Users from same OD have different group memberships on each client

Similar Messages

• How to add user from domain A to a group in domain B

  How would you acheive adding a user from domain A to a group that is in domain B via powershell without the Quest cmdlets? I've been trying to figure this out for about a week now. Please let me know if the scripting guy has seen this issue before.
  LittleTech

  Hello jrv,
  Here's what i was trying to do. The two domains im working with have a trust between them.
  1. Create a user in External.Domain.Com
  2. Add the user in External.Domain.Com to GroupOne in ExternalDomain2.Domain.com
  3. The only knowledge that ExternalDomain2.Domain.Com would have about the account in External.Domain.Com is whatever is in the Global Catalog. Here is what im trying, but it isn't working.
  #Connecting to domain PSDrive
  New-PSDrive
  -Name
  ExternalDomain
  -PSProvider
  ActiveDirectory
  -Root
  -Server
  DC01.Domain.com
  cd
  ExternalDomain:
  #Create user
  #Add to ExternalDomain Groups
  $UserDN=Get-ADUser-LDAPFilter"(sAMAccountName=$UserID)"
  #Connecting to domain2 PSDrive 
  cd
  AD:
  $GroupDN="CN=Wireless
  Device Users,OU=Wireless,OU=Systems and Technology,DC=External,DC=Domain2,DC=Com"
  Add-ADGroupMember-Identity$GroupDN-Members(Get-ADObject-Identity$UserDN.DistinguishedName
  -Server"DC01.Domain.com:3268")
  Connecting via port 3268 allows me to talk to the global catalog instead of LDAP.
  I receive the following message: A Referral was returned from the server
  I know that if i connect using [ADSI] i am able to specify that the connection follows referrals, the AD cmdlets seem to not have that function. The Quest AD cmdlets do... I just dont want to have to use third party cmdlets to do what the AD cmdlets should
  be able to do in the first place.
  THanks,
  LittleTech

• İ bougt a vip membership for 1 month but by mistake a bought from same place 1 year vip membership too, how i can cancell the second one?

  İ bougt a vip membership for 1 month but by mistake a bought from same place 1 year vip membership too, how i can cancell the second one?

  Order ID: MHFQLWV6S7
  Receipt Date: 17/11/12
  Order Total: ¥130.00
  Billed To: Visa
  Item
  Developer
  Type
  Unit Price
  PPTV, PPTV 一个月（31天）VIP会员资格
  Report a Problem
  PPLive Corporation
  In App Purchase
  ¥12.00
  PPTV, PPTV十二个月VIP会员资格
  Report a Problem
  PPLive Corporation
  In App Purchase
  ¥118.00
  Order Total:
  ¥130.00
  first 12rmb is for 1 month and the second is for one year, who can help me to cancel the second 1 year purchase

• Want to just have phone numbers on phone can you have different groups with and email group as well

  Want to just have phone numbers on phone can you have different groups with and email group as well

  The iPhone remembers information about previous contacts.
  Complelely independently, you have a Contacts app with a contacts list.  It sounds like your contacts list has 3 names on it.  You need to add a few names.

• My husband and I share a new PC.  We have different music tastes and each have an iphone.  How can we both use our one computer and one itunes program with separate music libraries and separate iphones?

  My husband and I share a new PC.  We have different music tastes and each have an iphone.  How can we both use our one computer and one itunes program with separate music libraries and separate iphones?

  Each device only syncs waht you select.
  Select only what you want for each phone.

• Vb scripts to remove the user from the member of perticular group (say from domain admin) from windows servers 2003 and 2008

  Hi,
  I need VB script which to checks the perticular user in AD and if it exists;that user needs to be removed from the member of perticular group
  Ex:- Lets say
  I have a user 783562 , I need to search this user in AD to verify user exists or not. If not then I no need to remove the mebership from perticular group
  Second scenario:-
  If user exists then I need to remove the user membership from the perticular group.I want to do it in automation
  Manual Path:-
  1.Type dsa.msc in run command of IT session(we using it to connect remote desktop).
  2. Select the domain & right click (EX:-corp.ds.xxyyzz.com) and select "Find" to find the user form the domain.
  3. Type the user name in the Name field and click on "Find Now" button user name will be displayed in search result.
  4. Double click on this user ID and select "Member Of" tab.
  5. Select any member of group from the Name section then click on "Remove" button.
  6. Finally click on "Apply" and "OK" button.
  Kindly help me out to do this by using vb script.
  Thanks
  Raja

