Unlink and remove role = delete user???

Similar Messages

• CSUtil -s and list of (deleted) users?

  I would like to
  get a text list of the defined users so I work with csutil.exe -d. This
  tool writes a dump.txt file that includes deleted users (I don't see
  them via the web interface).
  I tested csutil -s to "make database smaller
  by removing deleted users" as it is written in the doc but it doesn't work.
  Is there a way to get a copy of the user list presented on the web
  interface ? If not, how can I identify deleted records in the dump file
  (a status fields anywhere ?).

  I searched some TAC cases for answers to your questions.
  Here's what I found:
  "Like many relational databases, the CiscoSecure user database handles the deletion of records by marking deleted records as deleted but not removing the record from the database. Over time, your CiscoSecure user database may be substantially larger than is required by the number of users it contains. To reduce the CiscoSecure user database size, you can compact it periodically."
  It looks like to remove the deleted users, you need to compact the database with a command like this:
  CSUtil.exe -d -n -l
  Please refer to this link for more info about compacting the dB & to make sure you follow the precautions like backing up the database, etc.
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/user/ae.htm#72126
  Seems like once you compact the dB, you can re-run your report to dump out all the users. This time, the deleted users should not be there.
  thanks
  peter

• [svn:bz-trunk] 21002: Clean up build. xml and remove unnecessary delete task in the jar target.

  Revision: 21002
  Revision: 21002
  Author:   [email protected]
  Date:     2011-03-31 09:47:04 -0700 (Thu, 31 Mar 2011)
  Log Message:
  Clean up build.xml and remove unnecessary delete task in the jar target. 
  Checkin tests passed.
  Modified Paths:
      blazeds/trunk/modules/core/build.xml
      blazeds/trunk/modules/proxy/build.xml
      blazeds/trunk/modules/remoting/build.xml

  Well obviously it is an Ant build.
  It looks to just compile/build a web application into a war so you can deploy it where you want to.
  You don't need to edit it every time you are making a new page. It should work for any generic struts web application laid out in the fashion it expects.
  Cheers,
  evnafets

• Remove role from user

  HI how do i remove a role from a user when he id terminated or disabled.
  I am assigning a role in the following way during creation with the help of a rule
  <setvar name='newuser.waveset.roles'>
  <filterdup>
  <appendAll>
  <ref>accounts[Lighthouse].roles</ref>
  <s>General-Provision-Role</s>
  <rule name='Get Location Role'>
  <argument name='LocationCode' value='$(newuser.global.LocationCode)'/>
  </rule>
  </appendAll>
  </filterdup>
  </setvar>
  How do I remove this role when termination of user.

  We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
  There is a report called RHGRENZ2 which can be used to delimit specific OM infotypes (like IT1001- Relationships) specifying the end-date and Position ID (Object Type S and Object ID= Position) manually. In your case, I believe IT1001's Relationship A008 and B007 have to be delimited in order to remove a user (US) or role (AG) from a position (S) but this report cannot be run for specific relationship types of IT1001 (atleast I did never find an option to filter based on relationship types).
  You can try using report RHRHDL00 to delete IT1001 relationships from PP Database but you should consider the consequences of such deletions and restrict the selection based in infotypes and relationship types carefully.
  Alternatively, you can also build a LSMW script to automate the process of mass delimit/deletion of IT1001's relationship types using transaction PP02 (PP01 is not compatible to BDC/background processing)
  Thanks
  Sandipan

• Remove role or user from position

  Hi all,
  we are on ECC 6.0; we are using indirect role assignment. We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
  eg. remove user 123456 from position 50000001 and user 654321 from position 50000002 in one shot.
  We have found the standard SAP program RHRHDC00 (RE_RHRHDC00 transaction) but is not designed for doing that.
  There's another standard program/function or... for solve this matters?
  Many thanks.
  Massimo

  We looking for a way to automate the removing of a user (US) or role (AG) from a position (S).
  There is a report called RHGRENZ2 which can be used to delimit specific OM infotypes (like IT1001- Relationships) specifying the end-date and Position ID (Object Type S and Object ID= Position) manually. In your case, I believe IT1001's Relationship A008 and B007 have to be delimited in order to remove a user (US) or role (AG) from a position (S) but this report cannot be run for specific relationship types of IT1001 (atleast I did never find an option to filter based on relationship types).
  You can try using report RHRHDL00 to delete IT1001 relationships from PP Database but you should consider the consequences of such deletions and restrict the selection based in infotypes and relationship types carefully.
  Alternatively, you can also build a LSMW script to automate the process of mass delimit/deletion of IT1001's relationship types using transaction PP02 (PP01 is not compatible to BDC/background processing)
  Thanks
  Sandipan

• How do you remove a deleted user's cyrus mailbox?

