a new forest on active directory domain sevice 
  now I want to install office web apps server 2013 but when I run the setup said me can't install office web apps server on the domain name that installed sharepoint .
  how can I create second domain name on this active directory domain service to install office web apps server ?
  help me please I'm new and just want to try sharepoint and office web apps server .
  mostly I need to create MS access custom web app and I need the web place to run my access custom web app on this server and because I live in iran can't create and sign up for office 365 and sharepoint online so i'm forced to run them on my system .help
  me to complete ths server ?
  Greate Regards :
  Raha
  whit the best regard : Raha

  Hi,
  For how to Use Office Web Apps with SharePoint 2013, the below links should be what you want to refer to:
  Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431687.aspx
  Video: Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/dn455088.aspx
  How Office Web Apps work on-premises with SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431685.aspx
  In addition, for further assistance for Sharepoint, I suggest you post in the SharePoint forum.
  Regards,
  Yan Li
  Regards, Yan Li

• How to create an embedded link with VBScript that references user website from Active Directory?

  I have scoured the web for days and have not been able to quite come up with exactly what I need for this. I have created an Outlook signature deployment using VBScript which sets information in an already formatted Word doc using placeholders. (Ex. [Displayname],
  [Initial], [City])
  All of that works as expected, but now marketing would like to have an embedded link reference some of our users personal web pages. So the link would display some kind of standard text like "Click Here". Once clicked on the user would be redirected
  to the personal web page of the person who sent the email. My problem is, I have no idea how to get the hyperlink to pull in the information from Active Directory...another problem is I know only enough coding to be dangerous so I am stuck. 
  Here is a sample of what I am working with, I am hoping someone can point me in the right direction. Thanks!
  '----- Connect to AD and get user info -----'
  Set objSysInfo = CreateObject("ADSystemInfo")
  Set WshShell = CreateObject("WScript.Shell")
  strUser = objSysInfo.UserName
  Set objUser = GetObject("LDAP://" & strUser)
  strDisplayName = objUser.displayName
  strFirstname = objUser.FirstName
  strLastName = objUser.givenName
  strInitials = objUser.initials
  strName = objUser.FullName
  strTitle = objUser.Title
  strDescription = objUser.Description
  strOffice = objUser.physicalDeliveryOfficeName
  strCred = objUser.info
  strPOBox = objUser.postOfficeBox
  strStreet = objUser.StreetAddress
  strCity = objUser.l
  strPostCode = objUser.PostalCode
  strPhone = objUser.TelephoneNumber
  strMobile = objUser.Mobile
  strFax = objUser.FacsimileTelephoneNumber
  strEmail = objUser.mail
  strWeb = objuser.wWWHomePage
  '----- Apply any modifications to Active Directory fields -----
  'Use company info page if user does not have a Linked-In account specified
   if strweb = "" Then strweb = "http://www.linkedin.com/company/58654"
  '----- Open Word template in read-only mode {..Open(filename,conversion,readonly)} -----
  Set objWord = CreateObject("Word.Application")
  Set objDoc = objWord.Documents.Open(strTemplatePath & strTemplateName,,True)
  Set objEmailOptions = objWord.EmailOptions
  Set objSignatureObject = objEmailOptions.EmailSignature
  Set objSignatureEntries = objSignatureObject.EmailSignatureEntries
  '----- Replace template text placeholders with user specific info -----
  SearchAndRep "[DisplayName]", strDisplayName, objWord
  SearchAndRep "[Name]", strName, objWord
  SearchAndRep "[Description]", strDescription, objWord
  SearchAndRep "[Title]", strTitle, objWord
  SearchAndRep "[Street]", strStreet, objWord
  SearchAndRep "[POBox]", strPOBox, objword
  SearchAndRep "[City]", strCity, objWord
  SearchAndRep "[State]", strState, objWord
  SearchAndRep "[PostCode]", strPostCode, objWord
  SearchAndRep "[Phone]", strPhone, objWord
  SearchAndRep "[Mobile]", strMobile, objWord
  SearchAndRep "[Fax]", strFax, objWord
  SearchAndRep "[Email]", strEmail, objWord
  'SearchAndRep "[Web]", strWeb, objWord
  '----- Replace template hyperlink placeholders with user specific info -----
  'SearchAndRepHyperlink "[email]", strWeb, objDoc
  SearchAndRepHyperlink "[Web]", strWeb, objDoc
  '----- Set signature in Outlook -----
  Set objSelection = objDoc.Range()
  objSignatureEntries.Add "NewCBSig", objSelection
  objSignatureObject.NewMessageSignature = "NewCBSig"
  'see note below if a different reply signature is desired
  'objSignatureObject.ReplyMessageSignature = "Full Signature"
  '----- Close signature template document -----
  objDoc.Saved = TRUE
  objDoc.Close
  objWord.Quit

  Can you ask a specific question? You have posted a script and noted you need a link but there is no question.
  ¯\_(ツ)_/¯

• Getting list of all users and their group memberships from Active Directory

  Hi,
  I want to retrieve a list of all the users and their group memberships through JNDI from Active Directory. I am using the following code to achieve this:
  ==================
  import javax.naming.*;
  import java.util.Hashtable;
  import javax.naming.directory.*;
  public class GetUsersGroups{
       public static void main(String[] args){
            String[] attributeNames = {"memberOf"};
            //create an initial directory context
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://172.19.1.32:389/");
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
            env.put(Context.SECURITY_CREDENTIALS, "p8admin");
            try {
                 // Create the initial directory context
                 DirContext ctx = new InitialDirContext(env);     
                 //get all the users list and their group memberships
                 NamingEnumeration contentsEnum = ctx.list("CN=Users,DC=filenetp8,DC=com");
                 while (contentsEnum.hasMore()){
                      NameClassPair ncp = (NameClassPair) contentsEnum.next();
                      String userName = ncp.getName();
                      System.out.println("User: "+userName);
                      try{
                           System.out.println("am here....1");
                           Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should be returned
                           System.out.println("am here....2");
                           Attribute groupsAttribute = attrs.get(attributeNames[0]); // memberOf
                           System.out.println("-----"+groupsAttribute.size());
                           if (groupsAttribute != null){
                                // memberOf is a multi valued attribute
                                for (int i=0; i<groupsAttribute.size(); i++){
                                // print out each group that user belongs to
                                System.out.println("MemberOf: "+groupsAttribute.get(i));
                      }catch(NamingException ne){
                      // ignore for now
                 System.err.println("Problem encountered....0000:" + ne);
                 //get all the groups list
            } catch (NamingException e) {
            System.err.println("Problem encountered 1111:" + e);
  =================
  The following exception gets thrown at every user entry:
  User: CN=Administrator
  am here....1
  Problem encountered....0000:javax.naming.NamingException: [LDAP: error code 1 -
  000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0
  ]; remaining name 'CN=Administrator'
  I think it gets thrown at this line in the code:
  Attributes attrs = ctx.getAttributes(userName, attributeNames);
  Any idea how to overcome this and where am I wrong?
  Thanks in advance,
  Regards.

  In this sentence:
  Attributes attrs = ctx.getAttributes(userName, attributeNames); // only asked for one attribute so only one should
  It seems Ok when I add "CN=Users,DC=filenetp8,DC=com" after userName, just as
  userName + ",CN=Users,DC=filenetp8,DC=com"
  But I still have some problem with it.
  Hope it will be useful for you.