Updating users profile when infoobject marked as authorization relevant
Hi All,
Consider a scenario where there are some projects in which perticuler infoobject is not authorization relevant but in some upcomming project the same infoobject needs to be authorization relevant.but when i marked this infoobject as authorization relevant then i need to manually insert this new authorization infoobject in each user profile. If there are more than 200 users available then it is not very good idea to include this infoobject in each profile manually. Is there any other way through which we can insert this infoobject in all user profile automatically.
Regards,
Deepak
Hi again.
Go to transaction se38 and create a program with the name ZCHANGE_APPEND_AUT.
Insert the following code:
REPORT ZCHANGE_APPEND_AUT .
TABLES RSECVAL.
DATA: T_RSECVAL TYPE RSECVAL OCCURS 0 WITH HEADER LINE,
T_RANGE TYPE RSEC_S_AUTH_VALUES_RANGE.
SELECT-OPTIONS: ZAUT FOR RSECVAL-TCTAUTH NO INTERVALS.
PARAMETERS: ZOBJN LIKE RSECVAL-TCTIOBJNM DEFAULT '0TCAIPROV'.
SELECT-OPTIONS: ZVALUES FOR RSECVAL-TCTLOW NO INTERVALS.
LOOP AT ZAUT.
LOOP AT ZVALUES.
T_RANGE-IOBJNM = ZOBJN.
T_RANGE-SIGN = 'I'.
T_RANGE-OPT = 'EQ'.
T_RANGE-LOW = ZVALUES-LOW.
CALL FUNCTION 'RSEC_INSERT_FLAT_AUTH'
EXPORTING
I_AUTH = ZAUT-low
I_RANGE = T_RANGE.
CLEAR T_RANGE.
ENDLOOP.
ENDLOOP.
Activate the program.
Now when you run this program you'll be prompted for 3 parameters.
The first is a list of Analysis Authorizations names that you wish to change.
The second is the name of the InfoObject you want to insert to those authorizations, by default is 0TCAIPROV but you can change it to whatever you want
The third is a list of values that will be inserted for those InfoObject.
Therefore imagine that for authorization ZZZA, ZZZB and ZZZC you want to insert the object 0CUSTOMER with the values xpto, yyyy, and wwww.
You would in this case run the program with the following parameters:
AUT:
ZZZA
ZZZB
ZZZC
OBJN:
0CUSTOMER
VALUES:
xpto
yyyy
wwww
Please assign points,
Diogo.
Similar Messages
-
How can I Import CA Certificate into a new user profile when it's created
I need to deploy a CA Root Certificate to new firefox user profile when it is created in windows. I Seen somewhere that you could place a working copy of cert8.db in %programfiles%\firefox-installation-folder\defaults\profile and this would get added when a new firefox profile is created. However, the profile directory doesn't exist in the defaults folder and when I created it this method still didn't work.
Is there a way to get firefox to create new profiles with preconfigured Certificates?
Right now when new users open firefox for first time it is unable to connect to any SSL sites through our proxy server until the user adds the proxies ca certificate or it gets added later via logon script (at next user logon).Update... For anyone looking for a similar solution:
I ended up adding more to my logon script I have it check for a user's mozilla profile first and if not found it will use command line "firefox.exe -createprofile default" to make one. After that I just copy a working cert8.db to that new profile. Then when the user opens firefox for first time, it will detect this new profile, and it will load it along with the correct CA Certs intact...
Also, for existing profiles my script just uses nss certutil to add my proxy CA Certificate to the users profile cert8db. -
Project Server 2010 - Updated User Profile - Display Name is Old Name
Similar to question"It shows the Domain\Logon account instead the User Name (up right corner)" but not quite the same. I also checked on the related topics list and could not find a solution.
We have a Resource in Project Server 2010 whose name changed. This included a change to her loginID as well as her email address. I went in to PWA > Server Settings > Security > Manage Users and changed the
Name, Email Address, and User Login Account fields accordingly. When the user goes into Project Server or any of the Project Sites, her old User Name is reflected. If she accesses any other SharePoint site (not associated with Project Server) her
new name shows up in the upper right hand corner of the screen.
We do not have AD Synchronization turned on.
How can we edit the name that appears in the upper right corner of the screen?Hi,
Use Display name shown on right hand site is not from PWA, its from SharePoint User profile. When we make change to user display name, sometime SharePoint Still retain the old account and also add new account. To fix the issue we have to remove the user
profile from PWA root site.
