SharePoint Foundation Active Directory Problem

Similar Messages

• Sharepoint 2013 Active Directory Import- Manager field not updating

  Hi,
    SharePoint 2013 Active directory import  -Manager field not updating
  Concern/Issue-
   We are using SharePoint and configured the Active Directory Import .First import it seems everything is working fine and OOB Organization chart  built using User profile data is coming out right.
  Now the user is moved from one Organization Unit to Another.
  Now our Manager field is not Updating .There is change in AD manager attribute but not reflecting in the SharePoint User profile.
  Manger field is mapped to "manager" attribute in SharePoint.
  We tried removing the user and Re-Import using Incremental import but no luck.
  Thanks for help in advance
  Sachin

  Moving a user from one OU to another in AD won't normally change the Manager attribute in AD.  You would need to edit the user's organization settings to change the manager value in AD.  I've also seen these changes not be picked up unless something
  other than just the manager field in AD changing.  Try changing something like Office location and see if the manager change is picked up by AD Import.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• SharePoint Foundation 2010 Workspace problem

  I've installed sharepoint foundation 2010 in a Windows server 2008 R2 standard environment. I've added some site collections and added some libraries to the site pages. Ive put in various permissions and groups and tested no problem using
  Sharepoint workspace 2010 on a Windows 7 32 bit client.
  But when I do a remote desktop connection to another server with 2008 R2 standard installed I can't get Sharepoint workspace 2010 to work properly. It opens an account and connects to my sharepont site but in the pane to the right where I would normally
  see library documents listed all that comes up is an error stating - Error: Cannot Display Tool.
  Also if I try to sync I get the following error:-
  The parameter is incorrect
  HResult: 0x80070057 (0x386d7565)
  Process: Groove.exe (ID:17936(0x00004610))  
  No amount of googling has found a solution, no similar postings had any resolutions.
  Any help would be much appreciated
    

  My apologies. I'd focused on the error and hadn't adequately read the information you provided on the environment. The issue is probably with using SharePoint Workspace on the remote computer, not with SharePoint Foundation.
  Here is what I understand you to be doing:
  You use Remote Desktop to connect to the Windows Server 2008 R2 computer, where you log in with your domain account, which is a member of the local Users group.
  On the remote computer, you start SharePoint Workspace.
  On the Launchbar, you click New, click SharePoint Workspace, select your site, and then click
  OK.
  The workspace is created and appears (from the progress bar) to download content.
  When you click Open Workspace, no content is displayed. Instead, you see the "Cannot Display Tool" error.
  Is that correct?
  There are three areas where SharePoint Workspace is complicated to run remotely:  
  Where SharePoint Workspace will be run by a user other than the one installing it, it must not be lauched during the installation. This seems the most likely to be the issue, as we have seen the same failure and error at a customer site where several
  users had been given a computer image created on a computer where SharePoint Workspace had been launched before image creation.
  Only one user should run SharePoint Workspace (Groove.exe) at a time. (Sometimes multiple instances work, but it's not reliable.)
  You need to have a local profile on the computer which is running SharePoint Workspace. SharePoint Workspace is not supported with Roaming or Temporary profiles. Usually, this problem would prevent you from starting SharePoint Workspace, but some
  environments with custom permissions can lead to other errors.
  SharePoint Workspace uses the current user's permissions for SharePoint server access, In the case of Forms-Based authentication, it prompts for credentials at workspace creation, but then uses the credentials in the active browser session when opening
  the workspace. I think this could only be related to your problem if you are logged in as another user in your browser, and that user has access to some, but not all, of the site your workspace connects to.

• Using Groups in SharePoint from Active Directory

  Hello,
  Is it possible to use groups in SharePoint from AD?
  I have several groups in AD that I would like to use in SP. Of course SP has its own set up groups in permission (Owner, Member and Visitor). I do not want to use these groups. What I would like to do is use groups that are in my AD and assign those the
  designer, contributor, read-only..etc permission.
  For example, SP people picker finds my AD group called "Finance_Project" and assign this group with permission rights as a contributor.
  Is this doable in SharePoint. I would think since SharePoint can be authenticated with AD, you should be able to use your own AD groups.
  Any suggestions, articles and answers are greatly appreciated.
  artisticweb