  Hi everyone,
  I am having a little trouble with a user's account on Mac OS X 10.4.8 Server. This is a short description of what has happened.
  1. Created a user in WGM.
  2. User then sends and recieves lots of email over a long period, with no apparent issues and uses the webmail interface as well as pop3 mail application on home PC (as expected!).
  3. User uses webmail one day and discovers a server error in red writing.
  4. Semi intelligent server admin guy (me) decides to delete the user account in WGM and then re-create the user in WGM in the hope of deleting the mailbox in the process.
  5. Semi intelligent server admin guy discovers that the delete/re-create procedure doesnt remove the mailbox so he decides to search apple support forums.
  Hence the reason for this post. Can anybody show me how to delete the mailbox for a user, either in GUI server admin or WGM or even terminal?
  Also I have tried adding the diradmin account to the list of cyrus admins in imapd.conf so that the IMAP application can access all mailboxes but I only get read access, so I cant delete it that way, well unless I skipped a step.
  Thanks in advance,
  Kyran McGlasson

  Yes, I saw that but was a tad puzzled. I see in your help file that you advise creating a new user for imap administration, but (lazy me) I just plugged my server admin into the imapd.conf file and did not create a separate user. My thinking was that the OSX Server mail manual states:
  1 In Server Admin, select Mail in the Computers & Services pane.
  2 Click Settings.
  3 Select the General tab and select Enable IMAP, if it is not already checked.
  4 Select an existing user or create a new user using Workgroup Manger to be an IMAP
  administrator.
  5 If you have not created a user record for the mail administrator’s account, see the user
  management guide.
  6 Open /etc/imapd.conf in a text editor.
  If you are not comfortable using a terminal text editor like emacs or vi, you can use
  TextEdit.
  7 Find the line that reads “admins:”
  8 Edit the line to add the UID number of the administrator account after the colon.
  9 Save your changes.
  10 In your email client application, create an account that uses IMAP to connect to your
  mail service using the mail administrator name.
  For more information, see the man page for imapd.conf.
  And therefore I didn't think a separate user necessary. However, even using their method, I cannot connect to the folders via a client, so I gather you are correct!
  So, I create a separate user, name him "imapadmin" or some such, mod the imapd.conf file accordingly, restart, and then . . . how do I give my new imapadmin the necessary permissions?
  I can, by the bye, delete folders using the direct Cyrus Admin method spelled out on pterobyte's site here:
  http://downloads.topicdesk.com/docs/ProperlyDeleting_OS_X_Server_MailUsers.pdf
  Thanks for the quick reply (on a Saturday!) and for crafting this very cool GUI.
  Lost count   Mac OS X (10.4.9)  

• Pick Up file and remove roles/profiles for the specified ID's

  I am wondering if the following would be possible.
  I want to dump a csv file containing user ID's that are no longer required on a daily basis on a server.  Would it be possible to write a program to go out and retrieve that file and where ever there is a match on ID's, remove all roles and profiles associated with that user and change the user group?
  Sounds very simple from a theoretical standpoint but I'm not sure of it's truely feasibility.  I'm not looking for any coding, just to know whether it could be done.  Any help would be great.

  Hi Martin,
  Very true, but infrastructure folks might not want to manage certificates and OS users (good tip for Chris to check on...)
  Open file shares are out there "in the wild" - which is what I wanted to warn against (in addition to the application authorizations within SAP to run this "interface"...
  If it is running as a job, then a check on system field sy-batch = 'X' is usefull, but blunt only for the online execution.
  Personally I have used an (inaccessible) timestamp execution scheme for such things in DB tables not accessibly to the application transactions before. Have not been able to hack it myself, but tried hard..
  But if the file shares are open or the password is in clear text (in a script, .properties type file, ABAP text, network traffic, etc) then I would not class it as secure.
  Such "identity management" stuff, particularly when you want to intergrate it with HR events, is best taken care of centrally in an "identity store" which you can secure and encryot etc centrally.
  Local batch jobs accessing servers and registering / starting external programs and vise-versa to transfer files etc is decentral spagetti coding and security nightmare... ;-(
  Cheers,
  Julius

