Service accounts - custom attributes

Similar Messages

• Custom attributes in Service Registry

  Hi!
  Is it possible to use custom attributes in Service Registry?
  And if Yes, where can these attributes be displayed in Business Service Control or Registry Control?
  Thanks

  Hi,
  Please see the below link. This might help you.
  http://weblogs.sdn.sap.com/cs/blank/view/wlg/20379
  http://wiki.sdn.sap.com/wiki/display/BPX/Chapter+3
  Thanks and regards,
  SNJY

• OIM 11g - Error Creating Custom 'Service Account' Field

  Hi experts,
  we would like to create a custom "Service Account" checkbox on a Form Provisioning, in way to enable\disable the 'service account'
  status on a target account.
  We wanto to control the 'Service Account' status through a checkbox into the account form.
  Here our steps:
  - Create a new Field on 'UD_ADUSER' Form, we add a 'Service Account' CheckBox as boolean type with default value = 0.
  - Create a new Adapter 'Service Account':
  ---- into 'Variable List' tab we define 2 variables: ProcessInstance -> Long and ServiceAccountCheckBox -> boolean
  ---- into 'Adapter Task' tab we define an IF(ServiceAccountCheckbox == 1) launch tcUserOperationsIntf.changeToServiceAccount method, with our variable 'ProcessInstance' as Input
  - Create a new task into 'Process Definition', we created 'Service Account Updated'.
  ---- into task tab named 'Integration' we set our custom adapter, mapping Process Data > Process Instance and Process Data > Service Account with adapter variables.
  When we assign an 'AD User' resource to a user, the new checkbox 'Service Account' is showed into the form.
  If we check/uncheck the checkbox the task 'Service Account Updated' is launched, but the response is "*Specified User Account Not Found*"
  I think that the problem is into the adapter..
  Any one can help us?
  Best Regards
  AT

  As I said map user key(usr_key) and process instance key(orc_key) form design console
  and use below query to get oiu_key
  prockey=<PROCESS_INSTANCE_KEY>;
  user_key=<USR_KEY>;
  String sqlquery="select oiu_key from oiu " +
  "where ORC_KEY = prockey " +
  "and usr_key = user_key" ;
  Connection con=Platform.getOperationalDS().getConnection();
  Statement st=con.prepareStatement(query);
  ResultSet rs=st.executeQuery();
  while(rs.next())
  long oiuKey=rs.getLong("oiu_key");
  now pass this key in the method

• Custom WS Policy with Service account in OSB while invoking a https service

  Hi,
  I need your help on one of my issue in invoking an https service from OSB. I read through various posting and tried the below steps in this forum
  -Added the certificate for the https site to soa domain
  -Registered the https webservice as a Business service
  -Registerd a proxy service on top of this Business service
  -In the service call out on Proxy service I did a replace operation on the entire soap header with the below string
  <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
       <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>sysuser@yahoo</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ABIHAIKLPLKLPMLERLER</wsse:Password>
       </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>
  -After doing all the above steps my call out worked from the test console, If you see closely the userid(sysuser@yahoo) and password(ABIHAIKLPLKLPMLERLER) is hard coded here.
  I need a way to mask the credentials and have the user pass them when they invoke the proxy service. I read through some posting and it was listed that we can create a custom policy and attach that custom policy to the Business service. But my problem here is the userid has an extra char @, so I wasn't able to create the user account with those credentials in OSB, but I was able to create the userid and password using a service account. Iam not sure how I can use this service account along with the custom policy.
  Can you please provide me a suitable approach, which will solve my issue. I appreciate your time and help
  Thanks
  Jagan.

  Hi,
  Below are the steps followed
  - OSB Proxy service has 'oracle/wss_username_token_service_policy' attached to it.
  - Iam invoking this from BPEL. BPEL process has 'oracle/wss_username_token_client_policy' attached.
  - I can invoke the osb proxy from bpel by passing credentials - No Issues.
  Now I need to put some authorization restriction to the proxy service, so only specific users can access that.
  -I used Role=Admin as a policy condition restriction under security in Proxy service.
  -Then I went to proxy test console and I added the 'oracle/wss_username_token_client_policy' credentials and weblogic/xxxxx at Transport section and I was able to invoke the process. Here weblogic has a Admin Role.
  -I cannot invoke the same proxy service from BPEL in Jdeveloper now.
  All Iam trying to do is to protect my proxy by authrorization policy.
  Thanks
  Jagan.