Open PWA and navigate to following path
Site Actions>>Site Settings>>People and Groups
Click on More from left hand site list of groups
Select appropriate group, belongs to the user
Select the user and from Actions tab remove the user. (you may see two entries old and new), Either you can delete both or click on each account to validate correct user ID.
Once again navigate to PWA>>Server Settings>>Manage User
Edit affected user and click on Save
Have user log on to PWA and validate the result.
Hrishi Deshpande – Senior Consultant DeltaBahn
Blog | < |
LinkedIn
Please click Mark As Answer; if a post solves your problem or Vote As Helpful; if a post has been useful to you.This can be beneficial to other community members reading the thread. -
Maintaining user profiles when upgrading from v24 to newest version 36.X - Enterprise
Hi,
Im going to upgrade the Mozilla Firefox for about 500 users ish. The current version is 24.0 and we are upgrading to the newest version 36.0 something.
But the question is, how do I maintain all of the user settings when doing this upgrade? It is not an option to upgrade using the application itself. We have a centralized Config Mgr 2012 R2 solution. And I need to keep all of the user profiles with bookmarks, saved passwords, etc etc as it is today. The current version they are using have a few restrictions made with predefined and locked prefs in forms of automatic update, homepage, disabling the send data to Mozilla and so on, basically all of the standard enterprise configuration when you want to controll how the browser is for the users.
I've read a few articles on where to find spesific files, and what they are containting of information for the profile. But when doing a uninstall of the current version mozilla also removes whatever is stored in %appdata%\mozilla firefox\...profiles..
Is it even possible to "transfer" profiles for Version 24 to the newest version 36.something? Also, this needs automation, its not an option to manually restore each profile from "backup" for about 500 users. All profiles are unique.
Client computers are running Win 7 - 64bit OS.
Best RegardsTo answer your question, when you update from 24 to 37 (the actual latest version) your profiles will migrate automatically, there should be no action needed on your part. We try to minimize profile breaking changes, so between versions 24 and 37 there is no need to do any special migration (that is only really a need when going from Firefox 3.6 or older to the latest version).
HOWEVER, since you are an enterprise and it looks like you only do upgrades every so often, I'd suggest you look into Firefox for Enterprises. https://www.mozilla.org/en-US/firefox/organizations/
This version only updates major versions once a year (so from Firefox 10 to 17, from 17 to 24, from 24 to 31, from 31 to 38) but it comes out with regular security updates every 6 weeks. This way you don't have to continually re-certify Firefox major versions every 6 weeks, and can simply let automatic updates push out security updates to your users every 6 weeks (With your current model your users are vulnerable to all security holes found until you push the next major update). Then, next year, you have a 12 week overlap between versions to test and make sure nothing breaks before you push to the next major version.
There is also a mailing list for you to get help and advice with specific Enterprise issues.
If you decide to go this route (which I would strongly advise) then I'd suggest you wait for a couple of weeks until Firefox 38 comes out, the next ESR version. Then you can certify and not have to worry about deployments until 45 next year! -
SharePoint 2013: Update User Profile Properties is giving error
Hello all SharePoint Gurus - I am trying to update the User Profile Properties. The update I am trying is to
Property Mapping for Synchronization. Mapping mobile property of AD to the User Profile Property Mobile Phone.
It is giving error "An Error occurred when updating a property". Check ULS is not showing any error.
The FIM Service, USer Profile Services and Synchronization Services all are in Started mode. Properly synchronizing with AD.
Please throw some light on this.
Regards,
KhushiHi Khushi,
According to your description, my understanding is that you got an error when you make "Mobile Phone" map to "mobile" from AD properties.
I did a test as your description, in my testing, everything worked well.
Please try to stop User Profile Synchronization service and User profile service, then restart them, compare the result.
