User roles from external active directory

Similar Messages

• Getting User Attributes from an Active Directory LDAP

  Hello all.
  I want to extract attributes assigned to a user in the Active Directory LDAP and make them available through the getPropertyValue property in Javascript. I know that a user's System Attributes can be accessed with getPropertyValue but I have not found a way to get specific attributes from the LDAP and make them available as specific attributes in xMII. System attributes like "EmailAddress1" seem to transfer from the LDAP but others don't. Anyone have any ideas?
  Thanks.
  ...Sparks

  Sparks,
  If you're using 11.5 or 12 actually they should all map into the system as session properties.  You can use the following URL to verify your session properties:
  http://<xMIIServer>/Lighthammer/PropertyAccessServlet?Mode=List
  If you are not seeing the attributes you expect then your Attribute Query for User or Role is incorrect for your LDAP system and you need to change the LDAP configuration queries.
  -Sam

• How to populate a sharepoint 2010 list from the active directory. How to populate a sharepoint 2010 list with all sharepoint user profiles

  How to populate a sharepoint 2010 from the active directory.
  I want a list of all the computers in the active directory,
  another one with all users.
  I want also to populate a sharepoint 2010 list from the sharepoint user profiles.
  Thanks
  sz

  While
  the contacts list is usually filled out for contacts that are outside the company, there are times when you would use a contacts list to store internal and external resources.  Wouldn’t it be nice if you didn’t have to re-type your internal contacts’
  information that are already in the system?  Now you can with a little InfoPath customization on the contacts list. 
  Here’s our plan:
  Create the contacts list, and open in InfoPath
  Create a data connection to the User Profile web service
  Customize the form adding some text, a people picker and a button
  Create InfoPath rules that will populate the contact fields from the user fields in the User Profile store
  Let’s get going!  Before we begin, make sure you have InfoPath 2010 installed locally on your computer.  I also want to give credit Laura
  Rogers and Darvish Shadravan’s book Using
  Microsoft InfoPath 2010 with Microsoft SharePoint 2010 Step by Step.  I know it looks like a lot of steps, but it’s easy once you get the hang of it.
  So obviously we need a contacts list.  If you don’t already have one, go to the SharePoint site where it will live, and create a contacts list.
  From the list, click the List tab on the ribbon, then click Customize form:
  So now we have our form open in InfoPath 2010.  Let’s add our elements to the form. 
  Above all the fields, let’s add some text instructing users what to do with the the field we’re about to add (.e.g To enter an existing user’s information, choose the user below).
  Insert a people picker control by clicking the Person/Group Picker control in the Controls section of the ribbon.  This will add a column to the contacts list called group.
  Below the people picker, insert a button control from the same section of the ribbon as above.  With the button still highlighted, click the Control Tools|Properties tab on the ribbon. 
  Then in the Label box, change the text to something more appropriate to our task (e.g. Click here to load user data!).
  You can drag the button control a little larger to account for the text.
  We should end up with something like this:
  Before we can populate the fields with user data, we need to create a connection to the User Profile Service.
  Add a data connection to the User Profile Service
  Click the Data tab on the ribbon, and click the option From Web Service, and From SOAP Web Service.
  For the location, enter the URL of your SharePoint site in the following format – http://<site url>/_vti_bin/UserProfileService.asmx?WSDL.  Click Next.
  Note - for the URL, it can be any SharePoint site URL, not just to the site where your list is.
  For the operation, choose GetUserProfileByName.  Click Next.
  Click Next on the next two screens.
  On the final screen, uncheck the box for “Automatically retrieve data when form is opened”. This is because we are going to retrieve the data when the button is clicked, also for performance reasons.
  Now we need to wire up the actions on our button to populate the fields with the information for the user in the people picker control.
  Tell the form to read the user from the people picker control
  Click the Home tab on the ribbon.
  Click the button control we created, and under the Rules section of the ribbon, click Manage Rules. Notice the pane appear on the far right.
  In the Rules pane, click New –> Action. Change the name to something like “Query and load user data”.
  Leave the condition to default (none – rule runs when button is clicked).
  Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
  For Field, click the button on the right to load the select a field dialog.  Click the Show advanced view on the bottom.  At the top, click the drop down and choose the GetUserProfileByName
  (Secondary) option.  Expand myFields and queryFields to the last option and highlightAccountName.  Click ok. 
  For Value, click the formula icon. On the formula screen, click the Insert Field or Group button. Again click the show advanced view link, but this time leave the data
  connection as Main. Expand dataFields, then mySharePointListItem_RW.  At the bottom you should see a folder called group (the people picker control we just added to the form).  Expand this, then pc:Person,
  and highlightAccountId.  Click Ok twice to get back to the Rules pane.
  If we didn’t do this and just queried the user profile service, it would load the data of the currently logged in user.  So we need to tell the form what user to load the data for.  We take the AccountID field from the people
  picker control and inject into the AccountName query field of the User Profile Service data connection. 
  Load the user profile service information for the chosen user
  Click the Add button next to “Run these actions:”, and choose Query for data.
  In the popup, for Data connection, click the one we created earlier – GetUserProfileByName and clickOk.
  We’re closing in on our goal.  Let’s see our progress.  We should see something like this:
  Now that we have the user’s data read into the form, we can populate the fields in the contact form.  The number of steps to complete will depend on how many fields you want to populate.  We need to add an action step for
  each field.  I’ll show you one example and then you will just repeat the steps for the other fields.  Let’s update the Job Title field.
  Populate the contact form fields with existing user’s data
  Click the Add button next to “Run these actions:”, and choose “Set a field’s value”.
  For Field, click the button on the right to load the select a field dialog.  Highlight the field Job Title.
  For Value, click the formula icon. On the formula screen, click the Insert Field or Group button.  Click the Show advanced view on the bottom. At the top, click the
  drop down and choose theGetUserProfileByName (Secondary) option.  Expand the fields all the way down until you see the Value field.  Highlight it but don’t click ok, but click the Filter
  Data button, then Add. 
  For the first dropdown that says Value, choose Select a field or group.   The value field will be highlighted, but click the field Name field
  under PropertyData.  Click Ok. 
  In the blank field after “is equal to”, click in the box and choose Type text.  Then type the text Title. 
  Click ok until you get back to the Manage Rules pane.  The last previous screen will look like this.
  We’re going to update common fields that are in the user’s profile, and likely from Active Directory.  You can update fields like first and last name, company, mobile and work phone number, etc.  For the other fields, the
  steps are the same except the Field you choose to update from the form, and the very last step where you enter the text will change.  Here’s what the rules look like when we’re done:
  We’re all done, good work!  You can preview the form and try it now.  Click Ctrl+Shift+B to preview the form.  Once you’re satisfied, you can publish the form back to the library.  Click File –> Quick
  Publish.  Once it’s done, you will get confirmation:
  Now open your form in SharePoint.  From the contact list, click Add new item.  Type in a name, and click the button and watch the magic happen!

