Using Get-ADGroup Member recursively across multiple domains in a Forest

Similar Messages

• How do I get certificate authentication working across multiple domains?

  Hi,
  I've got LC ES2 set up for certificate authentication and when there's only one domain (with a single certificate mapping set up), it works fine.
  However would like to have multiple domains (application specific), with a small set of administrator type users who manage all of the domains.
  To test, I've set up two domains, with the admin users in one and the normal users in the other.
  I've set up two certificate mapping rules (both for the same CA), one for each domain.
  However LC will only authenticate users who are matched using the first certificate mapping rule.
  Has anyone else seen/tried this?  Have I missed something obvious?
  For the moment I'm going to have to work with a single domain, which is a pain, but will have to do for now.
  Thanks
  Craig
  Here's the error I get when LC fails to match (or attempt to match?) on the second cert mapping rule:
  2010-05-11 11:23:41,331 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
  2010-05-11 11:36:38,835 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
  2010-05-11 11:36:38,885 ERROR [STDERR] 11/05/2010 11:36:38 AM com.adobe.rightsmanagement.webservices.rest.RestServlet doAction
  SEVERE: Unexpected exception in Rest Call
  com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16423 errorCodeHEX:0x4027 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mappingcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12805 errorCodeHEX:0x3205 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping
  at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:251)
  at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:194)
  at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:338)
  at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:154)
  at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:162)
  at com.adobe.idp.um.dsc.util.dscservice.UserManagerUtilServiceImpl.authenticateWithWSHeaderE lement(UserManagerUtilServiceImpl.java:173)
  at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.jav a:118)
  at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor. java:140)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassi vationInterceptor.java:53)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(Transa ctionInterceptor.java:74)
  at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew (EjbTransactionBMTAdapterBean.java:218)
  at sun.reflect.GeneratedMethodAccessor363.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
  at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:237)
  at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:158)
  at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
  at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
  at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 73)
  at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)
  at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:169)
  at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
  at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
  at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
  at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
  at org.jboss.ejb.Container.invoke(Container.java:960)
  at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
  at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
  at $Proxy179.doRequiresNew(Unknown Source)
  at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvi der.java:145)
  at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInt erceptor.java:72)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStra tegyInterceptor.java:55)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateIntercep tor.java:37)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterc eptor.java:165)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:121)
  at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
  at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessage Receiver.java:93)
  at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:22 5)
  at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispat cher.java:66)
  at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
  at com.adobe.idp.um.dsc.util.client.UserManagerUtilServiceClient.authenticate(UserManagerUti lServiceClient.java:210)
  at com.adobe.edc.server.platform.UMHelper.authenticate(UMHelper.java:549)
  at com.adobe.rightsmanagement.webservices.rest.RestFacade.validateClientAuthenticationHeader (RestFacade.java:161)
  at com.adobe.rightsmanagement.webservices.rest.RestFacade.getBusinessHandler(RestFacade.java :206)
  at com.adobe.rightsmanagement.webservices.rest.RestFacade.getAuthenticationToken(RestFacade. java:226)
  at com.adobe.rightsmanagement.webservices.rest.RestDefaultRequestHandler.handleRequest(RestD efaultRequestHandler.java:29)
  at com.adobe.rightsmanagement.webservices.rest.RestSecureRequestHandler.handleRequest(RestSe cureRequestHandler.java:13)
  at com.adobe.rightsmanagement.webservices.rest.RestRequestRouter.routeRequest(RestRequestRou ter.java:10)
  at com.adobe.rightsmanagement.webservices.rest.RestServlet.doAction(RestServlet.java:50)
  at com.adobe.rightsmanagement.webservices.rest.RestServlet.doGet(RestServlet.java:37)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:179)
  at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
  at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java: 157)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
  a
  2010-05-11 11:36:38,886 ERROR [STDERR] t org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:580)
  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
  at java.lang.Thread.run(Unknown Source)