There are some similar posts about this issue, pease check if they are useful for you:
https://social.technet.microsoft.com/Forums/sharepoint/en-US/32937e1d-830e-4553-bdfc-23d3ee7f6d07/why-mapping-of-user-profile-property-fails
http://sharepoint.stackexchange.com/questions/34634/mapping-user-properties-fails
If this issue still exists, please check Windows Event Viewer to check there is something about this issue:
How to use Windows Event Viewer:
http://blog.credera.com/technology-insights/microsoft-solutions/troubleshooting-sharepoint-errors/
Best Regards,
Wendy
Wendy Li
TechNet Community Support -
Is there a FM or BAPI I can use to set the parameter IDs? All the ones that I have found so far can only be used to update my own profile, and I need to perform updates on other users profiles.
also chk this program
http://www.geocities.com/mpioud/Z_MODIFY_USER_PARAMETER_ID.html -
How to initial DB2 user profile when telnet to windows server
When I telnet to Windows server using db2<SID>, I issued command "db2", get error "DB21061E Command line environment not initialized" . How to initialize user DB2 profile? Please advise.
Thanks
JamesHi,
you need to setup the command line environment to run commands. If you go through the start menu, you
will see that there are two UDB "command line" type environments. One of them opens a "vanilla" command window with all of the initialization done to allow using db2 commands, the other opens the CLP environment.
regards,
kaushal -
Change user profile when he is alive.
Hi, guys. I have 5 users(2 not very important+3 very very important). And when hard time comes... i need to limit cpu usage of the first 2 to give others to do their job. At the same time i cant't set low cpu usage by default for these two guys... This will be not efficient.
How can I change user's cpu usage on the fly? With out forcing them to login again.
Thanks in advance.Hi,
It is not possible on the fly.
This is statement from concept guide. Ch:20
"If you set resource limits, then a slight degradation in performance occurs when users create sessions. This is because Oracle loads all resource limit data for the user when a user connects to a database."
Which means that all resource limits will not affect the running session, you need to force login once again if you want to change resource parameters.
Also check parameter RESOURCE_LIMIT is to be set to TRUE.
Dilipkumar Patel. -
We have two users who want to use the same inbox. For example, when one user sends an e mail, it appears to be from the other user. We want to change this situation. How can we make that happen?
Firefox doesn't do email, it's strictly a web browser.
If you are using Firefox to access your mail, you are using "web-mail". You need to seek support from your service provider or a forum for that service.
If your problem is with Mozilla Thunderbird, see this forum for support.
[http://www.mozillamessaging.com/en-US/support/] <br />
or this one <br />
[http://forums.mozillazine.org/viewforum.php?f=39] -
How do I tell if a user profile is marked for deletion?
This is likely a question with a simple answer, but searching through Google and here hasn't helped.
How do I tell if a user profile has been marked for deletion?
Will it appear in the "Manager User Profiles" area of the User Profile Service Application management?
Do I need to look somewhere else?
This is probably obvious, and I just have looking disease, but your assistance is most appreciated!As Paul said you can see that on UP admin page. also you can use powershell to get the list of all use in powershell.
Follow this blog:
http://iedaddy.com/2012/02/sharepoint-2010user-information-lists-and-user-profile-cleanup/
$upa = Get-spserviceapplication <identity>
Set-SPProfileServiceApplication $upa -GetNonImportedObjects $false
Set-SPProfileServiceApplication
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Hi,
I am working on updating picture of user profile in sharepoint 2013.
I am getting error "exception has been thrown by the target of an invocation" while creating Thumbnail at the below line.
"file = (SPFile)mi_CreateThumbnail.Invoke(null, new object[] { original, idealWidth, idealHeight, folder, fileName, null });"
I have added SPUtility.ValidateFormDigest() before calling this method. but no luck.
Please help me on this.
Thanks
HareeshHi,
According to your post, my understanding is that you want to update picture in user Profile.
If we are giving an option to change the Profile picture in our custom component, we need to create 3 different files and update the reference in User Profile property.