• Remove roles from users

  Hi All,
  I would like to ask what can I do if I would like to remove multiple roles from ALL users in the system?
  Normally, for a list of users , I use SU10 to do it.
  However, since there are 1 thousand something users in the system, is there a more efficient way to do it?
  Thanks for your help.
  Regards,
  Chris

  Thanks.
  I would say, in my case, it's the best to use PFCG sinceI only need to remove 3X something roles from them. (I don't know which users have those particular roles, the only thing I need to do is to make sure that the 3X roles have no corresponding users).
  Thanks again !
  Regards,
  Chris

• Gpo unlinking and removal of settings

  other than the unmanaged administrative templates, are there settings that wouldn't be removed when the GPO is unlinked? For example, some of the security settings?

  > other than the unmanaged administrative templates, are there settings
  > that wouldn't be removed when the GPO is unlinked? For example, some of
  > the security settings?
  As long as secedit.sdb is fine, security settings will be removed.
  Within "policies", if I recall correctly, only software deployment is
  persistent (if you didn't configure "remove when out of scope") - and
  NTFS/registry rights AFAIK will remain, too.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Bulk unlinking and unassigning of accounts while deleting a resource object

  I have a situation in which I want to bulk unlink and unassign the accounts from SIM while deleting the resource. I know we we can bulk unlink and unassign the accounts from the account tab, Admin interface.
  Is there any way to unlink and unassign while deleting resource adapter from SIM

  Hi,
  Try setting userAccountControl to 514 for an initial setting but do not rely on this being accurate for a existing user as the accountdisable flag is ony of many set in userAccountControl. See values below.
  #define UF_SCRIPT 0x000001
  #define UF_ACCOUNTDISABLE 0x000002
  #define UF_HOMEDIR_REQUIRED 0x000008
  #define UF_LOCKOUT 0x000010
  #define UF_PASSWD_NOTREQD 0x000020
  #define UF_PASSWD_CANT_CHANGE 0x000040
  #define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x000080
  #define UF_TEMP_DUPLICATE_ACCOUNT 0x000100
  #define UF_NORMAL_ACCOUNT 0x000200
  #define UF_INTERDOMAIN_TRUST_ACCOUNT 0x000800
  #define UF_WORKSTATION_TRUST_ACCOUNT 0x001000
  #define UF_SERVER_TRUST_ACCOUNT 0x002000
  #define UF_DONT_EXPIRE_PASSWD 0x010000
  #define UF_MNS_LOGON_ACCOUNT 0x020000
  #define UF_SMARTCARD_REQUIRED 0x040000
  #define UF_TRUSTED_FOR_DELEGATION 0x080000
  #define UF_NOT_DELEGATED 0x100000
  #define UF_USE_DES_KEY_ONLY 0x200000
  #define UF_DONT_REQUIRE_PREAUTH 0x400000
  #define UF_PASSWORD_EXPIRED 0x800000

• Deleted users are not really "deleted" !

  Hello all !
  I'm writing an java application to create/read/update/delete users using the GRAPH API. All is going well except one particular use case : If I delete a user, and then later try to create again the same user, I get the following error : "A conflicting
  object with one or more of the specified property values is present in the directory"
  The detailled use case for one user is :
  - Create user with (userPrincipalName, displayName, accountEnabled, mailNickname, password, forceChangePasswordNextLogin properties) : OK
  - Query this user to read  his properties: OK
  - Delete this user : OK
  - Query this user to read his properties : the user does not exist : OK
  - Create the user with same properties than first step : Not OK ("A conflicting object with one or more of the specified property values is present in the directory")
  It should be noted that this error is returned more and more as I repeat these steps.
  What is the problem and what can I do ?
  Thanks in advance.