• AD Import using Custom Attributes?

  by default when you run AD import in UC, it fetched whole AD domain accounts which contains service accounts and a lot other stuff which one don't want to import.
  So choice is to search using a particular Base DN which query only one OU.
  But this simple query is not adequate in a organization which has a very complex and large OUs structure, users which needs to be UC enabled are distributed among many separate OUs.
  Is there some kind of filters or other method during AD import which can query users from AD based on security group membership or CustomAttributes. The best approach will be CustomAttributes based query, because we already published CustomAttribute15 with values "STAFF","Faculty" and "Students".
  The whole purpose which we want to achieve is to exclude STUDENTS category in AD import. Help me friends to achieve this task.

  Hi
  You can edit the LDAP filer used by CCM; with that you could filter on your custom attributes. See this post for a discussion of a similar modification; it's just a matter of putting together a new LDAP filter string to return the results you want.
  https://supportforums.cisco.com/message/3042759#3042759
  Regards
  Aaron
  Please rate helpful posts...

• Hide Service Accounts in Outlook Calendar

  Hello, we're using the "manager" attribute in AD to associate service accounts with their owner.  In Outlook under Calendar this places those service accounts under the "Team: <MANAGER>" group.  So in addition to actual
  team members under a manager, service accounts are also listed.  Is there a way to hide those accounts so they aren't listed?
  Thank you

  I asked which attribute is more appropriate for that task.  You did not answer that nor give any answer on how to replicate what manager/directReport is doing.
  Additionally, the original question was if it was possible in Exchange to hide certain accounts so that they would not display as being on a team in Calendar.  You side stepped that question and said those accounts shouldn't be there to begin with,
  not how an account could be hidden or if that's even possible.
  Finally, I have yet to argue with you.  I've pointed out that your comments came off rude to me.  The doctor analogy did not add value nor represent this issue accurately.  If that were a real doctor it would show lack of empathy for the patient
  and a lack of interest in getting into the root of the problem.  The comment on the AD team making a mistake also did not add value or answer either of the two parts to my question.  They know what the manager attribute is for, but at the time chose
  to not modify the schema with a custom attribute, or perhaps they too do not know how to replicate the manager/directReport behavior.  In any case, pointing out that they're wrong, doesn't answer my question or show HOW to use an extension attribute to
  achieve this.
  You're an MVP, a partner, and a consultant.  You should be familiar with the Code of conduct.  Please be considerate and respectful: http://social.technet.microsoft.com/wiki/contents/articles/112.wiki-code-of-conduct.aspx
  I'll attempt a more targeted question in the Directory Services forum to see if someone can walk me through the steps to get a extension attribute that will be appropriate for storing service owner type data.

• Issue with Sorting by Custom Attributes

  In our custom SES query application, I am trying to implement sorting at the custom attribute level. I am having difficulty in understanding exactly how to set the options on doOracleOrganizedSearch() to achieve the desired result.
  We have a table based content source and allow a user to search via custom search attribute. We are also going to allow them to sort by custom attribute.
  For example, say we have a Project content source and one of the attributes is "Client Name". Users are going to be able to sort by client name (A-Z and Z-A). I have a prototype working but it only seems to work if I set topN to a very high number.
  I want to bring back the first 10 documents sorted by Client Name A - Z and allowing paging to the next set of sorted results. My prototype works if I set topN to 1000 (more than the # of results) but does not work if I set it to 10 (# of results I want to display per page).
  Below if my code. Note I am not setting the group attribute or the cluster list. Perhaps this is the issue?
  Many thanks in advance!
  OracleResultContainer results = service.doOracleOrganizedSearch
  (this.m_query, // query
  this.m_docsRequested, // topN
  this.m_startIndex, // startIndex
  new Integer(10), // docsRequested
  this.m_dupRemoved, // dupRemoved
  this.m_dupMarked, // dupMarked
  this.m_searchDataGroup, // groups
  this.m_queryLang, // queryLang
  this.m_docLang, // docLang
  this.m_returnCount, // returnCount
  this.m_filterConnector, // filterConnector
  filters, // filters
  this.m_fetchAttributeNames, // fetchAttributeNames
  null, // searchControls
  null, // groupAttr
  this.m_sortAttributes, // sortAttrList
  null); // clusterList