  Usage: CScript NameOfVBS.vbs //NOLOGO /User:Jane.Doe /GroupDN:CN=Group1,DC=Contoso,DC=com
  Option Explicit
  On Error Resume Next
  Dim str_User
  Dim str_GroupDN
  Dim obj_Connection
  Dim obj_Command
  Dim obj_RootDSE
  Dim str_DNSDomain
  Dim str_Base
  Dim str_Filter
  Dim str_Attributes
  Dim str_Query
  Dim obj_RecordSet
  Dim obj_Group
  Dim str_ADsPath
  Dim obj_User
  str_User = WScript.Arguments.Named("User")
  str_GroupDN = WScript.Arguments.Named("GroupDN")
  If Len(Trim(str_User)) > 0 And Len(Trim(str_GroupDN)) > 0 Then
  Set obj_Connection = CreateObject("ADODB.Connection")
  Set obj_Command = CreateObject("ADODB.Command")
  obj_Connection.Provider = "ADsDSOOBject"
  obj_Connection.Open "Active Directory Provider"
  Set obj_Command.ActiveConnection = obj_Connection
  Set obj_RootDSE = GetObject("LDAP://RootDSE")
  str_DNSDomain = obj_RootDSE.Get("defaultNamingContext")
  str_Base = "<LDAP://" & str_DNSDomain & ">"
  str_Filter = "(&(objectCategory=person)(sAMAccountName=" & str_User & "))"
  str_Attributes = "cn,ADsPath"
  str_Query = str_Base & ";" & str_Filter & ";" & str_Attributes & ";subtree"
  obj_Command.CommandText = str_Query
  obj_Command.Properties("Page Size") = 1000
  obj_Command.Properties("Timeout") = 1
  obj_Command.Properties("Cache Results") = False
  Set obj_RecordSet = obj_Command.Execute
  obj_RecordSet.MoveFirst
  If obj_RecordSet.RecordCount = 0 Then
  WScript.Echo str_User & " was not found"
  Else
  Set obj_Group = GetObject("LDAP://" & str_GroupDN)
  str_ADsPath = obj_RecordSet.Fields("ADsPath")
  Set obj_User = GetObject(str_ADsPath)
  obj_Group.Remove(obj_User.AdsPath)
  If Err.Number = 0 Then
  WScript.Echo str_User & " was removed from group " & str_GroupDN
  ElseIf Err.Number = -2147016651 Then
  WScript.Echo str_User & " not a member of group " & str_GroupDN
  Else
  WScript.Echo str_User & " error removing from group " & str_GroupDN
  End If
  End If
  End If

• Two ssl users from same client machine

  Hi all,
  We are using oracle database 10.2.0.3 EE and have a ssl user set up from the app server to the database based on metalink note 736510.1. That being said I have been asked to create another ssl user but how is that possible. I tried in the database but came back with:
  ORA-28026: user with same external name already exists
  So I created a second wallet for the second user but is it possible to define two wallet locations in the oracle client sqlnet.ora file? I can point the location to either but is it possible for two.
  Here is what is in client sqlnet.ora file:
  WALLET_LOCATION =
  (SOURCE =
  (METHOD = FILE)
  (METHOD_DATA =
  (DIRECTORY = /path1/ssl)
  How can I tell it to also check for the other (i.e. /path2/ssl)? Any ideas for this would be greatly appreciated.
  Thanks
  Troy

  Hello Troy;
  There is a restriction that a single SQLNET.ORA file can contain only one entry of WALLET_LOCATION or ENCRYPTION_WALLET_LOCATION.
  This notes explains how to get by that restriction :
  How To Maintain Multiple Wallets For A Single Database Instance [ID 759226.1]
  I think you can do something like this too, so in theory you can use an alias.
  ENCRYPTION_WALLET_LOCATION=
    (SOURCE = (METHOD = HSM)
       (METHOD_DATA =
         (DIRECTORY = /etc/ORACLE/WALLETS/<$ORACLE_SID>)))Best Regards
  mseberg

