Securing groups w/in HR module from seeing data

Similar Messages

• Exchange 2013 Mail Enable Existing Security Groups

  Hello,
  I can't seem to find how to mail enable an existing Security Group in Exchange 2013.  Does anyone know how to do this?  I have created them as Universal Security Groups in Active Directory.  I see that if you create them from the Exchange
  Admin Center, it will work, but I have a ton of groups with very complicated memberships that exist in AD and I would prefer not to delete them, recreate them, and adjust membership.
  I looked for a cmdlet that would let me do this, but I can't seem to find one.
  Does anyone know how to Mail Enable an Existing Group from Exchange 2013?
  Thanks

  Hello Stewart,
  If these groups are universal security groups, you can just follow Martina's suggestion to do that.
  Thanks,
  Evan Liu
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]
  Evan Liu
  TechNet Community Support

• Unable to discover machine object in AD security group

  I have just experience this as any machine object that I inserted into my security group are not able to be discovered after the discovery cycle.
  Before this it was working perfectly. Newly inserted machine object in my security group will straight away be discovered and inserted into my collection.
  I see the log (adsgdis.log), it seems that it was successfull discovered. My discovery set to every 1 day. But today i checked and it seems that it still not being populated into my collection. Need you guys advice any other troubleshooting steps that i
  can do from my end?

  I have rerun the full discovery but until now still the same thing, my machine is not imported into the collection. Looked at adsgdis.log and seems that it successfully able to discover my security groups
  as it says
  "Successfully updated the Group membership tables for group 'Security Group Name'". But when I see in colleval.log, seems that its not able to include the machine object into the collection as it says
  "Results refreshed for collection ABC, 0 entries changed". Im stuck here. Any advice what else I may be missing to check?
  Questions: Wanna ask, do I have to enable the "Discover the membership of distribution group"
  at the System Group Discovery properties as currently it is unchecked? I dont think so I need to enable it as I am discovering AD security group and not distribution group...

• We am not able see security groups in MSAD from Shared Services

  hi gurus,
  User is actually upgraidng from 9.2 planning to 9.3.1 . so he has ran the import/export utility where he had users and group on the 9.2 system in an active directory. (MSAD) .. but after migrating the users/groups, he is only able to see the users in the MSAD dir in 9.3.1 and not the groups.
  please help me on this issue.
  Regrads and thanks/

  Here is a write up from one of my infrastructure consultants:
  Open up Shared Services User Management Console (i.e. the web site)
  Go to menu item Administration->Configure User Directories
  Check the button next to the AD Provider you want to enable groups for and click ‘Edit’
  You will get a screen with three tabs – click ‘Next’ to go to the second tab(User Configuration), and click ‘Next’ again to go to the third tab (Group Configuration). You can’t just click the third tab, have to use the ‘Next’ buttons
  The third tab is the screen to set this up – these are the required fields
  Check the ‘Support Groups’ button
  For Group RDN – you can leave this blank – this can be used to narrow down the branch that groups are searched for in the AD
  Name Attribute – set to ‘cn’.
  Objects – type in ‘group?member’ in the text box and click ‘Add’ to send it to the list box below. This is required for HSS to see what users belong to the group
  After saving, you will get a message to restart Shared Services – you have to re-start all the downstream Hyperion products that rely on Shared Services in order for them to get a fresh copy of the CSS.xml file that contains your changes. This means – Essbase, EAS, SmartView Provider, BI+, Planning, EPMA, and HFM. FDM and Informatica do not use the Shared Services App Server – MDM/DRM can use it, but not by default – it MDM/DRM was set up this way, then it would need to be restarted also.

• People Picker can resolve users and security group from another domain but no validation for groups

  Dear all,
  Here is the scenario of our issue:
  We are migrating from Domain A to Domain B and in Domain A we currently have a SharePoint 2013 on which we want to set permissions for users and groups that have already migrated to Domain B.
  A bi-directional trust exist between the two domains and all applications relying on trust and resolving IDs from on domain to another are working fine (Windows RDS for instance)
  The "bug" that we have is when using the PeoplePicker, it can resolve without any issue a user account in Domain A or B, and a security group (type global, I haven't tried local or universal yet) from domain A or B. But for the security groups
  only (it works well for users), when I click on "Save" to validate the add of the group to the site permissions, I have the following error:
  I have seen a lot of similar issues on the web but no answer so far that work :( 
  Example: https://social.technet.microsoft.com/forums/sharepoint/en-US/74e8d14b-a0f4-4e21-8cfa-b1a937247160/cant-provision-security-to-old-domain-users
  If you have any question that could help you to understand it, do not hesitate. 
  Thanks a lot in advance for your help ! :)

  Can you give the snippet from the ULS log where you're seeing this error?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Copying function module from one function group to another

  What is the efficient way to copy a module from one group to other so that all its subroutines and any dependencies with in the FM can also be copied?