  You can do this in SharePoint. are you importing the AD groups via UPA?
  Creating a SharePoint group and adding an Active Directory group to its members…this allows anyone in the Active Directory group to participate in the SharePoint group
  Mapping roles directly to Active Directory groups and not using SharePoint groups at all.
  here is couple of article which will explain your choices one over to other
  Assign permission levels in SharePoint 2013
  Using Active Directory Vs. SharePoint Groups
  http://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Query Active Directory + Problem with thumbnailPhoto

  Hi<o:p></o:p>
  I have a problem and I don’t know if it is my SQL Query, so here goes
  <o:p></o:p>
  I have a view on my SQL server that Queries our Active Directory. I can see that there is data in the table.<o:p></o:p>
  But when I try to use the Image in some C# code I get an error on 60% of the images with the exception header missing or corrupted.
  My view is built with this Query:
  select
  * from
  openquery
  ADSI,'SELECT sAMAccountName, mail, title, displayName, telephoneNumber, mobile, sn, givenName,  department, thumbnailPhoto
  FROM ''LDAP:[REMOVED]''
  WHERE objectCategory = ''Person''
  Do you have any idea where the problem is? The photos shows up fine in Outlook, SharePoint, lync etc. I’m pretty sure that the C# code works correctly. Hope you can help.
  Regards
  If only I had time to learn everything I wanted ...

  Hi Latheesh
  I've tried with this script:
  SELECT ISNULL(ROW_NUMBER() OVER ( ORDER BY department ), -999) 'id' ,
  CONVERT(NVARCHAR(25), givenName) AS Fornavn ,
  CONVERT (NVARCHAR(50), sn) AS Efternavn ,
  CONVERT(CHAR(5), UPPER(SUBSTRING(mail, CHARINDEX(mail, N'@'),
  CHARINDEX(N'@', mail)))) AS 'initialer' ,
  CONVERT(NVARCHAR(255), mail) AS Mail ,
  CONVERT(NVARCHAR(75), title) AS Stilling ,
  CONVERT(NVARCHAR(120), department) AS Afdeling ,
  CONVERT(NVARCHAR(13), telephoneNumber) AS Fastnet ,
  CONVERT(NVARCHAR(13), mobile) AS Mobil ,
  CASE WHEN userAccountControl = 2 THEN 'Account is Disabled'
  WHEN userAccountControl = 16 THEN 'Account Locked Out'
  WHEN userAccountControl = 17
  THEN CONVERT (VARCHAR(48), 'Entered Bad Password')
  WHEN userAccountControl = 32
  THEN CONVERT (VARCHAR(48), 'No Password is Required')
  WHEN userAccountControl = 64
  THEN CONVERT (VARCHAR(48), 'Password CANNOT Change')
  WHEN userAccountControl = 512 THEN 'Normal'
  WHEN userAccountControl = 514 THEN 'Disabled Account'
  WHEN userAccountControl = 544
  THEN 'Account Enabled - Require user to change password at first logon'
  WHEN userAccountControl = 8192
  THEN 'Server Trusted Account for Delegation'
  WHEN userAccountControl = 524288
  THEN 'Trusted Account for Delegation'
  WHEN userAccountControl = 590336
  THEN 'Enabled, User Cannot Change Password, Password Never Expires'
  WHEN userAccountControl = 65536
  THEN CONVERT (VARCHAR(48), 'Account will Never Expire')
  WHEN userAccountControl = 66048
  THEN 'Enabled and Does NOT expire Paswword'
  WHEN userAccountControl = 66050
  THEN 'Normal Account, Password will not expire and Currently Disabled'
  WHEN userAccountControl = 66064
  THEN 'Account Enabled, Password does not expire, currently Locked out'
  WHEN userAccountControl = 8388608
  THEN CONVERT (VARCHAR(48), 'Password has Expired')
  ELSE CONVERT (VARCHAR(248), userAccountControl)
  END AS 'Disabled' ,
  CONVERT(NVARCHAR(75), givenName + ' ' + sn) AS 'DisplayName' ,
  CONVERT (VARBINARY(MAX), thumbnailPhoto) AS 'Photo'
  INTO ##adTemptable
  FROM openquery
  ADSI,'SELECT sAMAccountName, mail, title, displayName, telephoneNumber, mobile, sn, givenName, department, thumbnailPhoto,userAccountControl
  FROM ''[REMOVED]''
  WHERE objectCategory = ''Person''
  WHERE department IS NOT NULL
  But i still gets the same error on MANY rows
  OLE DB provider 'ADsDSOObject' for linked server 'ADSI' returned truncated data for column '[ADsDSOObject].thumbnailPhoto'. The actual data length is 6846 and truncated data length is 4000.
  OLE DB provider 'ADsDSOObject' for linked server 'ADSI' returned truncated data for column '[ADsDSOObject].thumbnailPhoto'. The actual data length is 7006 and truncated data length is 4000.
  OLE DB provider 'ADsDSOObject' for linked server 'ADSI' returned truncated data for column '[ADsDSOObject].thumbnailPhoto'. The actual data length is 6496 and truncated data length is 4000.
  If only I had time to learn everything I wanted ...

