Service account with DOT

Similar Messages

• Shared Service Accounting with SAP PCM

  Good afternoon colleagues,
  I'd like to have more detailed information about using PCM for the service cost accounting shared service based.
  I want to understand how to integrate a shared service model with an ABC or basic costing model and if it's possible to ensure balancing between the costs that are allocated at enterprise level and those managed at service providers level (Shared Service).
  I will try to be clearer....
  An ABC model operates starting LineItem and useing center of responsibility, activities and cost objects dimensions. Instead Service dimension, which allows an automatic cross-charging accounging is disconnected from the line item costs .... How may I recovery linkage between LineItem value and the service cost? Is it possible?
  Thank you very much for your availability.
  Giuseppe

  Hi Thomas,
  you gave me a good idea
  I submit another request .... could I use the service attribute at  activity level and the grid summaryactivityvalue?
  As following modelu2026
  Act1 --> Actatt S1
  Act2 --> Actatt S1
  Act3 --> Actatt S2
  Service 1: rule cellvalue = summaryactivityvalue(,,,S1) Service 2: rule cellvalue = summaryactivityvalue (,,,S2)
  so I can use the calculations already carried out at ABC with the use of LineItem and provides balancing with the cost determined at the level of activity.
  Unfortunately, sometimes it is not immediately make the link between LineItem and service, there are LineItem covering several services in amount not defined (joint costs)
  thanks again for Your clear reply,
  Best Regards
  Giuseppe

• Query relating to the creation of Managed Service Accounts

  Hi Folks
  I am studying for my 70-411 exam and have a query relating to the creation of Managed Service Accounts.
  I have successfully created an MSA account named 'MSATest' on a DC  using:
   new-adserviceaccount -name msatest –dnshostname home-dc-01 -passthru
  and
   add-AdcomputerServiceAccount -identity home-ap-01 -serviceaccount msatest -passthru
  However the guide that I am using now says that I now need to run:  Install-ADServiceAccount on the host computer in the domain to install the MSA in order to make available it available for use by services.
  So on my member server (home-ap-01) I have installed the Active Directory Module for powershell and ran:
  PS C:\Users\administrator.PCECORP> Install-ADServiceAccount -Identity msatest
  Install-ADServiceAccount : Cannot install service account. Error Message: 'An
  unspecified error has occurred'.
  At line:1 char:1
  + Install-ADServiceAccount -Identity msatest
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : WriteError: (msatest:String) [Install-ADServiceA
     ccount], ADException
      + FullyQualifiedErrorId : InstallADServiceAccount:PerformOperation:Install
     ServiceAcccountFailure,Microsoft.ActiveDirectory.Management.Commands.Insta
    llADServiceAccount
  PS C:\Users\administrator.PCECORP>
  However this errors, Have I misunderstood the purpose of the Install-ADServiceAccount ?  or am I doing something wrong?
  Thanks in advance for you help.

  Try using  -RestrictToSingleComputer parameter when creating service account with New-ADServiceAccount.
  Gleb.
  Hi Gleb
  Thank you for your help, it is appreciated.  That did the trick.
  All the best.

• Service Account details are not going through header(OSB Business service)

  Hi
  I have an issue with service account. Assume I have a proxy service A, Business Service B, Proxy service C.
  A invokes B and B invokes C (A --> B --> C). All calls are through http protocol.
  I created a service account with userid and password details and attached it to the Business service B(Static for basic authentication).
  Added log activity in proxy service C for context variable $header to verify whether userid and password are coming through request header or not.
  I executed proxy service A from sbconsole but I couldn't see userid and password details of created service account in the logs. Only nemespace are logged in the file.
  <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"></soap:Header>>
  Can someone please help me why service account details are not going through business service request. Am I missing any steps?
  Thanks in advance
  KK
  Edited by: 966531 on Oct 23, 2012 4:23 AM

  Basic authentication information is stored under transport headers (check $inbound) whereas $header is populated for message headers (for e.g. - SOAP headers), so you should be checking $inbound instead of $header
  Regards,
  Anuj

