User Search in a Group

i am using shared services system 9.2 i have 200 users in a group. i am wondering whether there is a wayto search for a particular user in a group, as we do search in native user directory/NT userdirectory. thanks and regards -------------- [email protected]

Yes, we can search for a user in a perticular group in SS.First search for appropriate group, double click on th group andthat will open a new window.Which has 3 tabs. go to last tab for searching a perticularuser. Just type starting 2-3 letter and a star it will bring youthe user in that group Eg: pra* HTHJagan

Similar Messages

User Search time for Assigning group

Hello Portal gurus,
Iam using EP6 SP 14.
The time taken for adding or deleting users from a group is over 10 min to search single user. As we have around 2500 users its taking a long time to search for the user from the assigned groups.
Can anbody suggest me how to reduce the time for the user search in assigned group.
Thanks in advance......
Regards,
Master.

So I figured it out. For anyone else wondering, here's the answer...
Back in May I ran gpresult against user A and user B. I compared both users and noticed one difference. I'm still not sure why, but user A had a single registry key group policy preference that was not applied like the rest of the users in the entire
domain. Thus, user B had all the same group membership, SharePoint, SQL Server settings as user A, and still didn't function properly with the peoplepicker.
Due to security posture, it was recommended we set the "State" REG_DWORD value to 10000 (Hex), or 65536 (Dec) using group policy, restricting the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
NOTE: SIDs S-1-5-19 and S-1-5-20 had different, apparently less restrictive "State" values of 23c00 (Hex) and 146432 (Dec)
I did some searching and found another
post where someone had a seemingly similar issue with Webex malfunctioning after restricting the same key values.
Upon reverting the above three key "State" values of 23c00 (Hex) and 146432 (Dec) on the AD box and forcing a group policy update, peoplepicker started working properly again for all users in SharePoint.
\:D/

How to retrieve all users in a specific group

Hi,
I am using SunOne directory server. Can someone please post a sample code that illustrates how to fetch all the list of users in a particular group.
1) Let's say I want to find all the users in a group called "marketing". The root context is dc=mycompany,dc=com This group can be anywhere below this root context. Only information I am told is the name of the group - "marketing". How will I get all the users in this group?
2) For each user that is retrieved from the group marketing, how will I find out the user's DN?
Thanks for the help,
- Satish

Do it like this...
String searchBase = "ou=marketing";
StringBuffer filter = new StringBuffer();
filter.append("(|");
if (organizationName != null && !organizationName.trim().equals("")) {
     filter.append("(");
     filter.append(ou);
     filter.append("=");
     filter.append("marketing");
     filter.append(")");
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setCountLimit(200); // How many users should be found
constraints.setTimeLimit(100000); // how much time should this search wait
// Get a initial context and set it to the ctx object
ctx.search(searchBase, filter.toString(), constraints);

Can I filter search by authorisation group?

We have 5 sales orgs e.g. Z001, Z002, Z003, Z004, Z005. Each employee belongs to one sales org only. When the user searches on accounts I want to filter the search by the sales org the employee belongs to.
To test this I maintained the business partners and assigned the authorisation group Z001 to 5 of our customers in one sales org. I have also assigned the authorisation group Z002 to 5 of our customers in another sales org that I do not want displayed. For others I have left empty. I did this because it is not a practical solution for us to maintain an authorization group for every customer.
In transaction PFCG I have maintained the authorization group B_BUPA_GRP with the entry Z001 as this is the sales org I want displayed for this role.
When I search for the customers (with no search criteria) it does not appear to do any filtering at all as more than 5 records were found, which is not correct.
When I run the trace (ST01) I find that for the 5 customers that have the authorization group Z001, it is allowed. This is correct. For the 5 customers with authorization group Z002, it is not allowed. This is correct. However for the customers without any authorisation group assigned it is allowed. This is not correct.
How is it possible to not display customers without an authorisation group?
Regards
Declan