  Craig,
  The certificate mapping works in the following manner,
  First the User's certificate is validated.
  If the certificate is valid, the related Certificate mapping information is fetched.
  From the Certificate Mapping information, the domain is determined.
  Following this, the user is searched in the domain and checked for it's current/deleted status.
  If user exists or is a valid one, then return an AuthResult corresponding to that is returned to the client.
  The error log below says, "Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping"
  1. Please check if the concerned user exists in the domain registered in the second cert mapping.
  2. Also check if the concerned user satisfies the attribute mapping specified in the second cert mapping.
  3. Could you confirm whether the admin Users and the normal users are distinct in both the domains and not duplicate in any of them??
     Because if same user exists in 2 domains, then there is no way to find out which domain you are referring to. In that case the first domain which declares the user as valid will return the AuthResult.
  4. You are using LC ES2, so there is a Test Certificate utlity on the same Certificate Mapping page, which can help you confirm the validity of the user's certificate and then you can proceed.

• Facing issue while provisioning to AD which is in multiple domain in single forest

  Hi All,
  I am facing issue while user provisioning to AD which is in multiple domain in single forest.I can Synchronize the OU and Groups from Global Catalog i.e. root domain,but unable to Synchronize OU and Groups from child domains.Following is depict of my domain.
  Root -------   example.com
           |_______doamin1.example.com
           |_______doamin2.example.com
           |_______domain3.example.com
  My global catalog is example.com where I have configure my connector.Following is the snippets of it.
  Parameter
  Value
  ADLDSPort
  BDCHostNames
  Configuration Lookup
  Lookup.Configuration.ActiveDirectory.Trusted
  Connector Server Name
  Active Directory Connector Server
  Container
  DC=example,DC=com
  DirectoryAdminName
  DWPTEST\adm
    DirectoryAdminPassword
  DomainName
  example.com
  IsADLDS
  no
  LDAPHostName
    GlobalCatalog server name  -> where my root domain is present
  SyncDomainController
  SyncGlobalCatalogServer
  GlobalCatalog server name  -> where my root domain is present
  UseSSL
  no
  Above configuration I am using to Synch my OU and Groups using scheduler Job.Following changes I have made in connector configuration.
  1. Set the value of the SearchChildDomains entry to yes in one of the following lookup definitions:
  For trusted source reconciliation: Lookup.Configuration.ActiveDirectory.Trusted
  For target resource reconciliation: Lookup.Configuration.ActiveDirectory
  2. Specify the name of the domain controller that is hosting the Global Catalog Server as the value of the SyncGlobalCatalogServer IT resource parameter.
  For provisioning purpose I am trying to find following configuration which is mentioned in connector document,but unable to locate it.
  In the connector, the referral chasing option is set to All, which means that all referrals are chased when any referral is provided by the domain controller
  Thanks in advance.
  Regards,
  Nitin Natekar

  Hi All,
  Thanks all for the reply.I was not getting an error,but once I changed the connector configuration,It started working. I Kept the LDAPHostName parameter blank  in connector configuration.
  Thanks all for reply
  Regards,
  Nitin Natekar

• Can we share one single RDBMS security store across multiple domains ?

  Can we share one single RDBMS security store across multiple weblogic domains? The idea is to utilize the same set of users and group defined in Weblogic Security Realms across multiple weblogic domains. Is it possible ? are there any risk ?
  i am using Oracle WebLogicServer11gR1 (10.3.6) Generic with Coherence.