  Hi Nikola,
  in 9.0.1 even if you rewrite the web interface you can't sort files by custom attributes setting a SortSpecification to a Folder. You can only sort by base attributes with getItems(). To get item sorted on custom attributes you must perform a search (a lot more codelines).
  Regards, Alessandro

• Help needed in Inbox search for Custom attribute

  Hi,
  We have  a requirement where in we are having a custom attribute on Service request to store the ECC Order number.
  We have enhanced the Inbox search to retreive all the service requests havig the ECC order number. 
  Here we are encountering a problem. i just created a new crm service request and entered order number 1234. and now when i search for the same in Inbox search giving the criteria order number as 1234. I get no results found. But when i extend the max list to 2000, then i see the service request appearing in the result list. not sure about the algorithm that is designed for inbox search.
  Any pointers on how to resolve this issue would be of great help.
  Thanks,
  Udaya

  Hi,
  I do not have the time to research this completely, but I had a short look into the class you posted.
  In the GET_DYNAMIC_QUERY_RESULT there is a call to CL_CRM_QCOD_HELPER->PREPROCESS( )
  A little bit lower there are blocks marked by comments for the single searches that are handled by this class. I had a look into the campaign_serach() method. There if you scroll a little bit down (around line 123) they set all search parameters to SIGN = 'I' OPTION = 'EQ'. This is done several times below as well.
  Set a breakpoint in the proprocess() method and check which of the blocks is called and how they handle your search criteria.
  Hope it helps.
  cheers Carsten

• Execute UCM Service in custom component

  Hi ,
  I was looking for information how to execute the UCM service in custom component and found a couple of blogs regarding the same :
  http://jonathanhult.com/blog/2012/06/execute-a-service-from-a-java-filter/
  http://jonathanhult.com/blog/2012/10/who-created-that-site-studio-section/
  http://www.redstonecontentsolutions.com/5/post/2012/05/executing-a-service-from-aservicehandler.html#sthash.X31M6ZCS.tvlE83Km.dpbs
  I am new to webcenter content and couldn't understand above blog stuff properly. Queries :
  1. We may need to call the UCM service in filter, Service or ServiceHandler. Is there any difference in code required to execute a service ?
  2. What is the correct code to execute the UCM service ?

  Ad 1) the reason why the same service might be executed slightly differently from e.g. a filter or another service/service handler is that classes Service, ServiceHandler, and the interface FilterImplementor provide slightly different attributes. Note that you may also execute a service from iDocScript (via the executeService command - see http://docs.oracle.com/cd/E23943_01/doc.1111/e10726/c08_config_ref.htm#i1078100)
  Ad 2) There is no 'correct' or 'incorrect' way/ Simply, from a filter you will do it this way, and from a service that way. I think you should ask, what is the correct way to implement my custom service - should it be a filter? Or rather a service handler? Will I need Java, or is iDocScript enough? Unfortunately, you have not shared anything about what your component should do.

• Scheduled Task as Service Account - Failed to Start 2147943785

  I am attempting to run some powershell scripts that update membership of groups based on role attribute on users, then also grabs members of some groups and updates other groups with these members.
  I've delegated access through "security" to give this service account write:member and write:memberof for the Groups OU and write:memberof for the OUs containing the user accounts.
  I've updated my Default Domain Policy to give this service account Log On As Batch Job permissions.
  The scheduled task is running from a Domain Controller.
  When I attempt to run the task as the service account I receive the following:
  Task Scheduler failed to start "\SITE Role Membership" task for user "DOMAIN\GroupScripts$". Additional Data: Error Value: 2147943785.
  What am I missing here?

  Hi Allister,
  Please follow these steps t troubleshoot:
  Type "gpedit.msc", try to configure the following policy:
   [Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment]
  1.  Log on as a batch job.
  2.  Allow log on locally.
  Add the service sccount domain\username to these two policies.
  Refer to:
  Task Scheduler failed to start - Additional
  Data: Error Value: 2147943785
  If there is anything else regarding this issue, please feel free to post back.
  Best Regards,
  Anna Wang

• Powershell script to set custom attribute on mailuser returns WARNING: The command completed successfully but no settings of user have been modified.

