Wild Card for strGroup in Active Directory
I am using the following vb script. Several of our Active Directory groups start with SPS_ I have tried SPS_* and SPS_% and can not get it to pull the group information. Could someone please assist?
Thank you in advance!
Option Explicit
Dim strFile, strGroupDN, objGroup, objExcel, intRow, objMember, objSheet
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain, strGroup
Dim strLogonTime 'Formatted Last Logon Time output string
' Constants for NameTranslate
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
const ADS_UF_SMARTCARD_REQUIRED = &h40000
'Specify (or prompt for) the spreadsheet file.
strFile = "H:\Desktop\AD SPSA\SPS_Users.xls"
' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use the NameTranslate object to find the NetBIOS domain name
' from the DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, _
Len(strNetBIOSDomain) - 1)
strGroup = "SPS_*"
strGroup LIKE '_PS'
' Use NameTranslate to convert NT name to DN.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strGroup
If (Err.Number <> 0) Then
On Error GoTo 0
' NT name not found.
Wscript.Echo "Group " & strGroup & " not found"
Wscript.Quit
End If
strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to group object.
Set objGroup = GetObject("LDAP://" & strGroupDN)
' Create new workbook.
Set objExcel = CreateObject("Excel.Application")
objExcel.Workbooks.Add
' Bind to worksheet.
Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)
' Add header row.
objSheet.Cells(1, 1).Value = "SAMAccountName"
objSheet.Cells(1, 2).Value = "Last Name"
objSheet.Cells(1, 3).Value = "First Name"
objSheet.Cells(1, 4).Value = "e-mail Address"
objSheet.Cells(1, 5).Value = "Phone Number"
objSheet.Cells(1, 6).Value = "SPS AD Description"
objSheet.Cells(1, 7).Value = "Date Created"
objSheet.Cells(1, 8).Value = "EDIPI"
objSheet.Cells(1, 9).Value = "LastLogon"
objSheet.Cells(1, 10).Value = "TSAllowLogon"
objSheet.Cells(1, 11).Value = "LDAP Path"
intRow = 2
For Each objMember In objGroup.Members
objSheet.Cells(intRow, 1).Value = objMember.sAMAccountName
objSheet.Cells(intRow, 2).Value = objMember.sn
objSheet.Cells(intRow, 3).Value = objMember.givenName
objSheet.Cells(intRow, 4).Value = objMember.mail
objSheet.Cells(intRow, 5).Value = objMember.telephoneNumber
objSheet.Cells(intRow, 6).Value = objMember.description
objSheet.Cells(intRow, 7).Value = objMember.WhenCreated
objSheet.Cells(intRow, 8).Value = objMember.UserPrincipalName
objSheet.Cells(intRow, 9).Value = objMember.LastLogin
objSheet.Cells(intRow, 10).Value = objMember.AllowLogon
objSheet.Cells(intRow, 11).Value = objMember.ADsPath
intRow = intRow + 1
Next
' Save the spreadsheet and close the workbook.
objExcel.ActiveWorkbook.SaveAs strFile
objExcel.ActiveWorkbook.Close
' Quit Excel.
objExcel.Application.Quit
Lee Mossolle
Bill,
We have over 100 AD Groups that all start with SPS so I need to search all of the groups and see what users have the Deny this user permissions to log on to Terminal Server which the flag for this is AllowLogon. If AllowLogon is equal to 0 then the user
needs the AD Profile updated so that then can access a program in the CITRIX Environment. So if I could use a wildcard in the strGroup, I could query for several groups and not one at a time. I am sorry for not explaining that better!
Thanks,
Lee
Lee Mossolle
Similar Messages
-
Choosing Server for SharePoint, Exchange, Active Directory, SQL
Hello
We want to migrate from work-group type network and setup an interoffice mail server and , ... with SharePoint, Exchange, outlook. There are less than 40 clients. I prefer to minimize the number of servers. Is it possible to use one system for some
of this servers:
1. SharePoint
2. Exchange Server
3. SQL Server
4. Active Directory DC
Thank youYou could combine #1 and #3, but none of the other services. Or you could look at just getting a Domain Controller and using Office 365.