  Hi,
  The document which you are referring is for WLS 10.0 and RDBMS security is introduced from WLS 10.3.0 onwards.
  The reason why RDBMS security store should not be stored between two domains is RDBMS security store is used by authorization, role mapping, credential mapping, and certificate registry providers.
  Once the RDBMS security store is configured in a domain, an instance of any of the preceding security providers that has been created in the security realm automatically uses only the RDBMS security store as a datastore, and not the embedded LDAP server.
  It is just the replacement for Embedded LDAP.
  Thanks & Regards,
  Murali.
  ============

• Auto-mapping across multiple domains

  I originally posted this in an O365 Exchange forum and was redirected here.  Any help is appreciated.
  Single E1/E3 O365 account with multiple domains having hosted email.  Automapping is working correctly only if the shared mailbox is from the first domain added to O365.  The other 4 domains that were added to O365 are not able to utilize automapping. 
  I have recreated Outlook profiles, removed and recreated permissions with PowerShell and the O365 GUI.  I also looked at the DNS settings required for O365 to work properly and everything looks correct.  Mail is being delivered, Lync is working,
  Example: [email protected] has full access to [email protected]'s mailbox.  Automapping does not work and UserA is prompted to provide credentials to log into UserB's mailbox.
  Any thoughts on why automapping would be failing across domains? 

  Hi,
  Generally, if the Automapping works, the msExchDelegateListLink value for the shared mailbox should contains all users who have full access permission to this shared mailbox. Please follow these steps to check this value:
  1. Open Active Directory Users and Computers.
  2. In Users, right-click the shared mailbox > Properties.
  3. In Attribute Editor tab, double click msExchDelegateListLink attribute.
  4. Make sure all users who have full access permissions are listed in the Values field.
  Regards,
  Winnie Liang
  TechNet Community Support

• Help using Get-ADgroup

  Hello.....How can I get this to except my "GroupName" in the second example?
  Example 1. This Works
  $Results = Get-ADgroup -LDAPFilter "(name=My_Group_Name)" | Select-Object -ExpandProperty "Name"
  $Results
  Example 2. This doesn't
  $GroupName = "My_Group_Name"
  $Results = Get-ADgroup -LDAPFilter "(name=$GroupName)" | Select-Object -ExpandProperty "Name"
  $Results
  Example 3. works but too slow
  $Results = get-adgroup -Filter 'GroupCategory -eq "Security" -and GroupScope -eq "Global"' '
  | Where-Object {$_.Name -eq "My_Group_Name"}
  | Get-ADGroupMember | select name -ExpandProperty "Name"
  The quickest search method in my environment is to use the -LDAPFilter  instead of  -Filter
  Thank you

  Hi Hecktor,
  Example two works just fine for me. Does it throw any errors or is it just a null return?
  Example three is of course extremely slow. First you retrieve all global security groups and only after you have them all do you start filtering out those you do not want. You really want to put the name property into the filter ...
  Cheers,
  Fred
  There's no place like 127.0.0.1

• Using Active Directory (LDAP Plugin) Across Multiple AD Servers

  Hi,
  I need to give an existing application the ability to talk to multiple active directories using the AD LDAP interface from a J2EE Applcation running on Apache 2.x/Tomcat 5.x (there are 4 independent AD trees and users from ANY of the trees can access the application)
  Can anyone point me in the right direction with this? I would seem to make sense that I should create a central security servlet that is aware of all the domains and connect to each of the AD servers in turn using LDAP (as often discussed on these forums) to acertain security rights, then turn control back to the application.
  Thoughts? Feedback? General help?
  thanks
  John

  Another thing that would help is any references to sample code where someone has done this before for..
  1. the server.xml file mods required? Web.xml Mods?
  2. Java code to accomplish this?
  Also, am i overthinking the problem? Could I just use some utility class inside the controller servlet that would have one method that would return access level or something? Then in the utility file I can do the looping through LDAP servers (really AD trees) and when I find the information I want, simply return it.

• How can I get Captivate to score across multiple question pools?