• The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

  got event ID 4015 and source DNS-Server-Service. please suggest how to fix this issue
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Raj

  Hi
   first run "ipconfig /flushdns" and then "ipconfig /registerdns" finally restart dns service and check the situation,also you can check dns logs computer management ->Event viewer->Custom Views->Server roles->DNS.

• User login report in Active Directory for specific date and time

  I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
  Is any query, script or any tool available?
  Waiting for reply please

  You can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
  If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
  I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Oracle Enterprise User, OVD and MS Active Directory (AD)

  Hi,
  I need to authenticate Oracle Users from MS Active Directory.
  If I create an Oracle Enterprise User, can I just use OVD or do I need also OID ?
  If the answer is YES, I just need OVD do I need just to install OVD or do I need any other installation from OIM in order for it to work?
  Thanks in advance for answering this post : )
  CMT

  Hi,
  I am not sure that you are correct.
  In the meantime, some one mentioned a white paper to read: "Directory Services Integration with Database Enterprise User Secuirty. In page 10 it mentions a scenario: EUS deployment using Active Directory and OVD
  (without OID).
  The cons mentioned are: Need to extend AD schema to include EUS meta-data (which I am not sure how its done).

• Pull User Role from identity manager in BPM process

  Hi,
  How can I pull user name, user role from different identity manager in order to configure hierarchy workflow in BPM process? can any one guide me on that??
  Regards,
  Amik

  I'm having the same problem on WebLogic 10.3

• Could we have same name's for User and Groups in Active directory

  When iam trying to create a user name " Logistics " under a OU, I am getting a error
  "The pre-windows 2000 logon name you have chosen is already in use in this domain. Choose  aother pre-windows logon name, and then try again"
  We already have a group by the name " Logistics "
  Could we have same name's for User and Groups in Active directory?
  Thanks in Advance

  sAMaccountName attribute is unique. So, the short answer is you cannot.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Cant login to 10.6 from an active directory account

  cant login to 10.6 from an active directory account

  You haven't provided nearly enough background of your Network for anyone to help you.
  Please include an enormous amount of information about:
  1) your Mac and the network it is on.
  2) How you have established the link to the Active Directory
  3) exactly what happens when you try to connect, including the literal text of all error messages.