I'd recommend you have more than one Domain Controller for redundancy.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Pre-populate adapter for setting the Active Directory OU for a user
Hi All
I created a pre-populate adapter that set the Active Directory OU for a user...
In the end the status of the resource is still showing "provisioning"..
It must be "Provsioned"..did I miss something ?
The logs speak as below :-
08:01:12,678 INFO [STDOUT] Running Create User
08:01:12,678 INFO [STDOUT] Before appending Root Context:OU=Human Resources,
08:01:12,678 INFO [STDOUT] tcUtilLDAPController.java : hierString : OU=Human Resources,dc=mydomain,dc=com
08:01:13,553 ERROR [ACTIVEDIRECTORYCONTROLLER] Problem creating object: javax.naming.OperationNotSupportedException: [LD
AP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=ASYMONDS'
08:03:18,756 INFO [[xlWebApp]] action: LogonAction: User 'XELSYSADM' logged on in session 8116CBC0FA1481D06A207A1941B9
E096
08:22:31,256 ERROR [WEBAPP] Class/Method: ProvisionedResourcesForUserAction/confirmEnableSelection encounter some proble
ms: No checkbox was checked.Just verify the OU value is correctly populated , first try doing the provisioning by manually giving OU and everything .
Is it successful ?
Then we can check if something wrong going with pre pop.
Thanks
Suren -
What do I need the Computer certificate for in an Active Directory domain? Theoretical Inquiry
So we are trying to clean up the thousands of certificate we have deployed. We are on a 2008 R2 Active Directory and have been using certs for about a decade. With all of our machines auto enrolling in Computer certificates and renewing every
year we have maybe 50,000 certificates, yes some are expired already but its a nightmare to manage. So what do we need the Computer certificate on all the Windows machines for anyway, some are XP most are Windows 7.
Is the Computer certificate required for Kerberos authentication?
If we don't need it I rather stop publishing the Computer template and simplify our lives.
Please explain (I am not new to PKI, though this question may make me seem like a novice) I get the Web Certs, EFS, etc.Computer certificates are not needed for Kerberos authentication.
They are typically used for 802.1x WLAN or wired authentication, or they might be used for VPN logon. Then you might used them for IPsec / "domain isolation" or perhaps DirectAccess or related solutions by other vendors.
So they are needed for some sort of "network isolation" but they are not required for default AD operations. With some the mentioned scenarios (e.g. 802.1x / IPsec) you have the choice to pick either certificates or other credentials.
Elke -
How to search for data in active directory
if i have an administrator priviledge, how can i search for user's data if i know his username from active directory.
What form do you have the user's name in ?
ANTIPODES\alberteString searchFilter = "(&(objectClass=user)(samAccountName=alberte))";[email protected] searchFilter = "(&(objectClass=user)(userPrincipalName=[email protected]))";Albert EinsteinString searchFilter = (&(objectClass=user)(givenName=Albert)(sn=Einstein))";or using Ambiguous Name Resolution (anr)String searchFilter = "(&(objectClass=user)(anr=Albert Einstein))";or it's even clever enough to useString searchFilter = "(&(objectClass=user)(anr=Einstein Albert))"; -
What is considered as a wild card for a query
I am calling a query from Visual Composer. But I need to run the query when the variable is not selected. I have made the Variable optional.
But whenever the "input field" is left blank, it seems like Visual composer is passing a NULL value or something. I need to pass a wild card instead of NULL.
Does anybody have any idea what would be a wild card. I have tried ' ' but it did not work.
Thanks,Arun,
I am on BI 7.0. I tried your recommendations, but when I enter '#' it does not get any data in Bex.
For VC, %20 also does not work. Any other ideas??
Thanks,
Naseer -
Looking for Help with Active Directory Script to Remove a User from msExchDelegateListLink
I'm struggling to put together an Active Directory Powershell script that will remove a specific user from the msExchDelegateListLink.
It looks like Set-AdUser would do the trick. I would want to remove a user in the format of
{CN=Wood\, Sandy,OU=Networking,OU=IT,DC=my,DC=domain,DC=com}
Has anyone succeeded in doing this before?