• OIM 11g - Error Creating Custom 'Service Account' Field

  Hi experts,
  we would like to create a custom "Service Account" checkbox on a Form Provisioning, in way to enable\disable the 'service account'
  status on a target account.
  We wanto to control the 'Service Account' status through a checkbox into the account form.
  Here our steps:
  - Create a new Field on 'UD_ADUSER' Form, we add a 'Service Account' CheckBox as boolean type with default value = 0.
  - Create a new Adapter 'Service Account':
  ---- into 'Variable List' tab we define 2 variables: ProcessInstance -> Long and ServiceAccountCheckBox -> boolean
  ---- into 'Adapter Task' tab we define an IF(ServiceAccountCheckbox == 1) launch tcUserOperationsIntf.changeToServiceAccount method, with our variable 'ProcessInstance' as Input
  - Create a new task into 'Process Definition', we created 'Service Account Updated'.
  ---- into task tab named 'Integration' we set our custom adapter, mapping Process Data > Process Instance and Process Data > Service Account with adapter variables.
  When we assign an 'AD User' resource to a user, the new checkbox 'Service Account' is showed into the form.
  If we check/uncheck the checkbox the task 'Service Account Updated' is launched, but the response is "*Specified User Account Not Found*"
  I think that the problem is into the adapter..
  Any one can help us?
  Best Regards
  AT

  As I said map user key(usr_key) and process instance key(orc_key) form design console
  and use below query to get oiu_key
  prockey=<PROCESS_INSTANCE_KEY>;
  user_key=<USR_KEY>;
  String sqlquery="select oiu_key from oiu " +
  "where ORC_KEY = prockey " +
  "and usr_key = user_key" ;
  Connection con=Platform.getOperationalDS().getConnection();
  Statement st=con.prepareStatement(query);
  ResultSet rs=st.executeQuery();
  while(rs.next())
  long oiuKey=rs.getLong("oiu_key");
  now pass this key in the method

• Best practice for service account?

  Hello guys,
  May I ask what's the best practice to have and maintain a service account?
  For ConfigMgr, you may need to have a service account for e.g client install.
  An employee who run this service just depart, and we realize we don't have service account credential left to our knowlege.
  So let say we have to reset it, and reconfigure back the service account with new credential, what's the best practice to have this credential kept in safe and can be retrieved back for future use?
  Do you keep it in a secured email? Secured envelope? How you maintain it in a big organization.
  Please throw me some ideas. Thank you very much :)
  p/s: this issue may not restrict to ConfigMgr only, you may need service account for SQL, IIS and etc.
  ---Pat

  Hi,
  Dfferent customers use different solution, some use applications like this for instance,
  http://keepass.info/
  and save the database of password on a network share.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• OSB Service account:Changing username runtime

  Hello,
  I am working on OSB project. For one of the requirement we have created Service Account with Static type and linked it with Business Service.
  As per our requirement i need to chnage the username at runtime based on one field which is coming in input request. We can not go with pass through option as dont want to expose password to proxy service client.
  Is this possible? If yes please tell the detailed steps.

  This was the info available in The trace file
  <i>Error on resolve of resource:/Subscriptions - com.sapportals.wcm.repository.InvalidUriException: Invalid RID: No repository manager found: /Subscriptions</i>
  The FS name is subscriptions.Is it anything to do with the RM.
  But the RM looks perfectly ok. Also it appears in KM Content but accessing
  shows an
  <i><b>"Item Not found"
  The item you are attempting to access is not available. Check that the name or link is correct. You might also check whether the associated repository is currently accessible</b></i>
  Will deletion of a RM lead to any issues ?
  Appreciate any inputs on this
  Regards
  Vineeth

• JMS based message service and Service account in OSB

  Hi forum,
  I have query regarding JMS base messaging service and Service account.
  My OSB service:
  I have created one OSB service which of type JMS
  configuration :
  General :Messaging
  Messaging: Request type :XML response type :none
  Transport:JMS
  JMS Transport: Destination Type queue., JMS Service account :.........(browse)
  My requirement is to provide security to JMS proxy.
  I have seen one option available in JMS transport is JMS Service Account.
  I dont have a idea about using service accounts in JMS.
  can any one pls give idea about JMS service account in JmS.How to provide security to jms proxy...
  If u have any documents pls share me
  Thanks & regards,
  Krishna.