  I am able to successfully add and remove the same user using the Azure Portal and via code.
  Are you sure the user is actually being deleted?
  Have you verified if you are able to see the deleted user in the Azure Portal after you delete it?
  I used the code within the Graph API Console Application ( AzureADSamples/ConsoleApp-GraphAPI-DotNet
  - https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet- "create a new user" region and "Delete User" region).  I was able to create the same user and
  delete the user multiple times without any errors. 
  Here is another thing you could verify.  Is you application a member of the "User Account Administrator" role?  You can utilize the MSOL cmdlets ( Manage Azure AD using Windows PowerShell -https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx )
  to add your application to this role (add-msolrolemember -RoleName "User Account Administrator" -RoleMemberType ServicePrincipal -Rolememberobjectid <object GUID for application> )
  If your application is under  the correct "User Account Administrator" role, it should not have any problems doing this task.  I would verify.
   If you are still having a problem.  You might need to open a support case via the Azure Portal.  I hope this resolves your issue.
  ~ Michael

• Bulk Role Delete

  I want to unassign a set of roles for a number of users and delete the user accounts for these users.Is it possible to do this using the Bulk Action option available in SUN IDM 8.1? If so what should be the format of the csv file I need to give as input? Currently I am giving a file with the content:
  user,command,roles,resources
  206812,delete,|Remove|A:Portal LDAP:All Users,MYNMG
  But this is only deleting the resource MYNMG. It is not unassigning the role A:Portal LDAP:All Users. Can someone tell me what the error in my input file is?
  Also which option should I choose from the Action dropdown?

  Hi,
  This is the command file I use to remove roles.
  command,user,waveset.roles
  Update,206812,|Remove|A:Portal LDAP:All Users
  Hope this helps

• GP difference between Portal Role GP Administrator and Process Role Admin

  Please explain the difference between the Portal Role "GP Administrator" and the Process Role  "Administrator"
  In the CAF-GP Security guide, it says that the Process Role "Administrator" can "Maintain process instances using the GP administration tools".  What does this mean?
  If a user has the Portal Role "GP Administration" and he DOES NOT have the Process Role "Administrator" for ANY process, he can still maintain ALL of the process instances from the Administration workset.  He doesn't need to have the Process Role "Administrator" assigned to him.

  All three have the same Admion rights.
  They are the default users created when you are creating a domain.
  If not used or edited they are a major security risk!
  If you just use say weblogic or portaladmin and do not take care of changing the password or security privilige (changing the group from Admin, or deleting this user if not required) of yahooadmin then anyone knowing the admin url can login with this default username and its default password.
  I would personally prefer creating custom users and remove the default users.
  Regards,
  Rommel Sharma

• Access Enforcer - REMOVE roles/existing roles inoperant

  Hello
  After some time using the capability to ADD and REMOVE roles when creating a request on Access Enforcer (using the option 'Existing Roles' to REMOVE), now Access back to the screen to ADD always that we try to access 'Existing Roles'.
  So, the function to REMOVE roles are inoperant.
  Any ideas what It cold be?

  Hi,
  When you open a changing access request it's possible to add new roles and remove existing roles from the user, right?
  However, the option to remove roles (which is accessed through the 'existing roles' button) is not working longer.
  When that option is accessed, it's not showed anymore the current user's access: the screen returns to the add roles option.
  I haven't found any setting for the feature to remove roles and still don't know how that option, previously used in other requests, is not working for anyone else.
  Regards
  Heverton Kesseler

• Purge Deleted Users

  Hello there,
  I have tried to delete a user through identity server console and add a new user with the deleted user's id again later on. I got an error "Could not create the user. Conflicts with deleted user". What I understand here is that the deleted user entry is not purged from the directory server yet.
  I tried to purge the deleted user by using "commadmin domain purge" command. Before I can purge the domain, I also understand that I would need to first do a "csclean" to remove the deleted user's calendar from the calendar database and "msuserpurge" to remove the deleted user's mailbox. However, when I tried to run "csclean" and "msuserpurge" commands, both prompt me the error message of "Must be in virtual domain mode to use this tool.
  Initialization failed .... exiting".
  What should I do in order to execute "csclean" and "msuserpurge" successfully?? Or, is there any other way to purge the deleted user besides running "commadmin domain purge" command ??
  Please advise. Your help is very very much appreciated. Thanks in advance.

  Just for anyone else searching for info on deleting mail in pop/imap accounts...
  'man ipurge' for manual page.
  ipurge executable is located in /usr/bin/cyrus/bin so either cd there first or give full pathname to executable.
  Must be run as cyrusimap user (hence sudo -u cyrusimap in Chakravarthy's example)
  In my own case, I was deleting a 72M file which had been mailed internally to every pop user. Local users were OK, but all the remote VPN users were seizing up due to the low bandwidth VPN. The command I used was...
  sudo -u cyrusimap ./purge -f -m 50
  Gives excellent feedback on any deletions.
  -david