• Sharepoint 2013 - Active Directory Import User Profile Property manager fields

  Hi there,
  I juste encountered actually a little issue regarding the Active Directory Import User Profil.
  Importation seems to work well but I have a little problem regarding the Manager field.
  When I verify a user profil through the sharepoint admin page ("Manage user profil") , I can see the manager field is correctly populated, but if I want to check my profil as a user (personal information), the manager field is not visible.
  With Sharepoint Admin and Manage Profil Properties, I haven't the possibility to modify some settings for the manager.
  For example, Policy parameters is greyed.
  The only way I found to show this field in a user profil is to give the permission "allow users to Edit values ...".... setting I don't want to set.
  Have you already this sort of issue ?
  Thanks for your help/idea.

  Hi Michael,
  I don't remember well what I did exactly regarding this issue because I played a lot with user profil.
  I know I used this powershell script from Sheyia which in fact help me a lot to clean and create a good profil setting.
  http://blogs.technet.com/b/sheyia/archive/2013/10/09/sharepoint-2013-another-way-to-change-order-for-user-profile-properties-via-powershell.aspx
  For example, this script help me to resolve some double entries.
  Let-me know if it help you (or not of course)

• SharePoint Foundation 2013 AppStore problems

  Hi,
  i configured the Subscription and App service applications.
  Now i want to configure the App URLs. It isn´t working and i got error:
  02/20/2013 15:15:05.95  w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   Topology                       e5mc Medium   WcfSendRequest: RemoteAddress: 'http://sharepoint:32843/7b934b745e3c4c0aa735b35c9da7aecf/SubscriptionSettings.svc/optimized'
  Channel: 'Microsoft.SharePoint.ISubscriptionSettingsServiceApplication' Action: 'http://tempuri.org/ISubscriptionSettingsServiceApplication/GetSubscriptionMetadata' MessageId: 'urn:uuid:90e32ff1-6687-4d19-a329-c131cf377117' 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.95  w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   Site Subscription              buq6 Unexpected An error occurred while contacting the subscription settings service at 'http://sharepoint:32843/7b934b745e3c4c0aa735b35c9da7aecf/SubscriptionSettings.svc/optimized'. 
  Exception details: System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or
  from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.   
  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action,... 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.95* w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   Site Subscription              buq6 Unexpected ... MessageVersion version, FaultConverter faultConverter)     at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime
  operation, ProxyRpc& rpc)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
  methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
  reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.Sha... 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.95* w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   Site Subscription              buq6 Unexpected ...rePoint.ISubscriptionSettingsServiceApplication.GetSubscriptionMetadata(Guid subscriptionId)     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.<>c__DisplayClass22.<GetSubscriptionMetadata>b__20(ISubscriptionSettingsServiceApplication
  channel)     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.ExecuteOnChannel(CodeBlock codeBlock) 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.97  w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   General                        8nca Medium   Application error when access /_admin/ConfigureAppSettings.aspx, Error=Die
  Einstellungen oder Dienste, die zum Erfüllen dieser Anforderung erforderlich sind, sind zurzeit nicht verfügbar. Wiederholen Sie diesen Vorgang später. Wenn das Problem weiterhin besteht, wenden Sie sich an den Administrator.   at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.ProcessCommonExceptions(Exception
  ex, SPServiceLoadBalancerContext context)     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.ExecuteOnChannel(CodeBlock codeBlock)     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.GetSubscriptionMetadata(Guid
  subscriptionId)     at Microsoft.SharePoint.SPSiteSubscriptionSettingsManager.GetMetadata(SPSiteSubscriptionIdentifier subscriptionIdent... 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.97* w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   General                        8nca Medium   ...ifier)     at Microsoft.SharePoint.ApplicationPages.ConfigureAppSettingsPage.OnLoad(EventArgs
  e)     at System.Web.UI.Control.LoadRecursive()     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.97  w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   Runtime                        tkau Unexpected Microsoft.SharePoint.SPException: Die Einstellungen oder Dienste, die zum Erfüllen