  In your weblogic console go to your JMS Modules > ***JMSModule >****Queue >Roles >Policies. Add a user to the queue.This user should be there in the security realm of the weblogic console.
  Create a service account with the same user name password and use it in your OSB to read or write to the queue.

• Do Group Managed Service Accounts require permissions to run service in question?

  I'm testing out GMSA (Group Managed Service Accounts) in Windows 2012 R2. My domain and forest functional level is 2008 R2 (which I understand is the minimal functional level for GMSA support). 
  Question I have is if I create a new GMSA for a particular service, does the GMSA require permissions to run service? For example, SQL rights, IIS rights, etc...
  Also, can they be used to run scheduled tasks? Thanks.

  a gMSA is like any other service account. when you it you need to prepare for whatever the app/service requires. the you eed to think HOW to implement. the HOW focusses on if you can use gMSA for the app/service or not, because it depends on the app and
  the underlying os
  regarding scheduled task support for gMSA  see
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/42273a38-05dc-4f62-b915-8f55480d59bd/how-do-i-use-a-group-managed-service-account-with-the-task-scheduler?forum=winserver8gen
  https://technet.microsoft.com/en-us/library/hh831782.aspx
  http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
  Cheers,
  Jorge de Almeida Pinto
  Principal Consultant | MVP Directory Services | IAM Technologies
  COMMUNITY...:
  DISCLAIMER: This post is provided "AS IS" with no warranties of any kind, either expressed or implied, and confers no rights! Always evaluate/test yourself before using/implementing this!

• ADRMS Install on Server 2012 - Invalid credentials presented error when supplying service account.

  Adding AD RMS to a 2012 Standard server.  At the point where it wants a service account.  I tried numerous accounts and it would give me the same error on all of them "Invalid credentials were presented.  Verify the correctness of the provided
  password."
  I tried more and less complex passwords with no change.  If I used a non-existant user name it would throw a different error so I know it's not that.
  I was able to get it to take the Domain Administrator account name and password.  Obviously I don't want to use that so I set the same password on a service account with no change in error.
  Attepted to logon with SA on the server.  Logon was successful.  Attempted install logged on as service account and got message "The service account cannot be the same account used to install AD RMS.  Please specify a different account".
  Am I missing something?
  There's no place like 127.0.0.1

  But to be clear, installing RMS on a Domain Controller is NOT recommended. Precisely for the reasons you found.
  Enrique Saggese - Sr. Program Manager - Information Protection - Microsoft Corporation

• Peoplsoft and Tidal Master Service Account .

  Master 5.3.1-Windows
  Peoplesoft Adapter 8.5
  We're having issues  with running  Peoplsoft Jobs in TIDAL  . Tidal Master Service runs as a LOCAL SYSTEM and Account has  all the rights that specified in the doc. However Peoplesoft doe not see the output path of Peoplesoft Folder .
  Does the Tidal Master Service Needs to run as Service Account ???

  If the output path for the Peoplesoft Folder is not on the Master server, then the Master service needs to run as a Service Account with access to the output path for the Peoplesoft Folder.  When a Windows Service runs as a LOCAL SYSTEM account it can only access the server's resources, UNC folders on other servers are not accessable.

• Managed Service Accounts for Cluster

  Hi,
  Is it possible to use a MSAs for a 2012 FCI on windows 2008 R2?  Since a MSA can only be associated with one computer, you would have to use multiple MSA accounts, but I've not heard about using service accounts with different names to run a clustered
  SQL service.
  Thanks,
  Sam

