Remove Users and Members of Groups with DIP

Similar Messages

• HT1349 I can not run the scanner in my main user, but only the second user and the same thing with updating apps! Why is this happening???

  I can not run the scanner in my main user, but only the second user and the same thing with updating apps! Why is this happening???

  Welcome to the Apple Community.
  Enter the details of her second account at system preferences> mail, contacts & calendars.

• I am a new Apple user and had a visitor, with an iPad, at my house.  I noticed the response time slowed greatly.  I have a Linksys N router and wondered is I need an Apple router to allow the speed to be consistent.

  I am a new Apple user and had a visitor, with an iPad, at my house.  I noticed the response time slowed greatly.  I have a Linksys N router and wondered if I need an Apple router to allow the speed to be consistent.

  I am a new Apple user and had a visitor, with an iPad, at my house.  I noticed the response time slowed greatly.  I have a Linksys N router and wondered if I need an Apple router to allow the speed to be consistent.

• Read group membership for a user object and populate every group with matching user from another domain

  I have LON\JSmith in LON domain and DEL\JimSmith in DEL domain
  I would like to extract group memberships of LON\JSmith in LON domain and append matching by email (i.e. DEL\JimSmith) user object in every group in LON domain.
  for instance
  LON\JSmith and DEL\JimSmith is the same person and has same email address [email protected]
  LON\JSmith belongs to 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey
  The outcome of the script should be
  LON\JSmith; DEL\JimSmith    should be in 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey.
  How can i do it?
  Navgup

  Hi Navgup,
  Please refer to the script below, to query users in other domain by specifying the parameter "-Server" in the cmdlet "get-aduser", and also note I haven't tested the script below:
  import-module activedirectory
  get-adgroupmember "group"|foreach{
  $email=(get-aduser $_.samaccountname -properties *).EmailAddress#get the user email
  Get-ADUser -filter {EmailAddress -eq $email} -properties * -server DomainB.company.com|select samaccountname, memberof}#filter user name and group with the email in other domain
  To get users across domain, please also refer this blog:
  Adding/removing members from another forest or domain to groups in Active Directory:
  http://blogs.msdn.com/b/adpowershell/archive/2010/01/20/adding-removing-members-from-another-forest-or-domain-to-groups-in-active-directory.aspx?Redirected=true
  I hope this helps.

• Command Line - Remove user and group updates

  I am remote at the moment and not able to access the GUI on a number of OS X server boxes. How do I remove a user and the user from group via the command line.
  Thanks

  I am remote at the moment and not able to access the GUI on a number of OS X server boxes. How do I remove a user and the user from group via the command line.
  Thanks

• AD - import users and check AD group membership

  Hi I'm relatively useless with PowerShell and I am wanting to write a script that will do the following and am just getting stuck with part B.
  Part A- import a list of users from a CSV
  Part B- check if the users are members of an ad group and if so remove from group A and add to group B 
  Can anyone point me in the best direction ? that would be amazing.

  Hi,
  I happen to have something already written that will do what you're after:
  Import-Csv .\userList.csv | ForEach {
  $userDetails = Get-ADUser -Identity $_.Username -Properties memberOf
  If ($userDetails.memberOf -contains 'CN=Test Group 1,OU=Security Groups,DC=domain,DC=com') {
  Remove-ADGroupMember -Identity 'Group A' -Members $userDetails.SamAccountName -Confirm:$false -WhatIf
  Add-ADGroupMember -Identity 'Group B' -Members $userDetails.SamAccountName -Confirm:$false -WhatIf
  This will require in input CSV file with a header of Username that contains the usernames to test. You'll also need to update the names of the groups for 'Group A' and 'Group B' along with the DN of the group to test against.
  Remove the -WhatIf parameters from the Remove/Add lines if you're happy with what you see in the output.
  Don't retire TechNet! -
  (Don't give up yet - 12,830+ strong and growing)

• USMT ChangeGroup command to remove users from the Administrators group is not working