  I have set up a Captivate assessment as follows:
  A core set of 50 questions will be presented to all learners
  Depending on where the learner is, he will receive an additional 10 questions from one of 5 location-specific pools
  Learners will see a total of 60 questions
  I have my question pools set up and branching correctly, and am using the Branch Aware option to assist with this and the progress indicator. Before the first question I have the learner click one of several buttons (not quiz elements) to set a location variable, and after presenting the core questions I use this variable to determine which random question slide to jump to next (with set of slides pointing to a different question pool). After asking the 10 random questions from that pool the learner is then redirected to the review slide so only one set of location-specific slides is encoutnered on each attempt.
  All of that seems to be working as designed but the scoring is not behaving as I had expected; despite the fact that all questions are asked before the review slide is presented (i.e. all questions are within the quiz scope in both the edit-time and run-time sense) the review slide only reports results from the first question pool. For example, in a test file I reduced the question slides for the first pool to only display 2 questions, for a total of 12 presented, but my results show "0 of 2 correct" or "2 of 2 correct." The pass/fail results of the module match the review slide, so this is not a simple display issue; if I miss either of the two questions from the first pool I fail regardless of what happens in the second pool.
  What am I missing? Surely there wouldn't be the option of using multiple question pools if only one could be graded ...
  I am working on Captivate 6.0.1 64-bit for Windows. FWIW the file was originally created in Captivate 5 and has since been upconverted, but the additional question pools weren't introduced until after the conversion processes so I wouldn't expect this to be related to residual crud left over from that process.

  Thanks for the quick response ...
  I had already tried deleting the review slide itself, though Captivate wouldn't let me - it just hid it. I tried again using the method you recommended but the slide remained in the filmstrip, so I tried deleting again, then re-added it from the Quiz Settings page ... no joy, same behavior as before.
  I checked the Advanced Interaction page and confirmed that all of the scored questions were configuredthe same way as the non-scored questions, with the only difference being the pool that they were drawing from.
  Other thoughts? I am by no means a Captivate expert but this one really feels like it shouldn't be this hard, and I'm more than a little afraid that it's the file itself that's jacked up ...

• Using one user account table across multiple databases but account used as a foreign key

  I want to use one user account table from one database and use it across a couple other databases. The problem is that I want some tables to use the primary key from the user account table as a foreign key to access the data when the user logs in. Is this
  the right way of going about it? Do I have to create a user account table in all my databases? What is the best practice to handle this problem? Thanks in advance.

  You can use Triggers or using replication. 
  more info: 
  Add Foreign Key relationship between two Databases
  SQL Server Replication
  Saeid Hasani [sqldevelop]

• How to use/sync single data (file) across multiple instances of same application

  Currently we have an application (a diagram editor), that have the ability to save and load (serialize) its state in a xml file.
  Now we want this application to behave like Microsoft OneNote application. Where multiple users have the ability to access the same file.
  Later we may also need to enhance with other things like, (1)what is changed and who changed it, (2)option to resolve conflicts if any.
  I came to know about sync framework to resolve this. so far, i have not tried it.
  All i want is,
  Virtually single file should be edited by multiple instances of same application.
  We need a dll (sync framework) that does following
  It takes complete responsibility of file handling.
  Using this dll, each instance of the application will notify their own changes.
  Each instance of the application should have the ability to detect the changes that is recently made (when, who, what are the changes).
  My question:
  Will sync framework be suitable for this requirement?
  If so, is there a demo application that represents this?
  - Jegan

  Seems like I have found the solution.
  In the taskflow there is a property named data-control-scope and I set it to isolated instead of the default (shared) and this seemed to do the trick.
  I can now have two instances of the same taskflow running with different ApplicationModules
  Cheers,
  Mark

• Using the same Referenced Masters across Multiple External Hard Drives?

  I have a large (2TB) desktop external hard drive that I am now using as the source of my referenced masters for Aperture.
  I would like to copy this reference library ("My Photo Library") to a small, mobile external hard drive to use "on-the-go". But, if possible, I'd like to continue using the desktop external when I'm at home.
  What's the best way to do this? Should I just copy "My Photo Library" from the desktop external drive to the mobile external and Relocate Masters? But then, how do I switch back to using the desktop drive when I'm home without having to Relocate Masters every time (my library is quite large: 17K+ photos of 8-21MB each). Is there a way to "trick" Aperture into thinking that both drives are the same drive???

