Which attribute shows if a user has an expired password?
DSEE 6.3
I created my own password policy, and applied it to a single user.
I would like to know which attribute shows if a user has an expired password, and how do I query that attribute for the user. How would I query the time till expiration as well?
I am basically looking for example queries to such information.
thanks,
My limited experience with this sort of thing is to run a query like the following:
ldapsearch -1TL -h `hostname` -D 'cn=Directory Manager' -b "dc=<your dc>,dc=com" uid=<uid your choice> pwdAccountLockedTime pwdFailureTime pwdLastAuthTim
e pwdChangedTime passwordRetryCount nscpentrywsi
This dumps some helpful stuff. I've noticed ... in our ldap instance that a locked account has the following output:
pwdAccountLockedTime: 000001010000Z
I don't know why it shows up that way ... but it's something I can key on and search for to find locked accounts. Not necessarily an indication that a password has expired, of course, but sort of interesting to me. An account can be locked for other reasons obviously.
I think pwdChangedTime might be what you want assuming you know what the password expiration time is set to ...
Similar Messages
-
Need a program which finds out if a user has not logged for 3 days?
HI,
I NEED A PROGRAM WHICH FINDS OUT IF ANY USER HAS NOT LOGGED FOR THREE DAYS
AND SEND A MAIL TO THE BASIS TEAM.IT SHOULD BE SHEDULED AS A BACKGROUND PROCESS.
I SEARCHED IN GOOGLE BUT NOT ABLE TO FIND IT.
PLEASE HELP ME OUT WITH THIS.
REGARDS,
MANIuse table USR02 and analyse field field TRDAT
X = sy-datum - usr02-trdat.
-> if x ge 3...
for mail use e.g. fm SO_NEW_DOCUMENT_ATT_SEND_API1
hope that helps
Andreas from germany -
User cannot change expired password at logon
Hi
I've got 4 Fujitsu laptop with Windows 7 business SP1 x64 (Fujitsu setup). When the domain password expired, users cannot change their password at logon. Also, they can change password in their opened session before it expire (CTRL+ALT+DEL ==>
change password).
The change password at logon windows is buggy : It only display one field to put password in, the confirmation field does not display.
When user valid is change, Windows display error "wrong username or password ". Only way to unlock this situation is to reset user password in ADUC and never let expire.
I seen no sofware or driver wich could interfe.
Domain controler (only one) is Windows server 2012 standard.
Has somebody ever seen this type of problem ?Hi,
Can you post a screenshot for this situation?
Sometimes, the third party credential provider would lead to some issue like this, I suggest you check the
current credential provider via the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\x\LastLoggedOnProvider
You should compare the result with the values in the following path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\credential providers
If the current value is third party credential provider, try to disable it:
To disable the provider add a REG_DWORD value "Disabled"=1 to that provider’s CLSID subkey.
The provider will be disabled on the next session creation (sessions are created when you log off, switch users, or reboot.
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
HFM - log that shows if a user has loaded data via web form or excel load.
I can see any data loads that are coming from FDM, but is there a log that shows any data entered into HFM via web forms or submitted through an excel file? Any input is appreciated.
ThanksYou could enable Data Audit to capture data changes made by users, though this will not capture which method users chose to change the data. That is, HFM can show that data changed, and who changed it, but cannot tell whether the data was changed through a form, grid, smart view, or FDM. If you want to prevent users from changing data through forms, grids, or smart view, you can secure those input methods, but you cannot capture which one is used.
--Chris -
Excel file that always shows a certain user has it open.
I have an excel file on a shared drive that always gives the same name in the 'Locked by ' dialogue regardless of who actually has it open or who is trying to open it.
example: when BillyBob has the file open excel says BillyBob has it open. When I have the file open the file says BillyBob has it open, and whenever any of my coworkers have the file open it says BillyBob has the file open.
It's only this file that does that. All of the other files in the same shared folder function as normal.Hi Rod,
This is known issue of Excel, please read the Gil Raviv's link first and try the method that provided in that thread.
Then, we also see the public blog on file locking issues, it gives more suggestions that we could try.
http://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2012/05/14/the-definitive-locked-file-post.aspx
On the other hand, this issue occur with the special file, the other factor is the temporary files locked on the shared drive. It prevent users from opening/editing the Excel file. Please try to delete the temporary files (They are usually hidden
file and named ~$filename.xlsx)
Hope it's helpful.