• Issue using ADSI in powershell to load users from another domain into a group

  I am trying to load users into a domain local security group from another domain using ADSI and powershell. For users who have an existing foreign security principal I can load that without issue, but the users who do not have a foreign security principal
  I am unable to load.
  These work fine, assuming the group domain is fabrikam:
  $Group.psbase.invoke("Add",[ADSI]"LDAP://CN=$external_user_sid_who_has_a_FPN,CN=ForeignSecurityPrincipals,DC=fabrikam,DC=com")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://$userDN,DC=fabrikam,DC=com")
  These does not:
  $Group.psbase.invoke("Add",[ADSI]"LDAP://CN=$externaluser_sid_who_does_not_have_a_FPN,CN=ForeignSecurityPrincipals,DC=fabrikam,DC=com")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://<SID=$external_user_sid_who_does_not_have_a_FPN>")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://<SID=$external_user_hex_sid_who_does_not_have_a_FPN>")
  Any help would be greatly appreciated.
  Thank you

  Thank you for your reply,
  I started with that thread and it ultimately recommends using the [ADSI]"LDAP://<SID=$hexsid>, this bind is not working for me. The page it points to for conversion of sid to hexsid is in VBS, but I have used the below powershell to duplicate its function.
  $sid = "S-1-5-21-2127521184-1604012920-1887927527-72713"
  $parts = $sid.Remove(0,6).Split("-")
  foreach ($part in $parts)
  $hex = ([Convert]::ToString($part, 16)).ToUpper()
  While ($hex.length -lt 8)
  $hex = "0" + $hex
  for ($i=1; $i -lt 5; $i++)
  $reverseEndian = $reverseEndian + $hex.substring($hex.length -2, 2)
  $hex = $hex.Remove($hex.length -2, 2)
  $hexSid = "0105000000000005" + $reverseEndian
  For example SID S-1-5-21-2127521184-1604012920-1887927527-72713 needs
  to be turned into raw hex sid 010500000000000515000000A065CF7E784B9B5FE77C8770091C0100 according to that article and
  then put in the ADSI bind like this: [ADSI ]"LDAP://<SID=010500000000000515000000A065CF7E784B9B5FE77C8770091C0100>". 
  When I put that bind in (with an actual sid and not an example sid) I get the following error:
  format-default : The following exception occurred while retrieving member "PSComputerName": "There is no such object on
  the server.
  + CategoryInfo : NotSpecified: (:) [format-default], ExtendedTypeSystemException
  + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand
  For users who are on another domain but already have a foreign principal name created, I can add them easily enough by converting their sid to the appropriate foreign principal name format. I haven't yet had any success adding someone who doesn't have a
  foreign principal name though, even after trying the solution referenced in the article.
  Thank you in advance for any help.

• Report of Groups owned along with group memberships for each group, all in a single .csv file

  Hello all,
  What I'm trying to do is generate a report of all groups owned by a specific user, along with the group memberships, and output it all to a single .csv file. In the .csv file, I would like to have the group names as the column headers, and underneath
  the group name, list all the members of the group down through the column. So for example, if User1 owns 3 groups, the output would look like:
  What I'm having trouble with is outputting the objects to the .csv using New-Object psobject, and I'm starting to wonder if there is an easier way to do this and my brain is just fried.
  Any ideas?

  OK so I can try and give some code here, but I'm asking more of a concept question about how PowerShell builds objects so I'm not sure it will help....
  $User = "User1"
  get-adgroup -filter {managedby -eq $user} -pr member | %{
  $_.name
  $_.member
  OK so this is a simple script that outputs a group name followed by the membership, all in a single column. What I would like is for the group names to each be the header of a column, and have the membership listed underneath. For example:
  Is this possible in PowerShell?

• Why two different users from same login group not able to access the database object(stored procedure)?

  I have SQL login group as "SC_NT\group_name" in server. There are multiple users using this login group to access database objects. User "A" can able to access db object(stored_procedure_1) from .net application. But when user "B"
  tried to access same db object(stored_procedure_1), its showing like
  Error: The EXECUTE permission was denied on the object 'stored_procedure_1', database 'test',schema 'dbo'. 
  Both the users are using windows authentication for access the objects. Could you suggest me the way to resolve this?
  Venkat

  Thanks for your response
  Erland Sommarskog....
  my stored procedure "stored_procedure_1"
  does not has any granted permissions to execute. But still user A
  able to execute the sp from UI, where user B not able to do it.  If any permission provided for a particular object, then only it will display in the above query whatever u have given.  
  Any other possibilities??
  Venkat G

• Multiclip on FCP 7 with timecode: multiple files for the same camera have different Angle