  I am trying to write a script to enable a mailuser (I do know the difference between mailuser and mailbox) and set a custom attribute for that mailuser.  Every time I run the script I get "WARNING: The command completed successfully but no settings
  of <User DN> have been modified."  Both commands being invoked work when typed manually into the exchange management shell on the exchange server itself.  I am using the same administrator account in the script, and when I login to the
  exchange server to manually run the commands, so it shouldn't be a permission issue.  Here is my script so far.  If anyone can shed some light on what I'm doing wrong, I'd appreciate it.
  $excel = new-object -com excel.application
  $wb = $excel.workbooks.open("c:\temp\testmail8.xlsx")
  $ws = $wb.Worksheets.Item(1)
  $row = 1
  $s = New-PSSession -ConfigurationName microsoft.exchange -ConnectionUri http://<Exchange Server Name>/powershell -Credential [email protected]
  Do {
  $Email = $ws.Cells.Item($row, 1).Value()
  $Cat = $ws.Cells.Item($row, 2).Value()
  invoke-command -Session $s -ScriptBlock {Enable-MailUser -ExternalEmailAddress $($args[0][0] + "@domain.com") -Identity $($args[0][0])} -ArgumentList (,$Email, $Cat)
  invoke-command -Session $s -ScriptBlock {Set-MailUser -Identity $($args[0][0]) -CustomAttribute1 $($args[0][1])} -ArgumentList (,$Email, $Cat)
  $row++
       } While ($ws.Cells.Item($row,1).Value() -ne $null)
  $excel.quit    
  Exit-PSSession

  Hi,
  I'm not sure where is wrong in your script. If you want to get more help about the script troubleshooting, I recommand you to ask a question in Script Center forum for more professional answers:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
  As a workaround, please directly create a mail user in EAC and set related custom attribute to have a try.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Service account not inheriting AD group membership permissions on SQL Server

  I am adding Active Directory groups as logins and database users to our SQL Servers. A service account added to an AD group did not inherit the group permissions that the user accounts did. Can there be different attributes of service accounts that would
  prevent service accounts from inheriting the permissions of AD groups?
  Example: An AD Group AD_group contains a service account user, svc_account and a user account, user_account. AD_group is added to a SQL Server as a login. User_account can log in to SQL Server but svc_account cannot.

  SQL Server will use the information within the token used for authentication, so it may be possible that the service has a stale token (i.e. the token has not been refreshed or the service has not restarted) since you made the changes to the AD group.
  I would recommend using a tool such as ProcessExplorer (https://technet.microsoft.com/en-us/sysinternals/bb896653) to make sure the token for the process is showing the latest group
  memberships properly.
  I hope this helps,
  -Raul Garcia
     SQL Server Security
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Process in C# with Windows Service Account

  Hi,
     I would like to launch SQL Server Management Studio from C# Process Class thru windows service account. When I start the process, I got the in Win32Exception ( “Logon failure: unknown user name or bad password”). I verified the User credentials
  as well. Please let me if you have any idea on this issue.
  Code:
  private
  void cmdSqlServer2012_Click(object sender,
  EventArgs e)
  Process objProcess =
  null;
  ProcessStartInfo objProcessStart =
  null;
  string strSqlServer =
  @"C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe";
  //string strSqlServer = "ssms.exe";
  string strUserID = ConfigurationManager.AppSettings["UserID"];
  string strUserPwd = ConfigurationManager.AppSettings["Password"];
  try
                  objProcess =
  new Process();
                  objProcess.StartInfo.LoadUserProfile =
  false;
                  objProcess.StartInfo.FileName = strSqlServer;
                  objProcess.StartInfo.UseShellExecute =
  false;
                  objProcess.StartInfo.UserName =
  "Senthil.Krishnamoort";
                  objProcess.StartInfo.Domain =
  "Services";
                  objProcess.StartInfo.Password = ConvertToSecureString(strUserPwd);
  objProcess.Start();
  catch (Win32Exception w32E)
  // The process didn't start.
  MessageBox.Show(w32E.Message);
  catch (Exception ex)
  MessageBox.Show(ex.Message);
  finally
                  objProcess.Dispose();
                  objProcess =
  null;
  public static
  SecureString ConvertToSecureString(string password)
  if (password == null)
  throw new
  ArgumentNullException("password");
  SecureString secureString =
  new SecureString();
  foreach (char ch
  in password)
                  secureString.AppendChar(ch);
              secureString.MakeReadOnly();
  return secureString;