  dieser Anforderung erforderlich sind, sind zurzeit nicht verfügbar. Wiederholen Sie diesen Vorgang später. Wenn das Problem weiterhin besteht, wenden Sie sich an den Administrator.    at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.ProcessCommonExceptions(Exception
  ex, SPServiceLoadBalancerContext context)     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.ExecuteOnChannel(CodeBlock codeBlock)     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.GetSubscriptionMetadata(Guid
  subscriptionId)     at Microsoft.SharePoint.SPSiteSubscriptionSettingsManager.GetMetadata(SPSiteSubscriptionIdentifier subscriptionIdentifier)     at Microsoft.SharePoint.A... 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.97* w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   Runtime                        tkau Unexpected ...pplicationPages.ConfigureAppSettingsPage.OnLoad(EventArgs e)    
  at System.Web.UI.Control.LoadRecursive()     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.97  w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   General                        ajlz0 High     Getting Error Message for Exception System.Web.HttpUnhandledException
  (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> Microsoft.SharePoint.SPException: Die Einstellungen oder Dienste, die zum Erfüllen dieser Anforderung erforderlich sind, sind zurzeit nicht verfügbar. Wiederholen Sie diesen
  Vorgang später. Wenn das Problem weiterhin besteht, wenden Sie sich an den Administrator.     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.ProcessCommonExceptions(Exception ex, SPServiceLoadBalancerContext context)    
  at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.ExecuteOnChannel(CodeBlock codeBlock)     at Microsoft.SharePoint.SPSubscriptionSettingsServiceApplicationProxy.GetSubscriptionMetadata(Guid subscriptionId) ... 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.97* w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   General                        ajlz0 High     ...    at Microsoft.SharePoint.SPSiteSubscriptionSettingsManager.GetMetadata(SPSiteSubscriptionIdentifier
  subscriptionIdentifier)     at Microsoft.SharePoint.ApplicationPages.ConfigureAppSettingsPage.OnLoad(EventArgs e)     at System.Web.UI.Control.LoadRecursive()     at System.Web.UI.Page.ProcessRequestMain(Boolean
  includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.HandleError(Exception e)     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)    
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest()     at System.Web.UI.Page.ProcessRequest(HttpContext context)    
  at System.Web.Ht... 20a2009c-685d-1075-ca77-e4065e540bb9
  02/20/2013 15:15:05.97* w3wp.exe (0x1714)                        0x1634 SharePoint Foundation        
   General                        ajlz0 High     ...tpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()    
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 20a2009c-685d-1075-ca77-e4065e540bb9
  Any ideas?
  THX and Greets,
  Andreas

  Hi, the error occurs, when i want to configure the apps-URLs. The service applications for apps und subsription are alive.
  but:
  Site Subscription              buq6 Unexpected An error occurred while contacting the subscription settings service at 'http://sharepoint:32843/7b934b745e3c4c0aa735b35c9da7aecf/SubscriptionSettings.svc/optimized'. 
  Exception details: System.ServiceModel.FaultException: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or
  from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.   
  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action,... 359e009c-b8c7-1075-ca77-e5ff23632483
  02/20/2013 14:06:39.37* w3wp.exe (0x0C5C)                        0x1768 SharePoint Foundation        
   Site Subscription              buq6 Unexpected ... MessageVersion version, FaultConverter faultConverter)     at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime
  operation, ProxyRpc& rpc)     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
  methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
  reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)     at Microsoft.Sha... 359e009c-b8c7-1075-ca77-e5ff23632483
  Greets,
  Andreas

• Choosing Server for SharePoint, Exchange, Active Directory, SQL

  Hello
  We want to migrate from work-group type network and setup an interoffice mail server and ,  ... with SharePoint, Exchange, outlook. There are less than 40 clients. I prefer to minimize the number of servers. Is it possible to use one system for some
  of this servers:
  1. SharePoint
  2. Exchange Server
  3. SQL Server
  4. Active Directory DC
  Thank you

  You could combine #1 and #3, but none of the other services. Or you could look at just getting a Domain Controller and using Office 365.
  I'd recommend you have more than one Domain Controller for redundancy.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• 10.4.6 and Active Directory Problem - Volume cannot be found??