Well Declan..you have to note this thing before going for this solution.
The field you want to add as a hidden search parameter , should not be available on UI.
Otherwise controlling the user will be very difficult.(Nevertheless, you can achieve it, but have to take lot of pains.)
For example if you want to display partners belonging to a particular country say 'US',then add a record to GT_HIDDEN_PARAMETERS.
DATA: ls_params   TYPE genilt_selection_parameter.
    ls_params-attr_name = 'COUNTRY'.
    ls_params-sign      = 'I'.
    ls_params-option    = 'EQ'.
    ls_params-low      = 'US'.
    APPEND ls_params TO gt_hidden_parameters.
Implement this code in EH_ONSEARCH and then call super class. Standard code by default reads this gt_hidden_parameters.
This is proprietary to BP_HEAD_SEARCH Component. If you have to implement this for some other componet then you should create an attribute gt_hidden_parameters and then read this internal table manually and manipulate the search criteria as is being done in standard code of method EH_ONSEARCH of BP_HEAD_SEARCH/SearchHelp.
As I mentioned earlier COUNTRY attribute should not be available on UI.
If Country was available on UI, then imagine a case if user enters 'UK' as country and you have hard-coded inside to get only 'US'
Then the result list have partners of 'US' despite user entering 'UK'. I mean to say the hidden parameters should not be available on UI.
This way you can any valid hidden attributes by looking at the search object of the serach page in Model Browser.
Cheers,
Masood Imrani S.

Add user search functionality in a custom form

Hi,
I am new to IDM . I have two doubts regarding search functionality. Please help me out.
1. I want to add a user search option for a field and populate the value(user name ) from the searched result to that filed. The search option should have some search criteria like firstname ,lastname ,userid etc; depending on which we can search a particular user and after selecting one record that data should populate to that filed. Please let me know how can I archive that functionally? Is it possible to use the existing (out of box) search operation for it.
2. When we use selector, is it possible to change the default search option. I want to search depending on some criteria like firstname,lastname ,userid etc.
Thank in advance.
Regards,
Nirupam

I know this is old post - but I dealed with this requirement one and I knew it's pain. So, I just want to share my little expereinced here if someone else needed it.
For this requirement - I have to customed the jsp pages. The file is tjspSearchUserTiles.jsp in the xlWebApp war file under tiles folder. What I did is check the current loging user's group. If he/she belong to Manager group, I set the search value Users.Manager Login equal to the username (this user name attribute alway available in the selvet section throught the USR BEAN.
If you could make this cutomization work from your OIM env you then could customize alot more.
Let me know if you need help - [email protected]

How to remove user from custom DLU Group

Hi,
I have created a DLU policy that creates a local user, and places this user
in a custom local group (Group is already present on the system). Now I want
to remove this user from this custom group and place it in another custom
group. I have created a second DLU policy to place the user in the new
custom group. The new custom group is added fine, but the old custom group
assignment also remains. How should I set up the policy so that the user is
removed from the old custom group, or is this not possible?
Regards,
Hen

Hen,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Adding a domain user to Local Admin Groups using MDT 2012

I don't know if this will help anyone, but it did me after weeks of searching. If you are trying to add a domain user or domain groups to the local administrators group using MDT, simply go to the cs.ini and add "SkipAdminAccounts=No".
But the administrators accounts page will only appear if you choose to join a domain.

Correct, if you were to go into the %DeployRoot%\Scripts\DeployWiz_Definition_ENU.xml file you would see the entry for the DeployWiz_AdminAccounts.xml page as follows:
<Pane id="AdministratorAccounts" reference="DeployWiz_AdminAccounts.xml">
<Condition><![CDATA[ UCase(Property("SkipAdminAccounts")) = "NO" and UCase(Property("DeploymentType"))<>"REPLACE" and Property("DeploymentType")<>"CUSTOM" and Property("JoinDomain") <> "" ]]></Condition>
</Pane>
Most Wizard Pages are displayed by default, and you can turn them off by using the SkipXxxXxxxxx Page variable to hide them during wizard execution. This page is different, since it was added for MDT 2012, the MDT team decided to leave it *OFF* by default,
instead you must explicitly turn off the SkipAdminAccounts variable by setting it to "NO".
Additionally, you would not need to display this page if you were running a Refresh or a Custom Task Sequence.
Finally, this page does not actually *create* accounts, instead it just adds pre-existing user accounts and adds them to the local Administrators group. This scenario is only valid when you are joining the machine to a domain, so you must Join to the Domain.
If you are interested in adding other local users to the Administrators Group, you should write a script to create the account(s) and add them to the local group. Windows 8.1 has some *gotchas* that have to do with Microsoft Accounts, but that's a different
Story :^).
Keith Garner - keithga.wordpress.com