  Hi
  Krish0609,
  Firstly please try do the following steps
  Service____rightclik___Propertise___Logon___allow service  to interact with desktop.
  Secondly, from your code,  I would suggest you used
  ProcessStartInfo.Arguments
  Property
  to  sets the set of command-line arguments to use when starting the application.
  objProcess.StartInfo.Password = ConvertToSecureString(strUserPwd);
  I doubt this issue maybe you have converted to secure string.
  By the way, here is how to use SSMS command line.
  Usage:
  sqlwb.exe [-S server_name[\instance_name]] [-d database] [-U user] [-P password] [-E] [file_name[, file_name]] [/?]
  [-S The name of the SQL Server instance to which to connect]
  [-d The name of the SQL Server database to which to connect]
  [-E] Use Windows Authentication to login to SQL Server
  [-U The name of the SQL Server login with which to connect]
  [-P The password associated with the login]
  [file_name[, file_name]] names of files to load
  [-nosplash] Supress splash screen
  [/?] Displays this usage information
  Please also refer to Bruce Prang's Blog
  to learn more.
  Best regards,
  kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Records Management - Custom Attributes

  Hi all,
  I've created a Document Service provider in SRMREGEDIT in my RMS_ID. I archive the created documents with ORGANIZER in Documentum Archive Server.
  I have added a custom attribute to my Document type:
  1.- I want this custom attribute appears in ORGANIZER in the search window, so I can search the documents thru my custom attribute. How I can do this?
  2.- I also want to save my custom attribute in Documentum as attribute. How can I save SAP attributes in Documentum?
  Thanks in advance,
  Regards.
  Urtzi.

  Hi Urtzi,
  for custom attributs you need to create a Content Model (Customizing IMG). The Content Model description needs to be in the connection parameter values of your element typ Document. Then you have to customize your attributes in the dmwb (document modelling workbench), you should find your content model under the entity SRM, there you need to look for your content model id in documents, take the virtual class marked with "V" in the PHIO and LOIO classes, in the instance attribs you can finally customize your attributes by clicking the button "more". You have to hide all attributes you don´t need except SRM_DOCUMENT_ID. If you want to add own attributes you need to add them under IO-attributes first. When you restart your electronic desk now you should see the attributes you customized in the document and you are also able to search for these attributes now.
  You save these attributes for your documents by writing the Content Model ID into the connection parameter values (Document_Class) of your element typ Document. If you have different Documents that need different attributes you need to create a new Content Model.
  Hope that helps!
  Regards, Cornelia

• How to add custom attributes to UME

  hi gurus,
  I have developped an appliation in that I want add custom attributes to UME for the sake of retriving the BrandType.
  Please give me suggestion how to do this.
  Thanks in adance.
  Lohi

  Hi Lohi,
  UME setup
  1)     go to Configuration tool (C:\usr\sap\J2E\JC02\j2ee\configtool\consoleconfig.bat)
  2)     For “Global server configuration->services->com.sap.security.core.ume.service” define property “ume.admin.addattrs” as “BU_PARTNER” and for “ume.admin.self.addattrs” as “<empty>”. (to set value select entry, input value in “Value” field and click “Set”)
  3)     Click “Apply changes” button on the toolbar.
  4)     Restart server.
  5)     Login to http://<server_name>:<server_port>/useradmin/index.jsp and define “BU_PARTNER” property.
  Code:
  try {
       final IWDClientUser wdUser = WDClientUser.getCurrentUser();
       final IUser user = wdUser.getSAPUser();
       final String[] attribute = user.getAttribute(
            "com.sap.security.core.usermanagement",
            "BU_PARTNER");
       if( attribute==null || attribute.length == 0 || !Utils.isNotEmpty(attribute[0]) ) {
            wdComponentAPI.getMessageManager().reportMessage(...);
            return;
       } else {
            buPartner = attribute[0];
  } catch (final WDUMException e) {
       wdComponentAPI.getMessageManager().reportMessage(...);
  Best regards, Maksim Rashchynski.