Orange County District AttorneyI use this:
$user = '<user name>'
$userDN = Get-ADUser $user | select -ExpandProperty DistinguishedName
$delegates = Get-ADUser $user -Properties msExchDelegateListBL |
select -ExpandProperty msExchDelegateListBL
foreach ($delegate in $delegates)
Set-ADUser $delegate -Remove @{msExchDelegateListLink = "$UserDN"}
Never quite got around to putting it into a function.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " " -
JNDI Realm for ADS (Windows Active Directory)
Hi,
Does anybody know how to connect to the windows active directory? I have to proof,
that java can do this and I don't know how. Please help, otherwise we will start
using .NET!!!!!
sincerly
Gabriel"gabriel" <[email protected]> wrote in message
news:[email protected]..
>
Hi,
Does anybody know how to connect to the windows active directory? I haveto proof,
that java can do this and I don't know how. Please help, otherwise we willstart
using .NET!!!!!
We certainly don't want that.
With WLS 6.x, you can use the ldap realm v2 to access active directory.
With WLS 7.x and 8.x, you can use the External LDAP Authentication provider
to access
active directory.
If you have to use JNDI to access Active Directory, then you can write your
own authentication
security provider and hook it up with WLS. -
Advice on Best practice for inter-countries Active Directory
We want to merge three active directories with on as parent in Dubai, then child in Dubai, Bahrain and Kuwait. The time zones are different and sites are connected using VPN/leased line. With my studies i have explored two options. One way is to have parent
domain/forest in Dubai and Child domain in respective countries/offices; second way is to have parent and all child domains in Dubai Data center as it is bigger, while respective countries have DCs connected to their respective child domains in Dubai. (Personally
i find it safer in second option)
Kindly advise which approach comes under best practice.
Thanks in advance.Hi Richard
Mueller,
You perfectly got my point. We have three difference forests/domain in three different countries. I asked this question becuase I am worried for problems in replications.
And yes there are political reasons due to which we want to have multiple domains under one single forest. I have these following points:
1. With multiple domains you introduce complications with trusts
(Yes we will face complications that is why I will have a VM where there will be three child domains for 3 countries in HQ sitting right next to my main AD server which have forest/domain - which i hope will help in fixing replication problems)
2. and
accessing resources in remote domains. (To address this issue i will implement two additional DCs in respective countries to make the resources available, these RODCs will be pointed toward their respective main domains in HQ)
As an example:-
HQ data center=============
Company.com (forest/domain)
3 child domain to company.com
example uae.company.com
=======================
UAE regional office=====================
2 RODCs pointed towards uae.company.com in HQ
==================================
Please tell me if i make sense here. -
Is OVD requires additional licence for intigrating with Active Directory?
Hi
My organization have two active directories with two domains. We are planing to implement Oracle Identity Management for all oracle production databases with OVD intigrates with existing AD's. Is OVD requires any additional license? If requires cost of license?
If any one implements the same please share the setup steps and license information.
[OVD overview pdf|http://www.oracle.com/us/products/middleware/identity-management/059380.pdf]
Thanks,
SudhakarUsually the Identity management Suite would be self-content with all IAM products. These things mostly depends upon the type of license you have agreed upon with Oracle. Have a word with Oracle. Licensing is not a straight forward defined set of rules, may vary conditionally.
-
How do I make a wild card for spam filters
I get a lot of spam and I am trying to create one daily filter to catch the domains that use multiple prefixes....... @comtaff.us.
Do I add any values in front of the @ as a catch all? Is there any other reading on setting Mail's spam filters?
Cheers.That's not really a Firefox issue; but here's a list of birthday car websites: http://email.about.com/od/birthdaygreetingcards/tp/birthday_e_card.htm
-
How to use a wild card for url pattern in web.xml?
I want to use web container managed security to protect all my JSP pages. I tried
to use the <security-constraint> tag in web.xml and set <url-pattern> to /*.
However, none of my pages is protected. Specifying each page individually works,
but I really don't want to do that. Any ideas?
Eric:
Which version of WebLogic Server are you using (including any service pack or rolling
patches)?
Eric Ma wrote:
> I want to use web container managed security to protect all my JSP pages. I tried
> to use the <security-constraint> tag in web.xml and set <url-pattern> to /*.
> However, none of my pages is protected. Specifying each page individually works,
> but I really don't want to do that. Any ideas?