User search in AD

I have a question on AD user search. In AD, I have created OU and under OU, again created two sub OU's for Users and groups. I have 10000 users If I want to search for 500 users, How do I achieve it?
Where do we specify mutliple OU? Under User Base DN or Group Base DN? Will it be something like uid=xxx,ou=OU1,ou=OU1,dc=BDC1?
What will be my serach string in WLS to search for 500 users which are under OU of OU.
Edited by: user734247 on Feb 24, 2012 6:53 AM
Edited by: user734247 on Feb 24, 2012 6:56 AM

I have a question on AD user search. In AD, I have created OU and under OU, again created two sub OU's for Users and groups. I have 10000 users If I want to search for 500 users, How do I achieve it?
Where do we specify mutliple OU? Under User Base DN or Group Base DN? Will it be something like uid=xxx,ou=OU1,ou=OU1,dc=BDC1?
What will be my serach string in WLS to search for 500 users which are under OU of OU.
Edited by: user734247 on Feb 24, 2012 6:53 AM
Edited by: user734247 on Feb 24, 2012 6:56 AM

UserIdentityStores Creation fails in case large number at User Search Base

ou=users1,o=test contains 300 000 users.
ou=users2,o=test contains 10 users.
ou=users3,o=test contains 10 users.
If i create UserIdentityStores with ou=users1, OAM shows fails "
Failed to connect to User Identity Store.
URL or Credentials specified are invalid.
No entries were found under the User Search Base : username with attribute : ou=users1,o=test.
If i create UserIdentityStores with ou=users2, OAM shows successfully"
If i create UserIdentityStores with ou=users3, OAM shows successfully"
Configuration:
* User Name Attribute : username
* User Search Base : ou=users1,o=test
User Filter Object Classes : sso
* Group Search Base : cn=sso-group,o=test
This is ODSEE:
o=test
-- ou=users2
---- username=123
---- username=456
-- ou=users3
---- username=abc
---- username=123
-- ou=users4
-- cn=sso-group
-- ou=users1
Is it a bug with OAM when users1 had too much DN inside. I stuck 2 weeks at this step. Any advices is apprecited.
Thank you!

Thanks.
Yes, I know of that 100 column limitation. But notice that I had 79 columns. Also, it doesn't mention the fact that you can display a certain amount a column, but you are then not able to use the search bar fully.
"One interactive report per page.
100 columns can be seen using report columns. You can edit additional columns using Tree view or paginating through Report Column Attributes.
1,000,000 rows per column heading filter (if no custom LOV is specified in the column attributes).
You can edit additional columns using Tree view or paginating through Report Column Attributes."
So the issue that I have is a non documented issue, unless I'm missing something.

LC Rights Management End User can not find groups or users during policy creation process

hello,
I'm using LC8.0.1 turnkey install on win2003 box.
Problem is LC Rights Management End User can not find groups or users (search result is empty) during policy creation process, thus can not apply specific restriction to certain groups or users.
I have create a user in the DefaultDom and assigned the following roles:
Live Cycle Rights Management Invite User
Live Cycle Rights Management End User
How can I allow the above created user to search for groups and user during policy creation? Thanks.

Good catch Phuc. Make sure you do this for each Policy Set as well as My Policies.
Here's an overview of Policy Sets:
http://blogs.adobe.com/security/2008/04/delegating_control_over_policy.html
Cut and paste the URL.

Problem to assign a User to an AD group

Hi,
I have a problem assigning a user to an AD group on the "Edit User" (Attributes tab) page.
I can see my AD groups as "Available Groups" and I can "move" a group to "Selected Groups".
Nevertheless, after I click on "Save", I can see the changes for the user, but the assignment to the group is missing and the user therefore is not added to the group in the AD.
(One possible way to assign a user to an AD group is to edit the group manually on the Resources page.)
As you can see I am quite new on the IDM-topic and I really appreciate your help.
Thanks in advance!
Andreas