  Hi sam_squarewave,
  We can configure the SQL 2012 standalone instance to utilize the new Managed Service Accounts feature in Windows 2008 R2. Usually
  setup the MSA in Active Directory,
  install the MSA on the target server and change the SQL Service account. The managed service account is designed to provide crucial applications such as Exchange Server and IIS with the isolation of their own domain accounts, it should not support
  with SQL 2012 Failover Clustered Instances(FCI). For more information about Managed Service Accounts (MSA) and SQL 2012, you can review the following article.
  http://blogs.msdn.com/b/arvindsh/archive/2014/02/03/managed-service-accounts-msa-and-sql-2012-practical-tips.aspx?PageIndex=5
  In addition, when you configure Windows Failover Clustering for SQL Server (Availability Group or FCI), if you want to other accounts,
   the accounts and permissions required to create and maintain your HADR solution. For guidance configuring the required account permissions for WSFC clusters and clustered services, see Failover Cluster Step-by-Step Guide: Configuring Accounts
  in Active Directory (http://technet.microsoft.com/en-us/library/cc731002(WS.10).aspx).
  There is detail about configure Windows Failover Clustering for SQL Server (Availability Group or FCI) with Limited Security, you can review it.
  http://blogs.msdn.com/b/sqlalwayson/archive/2012/06/05/configure-windows-failover-clustering-for-sql-server-availability-group-or-fci-with-limited-security.aspx
  Regards,
  Sofiya Li
  If you have any feedback on our support, please click here.
  Sofiya Li
  TechNet Community Support

• Hide Service Accounts in Outlook Calendar

  Hello, we're using the "manager" attribute in AD to associate service accounts with their owner.  In Outlook under Calendar this places those service accounts under the "Team: <MANAGER>" group.  So in addition to actual
  team members under a manager, service accounts are also listed.  Is there a way to hide those accounts so they aren't listed?
  Thank you

  I asked which attribute is more appropriate for that task.  You did not answer that nor give any answer on how to replicate what manager/directReport is doing.
  Additionally, the original question was if it was possible in Exchange to hide certain accounts so that they would not display as being on a team in Calendar.  You side stepped that question and said those accounts shouldn't be there to begin with,
  not how an account could be hidden or if that's even possible.
  Finally, I have yet to argue with you.  I've pointed out that your comments came off rude to me.  The doctor analogy did not add value nor represent this issue accurately.  If that were a real doctor it would show lack of empathy for the patient
  and a lack of interest in getting into the root of the problem.  The comment on the AD team making a mistake also did not add value or answer either of the two parts to my question.  They know what the manager attribute is for, but at the time chose
  to not modify the schema with a custom attribute, or perhaps they too do not know how to replicate the manager/directReport behavior.  In any case, pointing out that they're wrong, doesn't answer my question or show HOW to use an extension attribute to
  achieve this.
  You're an MVP, a partner, and a consultant.  You should be familiar with the Code of conduct.  Please be considerate and respectful: http://social.technet.microsoft.com/wiki/contents/articles/112.wiki-code-of-conduct.aspx
  I'll attempt a more targeted question in the Directory Services forum to see if someone can walk me through the steps to get a extension attribute that will be appropriate for storing service owner type data.

• UNBILLED RECIEVABLE ACCOUNT- SERVICE CONTRACT WITH REVENUE RECOGNITION

  Hi SAP Gurus,
  I want to draw your kind attention towards my problem:
  I have created  service contract with one year contract and created an invoice for the whole year in advance.
  Now in-between i cancelled  a contract (after three months) and want to recognised a revenue for the contract period , so i'm creating a revenue recognition for the three months one by one using  transaction code-VF44,
  first month revenue recogniton is working fine as first month amount is going from deffered account to revenue account
  But for second month instead of deffered account ,system is using unbilled recievable account  ,which is wrong .
  Can anybody tell me why the system is picking unbilled receivable account instead of deffered account in case of second month revenue recogniton.
  This may help us:
  "When i was cancelling a contract ,at that time i was entering a billing plan end date in billing plan tab at an item level.
  and just after entering end date ,system was creating two lines instead of one in billing plan tab and i think because of that extra line system is picking unbilled receivables in second revenue recognition."
  Thanks in advance
  Ujjawal
  Edited by: Ujjawal Singh Karki on Dec 29, 2010 12:05 PM