  I have bound six 10.4.6 to active directory. All went sweet with no problems. I have "force local home folder" off in Directory Access for AD. I can login to the Mac no problem using any user account from AD. If I login with a user the first time all goes well. The desktop icons show and the home directory is that of the users network home folder and can browse it. All good until I log out and login again. I get the desktop icons but the users home directory give the error "The Volume for %username% Cannot be found" when trying to access. I can browse the network to the user home folder without having to authenticate. The server (2003) shows no login errors, all looks fine. I have upgraded one Mac to 10.4.7 but made no differnce.
  I have installed "services for Mac and Appletalk" on the server but from what I have been told this shouldn't need to be installed but I did as I was getting no where anyway.
  Any ideas?
  PowerPC   Mac OS X (10.4.6)  

  Hi Chris!
  Before I comment, I want to define a couple of things. A "Mac home folder" stores a user's files (Documents, Library, etc.). This home folder can be stored locally on the workstation or it can be stored on a server. A "Windows home folder" is defined in a user's Active Directory account and can be used as the Mac home folder or simply as a network user folder for storage.
  While the idea of a network-based Mac home folder is nice, it can be clunky simply because the entire user experience is dependent on network speed and/or good file synchronization between your server and workstation. As someone who works in a group supporting about 300 Macs, I suggest enabling local home folders and not using a network-based Mac home folder.
  Next, File Services for Macintosh (AFP protocol) built into Windows Server will not support network-based Mac home folders. This is a dead end. You can install a third party product from Group Logic called ExtremeZ-IP, which does support network-based home folders over AFP.
  Therefore, what's happening in your network is that the network-based Mac home folders are being mounted via the SMB protocol, which uses Windows style file sharing. SMB in Mac OS X is good for limited use but I wouldn't recommend it for extensive use, which would include network-based Mac home folders.
  Here's what I suggest for your AD settings: 1.) Enable local home folders. 2.) Connect via SMB. This will keep your users' Mac home folders local to the machine but if their Windows network home folder is properly defined in their AD account settings then these should automatically mount on the Desktop via SMB at login.
  If you can get your Windows home folders to mount automtically on the users' Desktops then you can experiment with synchronization. After logging in, each user can visit Apple menu --> System Preferences... --> Accounts and the synchronization options will be available. A user can synchronize all or part of his local Mac home folder to his mounted Windows home folder.
  Hope this helps! bill
  1 GHz Powerbook G4   Mac OS X (10.4.7)  

• 10.5.5 Active directory problem for mobile users

  I an running 10.5.5 on a MBP 2.4. The computer is attached to Active Directory for authentication. The accounted is setup as a mobile user with automatic home sync. Below is the problem I'm experiencing after 10.5.5.
  Upgrade worked fine, everything went through as expected. When I got home with computer, couldn't login. I did eventually get logged in, computer became extremely unresponsive at intermittent times.
  At work next day, everything worked fine.
  I believe this is a problem with 10.5.5 computers that are bound to AD, when AD is not available (but internet is.) Some type of weird priority locking or timeout setting? It seems to fail immediately if no network is available, but if the internet is available it is like it gets "hung" waiting for a response.
  Anybody else having similar problems?
  Below are the details on the specific tests that brought me to this conclusion.
  1) Boot with work network cable connected - Works fine
  2) Boot with work wifi network enabled - works fine
  3) Boot with public wifi network enabled and work cable - works fine.
  4) Boot with only public wifi - appears "frozen" (turned off after 5 minutes of trying to login)
  5) Boot without network or wifi - works fine using cached mobile account info
  6) Boot with network cable and public wifi, remove network cable after login- works fine for a period becomes periodically frozen. attempts to do anything become queued, when computer starts responding queue emptys out (can see menus / applications switch around to correspond with clicks.)
  7) Change account to Manual sync of mobile account, again boot with network cable and public wifi, remove network cable- no freezing responds normaly.
  All steps repeated after rebinding computer to AD - same results.