Regards,
George Zhao
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in
Office programs. -
This seems to have started a few weeks ago when I was on ver 3, I changed to ver 8 with the same result. Vista IE, Vista IE and Win7 IE all work correctly.
In the '''Privacy''' tab under '''History''' you have to change the '''Firefox will:''' option to '''Use custom settings for history'''. If the existing option is '''Remember history''' then changing the settings may not help. The reason for the problem might be different.
-
I use my mac air mainly for work but also have logins for each of my children. Their email accounts sit on my computer because I really like lions parental controls (our other computer is a pc running windows xp and the parental controls suck!). Does anyone know if it is possible to have a notification of some sort on the login screen which shows when a user has unread emails? My kids don't use the computer that much and sometimes don't receive emails for days because we don't remember to check (they are only 9 and 7 yrs so don't get alot of emails as yet). I would be really grateful for some help with this. Thanks
I don't believe that is possible. There may be some kind of tool you could use to display unread counts for their accounts in the menu bar or somewhere similar on your account... but I'm not aware of what tool might do that. A quick look only turns up tools that work with Mail or other mail clients, rather than being able to connect to a separate IMAP account and check the mail there, independent of any mail client.
-
Broadcasting fails when dialog user has initial password
Hi,
Has anyone found that if a user created as a dialog user has an initial password, broadcasting fails?
I found the workaround to this is to set the user type to "service" but this is not ideal in our situation.
What are other people out there doing?
We're using SSO currently with parameters set to allow single sign-on if the user has an initial password without needing to reset it.
Regards
AmirHello,
Why do you need to use the regasm utility from the post-build action?
There is a difference between signing the assembly with a strong name and digital signature. The
How to: Sign an Assembly with a Strong Name article in MSDN explains how to sign an assembly with a strong name (.snk). See
How to digitally sign a strong named assembly for adding a digital signature.
You may also find the
What's the Difference, Part Five: certificate signing vs strong naming article helpful. -
EffectiveUserName Logon failure: unknown user name or bad password
Hi
I am trying to connect Sharepoint 2013 services (performancepoint , excel services) to SSAS 2012 using the EffectiveUserName.
I was getting a error message regarding conencting the datasource and when checking profiler it was saying Logon failure: unknown user name or bad password.
On the SSAS server i tried using EffectiveUserName in the additional Connection Parameters and it failed for the above reason. I also tried my username as well as the sharepoint service account
the sharepoint service account and my username are both server admins.
When I try using the EffectiveUserName in the additional Connection Parameters on another server I can connect with no problems.
What seems to be the different with server where I am getting the error message?
RegardsHi aivoryuk,
According to your description, you get the "unknown user name or bad password" error when using EffectiveUserName in Connection parameter to connect Analysis Services. Right?
In this scenario, if you use a connection string to create the data connection, and the connection string contains an effective user field, the EffectiveUserName feature will override the user-supplied effective user value with the system-supplied value.
On this server, you may use a domain user to run the SSAS. So it will show the "unknown user name or bad password." However, on the other server, it may use system build-in account to run SSAS. Please refer to link below to check the steps for using
Analysis Services EffectiveUserName in SharePoint Server 2013:
https://technet.microsoft.com/en-us/library/jj219741(v=office.15).aspx
If you have any question, please feel free to ask.
Simon Hou
TechNet Community Support
Hi thanks for the link but it just shows how to set effective user name in sharepoint which I know how to do.
In SSMS and when I connect to the SSAS server and I select options and then I go to the addional connection parameters tab i set Effectivename ="domain\username" on once server I get the error mesage but on the other I don't.
I'm not clear from you explanation as to why this is?
Regards -
How to find Responsibility through which the user has logged in to Disco.
Hi All,
I have got a requirement to create a "Usage Report Summary by Responsibility" for all Oracle user having an Access to Oracle Disco Viewer.
In the report, I need to show the list of Oracle Users and the Responsibilities through which an User has logged in to Disco Viewer.
Kindly help me in finding the corresponding Disco tables to full-fill this requirement.