  I have FCStudio 7 with OS 10.6.8
  I just filmed a concert with 6 cameras (Sony XDCAM).  They are all timecode sync'd.
  For various reasons there are multiple vid files for each camera (i.e. 172_003 thru 172_006 for camera 1).
  I imported into FCP 7 using SonyXDCAM plug in with no problems.  Each camera file group was given its camera number as the Reel Name (i.e. Camera 1) and that camera's number as its Angle Name (i.e. 1).
  Now when I try and create a multiclip using all six cameras, instead of keeping all the files for a specific camera under a single angle name it treats each file as its own camera angle.  It treats each file as an individual camera instead of having the files flow as a single clip from a single camera based on their timecode.  In viewer I have 8 different angles for a single camera (because of 8 files).  In the make media window for multiclip, the Angle Name is different for each clip but its position is still aligned to its timecode.
  I worked the same project last year and the multiple files for each camera lined up fine, based on its timecode value and camera/reel name.  I can't see what has changed.
  I need each camera's files to sync under that camera Angle Name, and for the files to play in the same angle spot in viewer.
  All advice welcomed as I'm in a major time crunch to complete the job.
  Thanks.

  Well why not just prebuild each angle in its own sequence with sequence timecode matching the source timecode?  Export with current settings and import these files back into fcp and then create your multiclip. 

• Manage MetaData from same photos in different formats like it was one

  For example - I import photos in RAW and than export in into JPEG. Id like to manage them later like one photo. Now When I want to see also the JPEG I need to import it once again - so I have the same photo twice in different format. When I change metadata I want automatically to change it in both formats. Something like stack into one photo, but with this future - when I change metadata - it will change in both.

  Hi Xiaojing,
  Thank you for your answer. It is useful.
  The problem is: My application is not going to play music or video, it just needs to browse over the disk and create a list of available music files including info like song name, album, artist. All this info is kept in meta-data. Some users can have a lot of music of their computers. That's why I don't want to load the whole file and wait for onMetaData event - it can take a long time. I just want to read the meta-data from the file, but not to load the all file as I need for listening the music of playing the movie.
  I already applied extracting meta-data for MP3 files exactly the way you mentioned, it works fine. I only have to wait for Event.ID3 – I implemented Timer to wait until all my files are processed. Probably, if user has a lot of music on his computer, it will take a lot of time.
  I can try to read AAC the way you advice.
  I am really looking for implementation of your advice for reading the music file as a ByteArray and extracting meta-data. In this case we don't need to load all the file, but just to read part of it.
  Do you have some code implementation?
  Thank you again for your response,
  Elena

• Adding Users from sharepoint into Active Directory Groups

  I have a requirement for Approval Workflow where the Approved User gets added   to AD group directly,i think 2 way sync is possible.plz help

  Out of the box, I really doubt that this is possible BUT it can more than likely be achieved via the Object Model.  A good discussion and some attached code can be seen here.
  https://social.technet.microsoft.com/Forums/office/en-US/a1905a01-e7a7-458b-a7a6-d24cd4e19e09/action?threadDisplayName=add-a-user-in-ad-group-from-sharepoint
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• Routing JMS message from same queue to different channels.

  From a given adapter module, is there a way of calling different communication channels?
  The scenario: The sender of the data is JMS. One single queue contains desperate text format. Based on the content of the first 4 characters , PI has to parse it differently in its own corresponding MT. The target IDoc structure remains the same. I have multiple messageTransformBeans set up, one for each MT assuming that the data would arrive in different JMS queues. However since the data is now all heaped on to a single queue, the challenge of routing the data now lies in SAP PI.
  HowTo - Send Test Messages to the Adapter Engine (to an Integrated Configuration) - This solution does send message directly to the IE (using 7,1), but not to the adapter engine where the messageTransformBeans exist.
  Any solid pointers in the direction will be really helpful.
  Regards,
  Keerti

  Hi,
  you can go for end to end testing.
  if jms not available use file adapter in the sender side and fetch the text file and test it.
  Regards,
  Muni

• Full request deletion from same datasource in different R/3 systems.

  Hi,
  I have a cube in which data is full loaded . I have a two R/3 Systems e.g. A and B.  there is a standard datasource which is loading data as a full load. this same datasource is pulling data from these two R/3 Source system i.e. A and B. Now My problem is I want to remove earlier data from the same datasource from cube before new data arrives in the cube.
  There are settings to be done at infopackage level, I want to know what setting shall I do so that only source system relevant data get deleted from the cube before new data with full load arrive in the cube.

  Hello,
  you need to check:
  Datasources Are the same
  Source Systems Are the same
  Selections are same or more comprehensive
  When you start the infopackage manually, it will ask you to confirm deletion of data packages.
  BR
  Ondrej