  I'm running USMT in a task sequence, and using this in my config.xml to remove admin rights:
    <ProfileControl>
      <localGroups>
        <mappings>
          <changeGroup from="Administrators" to="Users" appliesTo="AllUsers">
            <include>
              <pattern>*</pattern>
            </include>
          </changeGroup>
        </mappings>
      </localGroups>
    </ProfileControl>
  I see in the scanstate log that this happens: 
  [0x000000] ProfileControl: Parsing ChangeGroup Administrators => Users for AllUsers
  [0x000000] ProfileControl: Parsing ChangeGroup (Administrators => Users) 1 include nodes
  [0x000000] ProfileControl: Parsing ChangeGroup (Administrators => Users) 0 exclude nodes
  [0x000000] ProfileControl: Parsing ChangeGroup is done
  But, in the loadstate on the other end, this happens:
  [0x000000] Local Group Membership Mapping: XYX\User123 Added to Administrators
  I've tried USMT 4 and 5, changed appliesTo="AllUsers" to "MigratedUsers", i've made the <include> more specific.  I can see in the C:\_SMSTaskSequence folder that the config.xml does have the correct info in it. 
  I thought I had this tested and working previously, and noticed in some recent migrations that the user still had admin rights. I can reproduce the issue on demand now.  I recently upgraded sccm 2012 to r2, but I'm not sure what that would have to do
  with the issue. I am not using the USMT 6 package (going from XP still).  It may very well be that my testing was flawed, and I didnt have it working in the first place
  Any suggestions are welcome.

  you bet, it is a vbs:
  Dim network, group, user
  Set network = CreateObject("WScript.Network")
  Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
  For Each user In group.members
  If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" And UCase(user.name) <> "SYSTEM WORKSTATION (ADMINISTRATOR)" Then
  group.remove user.adspath
  End If
  Next
  Obviously you can modify the list of allowed admin accounts to suit your enviornment.

• Unable to push user profiles to AD groups with Profile Manager since upgrade to Server v3

  Since upgrading our OS X Mac server from 10.8.5 to 10.9.1, and OS X Server app to v3 (now 3.0.2) I have been unable to push or modify user profiles to AD groups (or AD users) using Profile Manager. This was working fine on OS X 10.8.5. Pushing device profiles is still working OK after the upgrade.
  From what I can see from the logs on the client side and server side, it seems related to a problem with the mdm authtoken.
  In the client console I can see this entry:
  27/01/14 14:30:15.844 mdmclient[38557]: *** ERROR *** [Agent:636102071] Unable to proceed with connection to: https://ourserver.ourdomain/devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken
  On the server, in the php.log I can see the corresponding attempt to authenticate:
  1::Jan 27 14:29:50.930 [158] <192.168.28.171> {require_once (mdm_checkin.php:11)} vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv - PUT mdm_checkin
  0::Jan 27 14:29:50.931 [158] <192.168.28.171> checkin: 'UserAuthenticate'
  1::Jan 27 14:29:50.936 [158] <192.168.28.171> {Target_for_incoming_request (target.php:209)} Found target NETWORK LS: <User[156]@ourclientmachine>
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> {LabSession_validate_auth_token (mdm_checkin.php:22)} Failed auth for target NETWORK LS: <User[156]@Device[1697]>, incoming_request={
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'MessageType'=>'UserAuthenticate',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UDID'=>'17aff5c5a40f51acbbd78023d0028c80',
  0::Jan 27 14:29:50.937 [158] <192.168.28.171>   'UserID'=>'A5EA25B7-7CCD-4EF4-B240-F23DED275EEC'
  0::Jan 27 14:29:50.937 [158] <192.168.28.171> }
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Sent Final Output (407 bytes)
  1::Jan 27 14:29:50.965 [158] <192.168.28.171> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - /devicemanagement/mdm/mdm_checkin
  0::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Completed in 34ms | 200 OK [https://ourserver.ourdomain/devicemanagement/api/device/mdm_checkin]
  So I can see there is a failure to authenticate, but don't really know how to troubleshoot this further. Or maybe this is just a bug in the new server app?
  I have tried to remove and re-enroll clients in Profile Manager but no joy there.
  In the client's Keychain I can see an MDM user AuthToken linked to the correct user account.
  Thanks in advance for any help or suggestions

  I just wanted to update my post, as this issue for me is resolved.
  I uninstalled and reinstalled the Server.app on our Mac server, since then I've been able to push profiles to AD Users and Groups. I guess that in my case the Server app got into a bit of a mess when it was upgraded to v3.
  Now the next headache I have is that my AD Groups which are displayed in Profile Manager are not syncing any recent changes. I think I'm probably seeing the same issue as described in this post
  https://discussions.apple.com/message/25420919#25420919

• Remove user and keep his e-mail?