• Problem while loading security information (users/roles) from repository

  Iview have stopped connecting to our MDM, All repositories, all IViews Very strange
  Here is what I see in the logs.... Any ideas? Please if you have seen this before only
  Marty
  com.sap.mdm.extension.MetadataException: Problem while loading security information (users/roles) from repository 'PORTAL_CUSTOMERS'
  at com.sap.mdm.extension.MetadataManager.loadRoleCache(MetadataManager.java:559)
  at com.sap.mdm.extension.MetadataManager.internalGetRoleSet(MetadataManager.java:502)
  at com.sap.mdm.extension.MetadataManager.getRoleSet(MetadataManager.java:471)
  at com.sap.mdm.extension.MetadataManager.createMetadataKey(MetadataManager.java:464)
  at com.sap.mdm.extension.MetadataManager.getRepositorySchema(MetadataManager.java:197)
  at com.sap.mdm.uwl.MdmUwlConnector.createUserSessionContext(MdmUwlConnector.java:1463)
  at com.sap.mdm.uwl.MdmUwlConnector.new_retrieveItems(MdmUwlConnector.java:546)
  at com.sap.mdm.uwl.MdmUwlConnector.getItems(MdmUwlConnector.java:129)
  Caused by: com.sap.mdm.commands.CommandException: com.sap.mdm.net.ConnectionException: java.io.IOException: Unexpected socket read.  Result is -1.
  at com.sap.mdm.security.commands.GetUserListCommand.execute(GetUserListCommand.java:72)
  at com.sap.mdm.extension.MetadataManager.loadRoleCache(MetadataManager.java:526)
  Caused by: com.sap.mdm.net.ConnectionException: java.io.IOException: Unexpected socket read.  Result is -1.
  at com.sap.mdm.internal.protocol.manual.AbstractProtocolCommand.execute(AbstractProtocolCommand.java:102)
  at com.sap.mdm.security.commands.GetUserListCommand.execute(GetUserListCommand.java:69)
  at com.sap.mdm.internal.net.DataSocket.receiveData(DataSocket.java:62)
  at com.sap.mdm.internal.net.ConnectionImpl.readInt(ConnectionImpl.java:497)
  at com.sap.mdm.internal.net.ConnectionImpl.readInt(ConnectionImpl.java:490)
  at com.sap.mdm.internal.net.ConnectionImpl.nextMessage(ConnectionImpl.java:629)
  at com.sap.mdm.internal.net.ConnectionImpl.receiveMessage(ConnectionImpl.java:572)
  at com.sap.mdm.internal.net.ConnectionImpl.send(ConnectionImpl.java:233)
  at com.sap.mdm.internal.protocol.manual.AbstractProtocolCommand.execute(AbstractProtocolCommand.java:99)
  com.sap.mdm.commands.CommandException: com.sap.mdm.net.ConnectionException: java.net.SocketException: There is no process to read data written to a pipe.

  Early this month we upgraded the MDM server to:
  MDM Server version: 5.5.63.57
  And the portal components:
  MDM 5.5 SP06 Technology Patch 3 (Build 5.5.63.57)
  MDM 5.5 SP06 Application Patch 3 (Build 5.5.63.57)
  MDM 5.5 SP06 Java API Patch 3 (Build 5.5.63.57)
  However the issue just began 2 days ago?
  We started intgrating MDM Workflow with UWL and assigned Roles and Iviews to the Universal Worklist Configuration
  It seems the Iviews work for a while and then after some time everything gives up? Very confounding
  And yes we are using standard Iviews (search, Result and detail)
  Thanks
  Edited by: Marty Monroe on Oct 31, 2008 3:07 PM

• How to import user profiles from external sources(other than AD) into SharePoint

  Hi,
  I want to import user profiles from external sources other than AD.
  Badri

  You have to use BCS for importing the profiles,
  Check the following link with explanations
  http://msdn.microsoft.com/en-us/magazine/ee819133.aspx
  Please Mark it as answer if this reply helps you in resolving the issue,It will help other users facing similar problem

• How do I create Local Network Home Folders for Users from an Active Directory binding?