To create Thumbnail, we can use the code as below:
/// Get sealed function to generate new thumbernails
public SPFile CreateThumbnail(Bitmap original, int idealWidth, int idealHeight, SPFolder folder, string fileName)
SPFile file = null;
Assembly userProfilesAssembly = typeof(UserProfile).Assembly;
Type userProfilePhotosType = userProfilesAssembly.GetType("Microsoft.Office.Server.UserProfiles.UserProfilePhotos");
MethodInfo [] mi_methods = userProfilePhotosType.GetMethods(BindingFlags.NonPublic | BindingFlags.Static);
MethodInfo mi_CreateThumbnail = mi_methods[0];
if (mi_CreateThumbnail != null)
file = (SPFile)mi_CreateThumbnail.Invoke(null, new object[] { original, idealWidth, idealHeight, folder, fileName, null });
return file;
Then we can invoke the method as below:
using (MemoryStream stream = new MemoryStream(buffer))
using (Bitmap bitmap = new Bitmap(stream, true))
CreateThumbnail(bitmap, largeThumbnailSize, largeThumbnailSize, subfolderForPictures, accountName + "_LThumb.jpg");
CreateThumbnail(bitmap, mediumThumbnailSize, mediumThumbnailSize, subfolderForPictures, accountName + "_MThumb.jpg");
CreateThumbnail(bitmap, smallThumbnailSize, smallThumbnailSize, subfolderForPictures, accountName + "_SThumb.jpg");
More information:
Update User Profile picture programmatically in SharePoint
Upload User Profile Picture programmatically in SharePoint 2013
Upload User Profile Pictures Programmatically – SharePoint 2013
Best Regards,
Linda Li
Linda Li
TechNet Community Support -
Authorization object assigning to user profile
Hi all,
Wht are the steps involved in assigning authorization object S_GUI with activity 60 (S_GUI ACTVT=60) to the users profile.
Thanksyou can assign authorization profile to user through Role..
goto PFCG, either create a new role or change an existing role(which the user has)
go to authorization tab, change authorization, click manually button,
add S_GUI and then click on values, select 60.. save the role, generate it..
if it is new role that you have created, then go to SU01 - roles, add it.. save user.. -
Exception thrown while enumerating UserProfileManager for user profile
Hello All,
We have a SharePoint 2010 Timer Job in which access User Profile Service Application and update user profile properties of some the users. This user profiles is synched with AD.
We have following lines of code here:
SPServiceContext context =
SPServiceContext.GetContext(site);
UserProfileManager profileManager =
new UserProfileManager(context);
int
count = profileManager.Count
//This line works OK
foreach (UserProfile userProfile
in profileManager) //This throws exception at first loop
When we start looping through the
UserProfileManager instance in above lines of code it throws following exception:
System.TimeoutException at Microsoft.Office.Server.UserProfiles.ProfileDBCacheServiceClient.GetUserData(UserSearchCriteria searchCriteria)
at Microsoft.Office.Server.UserProfiles.UserProfileCache.GetBulkUserProfiles(UserProfileManager objManager, String searchColumn, IList searchList, Boolean includeNullsForUnresolvableUsers, Int64& lFailedCount)
at Microsoft.Office.Server.UserProfiles.UserProfileCache.GetBulkUserProfiles(UserProfileManager objManager, List`1 userIdList, Boolean includeNullsForUnresolvableUsers, Int64& lFailedCount)
at Microsoft.Office.Server.UserProfiles.ProfileEnumerator`1.PopulateUserProfileQueue(IList userSearchList)
at Microsoft.Office.Server.UserProfiles.ProfileEnumerator`1.PopulateQueue()
at Microsoft.Office.Server.UserProfiles.ProfileEnumerator`1.MoveNext()
One point to note here is that we have almost 50,000 user profiles in total. This exception is thrown intermittently, I mean in the last 10 days it has happened thrice.
It will be great if someone can help me out on this. Please let me know if any additional information is required.
ThanksHi,
As I understand, you encountered User Profile time out issue.
First of all, please confirm that related service and service application are at started status on all servers.
User Profile time out issue might be caused by several reasons, as you said the issue is generated intermittently, there might be networking issue as well. So please check ULS log for related error message.
Similar issue:
http://wingleungchan.blogspot.com/2012/11/userprofileapplicationnotavailableexcep.html
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] .
Rebecca Tu
TechNet Community Support -
Anyone tried using LDIF file in the User Profile Synchronization Process?
Microsoft pushied an article recently talking about using LDIF file in the SharePoint's user profile synchronization.
Configure profile synchronization using a Lightweight Directory Interchange Format (LDIF) file (SharePoint Server 2010) http://technet.microsoft.com/en-us/library/ff959234.aspx
Currently I am unable to obtain the required "Replicate Directory Change" permission set up by the AD admin. So I thought of exploring this alternative since I still have AD search permission right now.
So far, I was able to set up the MOSSLDAP-LDIFMA, and use an import.ldif file to add, remove and update user profiles. However, there are some problems that I can't resolve. One of key problems is, the LDIF-imported records can't be
sync'd with login-based records.