Available Information/queries in my Hand:
1. Query to find the list of Workbook and its shared Responsibilities
2. Query to find number of times an Oracle Disco Report has been run.
Thanks a ton in Advance
ArunHi Arun
The first place to look is to try running one of the pre-built workbooks created by Oracle for this purpose.
I see you are working in Apps mode. Therefore, you'll need to run both of these scripts when logged in as the owner of the EUL:
1. EUL5.SQL
2. EUL5_APPS.SQL
You will find both scripts in the $ORACLE_HOME/Discoverer/Util folder where your Discoverer Administrator tool is located.
Next, you will need to log into the Administrator tool and import this EEX file: EUL5.EEX
You will find the EEX file located in $ORACLE_HOME/Discoverer, again on the PC where Discoverer Administrator tool is located.
After you have imported the EUL, log into Desktop or Plus and open up the EUL5 workbook that you will now see in the list and work through the various worksheets. You should find one or two that will give you what you want.
Let us know how you get on
Best wishes
Michael
http://ascbi.com -
Module status on LMS is showing as incomplete - even after the user has completed the module.
Hi Folks,
Hope you are all keeping well! I have a bit of a problem here. On a number of modules that were developed using presenter - and custom animation (including click next to continue) etc etc, the LMS is not showing the module status as complete - even AFTER the user had comleted the module and closed. This problem has been noticed only when the user uses the CLICK NEXT or click this part of the screen to continue.
When the user navigates using the presenter control buttons - to navigate the training content that is, the LMS is correctly showing as the module has been completed.
The problem I am having is that - is there any way to make presenter detect a click within a slide (user click to navigate from within a slide) and thereby register it as a valid module completion?
Thanks in advance folks,
Kind Regards,
Alex.Hi Shubi,
Thanks for you quick reply.
Shubhi Shukla Dubey wrote:
Hi Alex,
Which LMS server you are using? Secondly what is the Setting in Quiz>Reporting tab is it SCORM 1.2,2004 or Aicc.
You want status on basis of user clicks then please make sure that Report data is set to "Slide view =100%" (or whatever precentage you want) and Report Pass/Fail set to "Complete/ Incomplete."
Thanks,
Shubhi
LMS = cornerstone on demand. It has been customised to suit the company requirements, Reporting tab is SCORM 1.2
To circumvent the issue I have changed the % view to 0% so in theory when the user launches even one slide / page - it will set it to report as status complete.
However this is not a viable solution on content critical modules....dont you think so?
Ideally I would like to get to the bottom of why a button within the module (which is able to navigate between pages) is not being able to report / set / increment the completion status counter.
Thanks and Kind Regards,
Alex. -
Is it possible to determine which user has opened a PDF on a network?
Hi Everyone.
We frequently have a situation where users open PDFs saved on the network with Acrobat, and then leave them open.
Then if other users need to edit the same PDF, they have no way of knowing the PDF is locked until they try to save and get this error:
"...The file may be read-only or another user may have it open... "
In this situation it would be useful to be able to interrogate the locked PDF to see which user has locked it open, and maybe to even force close the open session.
Does anyone know if any of this is possible?
Many thanks in advance.
Cheers,
AndyIt's not something that Acrobat can show. File 'locks' in Acrobat are not controlled by the application as they are in programs such as Word or InDesign - which write a lockfile to the folder - instead we rely on the server OS to flag each file. Information on who is accessing a file on a network share is only available at operating system level via the machine which hosts the share (e.g. via a net session command).
-
We have multiple devices in our family. On each iPad/iPhone each user has their own apple id for iMessage, Facetime and icloud, but we all sign in to the same apple id for itunes. When one of my kids comments on my shared photostream, it shows my name and not theirs as the commenter. How do I fix that?
CREATE A NEW USER
Go to System Preferences --> Create a New User in Users & Groups
Decide on whether to setup as Admin or Standard User.