Hi,
thank you all for your replies and sorry that I did not answer. I was out of the office for some exams.
This is my gateway trace file:
07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,150): trace active, level: 3, file: c:\gatewaytrace.txt, maxSize: 10000 KB
07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,108): In WSTrace::init()
07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,109): Gateway version: 'Sun Java System Identity Manager 7.1'
07/24/2007 15.53.58.905000 [620] (../../../../src/wps/agent/logging/WSTrace.cpp,110): OS version: 'Windows Server 2003 Family Service Pack 2 (Build 3790)'
07/24/2007 15.53.58.921000 [888] (../../../../src/wps/agent/connect/ntsvc.cpp,95): Service::svc
07/24/2007 15.53.58.937000 [888] (../../../../src/wps/agent/connect/server.cpp,269): starting up server daemon PORT 9278
07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 44 bytes
07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 24, 40 wrapped up rawlength 40
07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,474): MakeChallengeResponse(in,out):
(22,3E) (D0,70)
07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,476): (23,56) (E2,E2)
07/24/2007 15.54.35.296000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 16 pad: 4
07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 36 bytes
07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 16, 32 wrapped up rawlength 32
07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
07/24/2007 15.54.35.312000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,571): Session key :
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 11188 bytes
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 11164, 11184 wrapped up rawlength 11180
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='get info'
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 378 pad: 2
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
07/24/2007 15.54.35.374000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 11324 bytes
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 11300, 11320 wrapped up rawlength 11316
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='get'
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6434): Enter: getObject
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5137): Enter: openObject
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2527): Enter: getIdentity(obj,result)
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2564): Enter: getIdentity
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2627): Exit: getIdentity
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2628): return value: 'LDAP://<GUID=0b1d8258b7b2b54cb3d378e866120a0b>'
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2551): Exit: getIdentity(obj,result)
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5152): Enter: openObject - 1
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5162): Enter: openObject - 2
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4734): Enter: login(wstring**,EncyptedData**,wstring**,WavesetResult&)
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4716): Enter: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4727): Login: 1
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4728): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4737): Login: 1
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4738): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5176): ADsGetObject for LDAP://<GUID=0b1d8258b7b2b54cb3d378e866120a0b>
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
07/24/2007 15.54.35.390000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5223): Bound with GID, rebinding with dn. ADsGetObject for CN=Alice Anderson,CN=Users,DC=SunIM,DC=test
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2564): Enter: getIdentity
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2627): Exit: getIdentity
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,2628): return value: 'LDAP://CN=Alice Anderson,CN=Users,DC=SunIM,DC=test'
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5266): Exit: openObject - 2
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5155): Exit: openObject - 1
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5146): Exit: openObject
07/24/2007 15.54.35.983000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6503): Enter: buildObject
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'co': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'company': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'department': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'division': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'employeeID': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'facsimileTelephoneNumber': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'groupMembershipSAM': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'homePhone': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'l': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'manager': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'middleName': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'mobile': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'postalCode': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'st': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'streetAddress': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'telephoneNumber': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.015000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6957): Unable to get attribute 'title': GetEx(): 0X8000500D: E_ADS_PROPERTY_NOTFOUND,
07/24/2007 15.54.36.687000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,7108): Exit: buildObject
07/24/2007 15.54.36.702000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
07/24/2007 15.54.36.702000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 10894 pad: 6
07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,6479): Exit: getObject
07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
07/24/2007 15.54.36.812000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 7964 bytes
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 7942, 7960 wrapped up rawlength 7958
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='list all'
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9788): Enter: directorySearch
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9848): Searching container: 'LDAP://cn=Users,dc=sunim,dc=test'
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5162): Enter: openObject - 2
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4734): Enter: login(wstring**,EncyptedData**,wstring**,WavesetResult&)
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4716): Enter: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4727): Login: 1
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4728): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4737): Login: 1
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4738): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5176): ADsGetObject for LDAP://cn=Users,dc=sunim,dc=test
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
07/24/2007 15.54.40.421000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
07/24/2007 15.54.40.437000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5266): Exit: openObject - 2
07/24/2007 15.54.40.437000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10243): Search query: '(&(objectClass=group))'
07/24/2007 15.54.40.437000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9922): Getting first row
07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10021): Closing search handle
07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10118): Exit: directorySearch
07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 1996 pad: 8
07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
07/24/2007 15.54.40.452000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/client_handler.cpp,344): got 7964 bytes
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,264): ReceivePrivate: count: 7942, 7960 wrapped up rawlength 7958
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,273): Rightbefore decrypt:
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 0 pad: 4
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,567): Enter: handleRequest
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,636): command='list all'
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,467): Enter: ProcessCommand
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9788): Enter: directorySearch
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9848): Searching container: 'LDAP://cn=Users,dc=sunim,dc=test'
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5162): Enter: openObject - 2
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4734): Enter: login(wstring**,EncyptedData**,wstring**,WavesetResult&)
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4716): Enter: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,34): Enter: getRequiredResAttrValue
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,44): Exit: getRequiredResAttrValue
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4727): Login: 1
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4728): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4737): Login: 1
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,4738): Exit: login(wstring**,EncyptedData**,wstring**,bool,HANDLE*,TOKEN_TYPE,WavesetResult&)
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5176): ADsGetObject for LDAP://cn=Users,dc=sunim,dc=test
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,73): Enter: getOptionalResAttrValue
07/24/2007 15.54.43.937000 [924] (../../../../src/wps/agent/object/Extension.cpp,77): Exit: getOptionalResAttrValue
07/24/2007 15.54.43.952000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,5266): Exit: openObject - 2
07/24/2007 15.54.43.952000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10243): Search query: '(&(objectClass=group))'
07/24/2007 15.54.43.952000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,9922): Getting first row
07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10021): Closing search handle
07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/adsi/ADSIExtension.cpp,10118): Exit: directorySearch
07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,76): Enter: sendBuffer
07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/connect/RASecureConnection.cpp,114): SendPrivate: count: 1996 pad: 8
07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,105): Exit: sendBuffer
07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,562): Exit: ProcessCommand
07/24/2007 15.54.43.968000 [924] (../../../../src/wps/agent/object/RequestHandler.cpp,699): Exit: handleRequest