  Hi,
  Thank you for your reply.
  I am doing a contract billing for overall period that is for 12 months (contract is of 12 months).
  Just after 3 months i have realized that somehow we have to cancel the contract and we canceled that in 3rd month.
  I had created the created a contract with periodic billing plan and for canceling that contract i'm putting contract end date in BILLING PLAN TAB as 31/03/2011 (Let say contract is from 01/01/2011 to 31/12/2011).
  Can you/anybody please tell me whether is this the correct way of canceling the contract with periodic billing plan?
  As per your analysis:
  "It seems you have done the billing document for one period and you are doing the RR document for multiple periods and hence the revenue is going to unbilled receivable account for the period for which billing document has not been done"
  As i have billed the customer for 12 months but contract was only for 3 months so i'll create RR for only 3 months and for rest of the period (i.e. 9 months) i'll create credit memo and send it to customer.
  "Please use a billing type where you will specify only start date and end date of the contract and not the billing plan in contract"
  How can we use billing type for contract start and end date .
  I think as soon as i'm changing the dates in billing plan tab system is proposing another line item with different  billing dates and that is not getting covered under deferred account that is still unbilled amount .
  Waiting for your valuable inputs.
  In case of any clarification kindly revert to me.
  Thanks,
  Ujjawal
  Edited by: Ujjawal Singh Karki on Jan 20, 2011 11:10 AM

• Process in C# with Windows Service Account

  Hi,
     I would like to launch SQL Server Management Studio from C# Process Class thru windows service account. When I start the process, I got the in Win32Exception ( “Logon failure: unknown user name or bad password”). I verified the User credentials
  as well. Please let me if you have any idea on this issue.
  Code:
  private
  void cmdSqlServer2012_Click(object sender,
  EventArgs e)
  Process objProcess =
  null;
  ProcessStartInfo objProcessStart =
  null;
  string strSqlServer =
  @"C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe";
  //string strSqlServer = "ssms.exe";
  string strUserID = ConfigurationManager.AppSettings["UserID"];
  string strUserPwd = ConfigurationManager.AppSettings["Password"];
  try
                  objProcess =
  new Process();
                  objProcess.StartInfo.LoadUserProfile =
  false;
                  objProcess.StartInfo.FileName = strSqlServer;
                  objProcess.StartInfo.UseShellExecute =
  false;
                  objProcess.StartInfo.UserName =
  "Senthil.Krishnamoort";
                  objProcess.StartInfo.Domain =
  "Services";
                  objProcess.StartInfo.Password = ConvertToSecureString(strUserPwd);
  objProcess.Start();
  catch (Win32Exception w32E)
  // The process didn't start.
  MessageBox.Show(w32E.Message);
  catch (Exception ex)
  MessageBox.Show(ex.Message);
  finally
                  objProcess.Dispose();
                  objProcess =
  null;
  public static
  SecureString ConvertToSecureString(string password)
  if (password == null)
  throw new
  ArgumentNullException("password");
  SecureString secureString =
  new SecureString();
  foreach (char ch
  in password)
                  secureString.AppendChar(ch);
              secureString.MakeReadOnly();
  return secureString;

  Hi
  Krish0609,
  Firstly please try do the following steps
  Service____rightclik___Propertise___Logon___allow service  to interact with desktop.
  Secondly, from your code,  I would suggest you used
  ProcessStartInfo.Arguments
  Property
  to  sets the set of command-line arguments to use when starting the application.
  objProcess.StartInfo.Password = ConvertToSecureString(strUserPwd);
  I doubt this issue maybe you have converted to secure string.
  By the way, here is how to use SSMS command line.
  Usage:
  sqlwb.exe [-S server_name[\instance_name]] [-d database] [-U user] [-P password] [-E] [file_name[, file_name]] [/?]
  [-S The name of the SQL Server instance to which to connect]
  [-d The name of the SQL Server database to which to connect]
  [-E] Use Windows Authentication to login to SQL Server
  [-U The name of the SQL Server login with which to connect]
  [-P The password associated with the login]
  [file_name[, file_name]] names of files to load
  [-nosplash] Supress splash screen
  [/?] Displays this usage information
  Please also refer to Bruce Prang's Blog
  to learn more.
  Best regards,
  kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.