  First rule of installing an upgrade, run permissions repair both before & after. Did you do that?
  I'm using a Mac dual bound to AD & OD, works perfectly. I can't speak for the exact setup of your network but I personally would be suspicious of AD. I had a similar issue some time back where my processor would go crazy with the net directory authentication running like crazy. Turned out AD had somehow forgotten my computer. It only happened away from work where my Mac couldn't contact the AD server (not exactly sure why). I'd try the following.
  1. While at work create a local administrative account on your Mac (you should always have a backup account anyway).
  2. Login as local admin account.
  3. open Directory Utility from the Applications/Utilities folder & remove the AD server (you'll need an account that can bind machines to AD).
  4. re-add your Mac to AD.
  This may resolve your issue & shouldn't hurt anything in the least.

• Binding to Active Directory Problem. I am a Newb! probably something stupid

  Hey All,
  Trying to get my apple xsever to join our windows domain. I got it to bind and the user accounts show up on the machine but then it askes me to join it to the Active Directory Kerberos realm. I am confused.
  what i am trying to do is joint it to the windows domain for my admin account on the actual server and then set up local user accounts on the machine so when my mac users log in they authenticate using the local mac account and not the windows domain account. Does this make sense? From what i read macs authenticate using the local account before going to the windows account which is what i want. I am a total newb to this so forgive me for the stupid questions.
  cheers all,
  jess

  Hi
  set up the xserve as an Open directory Master
  will it place nice on the network
  with the rest of the windows servers that we have.
  There should be no problem in doing this. All you need to do is decide whether you want your Mac Server to run its own DNS Service or to use the existing DNS service being provided by the AD Server. Open Directory Master requires DNS Services running somewhere.
  i just want to have a mac studio of about 35 people be
  kind of an island within a sea of windows users. If
  there can be cross over there then fine.. but really
  i want the mac to work well with the apple server and
  if i can get the windows clients hooked up also then
  fine.
  There should be no problem with this.
  When you say studio do you mean a graphics design studio? Or are you talking about a video production studio? If the answer is yes to either one or both then perhaps a simple file server would do. An Open Directory Master is OK in this environment but your network needs to be up to job. Ideally gigabit ethernet certainly for video production and also if your studio are heavy photoshop users. You could get away with 100Base-T but with 35 heavy users editing files stored on the server as well as Home folders it may be a bit too much. If this is the situation in your studio you would be better placed working locally and saving the files back to the server at the end of the day. You would set up your users with names and passwords in the OD directory node. Your studio can use those account details to log on to the server to access share points but still work locally if they need to. If you start windows services on the mac server then there should be no reason for windows clients to access share points on the mac server as well. Be careful how you configure windows services as you already have existing PC servers on the network.
  As you have already stated your aim is to keep the macs completely separate from the PCs then consider connecting all your macs to a separate switch and have them running of a different IP address range and subnet mask. You could then use an intervening router to handle traffic between the two networks, this way you control cross platform access to shared resources. If you understand networks, routers etc then you should be able to accomplish this without too much trouble. Again searching the Server forums should give you plenty of ideas and advice on the best way to achieve what you want. As ever defining and deciding what you want you want the server to do is half the problem.

• Java/Active Directory problem

  I have a strange problem. We have an application that we login to through a website. The application requires Java 1.42_9 to run properly. These workstations came from Dell with java 1.50_6 preloaded which I removed infavor of the required 1,42_9. Everything works normally when a user logs into the the workstation (WinXP SP2) as the local adminstrator. The problem arises when a user logs into the machine with an Active Directory account. We trying to run the website to login to our application and all we get is the Red X in the upper left hand corner of the screen. There is nothing in the Java console, it seems like java does not even attempt to start. I am not sure what Active Directory has to do with this but as long as we log in as a local admin everything works great. If I load Java 1.50_6 back on the workstation it works but it takes over two minutes for Java to load which is unacceptable. I have also tried 1.50_7 but it too take too long to load.
  Sorry for the long winded post, but Im hoping someone has suggestions on why logging into Active directory causes 1.42_9 to fail.

  Your problem is your use of these two combinations
  constrains.setSearchScope(SearchControls.SUBTREE_SCOPE);
  ctx.search("", "(objectclass=*)", constrains); Many LDAP servers, including Active Directory, do not permit subtree searches from the root.