  Computer:
  5" Mac Book Pro OSX (10.4.11) 2.2
  Drives:
  1x WD Studio Edition - 750 GB (Firewire 800)
  1x LaCie - 750GB (USB)
  Final Cut Express HD 3.5.1
  (My minimal memory allowance is set to 3000MB)
  (No external editors set)
  HDV-Apple Intermediate Codec 1080i50
  HDVFireWirePAL
  Quicktime - 7.5
  Camera - HVR-V1 connected with firewire
  MiniDV Tapes, Mix of Sony & Panasonic (DVM60) - i know this is not advised, but i was in kenya, so getting the right tapes was not easy!
  Is that everything? Is there any other information you need?
  I have been working with Final Cut express while it has been installed on my WD hard Drive.
  I have been capturing and editing my film through the WD hard drive very happily up until now, but now it is full with 10 of the tapes (and the application), and so I am now wanting to save the rest of my tapes on the LaCie.

• Use a auto incremented number across multiple lists

  As we use lots of sites which all have their own issue list to track issues per project, i was wondering whether it's possible to add a column to these lists (to their content type) which automatically adds a number which is unique across all lists/sites.
  Is this possible?

  Lists have a Unique ID attached to each item (hidden field) that you could potentially use, but you will have to come up with a custom solution if you don't want ID's to be duplicated across your site collection. One thought is to attach a workflow to
  each list you want unique ID's for, and copy the content to a separate list. This will create the unique ID's you are after.
  List 1 > Workflow > ContainerList with unique ID
  List 2 > Workflow > ContainerList with unique ID
  While the originating lists will have their own 'unique' ID's, the TRUE unique ID you are after will be contained in the "Container" list. As each item is added, the workflow will create a duplicate item in the "Container" list, which will
  also have a unique ID assigned to it. This way, all lists with the attached workflow will have a separate ID in the "Container" list you can utilize. Messy, but it works.

• Scanning Multiple Domains

  I'm trying to scan across multiple domains with the MAP toolkit.  I have a stand-alone computer not in any domain and I'm searching by IP address.  When I try to enter the credentials I use domain\username and I get an error that I the wizard can't
  authenticate to that domain.  I need a single database that collects data from several domains, so I either need this to work, or another option.
  Any help is greatly appreciated.  Thanks!

  As found in our Read Me's known issues section:
  If the MAP Toolkit is installed on a computer that is a member of a domain, log on to the computer using a domain user account. Use of a local computer account on a computer that is a member of a domain will result in authentication failures to remote computers,
  even if the correct domain credentials are provided to the Inventory and Assessment or Performance Metrics Wizards.
  Please remember to click "Mark as Answer" on the post that helps you, and to click
  "Unmark as Answer" if a marked post does not actually answer your question. Please
  VOTE as HELPFUL if the post helps you. This can be beneficial to other community members reading the thread.

• Multiple objects, multiple domains, for-loops the problem?