In my environment, when a user login SharePoint via Windows authentication, a new profile would be added, under the account name "domain\username". Meanwhile, when an LDIF record imported, there will be another profile created under the account
name "domain:domain\username", or "domain:username". That is, there would be two profiles for each user.
Based on my understanding, it is very likely the user profile synchronization is based on the user's account name. But in document and sample files provided, I can't find out any clue how to prepare the ldif file so that it will update the
matching records, instead of creating new ones.
Any help? Thanks in advance.Has anyone managed to get this to work?
It's nice that Microsoft offers the ability to import user profiles via LDIF into SharePoint, but it is useless if the account name is not correct after the import. I have tried multiple imports from the LDIF to get a user account to show up as "domain\username" but
it always ends up as "domain:domain\username", or "domain:username". or a variation
of these 2 with a colon separating the domain form the username. i see that multiple people have had the same problem, but unfortunetaly can't seem to find a solution. Also I see Bradley mentions that he was able to import accounts using get-QADUser,
but he doesnt mention what the accounts import as or if it resolved the domain colon issue.
Thanks in advance for any help or information anyone can provide.
cheers,
Zed -
User profiles with multiple login accounts in SharePoint 2010
Hello,
Consider the following scenario:
We have Active Directory that is accessible inside our network. Except the sites, accessible from the corporate network, we are exposing SharePoint sites from the same farm on the internet, using claims based authentication with ADFS 2.0 using the same
AD instance as in the intranet.
The problems is that the claims based accounts are not linked to the profiles, that are created for the users by the User Profiles Synchronisation service.
Is there a way to configure the user profiles so if our users are signing in from internet, to access the same profiles that they have, when accessing the SharePoint sites from intranet?
(I've searched a lot, I didn't find excat solution. I've found something related to SPCLaims properties and had confugred them to sync with the AD using the "claims" trusted connection, but the problem remains.)
This is simmilar to allow our users to login using their Facebook, Google, OpenID identity or the identity in our AD. How can this be done?SharePoint user profiles are not populated automatically when using claims-based authentication methods. You must create and populate these profiles yourself, typically in code. Users that map to existing accounts when you migrate to claims-based authentication
will use any existing profile information, but other users and new users will not have profile information. For information about how you can populate user profiles when using claims-based authentication, see "Trusted Identity Providers & User Profile
Synchronization" at
http://blogs.msdn.com/b/brporter/archive/2010/07/19/trusted-identity-providers-amp-user-profile-synchronization.aspx.
The same limitation occurs when using SharePoint Audiences. You cannot use user-based audiences directly unless you create custom code to support this, but you can use property-based audiences that make use of claims values. For information, see "Using Audiences
with Claims Auth Sites in SharePoint 2010" at
http://blogs.technet.com/b/speschka/archive/2010/06/12/using-audiences-with-claims-auth-sites-in-sharepoint-2010.aspx.
From: http://msdn.microsoft.com/en-us/library/hh446523.aspx
Maybe you are looking for
-
Message posted from BPEL not found in oc4j JMS queue
Hi, I am facing a weird problem when I try to post a message in oc4j JMS from a BPEL process. There is no exception(Not even in the logs) and the BPEL process gets completed. But the message is missing(Could not find it while monitoring the queue). I
-
Should I buy a new MBP? (Lots of small issues with mine)
Hi, There are a number of small but irritating problems with my MBP. Talking with a friend who has had her macbook into apple service 3 times now for replacements a lot more serious than my problems, I'm sure Apple won't replace the computer. A frien
-
How to transport Query variant used in APD
Hello Experts, I have created 2 query variants for a query in Development system. And, these variants are being used in APD. Now, when APD is transported to next system, query variants does not exist in next system, so cannot execute APD. Please let
-
Dear Sir/Madam, For commercial use, I have subscribed for Visual Studio Online. To work with .NET code on my local machine, what type of Visual Studio license do I need to purchase/install locally. It gives me two options to download on home page. 1)
-
Formatting WD Hardrive to transfer files over 4gb / work with Windows?
Hi, I just got the WD my passport 2TB external hard drive. I see right out of the box it needs to be reformatted for Mac. I don't want to do fat32 again because I need to transfer large files. I have more than one mac, and also would like to have the