User Search question!!!

Hi all
I am wanting to include a basic search iview in our portal for users to search for other users details. However I am unsure about the best way of doing this, all I require it 3 or 4 text fields for department, name, address etc. and a search button.
Can anyone let me know the best way of doing this, I was told Web Dynpro is good and apparentely there is a tutorial on how to do this but I cant find it anywhere?
Thanks for your help
Phil

hi,
If you have installed trex along with portal , you could actually use who's who iview to include basic user search.
Have a look at the documentation
http://help.sap.com/saphelp_nw04/helpdata/en/05/a62c42de59da2ce10000000a1550b0/frameset.htm
or else you have to use UME api's to implement user search function.The UME provides several methods to search for users, groups and roles with different attributes. The search is performed with search filters.
http://help.sap.com/saphelp_nw04/helpdata/en/0f/807300c5754ed79107dcd9c2ae4ef4/frameset.htm
Regards,
Ganesh N

Unable to push user profiles to AD groups with Profile Manager since upgrade to Server v3

Since upgrading our OS X Mac server from 10.8.5 to 10.9.1, and OS X Server app to v3 (now 3.0.2) I have been unable to push or modify user profiles to AD groups (or AD users) using Profile Manager. This was working fine on OS X 10.8.5. Pushing device profiles is still working OK after the upgrade.
From what I can see from the logs on the client side and server side, it seems related to a problem with the mdm authtoken.
In the client console I can see this entry:
27/01/14 14:30:15.844 mdmclient[38557]: *** ERROR *** [Agent:636102071] Unable to proceed with connection to: https://ourserver.ourdomain/devicemanagement/api/device/mdm_connect (com.apple.mdmconfig.mdm) because don't have valid MDM AuthToken
On the server, in the php.log I can see the corresponding attempt to authenticate:
1::Jan 27 14:29:50.930 [158] <192.168.28.171> {require_once (mdm_checkin.php:11)} vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv - PUT mdm_checkin
0::Jan 27 14:29:50.931 [158] <192.168.28.171> checkin: 'UserAuthenticate'
1::Jan 27 14:29:50.936 [158] <192.168.28.171> {Target_for_incoming_request (target.php:209)} Found target NETWORK LS: <User[156]@ourclientmachine>
0::Jan 27 14:29:50.937 [158] <192.168.28.171> {LabSession_validate_auth_token (mdm_checkin.php:22)} Failed auth for target NETWORK LS: <User[156]@Device[1697]>, incoming_request={
0::Jan 27 14:29:50.937 [158] <192.168.28.171> 'MessageType'=>'UserAuthenticate',
0::Jan 27 14:29:50.937 [158] <192.168.28.171> 'UDID'=>'17aff5c5a40f51acbbd78023d0028c80',
0::Jan 27 14:29:50.937 [158] <192.168.28.171> 'UserID'=>'A5EA25B7-7CCD-4EF4-B240-F23DED275EEC'
0::Jan 27 14:29:50.937 [158] <192.168.28.171> }
1::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Sent Final Output (407 bytes)
1::Jan 27 14:29:50.965 [158] <192.168.28.171> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - /devicemanagement/mdm/mdm_checkin
0::Jan 27 14:29:50.965 [158] <192.168.28.171> {SendFinalOutput (mdm_checkin.php:145)} Completed in 34ms | 200 OK [https://ourserver.ourdomain/devicemanagement/api/device/mdm_checkin]
So I can see there is a failure to authenticate, but don't really know how to troubleshoot this further. Or maybe this is just a bug in the new server app?
I have tried to remove and re-enroll clients in Profile Manager but no joy there.