  Hello,
  Tcode:SE37
  Menu: FunctionModule->OtherFunctions->Copy in that there are different option give a new name of the function group this should work
  regards
  suresh nair

• Virtual machine VHD file is missing the "Virtual Machine" Security group from ACL

  Hey All,
  Doing support work for a client and they are unable to take snapshots from certain vm's. I think this is down the VM not having the virtual machines security group within its ACL instead is seems to just have two GUIDs. to me if looks like the vm's have
  been moved and imported or something like that but was obviously not done correctly.
  When taking a snapshot they get a general access denied error
  Does anyone know a quick way to add the virtual machines security group back into the ACL, I did find some powershell commands however this errored stating I could not change the owner of the group.
  I'll keep looking but if someone knows a quick fix for this I would appreciate it. One other thing I had thought of was turning the vm off, The creating a new Virtual machine and attaching the VHD as the new VM? Would this work?
  thanks in advanced

  Hi Dunn2010,
  Yes , please try to copy the VHD then create a new virtual machine and attach the replication .
  If it is possible please try to find the relevant Error messege of your question in event log and post it here .
  Any further information please feel free to let us know.
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• HT3529 how can i prevent everyone on the group message from seeing everyone else's replies?

  how can i prevent everyone on the group message from seeing everyone else's replies?

  Thanks! makes sense.  When I replied to a message earlier, I noticed I replied to everyone in the group again. so your saying if I create a new thread  from the person i want to reply to , the message will only go to that one person? meaning i have to tap the reply bubble from that person to create the new thread?

• How to move members of a certain OU from one security group to distribution group?

  Looking for a powershell script that could move members from a certain OU that are members of a certain security group to a distribution group. Anyone point me in the right direction?

  It is easy to determine the members of a group. My concern is that once you know the users, it can be tricky to determine their parent OU in a script. There are ways to parse the user distinguishedName, but some are unreliable (the names of OU's, and even
  DC components, can include commas, for example). The most reliable method would be to bind to the user object with the [ADSI] accelerator and invoke the Parent method, but even then you must parse the result since it will be an ADsPath rather than a DN.
  My approach would be to use Get-ADUser to find all users in a specified OU that are direct members of a specified group. Even here I assume you are only concerned with users (not contacts or groups or computers). I also must assume that no users have the
  group specified as their "primary" group. The code I would suggest to  retrieve all users in an OU that are members of a group:
  Get-ADUser -SearchBase "ou=Sales,ou=West,dc=MyDomain,dc=com" -LDAPFilter "(memberOf=cn=MyGroup,ou=West,dc=MyDomain,dc=com)"
  This does not find users in the OU that are members of the group due to group nesting. However, if that matters, it can be handled using another LDAP syntax filter. In that case use:
  Get-ADUser -SearchBase "ou=Sales,ou=West,dc=MyDomain,dc=com" -LDAPFilter "(memberOf:1.2.840.113556.1.4.1941:=cn=MyGroup,ou=West,dc=MyDomain,dc=com)"
  The "1.2.840.113556.1.4.1941" part is a special chain matching rule that results in a recursive match to handle group nesting. You can also devise a filter to include membership as the "primary" group. You could even use Get-ADObject
  instead  of Get-ADUser if you need to include contacts (or computers or groups), but I assume that is unnecessary.
  The next steps, to remove from one group and add to another, would follow.
  Richard Mueller - MVP Directory Services

• Shared Services 11.1.2 Unable to remove assigned user from a security group

  In Shared Services 11.1.2 - trying to remove a user from the assigned users list of a security group. Initially, I am able to remove the user and the assigned users total decreases by one - but when I relaunch the group properties - this user is still in there? The change does not hold. Any suggestions would be appreciated - thanks,
  Paul

  Hello Paul,
  Not sure if this is related to yours, but it might be worth having a look at the following articles on Oracle support --
  External users in EPM Shared Services (e.g. MSAD users) cannot be removed from Native groups if they have multiple IDs in the external user directory. [ID 1526569.1]
  Users from External User Directories Cannot be Removed from Native Groups [ID 1272309.1]
  Thanks,
  hyperionEPM
  Please mark answers as correct or helpful for others to find them easily.