Switch to the New User by logging out under the Apple in the Menu Bar or use Fast User Switching
Fast User Switching allows other users to leave current applications and windows open. Depending on RAM, you might need to log out rather than use FUS. -
How to find out which user has locked a particular record of a table
Hi
Is it possible to know - which user has locked a particular record (I know the primary key of the record) of a table
Regardsselect OS_USER_NAME os_user,
PROCESS os_pid,
ORACLE_USERNAME oracle_user,
l.SID oracle_id,
decode(TYPE,
'MR', 'Media Recovery',
'RT', 'Redo Thread',
'UN', 'User Name',
'TX', 'Transaction',
'TM', 'DML',
'UL', 'PL/SQL User Lock',
'DX', 'Distributed Xaction',
'CF', 'Control File',
'IS', 'Instance State',
'FS', 'File Set',
'IR', 'Instance Recovery',
'ST', 'Disk Space Transaction',
'TS', 'Temp Segment',
'IV', 'Library Cache Invalidation',
'LS', 'Log Start or Switch',
'RW', 'Row Wait',
'SQ', 'Sequence Number',
'TE', 'Extend Table',
'TT', 'Temp Table', type) lock_type,
decode(LMODE,
0, 'None',
1, 'Null',
2, 'Row-S (SS)',
3, 'Row-X (SX)',
4, 'Share',
5, 'S/Row-X (SSX)',
6, 'Exclusive', lmode) lock_held,
decode(REQUEST,
0, 'None',
1, 'Null',
2, 'Row-S (SS)',
3, 'Row-X (SX)',
4, 'Share',
5, 'S/Row-X (SSX)',
6, 'Exclusive', request) lock_requested,
decode(BLOCK,
0, 'Not Blocking',
1, 'Blocking',
2, 'Global', block) status,
OWNER,
OBJECT_NAME
from v$locked_object lo,
dba_objects do,
v$lock l
where lo.OBJECT_ID = do.OBJECT_ID
AND l.SID = lo.SESSION_ID
hope this helps
Zekeriya -
How to find out which user has the permission to execute startsap ?
Hi All
How do I find out which user has the permission to execute the startsap and stopsap? Do I control the permission on those script using windows standard authorization? For example: only allow certain user have the read and write permission?
Thank you.!
Vincent LoWell to me this is really weird question..
<b>noone un-authorized should have access to OS on your system</b>
If this is valid you do not need to solve problems who can and who cannot start/stop SAP, because if you want to prevent some users from shutting down the SAP you have really hard job to do - there are many ways how to kill the SAP (for example killing relevant process from task manager, killing of database, messing with services etc.) - yes, this is harmful way of stopping SAP, but we are talking about attack, right? I would contact some Windows specialist to help you disable all the ways how to harm the running SAP. But still after that - there are many files that can be modified/deleted so SAP will crash after restart - you need to protect them too, etc.
In case you take the first assumption as granted (and you really limit access to this server) you do not need to worry who can stop or start SAP - at the other hand it may be handy to be able to start/stop SAP from other users - for this you can run the stop/start script "under different user".
But to answer the question - to me this is question just of access control (but really never tried that myself):
<a href="http://technet2.microsoft.com/WindowsServer/en/library/c6413717-511e-42bd-bd81-82431afe4b2a1033.mspx">Permit or restrict access to a snap-in for a domain</a> (or see other related links down there on this page)
Please award points for useful answers.
Thanks
Maybe you are looking for
-
hi.bag of my ipad has a magnet that with it the lid closed, is this harmful for ipad??(software or hadware). thank you.
-
Rebooting old mac g5: Can't get past the grey screen.
This problem concerns an old mac g5 that I had replaced three years ago because it hadn't been working properly. I am getting it out because my son needs a computer and I was hoping that the thing would work for a little while. I can't get past the g
-
Brightness, Gamma, Blacklevel on 4444's from DaVinci?
Hi, Guys! I graded a sequence in DaVinci Resolve 9. As a client-monitor I use a panasonic plasma connected to the BlackMagic DeckLink card in my MacPro. I do know that it's not a calibrated monitor, but what I see is a relative problem rather than a
-
How do you restore the toolbars
When I click a shortcut on my desktop when the page opens all the toolbars and address bar are gone. The page opens at the top of the webpage. This does not happen when I open Internet Explorer. In fact the top of this page is at the top of my monito
-
Can java UME support multiple ECC ABAP backends? I looked at the UME configuration for a java instance and it seems as though there is a one to one relationship. Is this a truly 1:1 relationship in UME - ABAP configuration. Thanks Weyland Yutani