In the client's Keychain I can see an MDM user AuthToken linked to the correct user account.
Thanks in advance for any help or suggestions

I just wanted to update my post, as this issue for me is resolved.
I uninstalled and reinstalled the Server.app on our Mac server, since then I've been able to push profiles to AD Users and Groups. I guess that in my case the Server app got into a bit of a mess when it was upgraded to v3.
Now the next headache I have is that my AD Groups which are displayed in Profile Manager are not syncing any recent changes. I think I'm probably seeing the same issue as described in this post
https://discussions.apple.com/message/25420919#25420919

How to implement a single user in mutiple AD groups?

Hi all,
I need your help in achieving the following requirement.
1. Security should be applied based on a DeptName from DeptTable For example Department Name= A , Department Name =B, Department Name =C.
2. Also security should be based on Officer Indicator from EmployeeTable= Yes or No.
3. Employee Salary information is grouped into EmpFacts in presentation folder. Only a few users who belong to the group which has access to the folder, should be able to see this folder when they login.
(DeptAOfficerYesEmpFactYesSuper. All the groups which has EmpFactYes are given permissions to EmpFact Folder in presentation Folder)
4. On top of these all the users are classified into Mega and Super users. Mega users should have read only access to dashboards and Super users should be able to edit the dashboards. ( All the groups which are classified as Super are given access to "Edit Dashboard" in Presentation Catalog )
NOTE: As we are deploying our rpd in the shared environment we are not supposed to use SESSION VARIABLES.
TO achieve the above requirement we have created AD groups such that DeptAOfficerYesEmpFactYesSuper , DeptAOfficerNoEmpFactNoSuper and so on. By this method all the permutation and combinations will result in AD groups.
We know that this approach will lead to severe maintenance issues and hence looking for other alternatives.
We are now planning to have only DeptA, DeptB, DeptC groups and use them in conjunction with three other groups ( Officer, EmpFact, Super).
Can we add a single user in all these user groups ?
Kindly let me know if you need any clairty on this.
Your help is highly appreciated.
Edited by: user10682075 on May 11, 2011 7:24 PM

Yes and no..meaning a user with just 1 group assigned will retrieve less data then a user with multiple groups assigned, so yes, more data to select will affecct your performace (a bit), but no, the use of multiple security groups by itself won't affect performance..
The use of multiple security groups will reflect in the use of an IN or a subquery in your logical query, OBI will determine the best way in each case and your database (and statistics) will determine the best physical query and therefore query performance.
M.

Adding and removing current user from one SharePoint group to another with event receiver

hi friends
i need to change current user from one SharePoint group to another with list item adding event receiver.
please help me

Hi Malli,
Greetings. Its nt possible
http://sharepoint.stackexchange.com/questions/42286/event-receivers-on-add-remove-users
Please remember to click 'Mark as Answer' on the answer if it helps you

User Search in a Group

Similar Messages

Maybe you are looking for