• Powershell Script: Add users from an OU to an AD security Group

  Hi
  can anybody point me to a link or have a script which I can get a list of users from an OU then put them into an AD security group
  Regards

  Hi - thanks for the info the script didn't run as expected.
  What we are trying to achieve is that we have an OU with several child OU's below and we need to capture all user accounts from al OU's and then either be able to export to a CSV or pipe the out put to an AD group
  dsquery user "OU=organizationalunit,DC=name,dc=com" -limit 0 >>
  filename.txt
  with the filename.txt you can do this:
  for /f "tokens=* delims= " %i in (filename.txt) do dsmod group "CN=groupname,OU=organizationalUnit,DC=name,DC=com" -addmbr %i
  or, just pipe the initial results into the dsmod command:
  dsquery user "OU=organizationalunit,DC=name,dc=com" | dsmod group "CN=groupname,OU=organizationalUnit,DC=name,DC=com" -addmbr

• Project Server 2013: Synchronization of AD with security groups - missing from list of timer jobs

  I have same problem in:
  http://social.msdn.microsoft.com/Forums/en-US/2b916bb9-2277-4c53-8b97-271a912414ba/ps2013-timer-job-missing-quotproject-server-synchronization-of-ad-with-security-groups-forquot
  "I cannot find timer job in SPS central administration "Project Server: Synchronization of AD with security groups for <PWAIntanceName>" to schedule synchronization. Enterprise Resource Pool synchronization working fine and timer job
  "Project Web App: Synchronization of AD with the Enterprise Resource Pool job for <PWA site name>" exist on server."
  Don't offer solution for "Schedule Enterprise Resource Pool synchronization".
  Only "Timer job in SPS central administration "Project Server: Synchronization of AD with security groups".
  Have a solution?

  Project Server timer job "Synchronization of AD with security groups" don't exist.
  So I created job in Task Scheduler of Project Server OS, that every day start PowerShell-script:
  if ((Get-PSSnapin | where {$_.Name -eq "Microsoft.SharePoint.PowerShell"}) -eq $null)
  Add-PSSnapin Microsoft.SharePoint.PowerShell
  Invoke-SPProjectActiveDirectoryGroupSync –Url http://project/pwa
  Security groups of Project Server automatically synchronize with groups from AD!
  http://technet.microsoft.com/en-us/library/jj219472.aspx

• Remove users from Sharepoint site security group

  I have to close a share point 2007 site for all users for an update. I don't have access to CA. the easiest approach is to remove the users from security group and add them back when the site modification is done. All users all under "NT/Aunthenticated
  users" and they are in Members group. I'm just wondering will it cause any issues when adding them back or it can be done in 1 click. Do i need any tweaks from CA side to add them back?
  Any response is appreciated.
   Thanks!

  Once you add the users back to the site, it should work as expected.
  >>Do i need any tweaks from CA side to add them back?
  No i believe, because you are changing the permissions at site level.
  My Blog- http://www.sharepoint-journey.com|
  If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

• Lightswitch not seeing some security groups

  I'm working on an app that doesn't seem to be able to see all of the security groups that it should. When I publish the app, I specify an AD group as the admin user in the form of domain\groupname. When I launch the application as a user in that group, it
  lets me in. However, when I go to the users screen and attempt to add other groups I get the error "Name (mydomain\somegroup): No Windows account was found with name 'mydomain\somegroup'.
  Why can't it see any other groups? They are all built right next to the admin group with the same parameters.

  Whatt code are you using to "access" the security groups?
  Yann Duran
       - Co-Author of Pro Visual Studio LightSwitch 2011
       - Author of the  LightSwitch Central Blog
  FREE Download: Luminous Tools for LightSwitch
  (a Visual Studio productivity extension for LightSwitch)
  Click Mark as Answer, if someone's reply answers your question
  Click  Vote as Helpful, if someone's reply is helpful
  By doing this you'll help everyone find answers faster.

• Is there a way for an end user to see who has membership in a security group

  Windows Server 2008 R2
  Active Directory Domain
  Windows 7 workstations
  I am looking for a way that my end users can look at a folder security tab and then discover who has membership in the security groups listed.
  Is that possible? Any drawbacks or concerns?

  Hi Tod,
  Based on my research, other than viewing group membership in ADUC, we can use this PowerShell cmdlet
  Get-ADGroupMember GroupName and Net Group GroupName to view members in a group:
  However, these commands can only be used on Domain Controllers or when connecting to DCs remotely. That’s because accounts and account membership are stored on Domain Controllers, therefore we can only view group membership on DCs.
  More information for you:
  Viewing the Direct Members of a Group
  http://technet.microsoft.com/en-us/library/dd391915(v=WS.10).aspx
  Net group
  http://technet.microsoft.com/en-us/library/cc754051.aspx
  Best Regards,
  Amy