• LDAP Active Directory Problem

  Hi,
  i have a win 2003 server (german) and apex 3.x. I (hope i ) have read all postings to this topic. Read the Apex Book, tried the Oracle Examples but all examples i have found won´t work for me. After three hours i found one solution that works:
  (Domain: marco.de)
  create or replace FUNCTION check_ldap_user(
  p_username IN VARCHAR2,
  p_password IN VARCHAR2
  ) RETURN boolean IS
  l_session DBMS_LDAP.session;
  l_ret binary_integer;
  BEGIN
  l_session := DBMS_LDAP.init (
  hostname => '192.168.178.100',
  portnum => '389');
  IF (DBMS_LDAP.simple_bind_s (
  ld => l_session,
  --dn => 'cn='||upper(p_username)||',cn=user,dc=marco,dc=de', /* <= This line does not work */
  dn => upper(p_username), /* <= This Version work */
  passwd => p_password)) = 0 AND p_password IS NOT NULL THEN
  l_ret:=DBMS_LDAP.UNBIND_S(ld=> l_session);
  RETURN True;
  ELSE
  RETURN False;
  END IF;
  EXCEPTION WHEN OTHERS THEN
  dbms_output.put_line(sqlerrm);
  RETURN FALSE;
  END;
  The Question is, if there any problems with a german Active Directory Server (Mayby the groups like "Domänen-Admins" are the problem)
  Thanks
  Marco

  Hi,
  Any help?

• Solaris 10 Active Directory problem

  I've been battling through the integration of Active Directory on our Solaris 10 systems, and have reached another brick wall. I am able to getent passwd <user> and kinit <user> without any problems, but any attempt to su or login via SSH shows the following:
  Apr 14 10:34:26 eddie su: [ID 537602 auth.error] PAM-KRB5 (auth): krb5_verify_init_creds failed: New password cannot be zero length
  Using Samba version 3.0.23b, connecting to Windows Server 2003, with SP1. I've tried various fixes, tried installing and uninstalling other versions of ldap, pam, and krb5.
  If anyone could shed some light on this error, it would be much appreciated.
  Cheers,
  Dave

  have you checked this link?
  http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp?cid=e5595

• Yet another active directory problem

  Hi,
  I'm trying to bind a few Macs in my Windows 2003 Active Directory Domain, they're the first that comme with Lion 10.7.2 out of the box. I'va had my share of problems with AD binding of Macs, but I already have a lot of 10.6.8 Macs, and a few other that got upgraded from 10.6 to 10.7 without much problems and those work fine with my AD.
  That, of course, couldn't last and I now have a new problemes with my 10.7.2 Macs. The binding process in itself seems to work fine, I've got the green light in front of my AD domain and I can log with my AD accounts on my Macs. The problem start when I try to access the directory utility to change the default settings for "active directory" (any settings will do, create mobile acount for example) : this creates another AD binding in "network account server", I can still login with my ad accounts but none of the settings I set in the directory utility are effective.
  Both of those AD binding are shown with a green light, but the second one has a comment stating that it is not present in the auth scope rules. My AD DNS domain name is something like "domainname.com" (no .local), but the short netbios name is something like "dom" : the original AD binding on my 10.7.2 Macs is "dom", and the one created after I change some settings is "domainname". On my other Lion or SL Macs correctly joined to my domain, the domain only appears with the name "domainname" : it seems that for some reason Lion is now troubled by the fact that my netbios name is not the dns name minus the extension...
  If I unbind one of my correctly working upgraded 10.7.2 Macs, it exhibits the same issue when I try to rebind it.
  Does anyone else has a similar AD configuration, and does it work with 10.7.2 ? Does anyone has any idea of how to work around it ?
  Thanks

  Hi there,
  I have experienced the same problem with Macs in my Windows environment. I have found a work-around for it, but it is a little bit tedious. What I have found is that if you reinstall Lion (10.7 or 10.7.1) and bind it to the domain before patching to 10.7.2 it will bind correctly with only one entry in the network account server dialog. From there you can updagte to 10.7.2 and it will work correctly. There is a catch, though. If for any reason you need to unbind the machine from the domain, you will run into the same problem when you try to bind it again. I know it is not much of a fix, but it is what I have been doing to get around the problem. I hope this helps you out.
  Regards