  Hi,
  I've based a small amount of Powershell code off the code I've found here: http://halfloaded.com/blog/powershell-using-posh-to-search-across-multiple-domains-in-forest/
  Ideally what I'm aiming for is for it to find the current forest, enumerate the domains, and then for each domain to search for a specific user. If it finds the user it should then do something, for now just clear a value extensionAttribute8.
  What I suspect is happening is it finds the users but then tries to modify them while attached to the current domain, which is child1.
  Domain structure:
   - Root
     - child1
     - child2
  cls
  $objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
  $DomainList = @($objForest.Domains | Select-Object Name)
  $Domains = $DomainList | foreach {$_.Name}
  foreach($Domain in ($Domains))
  $ADsPath = [ADSI]"LDAP://$Domain"
  $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($ADsPath)
  $objSearcher.Filter = "SamAccountName=testuser"
  $objSearcher.SearchScope = "Subtree"
  $colResults = $objSearcher.FindAll()
  foreach ($objResult in $colResults)
  $userDomain = $objResult.GetDirectoryEntry()
  Set-ADUser $userDomain.DistinguishedName[0] -clear extensionAttribute8
  It errors with
  Set-ADUser : Cannot find an object with identity: 'CN=testuser,CN=Users,DC=root,DC=company,DC=co,DC=uk' under: 'DC=child1,DC=root,DC=company,DC=co,DC=uk'.
  At line:17 char:9
  + Set-ADUser $userDomain.DistinguishedName[0] -clear extensionAttribute8
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo : ObjectNotFound: (CN=testuser,C...pny,DC=co,DC=uk:ADUser) [Set-ADUser], ADIdentityNotFoundException
  + FullyQualifiedErrorId : Cannot find an object with identity: 'CN=testuser,CN=Users,DC=root,DC=company,DC=co,DC=uk' under: 'DC=child1,DC=root,DC=company,DC=co,DC=uk'.,Microsoft.ActiveDirectory.Management.Comman
  ds.SetADUser
  Set-ADUser : Cannot find an object with identity: 'CN=testuser,CN=Users,DC=child2,DC=root,DC=company,DC=co,DC=uk' under: 'DC=child1,DC=root,DC=company,DC=co,DC=uk'.
  At line:17 char:9
  + Set-ADUser $userDomain.DistinguishedName[0] -clear extensionAttribute8
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  + CategoryInfo : ObjectNotFound: (CN=dttestuser,C...ita,DC=co,DC=uk:ADUser) [Set-ADUser], ADIdentityNotFoundException
  + FullyQualifiedErrorId : Cannot find an object with identity: 'CN=dttestuser,CN=Users,DC=its,DC=ad,DC=capita,DC=co,DC=uk' under: 'DC=central,DC=ad,DC=capita,DC=co,DC=uk'.,Microsoft.ActiveDirectory.Management
  .Commands.SetADUser
  Please help!

  cls
  Import-Module ActiveDirectory
  Foreach ($Domain in (Get-ADForest).Domains)
  #Performing Search Operation per Domain
  $Objects = Get-ADObject -LDAPFilter "SamAccountName=dttestuser" -Server $Domain -Properties extensionAttribute8
  Foreach ($Object in $Objects)
  Set-ADUser $Object -clear extensionAttribute8
  If anyone could tell me why removing the loop:
  Foreach ($Object in $Objects)
  And saying
  Set-ADUser $Objects -clear extensionAttribute8
  Errors I'd be interested. $objects only finds 1 object so having the loop makes no sense but it does seem to stop it error'ing!

• How to identify a user across multiple pages

  Hi,
  I'm doing a homebanking and I would like to know how to identify a user across multiple pages.
  I have already take a look at HTTPSESSION, but I didn't understand.
  Can someone help me.
  I'm send the servlet Logon.
  import java.io.*;
  import java.sql.*;
  import java.util.Date;
  import java.util.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class Cons_logon extends HttpServlet
       private Connection conexao = null;
       Login1 login1;
       public void init (ServletConfig cfg) throws ServletException
            super.init(cfg);
            try
                 Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
                 conexao = DriverManager.getConnection("jdbc:odbc:bank");
            catch (Exception e)
                 System.out.println(e.getMessage());
       public void doPost (HttpServletRequest req,
  HttpServletResponse res)
  throws ServletException, IOException
            String Suser, Spassword;
       PrintWriter out;
            res.setContentType("text/html");
  out = res.getWriter();
  String opcao = req.getParameter("log");
  Thanks

  I would recommend using the authentication mechanism that's guaranteed by the servlet spec. If you do that, you can just call
  request.getRemoteUser()
  to get the user name across multiple pages.
  If you want to use your own login scheme, you can create a new session object and map it to a user name somewhere in your app. Or you can just put the name of the user on the session. But the preferred way is to use the default authentication scheme defined by the spec.