Jim Brown
Developer Relations Engineer
BEA Support
-
ACS 5.3 WLC Certificates RADUIS Active Directory
Hi,
I have a wireless controller and an ACS 5.3. I would like to create a wireless network where a corporate laptop would use the certificates installed to connect to the wireless and then authentication with AD and laptop certificates to the ACS. So if a user from work brings a home laptop this won't be able to connect as they don't have a certificate installed on the laptop.
I have setup ACS to connect to AD.
I have added the local certificate with my company's CA
acs.blah.com
acs.blah.com
SubCA3-1
09:50 28.09.2012
09:50 28.09.2018
EAP, Management Interface
I create a very simple rule and then try connect through the laptop. I select the certicate on the client and click connect. The connection works fine and I am on the network.
Authentication Summary
Logged At:
October 2,2012 3:06:37.996 PM
RADIUS Status:
Authentication succeeded
NAS Failure:
Username:
blah\Eddy
MAC/IP Address:
18-3d-a2-26-7f-b9
Network Device:
L39-WC-5508-01 : 10.49.2.150 :
Access Service:
WirelessAD
Identity Store:
AD1
Authorization Profiles:
Wireless AD
CTS Security Group:
Authentication Method:
PEAP(EAP-MSCHAPv2)
I then just try a laptop I brought from home I used my AD username and password and this also connected. This Laptop doesn't have a certificate how can I make it so only work laptops with certificates be allowed to connect to the wireless?
any help would be great happy to send screen shots of my setup.
Cheers
EddyHi Guys,
Well I configured the ACS following Scott's information, and I then tried to connect with the laptop and I got this.
Logged At:
October 12,2012 2:50:17.866 PM
RADIUS Status:
Authentication failed : 15039 Selected Authorization Profile is DenyAccess
NAS Failure:
Username:
blah\eddy
MAC/IP Address:
00-21-6a-07-31-88
Network Device:
-WC-5508-01 : 10.10.2.10 :
Access Service:
WirelessAD
Identity Store:
AD1
Authorization Profiles:
DenyAccess
CTS Security Group:
Authentication Method:
PEAP(EAP-MSCHAPv2)
I copied the two rules used in the setup by Scott and I still get this. I have copied and pasted the logs below any ideas on how to get this to work? I dont have MARS is MARS required for this PEAP setup?
24423 ACS has not been able to confirm previous successful machine authentication for user in Active Directory
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store - AD1
24430 Authenticating user against Active Directory
24416 User's Groups retrieval from Active Directory succeeded
24101 Some of the retrieved attributes contain multiple values. These values are discarded. The default values, if configured, will be used for these attributes.
24420 User's Attributes retrieval from Active Directory succeeded
24402 User authentication against Active Directory succeeded
22037 Authentication Passed
Evaluating Group Mapping Policy
11824 EAP-MSCHAP authentication attempt passed
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
11810 Extracted EAP-Response for inner method containing MSCHAP challenge-response
11814 Inner EAP-MSCHAP authentication succeeded
11519 Prepared EAP-Success for inner EAP method
12314 PEAP inner method finished successfully
12305 Prepared EAP-Request with another PEAP challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12304 Extracted EAP-Response containing PEAP challenge-response
12306 PEAP authentication succeeded
11503 Prepared EAP-Success
24423 ACS has not been able to confirm previous successful machine authentication for user in Active Directory
any ideas guys?
thanks for the help. -
Hello all,
I'm trying to set up an OIM 11gR2 instance to work with Active Directory with the Active Directory 11.1.1.5.0 connector. I've full installed both OIM and AD on separate servers, and I've installed the AD 11.1.1.5 connector on OIM. I have configured Active Directory properly (connector on OIM and the connector server on the AD server-side), and have set up the two IT Resources on OIM. I can run, for example, the Active Directory Organization Lookup Recon job and have it return results in the Lookup window.
My problem is that I cannot get it to provision to a user. I've created an Application Instance and Form for Active Directory, attached the Form, associated them with the appropriate resources (AD User), and added them to the Catalog, and then gone through the process of adding an account to the user, selecting the Application Instance, adding it to the cart, checking out, filling out the fields (Password, User ID, UPN, First Name, Last Name, Common Name, and Organization Name), and then submitting the request. This is all done as the xelsysadm admin user, but it still results with the account stuck on "Provisioning" because the "Create User" task failed due to a Connector Error (the reason stated is just a repeat of "Create Object" failed).