  My situation is this... I run an iMac lab at my school.  I have a server set up to manage the network user accounts in the lab.  Currently, I can sucessfully create Local Network Users and log in to them from any of the iMacs.  My school has an Active Directory set up for all the students on campus.  What I'd like to be able to do is configure the server to allow the students to use their user names and passwords from their school accounts to log in to the iMacs and have it automatically build a network user folder on the server for them to use during the lab. 
  So far, I have been able to configure access for the Active Directory accounts to use the services on the server, mainly File Sharing, but I cannot figure out how to allow them to log into a user account on the client's machines using their same Active Directory credentials.  I have even attempted to allow the user accounts to create mobile accounts, but that's not working out either.  Entering indivual network user accounts into the server for every student every semester will be a nightmare.  I'm sure there's a way to do it automatically using the exisitng Active Directory structure.
  The live server is running 10.8.5 Server still, but I've also got a clone running OS X Server in case it matters.  Please help!

  ok reinstalled everything dns seems to be working have done sudo changeip -checkhostname and it says that both names match but then i started open directory and can't seem to get Kerberos started, i've tried changing it to stand alone then back again but it does nothing. I'm wondering why this would happen? i've tried adding a kerberos record but it doesn't do it just does nothing so i don't know what i'm doing wrong. I wondered if it might be a problem with the two network cards and dns as on ethernet one it is getting the dns name xserve.xxxx.ac.uk (which matches what the college server wants to call us) but on ethernet 2 gets xserve-2.local because it tells me that it already exists on ethernet one and renames it to this. I need to set up NAT so have ethernet coming in on port one and out again on port two. I wonder if my dns is backwards as its got the 192. address the NAT uses but its linked to the ethernet port one dns maybe this is the problem. would this cause open directory not to start kerberos?

• Add users to a group from another Active Directory domain

  Hi Folks,
  I need add users in a group the active directory through the FIM 2010 R2.
  My scenery it is:
  Domain A with FIM 2010 R2 provisioning users for Domain B;
  I need get users the Domain B and add in group in Domain C.
  What's better way, create FIM portal for them, or create aditional script/development for FIM 2010 R2.
  Thanks a lot!
  Wilsterman Fernandes

  There are two approaches to do it.
  1st - easier - using FIM Portal/Service - just create a criteria based group that would be created in Domain C.
  2nd - more difficult, but you don't need FIM Service/FIM Portal - just export all users to one table in SQL and create a view, where a group and members (users from Domain B) are. It would be cheaper as you don't have to have FIM Service to do it. But if
  you have it, first is easier.
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• How can I create digital signatures for my users using Windows 2008 Active Directory Certificate Services?

  Hi,
  I need to create local digital signatures for my users. How can I do that using W2k8 Active Directory Certificate Services? We are gonna sign Office 2010 documents.
  What company offers cheap digital signatures solutions?
  Thanks in advanced

  Consider the following:
  if you use your local CA server to issue digital signature certificates, there is no cost, because you are eligible to issue so many certificates as you need. However, documents signed by these certificates will be considered trusted only within your AD
  forest and other machines that explicitly trust your local CA. Any external client will not trust your signatures.
  If you want to make your signature trusted outside your network (say, in worldwide), you need to pruchase a certificate from trusted commercial CA (VeriSign, GoDaddy, GlobalSign, StartCom, etc) according to respective vendor price list. In that case you
  don't need to have your local CA server, because it is not used. All certificate management is performed by the external CA. A most common scenario is to purchase signing certificate for particular departament principals (head managers) or few certificates
  for a whole company (all documents are revised by a responsible person or persons who holds signing certificate and sign them after review).
  so, it is not clear from your post what exactly you need.
  My weblog: http://en-us.sysadmins.lv
  PowerShell PKI Module: http://pspki.codeplex.com
  Windows PKI reference:
  on TechNet wiki

• SAP User Authentication via Windows Active Directory

  The non-profit company I work for as an SAP Security Admin has been using SAP since 1999.  We are currently running ECC 6.0, BI 7.0, and CRM 7.0.  With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently. 
  The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication.  Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password.  If you can log onto your PC, you can log into the time-keeping software. 
  That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future.  I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory).  My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc.  The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer.  It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple.   Can anyone lead me to a more straightforward solution?  If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?

  >
  Gagan Deep Kaushal wrote:
  > Hi Tim,
  >
  > Its nice to see video.
  >
  > Is that mean using different username on OS and SAP level still we can achieve SSO.
  >
  > Correct if if am wrong.
  > The only thing we need to maintain SNC name.
  Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
  >
  > So for user test1 i can manage name as p:test2.....  ??
  Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
  >
  > I think that is what Ronald is also looking, user name need not to be same.
  >
  > Regards,
  > Gagan Deep Kaushal