  I intend to remove all users except admin from my desktop G4 machine, running OSX 10.3.9
  I would like to be able to move the mail from one of these accounts to the admin account before I delete the account.
  Mail version 1.3.11
  How can this be done?
  Thanks
  Dave

  You’re welcome.
  In that case, just move those files to the corresponding location within the admin account’s home folder, replacing the files with the same name that might already be there, and change ownership as follows:
  1. In the Finder, select the ~/Library/Mail folder, do File > Get Info (⌘I) and, under Ownership & Permissions, expand Details by clicking on it.
  2. Change the settings as follows (you may need to click on the lock icon to authenticate first): Owner: username, with “Read & Write” access permissions; Group: username, with “Read only” access permissions; Others: “No Access”.
  3. Click on the Apply to enclosed items button at the bottom of the Get Info window.
  4. Repeat with ~/Library/Preferences/com.apple.mail.plist, except there is no Apply to enclosed items button to click in that case, and the right Group access permissions would be “No Access” (not that it really matters).
  Note: For those not familiarized with the ~/ notation, it refers to the user’s home folder, i.e. ~/Library is the Library folder within the user’s home folder.

• How to remove user from custom DLU Group

  Hi,
  I have created a DLU policy that creates a local user, and places this user
  in a custom local group (Group is already present on the system). Now I want
  to remove this user from this custom group and place it in another custom
  group. I have created a second DLU policy to place the user in the new
  custom group. The new custom group is added fine, but the old custom group
  assignment also remains. How should I set up the policy so that the user is
  removed from the old custom group, or is this not possible?
  Regards,
  Hen

  Hen,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Restricting end user to one specific group with anyconnect

  Hello all
  I just started configuring AnyConnect with ASA 5520 that uses Cisco SecureACS to pass radius authentication.  I configured two profiles with different split tunnel restrictions and what I discovered is that when the client connects to the ASA, they are provided a choice of these two groups (I guess there is no way to restrict this) and I can log into either one with any user account.  How do I restrict this so that the user can only use one profile?  Currently users capable of VPN would be placed in one specifc AD group so that is what SecureACS checks.  Is there a sample configuration guide to handle multiple profiles with different levels of access?

  Alternatively, you can use Radius authorization to place user into a specific group-policy:
  - Configure the Group-Policy attribute under Radius to be OU=
  http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_extserver.html#wp1605475
  On  the ASA, just configure 1 tunnel-group, and depending on the  authentication, the user will be placed into the correct group-policy  specified under the ACS server.

• Remove users from all distribution groups in Microsoft 365

  Hello
  I would like to know if there is a way I can remove a user from all distribution groups in Microsoft 365. I have a rather large list of users that this would need to be applied to though.
  Any help would be greatly appreciated.
  John

  I would assume yes since there is a cmdlet called, "Remove-DistributionGroupMember", you usually have to have to post some code of what you have
  tried or working on to get further help from most other people here. 

• OBPM + WCI query to determine users and their assigned groups

  I am running OBPM 10.3.1 and WCI 10.1.3, without LDAP configuration. I would like a query that I can run directly from the OBPM Directory schema or plumtree schema that would let me see all the user's login IDs, assigned groups, and display names. I have tried a few different queries, butthey do not give me what I want exactly.

  Yeah, I had that one for roles, but for groups there was another set of tables... assiggrppart or something.... but that doesn't have hardly anything in it. Is there a different table that has the group assignments? from the admin side, we use BPM to add roles to groups, then use WCI to create users and assign them WCI groups. That gets recognized by the BPM directory automagically. Its not in any table that begins "FUEGO_ASSIG".

• Motion 4: open and close a group with key shortcut?

  Mo4: Layers window: any shortcut to twirl down (and/or up) all the layers in a group? Or layers in layers? The manual says arrow keys move from group to group,layer to layer and that works... also says that L & R keys open and close selected group/layer, my LR arrow keys don't do anything...
  Thanks, John

  No, actually you do not - you need to click the helpful or solved buttons over their post in order to give them credit.
  And what you do by assigning a helpful or solved (helpful is 5 points, solved is 10) is to build their reputation here. Not a bad thing to do for those who help you...
  Patrick

• Create User and Add to Group in a single call using ActiveADAPTER

  Hi Folks, I can successfully create a user in a specific OU and I can subsequently add the user to a Group within another OU using two sequential calls with ActiveADAPTER's one-way send functionality.  Has anyone successfully done this in a single call
  or am I limited because that would require two Directives statements?
  Thanks!

  Some thoughts:
  Operations against AD are single action natively, because LDAP is I'd assume.  The adapter likely follows that pattern.
  Support for multiple operations would be noticable in the schemas either by a high level repeating structure or something like composite operations.
  What does their support say? 
  [email protected]