Anyone know what I'm missing here?
Thank you!
Edited by: 939908 on Nov 12, 2012 6:36 AMHey 833249, thanks for your reply
The organization field attribute is filled in correctly, in that the OU I selected exists in AD.
These are the errors listed in the connector server log:
+11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception occured during the creation of directory entry.+
+11/9/2012 9:07:07 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Message : Logon failure: unknown user name or bad password.+
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryUtils Method -> GetDirectoryEntry, Message -> Exception Stack Trace : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)+
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1423
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Encountered Excetion: Unable to get the Directory Entry+
+11/9/2012 9:07:08 PM <ERROR>: Class-> ActiveDirectoryConnector Method -> Create, Message -> Stack Trace: at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.GetDirectoryEntry(String path, ActiveDirectoryConfiguration configuration) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1456+
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.DirectoryEntryExists(String path) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line 1512
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 219
ConnectorServer.exe Error: 0 : Org.IdentityConnectors.Framework.Common.Exceptions.ConnectorException: Unable to get the Directory Entry
at Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_oimcp\idc\bundles\dotnet\ActiveDirectory\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line 368
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.CreateImpl.Create(ObjectClass oclass, ICollection`1 attributes, OperationOptions options) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 388
at Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object proxy, MethodInfo method, Object[] args) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\ApiLocalOperations.cs:line 244
at ___proxy1.Create(ObjectClass , ICollection`1 , OperationOptions )
at Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest request) in c:\ADE\aime_icf\icf\framework\dotnet\FrameworkInternal\Server.cs:line 609
I'm not sure why the username/password error could be occurring, as those fields in the AD IT Resource are correct (I've run AD recon jobs that have connected properly). Is there something I'm missing? -
Windows client error joining with Samba 4.2 Active Directory server
I have a basic samba 4.2 ADC setup on CentOS 7 and I get a RPC server not available whenever I attempt to join a windows client to the domain. The smb.conf is default on created during provisioning. All indicated pre-testing seems to work as expected. The windows client finds the domain and recognizes a valid user or not but the last step of joining the domain ends with the error "Unable to join the Domain RPC server not available. Does anyone have any ideas?
Thanks Paul
This topic first appeared in the Spiceworks CommunityI have a scenario for you in active directory when two passwords may be valid:
Old passwords can also work on domain controllers that have not received replication yet from either the domain controller the password was changed on, or the PDC emulator in the domain.
Let's take a scenario where we have a 3 site, 3 domain controller (DC) active directory: Site1 with DC1, site2 with DC2 and site3 with DC3.
The ACS application resides in Site3 and is configured to use DC3 for authentication. We have a user "user1" with a password of "123".
User1 decides to call the helpdesk and changes his password to "456".
The helpdesk uses DC1 to make password changes because they are located in site1. For a period of time (based on replication, which defaults to 3 hours between sites) the 123 password and the 456 password will be
valid.
If the user1 user tries the "123" password it will work until DC3 receives the changed password from normal replication. If user1 tries to use 456, DC3 will flag this as a wrong password, and then check the PDC
emulator of the domain to see if it has received a newer password. The PDC emulator will validate the login, and then trigger an immediate replication with DC3.
Regards,
~JG
Do rate helpful posts
Maybe you are looking for
-
Could anyone throw me a link to a good site that will show me how to disassemble my 12-inch g4? It took a little spill off the couch, and now the airport doesn't work. I would like to check out the connections inside before sending it off. I took sev
-
Ipod touch time of day restrictions
I have a 4th gen ipod touch and I want to set up time of day restrictions, such that the device cannot be used during the restricted hours. I've looked quite a bit on the web and it appears that this functionality does not natively exist as I've desc
-
Is there such a thing as Third Party Scanner Software? If so, does anyone have any recomendations?
-
Parameter to show or not show data?
I have created a parameter with two option YES & NO If the YES option is selected then I would like to show records with the following ID's HSP_TRANSACTIONS.PROC_ID IN [173922,173902,173906,173910,173914,173918,173926,173930,213614,216311,217225
-
i need script to validate more than two fields using struts validator ,it is possible